Re: apt-get : unable to parse package file
On (01/10/06 08:15), Bruno Costacurta wrote: On Sunday 01 October 2006 00:49, James Westby wrote: On (30/09/06 20:59), Bruno Costacurta wrote: Hello to all, I have the following message when 'apt-get update' (or upgrade) : ... Reading package lists... error ! E: Unable to parse package file /var/lib/dpkg/status (1) ... Is this the problem? http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=388708 Problem is indeed the same. But where can I download apt_0.6.45_i386.deb package ? Unfortunatley all debian mirrors seems to host only latest version apt_0.6.46. Try snapshot.debian.net, it has most old versions of packages, James -- James Westby --GPG Key ID: B577FE13-- http://jameswestby.net/ seccure key - (3+)k7|M*edCX/.A:n*N!|7U.L#9E)Tu)T0AM - secp256r1/nistp256 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: apt-get : unable to parse package file
On (30/09/06 20:59), Bruno Costacurta wrote: Hello to all, I have the following message when 'apt-get update' (or upgrade) : ... Reading package lists... error ! E: Unable to parse package file /var/lib/dpkg/status (1) ... 1) tried to replace status with backup files (from /var/backup/) but it without success.. 2) related to my etch, install version 0_0.6.46.i386.deb but again without success.. Hi, Is this the problem? http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=388708 James -- James Westby --GPG Key ID: B577FE13-- http://jameswestby.net/ seccure key - (3+)k7|M*edCX/.A:n*N!|7U.L#9E)Tu)T0AM - secp256r1/nistp256 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How do you include orig in pbuilder?
On (28/09/06 15:25), Joseph Smidt wrote: I usually just build packages in unstable, but I am trying to learn pbuilder. I need to build a package and include the original source in the upload. With dpkg-buildpackage I just pass in -sa to do this. How do I do it with pbuilder? Hi, quoting pbuilder(8): --debbuildopts [options] List of options that are passed on to dpkg-buildpackage. Over‐ rides any value given in DEBBUILDOPTS as specified in pbuilderrc.) James -- James Westby --GPG Key ID: B577FE13-- http://jameswestby.net/ seccure key - (3+)k7|M*edCX/.A:n*N!|7U.L#9E)Tu)T0AM - secp256r1/nistp256 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: loop-aes: losetup -F /dev/loop3 failed
On (25/09/06 22:08), David Kolf wrote: Hello, I want to encrypt the swap and /home partition on my system using loop-aes. Encrypting swap with random keys works fine, but the /home partition, which should be password protected, is troubling me. I followed the instructions from http://loop-aes.sourceforge.net/loop-AES.README in section 7.2. I prepared the keys, filled the partition with random data and modified /etc/fstab in the way the instructions told me. When I entered losetup -F /dev/loop3 it asked me for the password but then it told me ioctl: LOOP_MULTI_KEY_SETUP_V3: Invalid argument. I used the package loop-aes-source version 2.2d-5 and loop-aes-utils 2.12p-4sarge1. My kernel is a custom built 2.6.8 kernel. Running make tests for the loop-aes module did not report any error. Does this answer your question? http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=318944 (Found by googling your error message). James -- James Westby --GPG Key ID: B577FE13-- http://jameswestby.net/ seccure key - (3+)k7|M*edCX/.A:n*N!|7U.L#9E)Tu)T0AM - secp256r1/nistp256 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How to measure stability?
On (16/09/06 18:51), Bruno Buys wrote: Is there any way to objectively measure stability among debian flavours? I mean, does anybody know of a webpage or project or something to build statistics on bug reports? I'm asking this because every now and then we have threads asking how much unstable unstable is, and the replies are always like 'depends', or 'your mileage may vary' and such. If a there's a good soul somewhere keeping statistics of broken stuff and bugs grouped by packages and flavours, I'd REALLY like to see it. How about this project? http://brion.inria.fr/anla/index edos has a utility for checking for uninstallable packages very quickly. edos-debcheck is the package name I believe. They are using it to generate statistics for the Debian archives. They use a weather motif to indicate how many packages are uninstallable at present. For instance here is the past performance of unstable http://brion.inria.fr/anla/health?bundle=Uarchitecture=i386 compared with testing http://brion.inria.fr/anla/health?bundle=Tarchitecture=i386 It doesn't work on bug reports as you wanted, but it can give an idea about how badly unstable is currently broken with regard to installation. Or how about the number of RC bug reports against sid and etch? Gives some impression of how close to release etch is, although it has it's problems. http://bugs.debian.org/release-critical/graph.png James -- James Westby --GPG Key ID: B577FE13-- http://jameswestby.net/ seccure key - (3+)k7|M*edCX/.A:n*N!|7U.L#9E)Tu)T0AM - secp256r1/nistp256 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: What is this!!!!!
On (03/09/06 08:47), Tom Allison wrote: I'm filling up my hard drive with this record... So if I read this right, my CDROM drive is hyperactive. There's nothing in it. Before I start bellyaching about some bug can someone shed any light as to how/why or what can be done about this? Linux isengard 2.6.16-2-k7 #1 Sat Jul 15 23:05:41 UTC 2006 i686 GNU/Linux Sep 3 08:45:01 localhost kernel: evbug.c: Event. Dev: isa0060/serio1/input0, Type: 2, Code: 0, Value: 3 Sep 3 08:45:01 localhost kernel: evbug.c: Event. Dev: isa0060/serio1/input0, Type: 2, Code: 1, Value: 4 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=380576 and http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=379209 I used the workaround in the first report and it works here. James [P.S. please use a more descriptive Subject: in future, thanks] -- James Westby --GPG Key ID: B577FE13-- http://jameswestby.net/ seccure key - (3+)k7|M*edCX/.A:n*N!|7U.L#9E)Tu)T0AM - secp256r1/nistp256 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: where is glxgears now ?
On (03/09/06 09:45), Ron Johnson wrote: Andrei Popescu wrote: $ apt-cache search glxgears mesa-utils - Miscellaneous Mesa GL utilities That only works if you've already installed mesa-utils. I think you are thinking of dpkg -S. apt-cache works from the list of all available packages. The other alternative would have been apt-file seach if glxgears wasn't mentioned in the control file of mesa-utils. James -- James Westby --GPG Key ID: B577FE13-- http://jameswestby.net/ seccure key - (3+)k7|M*edCX/.A:n*N!|7U.L#9E)Tu)T0AM - secp256r1/nistp256 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: how does ITP work?
On (03/09/06 18:59), Thibaut Paumard wrote: Le dimanche 03 septembre 2006 à 13:25 +0200, Tshepang Lekhonkhobe a écrit : Hi, I saw an old ITP for audacious and wondered who actually approves it if not the interested DD? If you thing the ITP is old and you are interested in packaging this software yourself, send a message as a follow-up to this bug, asking where the original ITP-er stands, whether he still wants to package the stuff, and whether he would like help. Not jumping on you at all, I just know the package in question. The maintainer is close to having a working package. I expect he will seek out a sponsor within the next week. You can expect audacious to be included in Debian quite soon. James -- James Westby --GPG Key ID: B577FE13-- http://jameswestby.net/ seccure key - (3+)k7|M*edCX/.A:n*N!|7U.L#9E)Tu)T0AM - secp256r1/nistp256 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: the ds in GLibC?
On (30/08/06 07:23), Tshepang Lekhonkhobe wrote: On 8/29/06, Roberto C. Sanchez [EMAIL PROTECTED] wrote: On Mon, Aug 28, 2006 at 06:32:44PM +0200, Tshepang Lekhonkhobe wrote: Hi, Anyone know what the 'ds' in versions of recent GLibC in unstable mean? Daniel Stone. I believe he incorporates some significant patches and wants to differentiate between his customized version and the upstream version upon which it is based. But I don't see Daniel's name on the changelog. Are you mistaken? The latest .ds upload has a changelog which mentions the removal of non-free documentation. Perhaps the ds is used to indicate that the tarball is not the original upstream. A lot of packages use dsfg for that, but there is no rule. James -- James Westby --GPG Key ID: B577FE13-- http://jameswestby.net/ seccure key - (3+)k7|M*edCX/.A:n*N!|7U.L#9E)Tu)T0AM - secp256r1/nistp256 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Delinquent maintainers?
