wheezy multiarch: binutils:amd64 conflicts with binutils:i386?
summary: 3 questions: 1. Can one install both `binutils:amd64` and `binutils:i386` on the same device? 2. If one can: how? or, what am I doing wrong? 3. If one cannot: why not? details: I need to setup a 32-bit app (don't ask!) on a 64-bit linode with $ lsb_release -ds Debian GNU/Linux 7.8 (wheezy) $ cat /etc/debian_version 7.8 $ uname -rv 3.19.1-x86_64-linode53 #1 SMP Tue Mar 10 15:30:28 EDT 2015 $ dpkg --print-architecture amd64 $ dpkg --print-foreign-architectures i386 $ sudo aptitude update ... $ sudo aptitude full-upgrade ... $ aptitude --version Thu Apr 23 00:08:02 EDT 2015 aptitude 0.6.8.2 compiled at Nov 7 2012 07:08:03 Compiler: g++ 4.7.2 Compiled against: apt version 4.12.0 NCurses version 5.9 libsigc++ version: 2.2.10 Ept support enabled. Gtk+ support disabled. Qt support disabled. Current library versions: NCurses version: ncurses 5.9.20110404 cwidget version: 0.5.16 Apt version: 4.12.0 $ apt-get --version Thu Apr 23 00:08:39 EDT 2015 apt 0.9.7.9 for amd64 compiled on Oct 17 2014 09:15:56 Supported modules: *Ver: Standard .deb *Pkg: Debian dpkg interface (Priority 30) Pkg: Debian APT solver interface (Priority -1000) S.L: 'deb' Standard Debian binary tree S.L: 'deb-src' Standard Debian source tree Idx: Debian Source Index Idx: Debian Package Index Idx: Debian Translation Index Idx: Debian dpkg status file Idx: EDSP scenario file Among other packages, I need to install `binutils:i386`. However, I can't seem to install that and keep the native/64-bit `binutils`: $ date ; sudo apt-get install binutils:i386 Thu Apr 23 00:08:50 EDT 2015 Reading package lists... Done Building dependency tree Reading state information... Done The following extra packages will be installed: libstdc++6:i386 zlib1g:i386 Suggested packages: binutils-doc:i386 The following packages will be REMOVED: binutils The following NEW packages will be installed: binutils:i386 libstdc++6:i386 zlib1g:i386 0 upgraded, 3 newly installed, 1 to remove and 0 not upgraded. Need to get 4,993 kB of archives. After this operation, 325 kB disk space will be freed. Do you want to continue [Y/n]? ^C $ date ; sudo aptitude -s install binutils:i386 Thu Apr 23 00:08:21 EDT 2015 The following NEW packages will be installed: binutils:i386{b} libstdc++6:i386{a} zlib1g:i386{a} 0 packages upgraded, 3 newly installed, 0 to remove and 0 not upgraded. Need to get 4,993 kB of archives. After unpacking 14.7 MB will be used. The following packages have unmet dependencies: binutils : Conflicts: binutils:i386 but 2.22-8+deb7u2 is to be installed. binutils:i386 : Conflicts: binutils but 2.22-8+deb7u2 is installed. The following actions will resolve these dependencies: Remove the following packages: 1) binutils Accept this solution? [Y/n/q/?] q So I have 3 questions: 1. Can one install both `binutils:amd64` and `binutils:i386` on the same device? 2. If one can: how? or, what am I doing wrong? 3. If one cannot: why not? Apologies if this is a FAQ, but * I saw no answers relating to this (though several similar questions) when DuckDuckGo-ing * I see nothing @ https://wiki.debian.org/Multiarch/HOWTO indicating that I should not be able to do this. TIA, Tom Roche tom_ro...@pobox.com -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87d22vigvc@pobox.com
Re: network newbie seeks help combining routesets for VPN tunnel