On (12/08/06 23:07), Carl Fink wrote: On Sun, Aug 13, 2006 at 03:40:07AM +0100, James Westby wrote: If so I have sympathy for you, but it is possible to get it by other means, and the bug that is keeping it out of etch means that it shouldn't be in Debian at all in it's current state. Okay, but the bug can be fixed, if the maintainer would do something, or so I understand. Saying It's a bad bug doesn't really mean much in that context. It also requires the movement of upstream as well to clarify the licenses, and include them with the files that aren't mentioned. I am saying It's a bad bug, but I really mean that it is a very serious bug that means vlc is *undistributable*, and that Debian is currently doing something wrong i distributing it at all. (Note however that I am not an expert on these matters, and so I might be wrong). The bug report is excellent and spells out the problem in detail. There is no technical knowledge required to fix this bug if you wnated to help do something about it. My suggestion would be to get the source of the package, and go through it and write a proper debian/copyright file as best you can (the bug report and http://lists.debian.org/debian-devel-announce/2006/03/msg00023.html might help here). You can then email the bug report attaching your work, and enquire whether the maintainer has contacted upstream about the other part of the problem. If not you could offer to do that for him. (Note I am using you in a more general sense, i.e. one could offer...). So they just sit unfixed and unremoved forever? The maintainer can close them, but wont until he is sure they that are not a bug. He could also downgrade them if he feels that they do not meet the requirements of an RC bug anymore. You could ask him whether he wishes to do this, but he only tagged them unreproducible quite recently. It isn't that I'm suffering from it in the sense that it affects me, since I CAN'T EVEN INSTALL THE STUPID PROGRAM. It's that the presence of those two unreproducible-but-unremoved bugs keeps checkinstall out of Etch. Forever, apparently. You realise this is a safety mechanism? There would be complaints if Debian put in a stable release a program that when used stopped the user from logging in. Granted, this is an edge case, as it appears to have affected some people, and not others. How can I fix it? [pause while I do research] Okay, it's written in C. I'm not a C programmer. checkinstall is a shell script. I have just looked at it and seen some problems that may be the cause of the bug report. I will email the bug report with my findings. If all you want to do is install vlc then you can use apt pinning and install the version from unstable. Sure, but I shouldn't have to, and that won't get VLC into the next Stable. Nor will that fix the weirdly-ignored checkinstall. In it's current state VLC will not be in the next stable, as it violates the DFSG, and as such will not be distributed by Debian. It seems like the intent is for it to be free software though, so the problems can probably be sorted. James -- James Westby --GPG Key ID: B577FE13-- http://jameswestby.net/ seccure key - (3+)k7|M*edCX/.A:n*N!|7U.L#9E)Tu)T0AM - secp256r1/nistp256 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Delinquent maintainers?
On (12/08/06 22:07), Carl Fink wrote: How long does a package have to sit with unfixed bugs before the maintainers are considered to be inactive? I mentioned on this list wanting to use VLC, which has now sat un-migratable for almost one year. There is a team of developers who try and weed out inactive maintainers. They also try and fix the really important bugs of neglected packages. The only bug of this type affecting vlc is one that doesn't affect usability. Do you mean by un-migratable that it isn't in etch? If so I have sympathy for you, but it is possible to get it by other means, and the bug that is keeping it out of etch means that it shouldn't be in Debian at all in it's current state. Since nothing was happening there I figured I'd install checkinstall and then install VLC from source--but checkinstall has sat with grave bugs unfixed for over 240 days itself. This is a package mentioned in the Administrator section of the Debian web site (http://www.debian-administration.org/articles/147), but apparently nobody is maintaining it. Firstly a note that debian-administration.org is not an official site. It is however a brilliant site and incredibly useful (thanks Steve). The grave bugs you refer to are tagged unreproducible, meaning that the maintainer has no idea why they happen, and cannot reproduce them to try and investigate. If you are suffering from a bug that is tagged unreproducible then you should send an update to the bug report explaining your situation, and giving any information you can, and ask the maintainer to remove the tag. You could also aid the maintainer to try and identify what causes the problem so that it can be fixed. I'm simply not qualified to maintain either package. What else can I do? In the case of vlc I'm afraid there's little you can do, as it is a licensing issue. If you really want to fix it you can pester the upstream author to sort out the issues, or write a replacement under a better license. In the case of checkinstall I suggest that you try it, and if you encounter the problem help the maintainer to fix it. It looks like the chances of you hitting the bugs is slim though. If all you want to do is install vlc then you can use apt pinning and install the version from unstable. James -- James Westby --GPG Key ID: B577FE13-- http://jameswestby.net/ seccure key - (3+)k7|M*edCX/.A:n*N!|7U.L#9E)Tu)T0AM - secp256r1/nistp256 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Changing binaries
On (31/07/06 19:02), Joey Hess wrote: http://www.viruslist.com/en/weblog?calendar=2005-09 http://www.lurhq.com/atd.html One of those might possibly explain how that virus got on there. I'd recommend a rebuild; you have a system here whose previous admin has either been running untrusted (or compromised) binaries as root, or not keeping the box secure. ...or one that's out to get you. James -- James Westby http://jameswestby.net/ seccure key - (3+)k7|M*edCX/.A:n*N!|7U.L#9E)Tu)T0AM - secp256r1/nistp256 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: /etc/X11/X already customeizes on a fresh install
On (18/07/06 09:22), [EMAIL PROTECTED] wrote: Just installed 32-bit etch on an AMD64 two days ago. Today I installed xorg. Then I did dpkg-reconfigure xserver-xorg, went through the usual options, and when I was done, it said, xserver-xorg postinst warning: not updating /etc/X11/X; file has been customized Now I know for sure I have not done any such thing. Perhaps the test for customization is wrong? Please see the many open bugs against xserver-xorg for this and related problems. In most cases this bug will not cause you a problem I think, but if you're /etc/X11/xorg.conf is not updated then you need to use one of the workarounds provided, for instance the workaround or patch in http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=375689 James -- James Westby [EMAIL PROTECTED] http://jameswestby.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Debugging udev
Hi, I have a problem which looks like it is udev (0.093-1) hanging at boot time. The messages it look something like [grub prompt] INIT version 2.86 booting Starting the hotplug events dispatcher...udevd. Synthesising initial hotplug events...done. Waiting until /dev is fully populated... [cursor blinks for a couple of seconds] Then boot will either continue normally or will hang before printing anything else. It actually stops rather than waiting forever as the cursor stops flashing. The only thing I can do is restart with the power button. Occaisonaly there will be one of four messages (from memory, in decreasing order of frequency) hdb: not ready for command. hda: not ready for command. hdb: DMA channel in use. hdb: timeout waiting for DMA. The intermittency leads me to think that it is some sort of race condition, and these messages suggest that it is perhaps involving the hard drives (hdb has my /). I think this has been the case since installing udev, and I have been meaning to write this message for a while, but a couple of days ago it happened about 50 times before I booted sucessfully. I saw something suggesting that user rules caused the problems in most cases, so I removed all of mine, but this had no effect. So my question, is there a way to debug udev at such an early stage of the boot process? Is there, for example, a boot parameter that would cause udev to output what it is doing during this time so I can find out which rule/device is causing the problem? I don't want to submit a report with such little information, especially on udev, but at least that would let me find out how the maintainer would go about debugging the problem. Hopefully though the readers of d-u can give me some good tips. Thanks, James -- James Westby [EMAIL PROTECTED] http://jameswestby.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: regex for top-posting?