gets the response RTNETLINK answers: Network is unreachable This appears to be a real failure, in that if I subsequently (i.e., immediately after running the above script[9]) do $ sudo ip route add ${F5VPN_PUBLIC_IPN} via ${OPENVPN_ENDPT_IPN} dev tun0 metric 1 from the commandline, I get the same failure. And, just to be clear, at this point my networking is just as broken as before: both `ping` and DNS fail until I disconnect from the F5VPN, stop the OpenVPN, and restore my initial routeset and linkset. So ... how to fix this? What am I doing wrong? Any assistance you can provide is much appreciated! and will be paid-forward via the above code and wiki. TIA, Tom Roche tom_ro...@pobox.com [1]: first post @ https://lists.debian.org/debian-user/2015/01/msg00732.html , last post before this one @ https://lists.debian.org/debian-user/2015/01/msg00905.html [2]: https://bitbucket.org/tlroche/aqmeii-na_n2o/wiki/Home [3]: https://bitbucket.org/tlroche/linode_jumpbox_config/wiki/Home [4]: https://bitbucket.org/tlroche/linode_jumpbox_config/wiki/Home#rst-header-new-architecture-diagram [5]: https://bitbucket.org/tlroche/linode_jumpbox_config/wiki/OpenVPN_install#rst-header-id5 [6]: https://bitbucket.org/tlroche/linode_jumpbox_config/wiki/Home#rst-header-f5nap [7]: https://lists.debian.org/debian-user/2015/01/msg00905.html [8]: https://bitbucket.org/tlroche/linode_jumpbox_config/raw/HEAD/scripts/delete_current_routes.sh [9]: https://bitbucket.org/tlroche/linode_jumpbox_config/raw/HEAD/scripts/set_F5VPN_routes.sh -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/8761a94ibv@pobox.com
Re: network newbie seeks help combining routesets for VPN tunnel
Tom Roche Sat, 24 Jan 2015 16:00:37 -0500 [1] (envvar names translated to `bash`ian) [The original routeset on the client/laptop:] 1: default via 192.168.1.1 dev eth0 proto static 2: 169.254.0.0/16 dev eth0 scope link metric 1000 3: 192.168.1.0/24 dev eth0 proto kernel scope link src ${LOCAL_ETH0_IPN} [OpenVPN routeset, overwrites the original routeset:] 1: 0.0.0.0/1 via ${OPEN_VPN_ENDPT_IPN} dev tun0 # inherited from original route#=1? 2: default via 192.168.1.1 dev eth0 proto static 3: 10.8.0.1 via ${OPEN_VPN_ENDPT_IPN} dev tun0 4: ${OPEN_VPN_ENDPT_IPN} dev tun0 proto kernel scope link src 10.8.0.6 5: 128.0.0.0/1 via ${OPEN_VPN_ENDPT_IPN} dev tun0 # inherited from original route#=2? 6: 169.254.0.0/16 dev eth0 scope link metric 1000 7: ${OPEN_VPN_PUBLIC_IPN} via 192.168.1.1 dev eth0 # inherited from original route#=3? 8: 192.168.1.0/24 dev eth0 proto kernel scope link src ${LOCAL_ETH0_IPN} [F5VPN routeset, overwrites the OpenVPN routeset:] 1: 0.0.0.0/1 via ${F5_VPN_ENDPT_IPN} dev ppp0 proto none metric 1 # inherited from original route#=1? 2: default via 192.168.1.1 dev eth0 proto static 3: 10.144.0.1 dev ppp0 proto kernel scope link src ${F5_VPN_ENDPT_IPN} 4: 128.0.0.0/1 via ${F5_VPN_ENDPT_IPN} dev ppp0 proto none metric 1 5: ${F5_VPN_PUBLIC_IPN} via ${OPEN_VPN_ENDPT_IPN} dev tun0 proto none metric 1 Matt Ventura Sat, 24 Jan 2015 19:26:48 -0800 [2] (slightly reformatted) [The new routeset] should look like: new routeset option 1: [192.168.1.0/24 dev eth0 proto kernel scope link src ${LOCAL_ETH0_IPN}] ${OPEN_VPN_PUBLIC_IPN} via 192.168.1.1 dev eth0 ${F5_VPN_PUBLIC_IPN} via ${OPEN_VPN_ENDPT_IPN} dev tun0 ... 0.0.0.0/0 via ${F5_VPN_ENDPT_IPN} dev ppp0 ... Come to think of it, the set of routes that the F5 VPN puts in place should work, needing only the addition of ${OPEN_VPN_PUBLIC_IPN} via 192.168.1.1 dev eth0 What I wrote above is the cleanest possible set of routes that would still work, but just adding that one route should fix the existing one. I think you would want to add it just before starting the OpenVPN, otherwise do it right after. Well, the OpenVPN client sets that route itself: the problem is, the F5VPN client overwrites it (see above). So I'd need to add it after starting the F5VPN client, producing something like new routeset option 2: F5VPN routes with 1 added route: 1: 0.0.0.0/1 via ${F5_VPN_ENDPT_IPN} dev ppp0 proto