On (10/07/06 23:18), Eric d'Alibut wrote: Surely there is an Exim or Mailman hack or even a procmail recipe that would weed out top-posting... Check out fullquottel. With that and procmail it is probably possible, though I've never used it. James -- James Westby [EMAIL PROTECTED] http://jameswestby.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: GPG error during apt-get upgrade
On (01/07/06 20:00), Todd A. Jacobs wrote: I'm getting the following error when running apt-get upgrade: Reading package lists... Done W: GPG error: http://security.debian.org stable/updates Release: Unknown error executing gpgv W: GPG error: http://security.debian.org testing/updates Release: Unknown error executing gpgv W: You may want to run apt-get update to correct these problems Obviously, GPG is having some sort of problem with the signatures from the security source, but I'm not sure how to track it down. Anyone have any advice about what to do next? http://lists.debian.org/debian-security/2006/06/msg00061.html -- James Westby [EMAIL PROTECTED] http://jameswestby.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: aptitude update gpgv error
On (02/07/06 11:31), Lubos Vrbka wrote: hi guys, i can see the following error when doing aptitude update on my freshly installed etch i386 system: W: GPG error: http://security.debian.org etch/updates Release: Unknown error executing gpgv W: You may want to run apt-get update to correct these problems http://lists.debian.org/debian-security/2006/06/msg00061.html when i try to execute gpgv i get the following error # gpgv -v gpgv: can't allocate lock for `/root/.gnupg/trustedkeys.gpg' gpgv: keyblock resource `/root/.gnupg/trustedkeys.gpg': general error indeed, trustedkeys.gpg is not present. when i create it by touch trustedkeys.gpg, this error disappears, but the error from aptitude persists. any hints? thanks, I'm not sure whether this is a problem or not I am afraid. James -- James Westby [EMAIL PROTECTED] http://jameswestby.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: aptitude update error with security on etch
On (30/06/06 15:55), Ross Boylan wrote: I've been seeing the same error on a couple of different machines today: W: GPG error: http://security.debian.org etch/updates Release: Unknown error executing gpgv W: GPG error: http://security.debian.org stable/updates Release: Unknown error executing gpgv http://lists.debian.org/debian-security/2006/06/msg00061.html -- James Westby [EMAIL PROTECTED] http://jameswestby.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Sarge Kernel Image Package Question
On (29/06/06 10:57), Ralph Katz wrote: On 06/29/2006, Linas ?virblis wrote: Why should it? Many people prefer to manually choose their kernels, as this is not something you can upgrade at any given time. It is not a problem either way - installing or removing a meta package is not that hard, is it? Hi Linas, You are correct that installing the meta package is not hard. The issue is security; without the meta package, kernel updates are /not/ automatic with apt-get/aptitude upgrades. For desktop users and non-developers like me who maintain our own systems, it's easy to miss the fact that kernel security updates are skipped without the meta package. For this reason, I believe the current default installation procedure and docs are flawed. When I used the installer the other day I was given a choice of kernels to install. There were 2 2.6.x actual kernels, and the two associated meta-packages. Perhaps you could make a proposal to the debian-installer team, that they put a little explanation underneath of what the difference is. Also, you could propose to those who are responsible for the installation manual that they include a paragraph explaining the purpose of the meta-packages, and the pros/cons of installing them. James -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Nvidia (their's) driver on multiple kernels.
On (28/06/06 21:48), David Baron wrote: Then installed the nvidia-glx. Did not work. The libglx.so, etc were not installed anywhere I (or the xorg.conf) could find them. I will check again when the locate db is updated. Reinstalled the nvidia run meanwhile. dpkg -L nvidia-glx should help. You need matching versions of nvidia-glx and kernel modules for X to run. That's the 8192 or whatever. James (If I really cannot find them, I guess I file a bug.) Yes, but I guess they are there somewhere, it would be rare for a package to be uploaded containing no files. James -- James Westby [EMAIL PROTECTED] http://jameswestby.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Installation: Use SPACEBAR to select Desktop Environment, not just the enter key.
On (26/06/06 10:52), Chuck Pergiel wrote: June 26, 2006 When you get to the package selection screen, it appears that once again there is a select one item from a list, and the default selection is highlighted. Nowhere does it say anything about pressing the spacebar. http://shots.osdir.com/slideshows/slideshow.php?release=658slide=21 I think the terminology could be improved slightly, but when I used the installer the other day it did say this. Have you got a suggestion for what the information at the bottom should say? If so I suggest that you pass it on. http://www.debian.org/releases/stable/i386/ch06s01.html.en is a little more explicit about how the system works. James -- James Westby [EMAIL PROTECTED] http://jameswestby.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: group ownership of /dev files
On (22/06/06 16:56), Derek Martin wrote: Hi folks, If there's a more appropriate place to ask this, please let me know. I manage a large number of workstations which run Debian. Everyone in my organization need to be able to access any of these workstations, and they expect basic services (like sound, for example) to work properly. Red Hat has a nice PAM library that lets people access, say, the sound devices when they log in on the console. Thus anyone who logs in automatically has access to the sound devices. However, this facility appears to be lacking in Sarge. Note: it is not possible for me to add everyone to the audio group. The workstations get all authentication and group memberships from corporate resources which I do not control. And, even if it were possible, it would be a very bad solution given the large number of machines and large number of users; it would be a maintenance nightmare. A reference. http://lists.debian.org/debian-devel/2002/07/msg01521.html I haven't used pam_console but it does sound quite undesirable. Have a look in /usr/share/doc/udev, that will tell you how to disable udev. James -- James Westby [EMAIL PROTECTED] http://jameswestby.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Problem with kernel-package
On (22/06/06 20:42), Kit Peters wrote: I'm trying to compile kernel 2.6.17.1 from the vanilla sources at kernel.org. As this kernel is for a specific machine, I want to append a note to the kernel version to reflect that fact. Normally, I would do this from within $KERNEL_SOURCE_DIR/.config, but as I'm trying to keep this machine as debianized as possible (by which I mean installing everything via apt, and creating my own debs when necessary) I'm using kernel-package. I have configured the kernel via menuconfig. Kernel sources are at $HOME/src/linux-2.6.17.1/. I execute 'CC=gcc-4.1 make-kpkg --pgpsign [EMAIL PROTECTED] --rootcmd sudo --revision 1.0 --append-to-version -pt5500 buildpackage'. It is oft recommended to use fakeroot rather that a real root command for compiling. The kernel appears to build successfully, and sudo prompts me for my password to execute 'debian/rules binary'. At this point, however, it all goes wahooni-shaped: You neglected to mention the version of kernel-package you are using. Is it http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=359832 that you are seeing? My kernel .config is attached. Can anyone shed some light on this matter? I saw this problem when trying to set CONFIG_LOCALVERSION but you are not doing this. It can also look a bit like this (but right at the start) if you don't make-kpkg clean first. James -- James Westby [EMAIL PROTECTED] http://jameswestby.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Problem with kernel-package
On (22/06/06 21:07), Kit Peters wrote: On 6/22/06, James Westby [EMAIL PROTECTED] wrote: It is oft recommended to use fakeroot rather that a real root command for compiling. Hm. I've never used fakeroot for anything. How would I compile a kernel in fakeroot? aptitude install fakeroot s/sudo/fakeroot/ in your command. That should be it. You then don't have to enter your password, and there is less chance of something going catastrophically wrong. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=359832 No, I'm using kernel-package 10.047. It might be a re-occurence of a similar bug. I am using the same version and compiled the debian 2.6.17.rc3 packages a couple of days ago. Perhaps it could be the vanilla source that is causing it. (Though I doubt it). Well, I'll try the make-kpkg clean, but I'm not sanguine about the outcome. Neither am I. James -- James Westby [EMAIL PROTECTED] http://jameswestby.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Newer twiki package?
On (20/06/06 18:17), Stephan Seitz wrote: On Tue, Jun 20, 2006 at 10:41:52AM -0400, Kamaraju Kusumanchi wrote: One solution is to file a wishlist bug asking for a new version of twiki. You can use reportbug program to report bugs. There is already one sent 111 days ago without answer of the maintainer. There is a bug concerning the security issue without answer. There was another security announcement today. CVE-2006-2942 http://twiki.org/cgi-bin/view/Codev/SecurityAlertTWiki4PrivilegeElevation You could file that as another prod. James -- James Westby [EMAIL PROTECTED] http://jameswestby.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Getting PostgreSQL to work with PHP
On (15/06/06 09:56), Xavier Elizalde wrote: I have the default Sarge installations of PHP4 and PostgreSQL. But I can't get PHP to work with PostgreSQL. The php command phpinfo() shows that it was compiled with the following parameters... [snip ./configure flags] It says --without-pgsql in there. I'm sure it should say --with- pgsql instead for it to be working. Is there a way I can change this using apt-get and compiling from source? I know it can be done manually in a /usr/local directory, but currently PHP is in my /usr/ lib64 directory. I'm kind of hesitant to compile anything outside of / usr/local unless it is done automatically through apt-get for the sake of keeping things organised. Any suggestions? Maybe php4-pgsql is what you are after. James -- James Westby [EMAIL PROTECTED] http://jameswestby.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: apt-get install apache-ssl -- problems making Certificate Request
On (07/06/06 21:54), David Christensen wrote: debian: I am attempting to install apache-ssl on a fresh 3.1r1 installation. When I ran apt-get, I think it barfed on something I entered for the SSL certificate (?): # apt-get install apache-ssl snip Setting up apache-ssl (1.3.33-6sarge1) ... Generating a 1024 bit RSA private key ...+ + .++ writing new private key to '/etc/apache-ssl/apache.pem' - problems making Certificate Request 4517:error:0D07A097:asn1 encoding routines:ASN1_mbstring_copy:string too long:a_mbstr.c:154:maxsize=2 dpkg: error processing apache-ssl (--configure): subprocess post-installation script returned error exit status 1 Errors were encountered while processing: apache-ssl E: Sub-process /usr/bin/dpkg returned an error code (1) Looking for /etc/apache-ssl/apache.pem, the file exists and appears to contain an RSA key: How do I get apache-ssl working? You could try dpkg-reconfigure apache-ssl, of a apt-get remove --purge apache-ssl, then reinstall it. Otherwise googling for apache ssl will bring up a lot of hits, some of which will probably tell you how to create the certificates, and where to place them. http://www.debian-administration.org/articles/31 http://www.debian-administration.org/articles/284 James -- James Westby [EMAIL PROTECTED] http://jameswestby.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Certificate problem
On (29/05/06 11:22), Hans du Plooy wrote: Hi guys, I setup ISPconfig on Debian Sarge, and when trying to log into the web interface, I get the following message from Firefox: Could not establish an encrypted connection because certificate presented by server.domain.tld is invalid or corrupted. Error Code: -8182 Konqueror warns me that there's a problem, but allows me to go ahead anyway, and the webinterface works fine. So it looks like a pure certificate problem, not any problem with ISPconfig itself. There is a solution to this problem - recreating the certificates, but I've done that and it doesn't solve the problem. Has anyone seen this before, know where to look? I'm not sure that I have seen this error before, but the following things might help. openssl verify -verbose /path/to/cert Check that the server has the key corresponding to the certificate available. openssl x509 -text -noout -in /path/to/cert http://www.google.co.uk/search?q=%22Error+Code%3A+-8182%22 openssl s_client -host server.domain.tld -port 443 If the last one starts to work then complains about not being able to verify a certificate, and you use CA certificates look at the options for s_client and provide the necessary certificates so it can verify. If you use certificate directories in your apache config use c_rehash on the directory (make sure it prints some output). I saw a problem the other day where I generated certs on one system using sha256, then moved them to another system using an older openssl which didn't have sha256, which caused some strange errors. Are you using two different openssl versions. Also are you using openssl or gnutls at each end? I assume you meant this? http://www.howtoforge.com/faq/14_63_en.html Hope this helps, James -- James Westby [EMAIL PROTECTED] http://jameswestby.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: best way to secure communication?
On (23/05/06 01:58), lee wrote: On Sat, May 20, 2006 at 10:44:29PM +0100, James Westby wrote: No metter how well the encryption is implemented on top of a protocol like that it could be circumvented easily. For real security it has to be designed in from the start. Yeah, I wondered why that has not been done. It's one of the first things to think of when creating any protocol that can be used to transfer information over insecure channels. I doubt most users of IM programs do not want it. They seem to already have taken care of that by automizing the key exchange. We couldn't try it out yet because the other end had weird trouble downloading the software, but I guess it will work. Then we will need to compare the fingerprints, and should be 'sufficiently secure' for a first attempt. But how will you compare the fingerprints? That needs to be done out of the channel. I would suggest that email would be the best way. Get your friend to email you the fingerprint, then you can check it came from the email address they normally use (probably good if it's not the one used for the IM). Otherwise, if you do it over the IM, the person at the other end has just told you the fingerprint of the key they just sent, not a very difficult task for an attacker. -- James Westby [EMAIL PROTECTED] http://jameswestby.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: best way to secure communication?
On (20/05/06 18:22), lee wrote: On Thu, May 18, 2006 at 08:12:29PM +0100, James Westby wrote: My point was that if you are worried about people putting the effort in to cracking *your* SSL based chats, then I would be wondering what you were actually talking about. Oh, I don't think that anybody will try. You're probably right, but you're doing the right thing by thinking about it anyway. The people that would usually have to be concerned about the level of security provided by SSL, would have to have some very tempting information that they wanted to keep secret for the next 50 years. And if I was that concerned about it then I would not be asking for advice like this on d-u (apologies to all subscibers). I would be doing research in to how to actually acheive some proper security, rather than using some attempts to add encryption to existing protocels over public switched networks (no offence to those who have added encryption capabilities to these protocols, capabilities I use all the time and value a lot). Do you think it's insecure to use existing protocols with added encryption? No, not as a rule, there are some fantastic uses of encryption which are added to existing protocols. The problem may be that the encryption would be of limited use due to the underlying protocol in some cases. For instance it might be added to some very open protocols (not as in open-source) that allow the clients to get away with a lot, and so the encryption can be bypassed. No metter how well the encryption is implemented on top of a protocol like that it could be circumvented easily. For real security it has to be designed in from the start. The other problem was with the use of packet switched networks, which provide many, many ways for an attacker to manipulate the playing field. This makes it much harder to be sure that what you are doing is secure. If you are just the paranoid type then SSL using something like TLS_DHE_DSS_WITH_AES_256_CBC_SHADHE-DSS-AES256-SHA (man 1 ciphers) should put off the casual attacker. I'm trying not to become paranoid. I only want to make it sufficiently difficult for ppl eventually trying to spy. The more difficult, the better. The hard thing is to find out what can be considered as 'sufficiently difficult'. That's a subjective thing. I'm not sure what you mean by the other end of the communication? Are you planning to be talking to people who don't use encryption? In that case there is not a lot of point in worrying about how strong your encryption is. No, but I don't have much influence on the other end, other than deploying some solution for encryption, provided that the solution is sufficiently easy to install and to use. No more than that, so if someone would try to attack, he'd probably attack the other end since it appears to be the weakest part. That's probably the case yes. But if you use end-to-end gpg encryption then you should be alright. As long as your friends aren't the sort of people who hand out their private keys to anyone that asks. If I were paranoid, I won't even try this because it is 'sufficiently futile' ;) Within its limitations, it's still better than nothing. But it would be a very bad thing not to know of the limitations and to think that is actually secure. The plugin for Gaim seems to be nice, we're going to try it out. Maybe the other options will also become interesting. Do you think it's sufficiently secure that way? Like 'the plugin works as advertised' or 'the plugin is crap because it's easyly decrypted or exploited'? With whatever be used, it's hard to tell. I haven't seen this plugin so I can't tell you I'm afraid. Without seeing it I would say that gpg meets your needs, and the authors of the plugin have probably done a good job of writing it. My only concern would be the key distribution, but you can come up with a solution to that, especially if you know who you want to talk to before you start. James -- James Westby [EMAIL PROTECTED] http://jameswestby.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: best way to secure communication?
On (18/05/06 20:30), lee wrote: On Wed, May 17, 2006 at 11:53:31PM +0100, James Westby wrote: On (18/05/06 00:30), lee wrote: Hi, [snip] And then, ssl is only so much secure [snip] I think if you are worried about the security afforded by ssl you might have to rethink your approach. Well, I don't know how secure ssl actually is. Afair I've been reading that they came up with hardware devices that can do ssl decoding in realtime. My point was that if you are worried about people putting the effort in to cracking *your* SSL based chats, then I would be wondering what you were actually talking about. And if I was that concerned about it then I would not be asking for advice like this on d-u (apologies to all subscibers). I would be doing research in to how to actually acheive some proper security, rather than using some attempts to add encryption to existing protocels over public switched networks (no offence to those who have added encryption capabilities to these protocols, capabilities I use all the time and value a lot). If you are just the paranoid type then SSL using something like TLS_DHE_DSS_WITH_AES_256_CBC_SHADHE-DSS-AES256-SHA (man 1 ciphers) should put off the casual attacker. If I'm going to secure it, I want to do it right as far as possible. The other side of the communication is of course the biggest problem, but I don't have influence on that. So you might argue that's it's a very questionable or futile attempt in the first place ... I'm not sure what you mean by the other end of the communication? Are you planning to be talking to people who don't use encryption? In that case there is not a lot of point in worrying about how strong your encryption is. James -- James Westby [EMAIL PROTECTED] http://jameswestby.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: best way to secure communication?
On (18/05/06 00:30), lee wrote: Hi, [snip] And then, ssl is only so much secure [snip] I think if you are worried about the security afforded by ssl you might have to rethink your approach. (Unfortuanately I can't really comment on your ideas as I have no experience.) James -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Multi-layered PKI implementation
On (04/05/06 10:37), Paul E Condon wrote: On Thu, May 04, 2006 at 05:28:18AM +0100, James Westby wrote: On (03/05/06 20:29), Grant Thomas wrote: When large buildings are keyed for locks, locks can be keyed for different layers of security. So, there might be the highest key, or skeleton key's used in old houses that opened all the doors, and multiple levels of sub keys, down to a key that opens only one lock. I think I have a grasp on the basics of PKI as it relates to X.509 certificates, but I'm wondering if there is a PKI implementation that allows for multiple layers of access built into the keys themselves. PKI is for authentication, not for access control. I think there is some misunderstanding here, so I'm going say what I understand by (X.509) PKI. I'll start with X.509 in it's most common usage (I think), SSL. SSL uses public keys to exchange bulk transport keys to encrypt the session, but it also provides authentication using X.509 certificates. Below Alice is a customer, Bob is an online retailer and Eve is a nasty evil scammer. Without PKI: Alice - Bob: I want to by a shiny wotsit from you for 500 monkeys. Can we encrypt the transaction so I can send you my credit card details? Bob - Alice: Sure, my public key is 12345. Alice - Bob, thanks, here's our shared secret encrypted with your private key. Bob and Alice complete their transaction in secret, and Alice get's her shiny wotsit. Everybody is happy. Now try again, but this time Eve has tricked Alice in to going to her website instead (using phishing, DNS poisining etc.) and she has done a very good job of making it look the same. Alice - Eve: This time I fancy one of those big woompas. Can we encrypt our session again? Eve - Alice: (doing her best Bob impression) Sure, my public key is 6789. Alice - Eve, thanks ... And Alice is none the wiser. Now let's try it again with X.509 PKI. Bob now has a valid certificate from Tony, and Alice has already obtained Tony's public key *over a secure channel*. (From now on I will omit the request from Alice along with the useless tat she insists on buying) ... Bob - Alice: Sure, my public key is 12345, and here is my certificate from Tony. Alice whips out her calcuator and verifies the signature on the certificate using Tony's public key. She then checks the certificate contains Bob's name, Public key, that it hasn't expired etc. Alice - Bob: Thanks... So that's how it works most of the time. Now Eve tries again ... Eve - Alice: Sure, my public key is 6789, and here is my certificate signed by Tony. Now, assuming Tony has been doing his job properly one of two things will happen 1) Eve has a valid certificate, but it won't have Bob's name on it. 2) Eve has a fake certificate and Tony's signature will not verify. Either way Alice knows that Eve is trying to trick her. Now to get some idea of how access control might come in to it change it a bit to use the little used other feature of SSL (on the general Internet at least), client certificates. A company sets up an agreement with their supplier when they move to Internet based ordering that the supplier will check that when a member of staff places an order they will check a list that they have provided to see if they are authorised to spend that much money. This is a kind of access control. To implement this the company sets up their own CA, and provides the public key to the supplier. They then issue each memeber of staff with a public key, and associated certificate. When an employee makes a transaction they enter their name (Identification), and the supplier then looks up the amount they are allowed to spend in the list provided by the company, and checks that this transaction qualifies. Instead of a password when placing the order the employee will use their public key (probably in some kind of challenge-response protocol to check they have the corresponding private key. Without the certificates an employee can just generate a key pair themselevs and use this, but with the inclusion of the PKI they cannot. So, I hope this explains why I think that X.509 PKI as explained above deals with the authentication of entities, rather that the access control. However thinking about it more, SPKI does can give the hierarchical structure the OP was suggesting. It can actually produce more complex structures, and also do pretty much the same thing as X.509. This statement may be true, but only in a very narrow sense that escapes me. I hope I have explained above why I consider it to be true. PKI stands for Public Key Infrastructure. Yes. It has to do with *public* keys, which are used for encrypting information. Yes. Encryption is commonly believed to be a way to control access to information. Yes. One may have access to an encrypted document but, without the key for decrypting it, one does not have access to the information. Yes. However PKI is not normally taken to mean
Re: Multi-layered PKI implementation
On (04/05/06 19:16), Grant Thomas wrote: Thanks for the explanations, they are rather more indepth than I was expecting for an idle curiosity. Thanks for the verbosity and the need for clarification, they are always appreciated. As with many things, it is better to cut too long and adjust than to start short and really mess up. I did figure that the access control wasn't built into the scheme and would take an external ACL implementation to do something like this. In retrospect, I probably did have a slightly distorted impression of PKI, but the core I did understand. To all, thanks for the responses, they were greatly interesting. No problem. So, one final question: I would like to know more about encryption, the underlying infrastructures, etc. What would be, in the lists recommendation, a good place to start? What sort of thing are you looking for? Are you just interested, or is it maybe something that will creep in to your work? I'm always one for reccomending books, so I'll just suggest a couple of things. If your just curious about the ideas behind some different schemes, and public vs private key, a bit of history, some anecdotes, then there are a couple of reasonable pop science type books around. I've read The Code Book by Simon Singh, and that was OK. If you're interested say in the pros and cons of RSA vs El-Gamal, relative key sizes, attacks against them, factoring algrithms, then a cryptography textbook might be a good idea. Either Cryptography by Nigel Smart, or Practical Cryptography by Bruce Schneier would be good. If you're more interested in the issues surrounding cryptography and information security then there are again plenty of books out there. Again I would recommend Bruce Schneier. If you dont fancy paper based material there are thousands of websites out there to trawl through, some of them are probably pretty good. Maybe other people have different ideas. Cheers, James -- James Westby [EMAIL PROTECTED] http://jameswestby.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Multi-layered PKI implementation
On (03/05/06 20:29), Grant Thomas wrote: When large buildings are keyed for locks, locks can be keyed for different layers of security. So, there might be the highest key, or skeleton key's used in old houses that opened all the doors, and multiple levels of sub keys, down to a key that opens only one lock. I think I have a grasp on the basics of PKI as it relates to X.509 certificates, but I'm wondering if there is a PKI implementation that allows for multiple layers of access built into the keys themselves. PKI is for authentication, not for access control. The certificates (the key being the secret that ties a certificate to an individual) merely provide a method by which one party can be confident about the identity of another party, usually by relying on a third party (or fourth, fifth...). In a slighty simplified view of X.509 each party has a certificate stating who they are, and they have a key that ties them to it. They then have a Certificate Authority sign this certificate after a process of verifying the information. They can then present this certificate to anybody, no matter whether they have ever had any contact with them before, and that person can verify the identity of the first person by checking the signature of the CA on the certificate. This then moves the trust from the person presenting the certificate to the CA. So within an organisation there may be a CA set up for internal use. This CA issues certificates for each member of staff, tying their identity to the certificate. When it becomes time for them to authenticate themselves to something, (e.g. the central database) they can present their certificate as authentication. The access control would come from the linkage between individuals and the things that they are allowed to do. So the access control on the database would first authenticate the user, and then allow them access depending on whether or not there as an entry in their access control database allowing them to. For a slightly different way of approaching this you may want to look at SPKI which ties the certificates to roles, meaning that merely possessing the certificate allows you to do something. http://world.std.com/~cme/html/spki.html The point I hope I have got across is that certificates are for authentication, it is what you choose to do with them that will give you the hierarchy. I hope I have been helpful, James -- James Westby [EMAIL PROTECTED] http://jameswestby.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: rerunning autodetect
On (30/04/06 18:35), Mark Tilford wrote: On 4/29/06, Mark Tilford [EMAIL PROTECTED] wrote: For various reasons, I had to run the installation on one computer, then transfer the hard drive to a different computer. How do I rerun the code that autodetects hardware (specifically the netword card)? From bootup: (DHCP program runs) eth0: ERROR while getting interface flags: No such device Bind socket to interface: No such device exiting. Failed to bring up eth0. done. I think that this means that the name of the interface in /etc/network/interfaces doesn't equal the name of the device on the system. Compare the output of ifconfig with the line auto eth0 or similar in that file. James -- James Westby [EMAIL PROTECTED] http://jameswestby.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Reproducing my Etch kernel
On (29/04/06 18:17), Digby Tarvin wrote: I am nearly ready to start customizing my 2.6 kernel for my hardware, but before I do that I would like to confirm my kernel build procedure by first reproducing what was left by the installer... I have searched the web and several books, and all of the instructions say to obtain the kernel with an 'apt-get install kernel-tree', and I am sure that 2-3 months ago with Sarge I used apt-get install kernel-tree-2.6.8 but on Etch this package does not seem to exit. However I did find that there is a 'linux-tree-2.6.15'. Is there an up-to-date 'howto' that gives a step by step summary of how the installed kernel was built from the current Etch repository? I have managed to build (and am running) a new kernel, but I am sure there must be a better way than trial and error to work out the procedure. Here is what I ended up doing: apt-get install kernel-package apt-get instal linux-tree-2.6.15 cd ~digbyt/kernel;tar xfj /usr/src/linux-source-2.6.15.tar.bz2 cd linux-source-2.6.15; cp /boot/config-2.6.15-1-686 .config make-kpkg --rootcmd fakeroot --initrd \ --append-to-version -drst --revision 1 kernel-image dpkg -i ../linux-image-2.6.15-drst_1_i386.deb Looks pretty good to me. I always compile kernel-headers as well for compiling against later, and modules-image for my extra modules, but you don't have to. Does this look reasonable? Why the 'i386' suffix when config was '686'? In the config menu there is an option to specify the processor family, check what value this has. This 386 doesn't specify what the kernel was built for though. This is a Debian thing for specifying which arch this .deb belongs to (i.e. 386 rather than amd64, ppc etc.) The newly compiled kernel exhibits one change in behaviour over the original. My sata CDROM, which I never managed to make work with the original kernel, is now recognised! scsi1 : ata_piix Vendor: MATSHITA Model: DVD-RAM UJ-832S Rev: 1.01 Type: CD-ROM ANSI SCSI revision: 05 This was one of the reasons for getting ready to reconfigure the kernel, but I wasn't expecting a recompile with no changes to do the trick??? Maybe it was making the initrd again that did the trick, the drivers might be included now, hence the larger size. One thing I am not sure of is how to make sure that I apply the same set of patches as was done with the original kernel. I have seen mention of an 'applied_patches' files in the top level directory of the kernel source tree, but no such file seems to exist. The Debian stock kernels have a bunch of patches applied to them from the kernel.org versions. The linux-tree package contains these I think, there is a package (kernel-patch-debian or similar) that contains them if you want to look. If you want to apply more patches then make-kpkg does this very nicely. Packaged patches (e.g. grsecurity2) create a kernel-patches dir next to the kernel tree where they are stored. Then make-kpkg can be made to apply all the patches, allow you to configure the kernel, then build it and unpatch the source, meaning you don't have to remember to patch the tree everytime you get a new one. Hope this helps, James -- James Westby [EMAIL PROTECTED] http://jameswestby.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How to figure out if a package repository index has been updated.
On (28/04/06 21:33), Alex Polite wrote: I'm rewriting flosspick.org and learning Ruby on Rails at the same time. dpkg-ruby doesn't take debtags into account so I need to write my own stuff. One thing I'm trying to figure out is how one can know whether a Packages.gz file in a repository has changed since you last downloaded it *without* downloading it again. Isn't there a checksum for all the Packages.gz in the Release file? -- James Westby [EMAIL PROTECTED] http://jameswestby.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Debian SSH server configuration
On (25/04/06 19:23), Bruce Corbin wrote: Hi All, Before you flame me --- I asked this question over in debian-ssh and after 24 hours I didn't have a single hit on it. So I thought I would try it over here. I would like to configure a Debian server to only allow clients to ssh in if the public keys (probably RSA keys) already reside on the hard drives of both machines. After spending some time in the snail book I am able to use StrictHostKeyChecking yes in the clients /etc/ssh/ssh_config file to cause the client to refuse to establish a ssh connection unless the server's public key is in the client's /home/user-name/.ssh/known_hosts file. This is useful in preventing overly trusting users from blindly answering yes and accepting man-in-the-middle keys when connecting to a new server. But, this does not restrict who can connect to the server. I haven't used this setting. What happens when the server's key expires? I tried putting StrictHostKeyChecking yes in the server's /etc/ssh/sshd_config file but I got a bad configuration option error. StrictHostKeyChecking is a client configuration directive, not a server one. My server's /etc/ssh/sshd_config file has PublicKeyAuthentication yes Good and PasswordAuthentication no. Any other methods allowed? I am uneasy about experimenting with PublicKeyAuthentication without having a better understanding of what it really does. I don't want to turn off any authentication features or turn off any encryption features and leave myself wide open but thinking that I am secure. The sshd_config file has pretty conservative settings by default, i.e. it disables things that are at the riskier end of the scale. Turning off PasswordAuthentication and others and using PublicKeyAuthentication should make you more secure (by that I mean you will be immune from script kiddies using password guessing scripts). You are right to be careful about what you do though. I would not recommend turning off password authentication until the end of the process unless you have local access to the server, otherwise you're on your own. You haven't actually explained what your problem is, so I'll just descibe the usual setup. The server has a certificate so that you know who they are, and you get this bit and have set it up. The client has a key, this is slightly different, as their is no web of trust or similar, the client just has to prove knowledge of that secret. You have to create a key for each client. This is easily done with ssh-keygen -t rsa on the client machine. You then need to get this key to the server so that it can check it with the client. The easiest way to do this is with ssh-copy-id -i ~/.ssh/id_rsa.pub [EMAIL PROTECTED] You can then ssh [EMAIL PROTECTED] and instead of being prompted to enter your password for the server you will be prompted for the passphrase on the key. Turn on debugging output from ssh if you want to confirm it is using key based authentication. Then I would recommend looking in to ssh-agent, and libpam-ssh. libpam-ssh is one of the most useful bits of software I have installed. You can get a full walkthrough here http://www.debian-administration.org/articles/152 James Any suggestions? http://www.google.co.uk/search?hl=enq=ssh+keybtnG=Google+Searchmeta= -- James Westby [EMAIL PROTECTED] http://jameswestby.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Debian SSH server configuration
On (26/04/06 01:22), James Westby wrote: ...The server has a certificate so that you know who they are, and you get this bit and have set it up. The client has a key, this is slightly different, as their is no web of trust or similar... Sorry, I don't know what came over me. I don't even know why I thought that was true at the time. James -- James Westby [EMAIL PROTECTED] http://jameswestby.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: compiling ndiswrapper
On (22/04/06 11:05), L.V.Gandhi wrote: Today I have installed linux-kernel 2.6.16-1-686 alongwith headers. Itried to compile ndiswrapper module from source. I get the followingerror. [snip] make[1]: Entering directory `/usr/src/modules/ndiswrapper' Can't find kernel sources in /usr/src/linux; give the path to kernel sources with KSRC=path argument to make Yes, headers are sufficient, they contain all the necessary header files to compile against the kernel, hence the name. However make is looking for them in /usr/src/linux, but they are not there. You can a) symlink /usr/src/linux/ to your headers /usr/src/linux-headers-`uname -r` b) call KSRC=/usr/src/linux-headers-`uname -r` make The error message from make explains this well I think. The disadvantage of a is that you need to change your symlink when you change your kernel, or make will succeed, but the module will be for the wrong kernel. The disadvantage of b is remembering to do it everytime. James P.S. when I read your mails they are all on one line making it very difficult to read, and I sometimes give up part way through. It appears my mail server converts from base64 to 8bit before I get them, and this may be the cause. I would appreciate it if you would check your setup to make sure you are sending well formatted mails. -- James Westby [EMAIL PROTECTED] http://jameswestby.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: PAM DB, vsFTPd virtual users
On (23/04/06 00:42), Øyvind Lode wrote: Hi all I trying to create a PAM db to authenticate virtual users in vsFTPd. I have read /usr/share/doc/vsftpd/EXAMPLE/VIRTUAL_USERS/README but I get problems on Step 1... Here is what the readme file says: [snip] I cannot even locate the binary/script db_load, db3_load or db4_load. I have installed libberkeleydb-perl on my Sarge box. How can I create the database??? Try libdb2-util instead. These are to do with the actual Berkeley DB, rather than the perl front end. James -- James Westby [EMAIL PROTECTED] http://jameswestby.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: SCSI emulation of USB camera
On (14/04/06 23:44), Ron Johnson wrote: To: debian-user@lists.debian.org From: Ron Johnson [EMAIL PROTECTED] Date: Fri, 14 Apr 2006 23:44:11 -0500 Subject: Re: SCSI emulation of USB camera On Sat, 2006-04-15 at 02:45 +0100, James Westby wrote: On (15/04/06 10:58), David Purton wrote: On Fri, Apr 14, 2006 at 05:42:52PM -0500, Ron Johnson wrote: On Fri, 2006-04-14 at 21:52 +0100, James Westby wrote: [snip] You must force the camera to use PTP mode in whatever app you are using. I tried that workaround and it didn't work. $ gphoto2 --camera Canon Powershot S1 IS (PTP mode) --port=usb\: -L *** Error *** An error occurred in the io-library ('Bad parameters'): Could not find USB device (vendor 0x4a9, product 0x309c). Make sure this device is connected to the computer. *** Error (-2: 'Bad parameters') *** Regarding the Could not find USB device, run it as root. Bingo. Thankyou very much. James. -- James Westby [EMAIL PROTECTED] http://jameswestby.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: SCSI emulation of USB camera
On (14/04/06 23:32), Christopher Nelson wrote: Regarding the Could not find USB device, run it as root. And if that works, add yourself to the 'camera' group rather than continuing to run it as root everytime you want it. Thankyou, this works also. James. -- James Westby [EMAIL PROTECTED] http://jameswestby.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Today's sid dist-upgrade.
On (14/04/06 20:44), L.V.Gandhi wrote: To: debian-user debian-user@lists.debian.org From: L.V.Gandhi [EMAIL PROTECTED] Reply-To: Date: Fri, 14 Apr 2006 20:44:11 -0700 Subject: Today's sid dist-upgrade. Today after my dist-upgrade, x is broken. It says it could not loaddefault font fixed. To fix the font issue you need to edit the paths of the font locations in /etc/X11/xorg.conf to look something like /usr/X11R6/lib/X11/fonts/misc James -- James Westby [EMAIL PROTECTED] http://jameswestby.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Today's disaster with xorg update
On (15/04/06 11:10), Anthony Campbell wrote: To: debian-user@lists.debian.org From: Anthony Campbell [EMAIL PROTECTED] Date: Sat, 15 Apr 2006 11:10:58 +0100 Subject: Today's disaster with xorg update Mail-Followup-To: debian-user@lists.debian.org After today's upgrade on Sid, X will no longer come up. The error message says: Fatal server error: could not open default font fixed. The x fonts are still there however. Anyone else seeing this? Check the font paths in /etc/X11/xorg.conf, i found they had changed. James -- James Westby [EMAIL PROTECTED] http://jameswestby.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
SCSI emulation of USB camera
Hi all, I am trying to get my Canon S1 IS to work under Debian. I am running a mixed testing/unstable system (mostly testing, except for libc6, X.org, udev and linux-image and their dependencies). It appears to me that there is some problem with SCSI emulation of my camera. I insert the camera and /var/log/messages reports Apr 14 21:26:25 loser kernel: usb 3-1: new full speed USB device using uhci_hcd and address 3 Apr 14 21:26:26 loser kernel: usb 3-1: configuration #1 chosen from 1 choice but no SCSI information after like I get with other USB devices. lsusb shows nothing informative, but usbview correctly shows my camera suggested. I found a bug report filed against the kernel that suggested having ehci_hcd loaded might cause problems, so I recompiled my kernel with the USB stuff as modules and tried different combinations of modules loaded to see if it made a difference. The uhci_hcd module has to be loaded to get any recognition of the camera being plugged in, and whether ehci_hcd is loaded makes no difference. Loading scsi_debug shows no extra information. I tried writing a udev rule for the camera BUS=usb, SYSFS{vendor}=Canon Inc., SYSFS{product}=Canon Digital Camera, NAME=camera%n but this has no effect. I have neither /dev/sd* nor /dev/camera* with or without this rule. gphoto2 cannot autodetect the camera either. Comparing with my USB flash drive shows that the versions are different (1.10 and 2) and the Driver is different (none and usb-storage). This info is from /proc/bus/usb/devices, and the first of each pair is the camera. I guess the lack of reported driver for the camera is the problem, but I'm not sure this is possible to set is it? Is there a step I am missing in getting SCSI emulation of this device? Is there anywhere else I can look for hints about what may be happening? Thanks, James $ cat /proc/bus/usb/devices (camera) T: Bus=03 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 5 Spd=12 MxCh= 0 D: Ver= 1.10 Cls=00(ifc ) Sub=00 Prot=00 MxPS= 8 #Cfgs= 1 P: Vendor=04a9 ProdID=309c Rev= 0.01 S: Manufacturer=Canon Inc. S: Product=Canon Digital Camera C:* #Ifs= 1 Cfg#= 1 Atr=c0 MxPwr= 0mA I: If#= 0 Alt= 0 #EPs= 3 Cls=06(still) Sub=01 Prot=01 Driver=(none) E: Ad=01(O) Atr=02(Bulk) MxPS= 64 Ivl=0ms E: Ad=82(I) Atr=02(Bulk) MxPS= 64 Ivl=0ms E: Ad=83(I) Atr=03(Int.) MxPS= 8 Ivl=96ms $ cat /proc/bus/usb/devices (usb key) T: Bus=03 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 6 Spd=12 MxCh= 0 D: Ver= 2.00 Cls=00(ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1 P: Vendor=0951 ProdID=1601 Rev= 1.00 S: Manufacturer=Kingston S: Product=DataTraveler II+ S: SerialNumber=5B511D05874E C:* #Ifs= 1 Cfg#= 1 Atr=80 MxPwr=200mA I: If#= 0 Alt= 0 #EPs= 3 Cls=08(stor.) Sub=06 Prot=50 Driver=usb-storage E: Ad=81(I) Atr=02(Bulk) MxPS= 64 Ivl=0ms E: Ad=02(O) Atr=02(Bulk) MxPS= 64 Ivl=0ms E: Ad=83(I) Atr=03(Int.) MxPS= 64 Ivl=1ms $ lsmod Module Size Used by uhci_hcd 29072 0 usb_storage24452 0 rt2500186084 1 ipv6 241792 25 thermal10440 0 fan 3140 0 button 4752 0 processor 13488 1 thermal ac 3268 0 autofs416772 1 ip_conntrack_ftp5980 0 ip_conntrack_irc5080 0 it87 18724 0 hwmon_vid 2240 1 it87 lm90 11428 0 i2c_dev 7264 0 hwmon 2132 2 it87,lm90 i2c_isa 3264 1 it87 nvidia 4538452 12 snd_emu10k1 117476 4 snd_rawmidi20832 1 snd_emu10k1 snd_ac97_codec 92704 1 snd_emu10k1 snd_ac97_bus1792 1 snd_ac97_codec snd_pcm78984 3 snd_emu10k1,snd_ac97_codec snd_seq_device 6860 2 snd_emu10k1,snd_rawmidi snd_timer 20484 2 snd_emu10k1,snd_pcm snd_page_alloc 8328 2 snd_emu10k1,snd_pcm snd_util_mem3392 1 snd_emu10k1 8139too21632 0 i2c_viapro 7316 0 snd_hwdep 7236 1 snd_emu10k1 snd45312 14 snd_emu10k1,snd_rawmidi,snd_ac97_codec,snd_pcm,snd_seq_device,snd_timer,snd_hwdep -- James Westby [EMAIL PROTECTED] http://jameswestby.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: SCSI emulation of USB camera
On (14/04/06 17:42), Ron Johnson wrote: To: debian-user@lists.debian.org From: Ron Johnson [EMAIL PROTECTED] X-Spam-Status: No, score=0.0 required=7.0 tests=none autolearn=ham version=3.1.1 X-Spam-Level: Date: Fri, 14 Apr 2006 17:42:52 -0500 Subject: Re: SCSI emulation of USB camera On Fri, 2006-04-14 at 21:52 +0100, James Westby wrote: Hi all, I am trying to get my Canon S1 IS to work under Debian. I am running a mixed testing/unstable system (mostly testing, except for libc6, X.org, udev and linux-image and their dependencies). [snip] Could it be that the S1 IS uses the PTP protocol? I've read that it does. Does this mean that I have to do something differently? gphoto2 says that it supports Canon PowerShot S1 IS (normal mode) Canon PowerShot S1 IS (PTP mode) As root, this would be helpful too: # LANG=C gphoto2 --debug --auto-detect *Attach* the output, or, better yet, upload the file to a web server. http://jameswestby.net/autodetect.txt I have this from udevinfo. This combination is checked by gphoto2, but it reports that no device is detected. SYSFS{idProduct}==309c SYSFS{idVendor}==04a9 Thanks, James -- James Westby [EMAIL PROTECTED] http://jameswestby.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: SCSI emulation of USB camera
On (14/04/06 18:52), Ron Johnson wrote: To: debian-user@lists.debian.org From: Ron Johnson [EMAIL PROTECTED] Date: Fri, 14 Apr 2006 18:52:17 -0500 Subject: Re: SCSI emulation of USB camera [snip] Hmmm. Which version of libusb-0.1-4, usbutils usbview are you using? ii libusb-0.1-4 0.1.11-4 userspace USB programming library ii usbutils 0.71+cvs200510 USB console utilities ii usbview1.0-7 USB device viewer So i hit aptitude and now I've got ii gphoto22.1.6-3The gphoto2 digital camera command-line clie ii libgphoto2-2 2.1.6-8gphoto2 digital camera library ii libgphoto2-por 2.1.6-8gphoto2 digital camera port library ii libusb-0.1-4 0.1.12-2 userspace USB programming library ii usbutils 0.71+cvs200510 USB console utilities ii usbview1.0-7 USB device viewer but this makes no difference, and I can't see any difference in the debug output apart from the version numbers. Does gphoto work with device nodes, mounted file systems or the raw bus? Thanks, James -- James Westby [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: newbie question on finding and keeping customized files with dpkg or apt
On (14/04/06 18:04), Marco Prandini wrote: To: debian-user@lists.debian.org Cc: Marco Prandini [EMAIL PROTECTED] From: Marco Prandini [EMAIL PROTECTED] Date: Fri, 14 Apr 2006 18:04:03 +0200 Subject: newbie question on finding and keeping customized files with dpkg or apt Hello, I'm switching to Debian after a long time on RedHat, and I haven't been able to find a couple of functions of the package manager I'd like to use... hoping they exist at all! 1) I'd like to find which files of a package have been altered with respect to the original version, in the same way I did with rpm -V. I don't know of this function but it could well be in there somewhere. 2) I'd like to instruct apt-get upgrade to leave them alone That's because I didn't resist the urge to make some customization to my system, and I don't want them to be overwritten by the upgrade procedure. If the maintainer has them marked as a config file (and they should have) then apt won't overwrite them, and it will tell you when the new package changes this file and ask you what to do. You can keep your own version with the new package version saved along side for reference, you can overwrite your version, or you can view a diff of the two then pause apt and make any changes you want. IMO a very good system. This won't work for non-config files though, so if you are planning to do some hacking then need to find a different method (e.g. making your own versions of packages (v.easy)) James -- James Westby [EMAIL PROTECTED] http://jameswestby.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: SCSI emulation of USB camera
On (15/04/06 11:24), John O'Hagan wrote: To: debian-user@lists.debian.org From: John O'Hagan [EMAIL PROTECTED] Date: Sat, 15 Apr 2006 11:24:50 +1000 Subject: Re: SCSI emulation of USB camera On Sat, 15 Apr 2006 06:52 am, James Westby wrote: I tried writing a udev rule for the camera BUS=usb, SYSFS{vendor}=Canon Inc., SYSFS{product}=Canon Digital Camera, NAME=camera%n I think you need to use == when you are testing for a condition, and = when assigning a value in a udev rule. So in the above example, all the keys above except NAME would take ==. It looks like that is the normal way, but it seems like it doesn't matter either way. Other rules I had written have = but they work. I gave it a go anyway, but it made no difference. Thanks for the suggestion. Worth a try... Indeed. James -- James Westby [EMAIL PROTECTED] http://jameswestby.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: SCSI emulation of USB camera
On (15/04/06 10:58), David Purton wrote: To: debian-user@lists.debian.org From: David Purton [EMAIL PROTECTED] Date: Sat, 15 Apr 2006 10:58:13 +0930 Subject: Re: SCSI emulation of USB camera Mail-Followup-To: debian-user@lists.debian.org On Fri, Apr 14, 2006 at 05:42:52PM -0500, Ron Johnson wrote: On Fri, 2006-04-14 at 21:52 +0100, James Westby wrote: Hi all, I am trying to get my Canon S1 IS to work under Debian. I am running a mixed testing/unstable system (mostly testing, except for libc6, X.org, udev and linux-image and their dependencies). Could it be that the S1 IS uses the PTP protocol? It does use PTP and this camera is currently broken with gphoto2. See https://sourceforge.net/tracker/?group_id=8874atid=108874func=detailaid=1224783 You must force the camera to use PTP mode in whatever app you are using. I tried that workaround and it didn't work. $ gphoto2 --camera Canon Powershot S1 IS (PTP mode) --port=usb\: -L *** Error *** An error occurred in the io-library ('Bad parameters'): Could not find USB device (vendor 0x4a9, product 0x309c). Make sure this device is connected to the computer. *** Error (-2: 'Bad parameters') *** For debugging messages, please use the --debug option. Debugging messages may help finding a solution to your problem. If you intend to send any error or debug messages to the gphoto developer mailing list [EMAIL PROTECTED], please run gphoto2 as follows: env LANG=C gphoto2 --debug --camera Canon Powershot S1 IS (PTP mode) --port=usb: -L Please make sure there is sufficient quoting around the arguments. At least the person in the bug report had their camera detected, so I know I should at least be able to get that far. It's also what makes me think that I have a problem with my configuration, and it might be Debian specific. I went and bought a card reader... I might well end up doing that. It also reduces the risk that I catch the wire and send my camera plummeting to the floor. James -- James Westby [EMAIL PROTECTED] http://jameswestby.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Xorg upgrade troubles
On (14/04/06 22:24), Rick Friedman wrote: To: debian-user@lists.debian.org From: Rick Friedman [EMAIL PROTECTED] X-Spam-Status: No, score=0.0 required=7.0 tests=none autolearn=ham version=3.1.1 X-Spam-Level: Date: Fri, 14 Apr 2006 22:24:01 -0400 Subject: Re: Xorg upgrade troubles On Fri April 14 2006 17:07, L.V.Gandhi wrote: I use aliases for all apt jobs. I was thinking I was upgrading. But actually doing dist-upgrade. but for me everything was ok except virtual terminals opening, which is no t happening still, though I have the following in my laptop dell i600m. OptionXkbRules xorg OptionXkbModel pc104 OptionXkbLayout gb This is probably a silly question but are you sure you're looking at /etc/X11/xorg.conf? I had the same problem and made the mistake of changing /etc/X11/XF86Config-4. Make certain that /etc/X11/xorg.conf is the one that has those three Option lines. Rick -- Rick's Law: What cannot be imagined will be accomplished by a fool. (Apologies for replying to the wrong message.) What driver are you using for your keyboard? keyboard of kbd? I switched to kbd and I am able to open virtual terminals (though I didn't try beforehand). James -- James Westby [EMAIL PROTECTED] http://jameswestby.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: X apps bug : 'BadRequest' / Major opcode: 151
On (13/04/06 03:41), [EMAIL PROTECTED] wrote: To: debian-user@lists.debian.org From: [EMAIL PROTECTED] Date: Thu, 13 Apr 2006 03:41:08 +0200 Subject: X apps bug : 'BadRequest' / Major opcode: 151 I just used aptitude to upgrade my debian/unstable box (the previous full update was on 2006-03-19), and then several graphical programs are now having one same error. For some it is fatal, for some it only prints an error report. [snip errors] Take a look at the archives from today, someone else reported the same error. They solved it with another upgrade. One of the X packages upgraded and solved the problem I believe. P.S. : I am resending this mail, as it seems first mail never made it through. If this ends up being a duplicate post, I'm sorry. I only got this one. James -- James Westby [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Trouble Installing nvidia-graphics-driver on Etch
Vegard L. Rekaa wrote: Hi again, When I try to start X, I return to console after ~3 seconds of blank screen. The system itself does not hang. --- # modprobe nvidia FATAL: Error inserting nvidia (/lib/modules/2.6.15-1-486/nvidia/nvidia.ko): No s uch device --- # egrep '^\((EE|WW)\)' /var/log/Xorg.0.log (WW) The directory /usr/lib/X11/fonts/cyrillic does not exist. (WW) The directory /usr/lib/X11/fonts/CID does not exist. (WW) The NVIDIA GeForce2 GTS/GeForce2 Pro GPU installed in this (WW) system is supported through the NVIDIA Legacy drivers. (WW) Please visit http://www.nvidia.com/object/unix.html for (WW) more information. The 1.0-8178 NVIDIA driver will ignore (WW) this GPU. Continuing probe... (EE) No devices detected. There's your problem. Version 1.0-8178 is too new for your graphics card. Do what it says and visit http://www.nvidia.com/object/unix.html to download the legacy drivers. James -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: mod_perl Not Working W/ Apache2 on Sid
Hal Vaughan wrote: I'm just trying to run a simple test set up, so I don't have to keep uploading every little change to my web server. I've had Apache2 working for a while, and today I added mod_perl (aptitude install libapache2-mod-perl2). My /etc/apache2/mods-enabled/perl.load looks like this: LoadModule perl_module /usr/lib/apache2/modules/mod_perl.so Directory /perl SetHandler perl-script PerlHandler ModPerl::Registry Options +ExecCGI /Directory (I saw a sample with another line in it, after the first line (PerlModule Apache2) but Apache2 would not load with that line included.) The root server directory is /var/www and I have a perl script in /var/www/perl. When I try to access it with Firefox, it tries to download it instead of the script being executed. I've tried changing the directory do /var/www/perl in the config, but that doesn't help. (I use /etc/init.d/apache2 force-reload between each test.) All I want to do is test a few simple scripts on my local system and make sure they're working before I put them on a server. I don't need anything fancy, I'm not worried about speed. I just need them to run. What is wrong or mis-configured? Any suggestions? Thanks! Hal I got Apache 2 to work with PerlResponseHandler ModPerl::Registry rather than PerlHandler ModPerl::Registry James -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]