none metric 1 2: default via 192.168.1.1 dev eth0 proto static 3: 10.144.0.1 dev ppp0 proto kernel scope link src ${F5_VPN_ENDPT_IPN} 4: 128.0.0.0/1 via ${F5_VPN_ENDPT_IPN} dev ppp0 proto none metric 1 5: ${OPEN_VPN_PUBLIC_IPN} via 192.168.1.1 dev eth0 6: ${F5_VPN_PUBLIC_IPN} via ${OPEN_VPN_ENDPT_IPN} dev tun0 proto none metric 1 Is that the correct order? After starting the F5 VPN, you might need to [also] re-add the 192.168.1.0/24 dev eth0 ... src ${LOCAL_ETH0_IPN} so that would be option 3: F5VPN routes with 2 added routes: 1: 192.168.1.0/24 dev eth0 proto kernel scope link src ${LOCAL_ETH0_IPN} 2: 0.0.0.0/1 via ${F5_VPN_ENDPT_IPN} dev ppp0 proto none metric 1 3: default via 192.168.1.1 dev eth0 proto static 4: 10.144.0.1 dev ppp0 proto kernel scope link src ${F5_VPN_ENDPT_IPN} 5: 128.0.0.0/1 via ${F5_VPN_ENDPT_IPN} dev ppp0 proto none metric 1 6: ${OPEN_VPN_PUBLIC_IPN} via 192.168.1.1 dev eth0 7: ${F5_VPN_PUBLIC_IPN} via ${OPEN_VPN_ENDPT_IPN} dev tun0 proto none metric 1 Is that the correct order? thanks again, Tom Roche tom_ro...@pobox.com [1]: https://lists.debian.org/debian-user/2015/01/msg00882.html [2]: https://lists.debian.org/debian-user/2015/01/msg00892.html -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/871tmjroj7@pobox.com
Re: network newbie seeks help combining routesets for VPN tunnel
Tom Roche Sat, 24 Jan 2015 16:00:37 -0500 [1] (envvar names translated to `bash`ian) [The original routeset on the client/laptop:] 1: default via 192.168.1.1 dev eth0 proto static 2: 169.254.0.0/16 dev eth0 scope link metric 1000 3: 192.168.1.0/24 dev eth0 proto kernel scope link src LOCAL_ETH0_IPN [OpenVPN routeset, overwrites the original routeset:] 1: 0.0.0.0/1 via OPEN_VPN_ENDPT_IPN dev tun0 # inherited from original route#=1? 2: default via 192.168.1.1 dev eth0 proto static 3: 10.8.0.1 via OPEN_VPN_ENDPT_IPN dev tun0 4: OPEN_VPN_ENDPT_IPN dev tun0 proto kernel scope link src 10.8.0.6 5: 128.0.0.0/1 via OPEN_VPN_ENDPT_IPN dev tun0 # inherited from original route#=2? 6: 169.254.0.0/16 dev eth0 scope link metric 1000 7: OPEN_VPN_PUBLIC_IPN via 192.168.1.1 dev eth0 # inherited from original route#=3? 8: 192.168.1.0/24 dev eth0 proto kernel scope link src LOCAL_ETH0_IPN [F5VPN routeset, overwrites the OpenVPN routeset:] 1: 0.0.0.0/1 via F5_VPN_ENDPT_IPN dev ppp0 proto none metric 1 # inherited from original route#=1? 2: default via 192.168.1.1 dev eth0 proto static 3: 10.144.0.1 dev ppp0 proto kernel scope link src F5_VPN_ENDPT_IPN 4: 128.0.0.0/1 via F5_VPN_ENDPT_IPN dev ppp0 proto none metric 1 5: F5_VPN_PUBLIC_IPN via OPEN_VPN_ENDPT_IPN dev tun0 proto none metric 1 [my proposed new routeset:] # 1st route in Hartge's Trinity == OpenVPN route#=1 (compare with F5VPN route#=1) 1: 0.0.0.0/1 via OPEN_VPN_ENDPT_IPN dev tun0 # inherited from original route#=1 == OpenVPN route#=2 == F5VPN route#=2 2: default via 192.168.1.1 dev eth0 proto static # OpenVPN route#=3 3: 10.8.0.1 via OPEN_VPN_ENDPT_IPN dev tun0 # OpenVPN route#=4 , but what is the difference between 'src' and 'via'? 4: OPEN_VPN_ENDPT_IPN dev tun0 proto kernel scope link src 10.8.0.6 # F5VPN route#=3 5: 10.144.0.1 dev ppp0 proto kernel scope link src F5_VPN_ENDPT_IPN # 2nd route in Hartge's Trinity == OpenVPN route#=5 (compare with F5VPN route#=4) 6: 128.0.0.0/1 via OPEN_VPN_ENDPT_IPN dev tun0 # inherited from original route#=2 == OpenVPN route#=6 (absent in F5VPN routeset) 7: 169.254.0.0/16 dev eth0 scope link metric 1000 # OpenVPN route#=7 8: OPEN_VPN_PUBLIC_IPN via 192.168.1.1 dev eth0 # almost F5VPN route#=5 ... but which dev should this take? eth0, ppp0, tun0? 9: F5_VPN_PUBLIC_IPN via OPEN_VPN_ENDPT_IPN dev proto none metric 1 # inherited from original route#=3 == OpenVPN route#=8 (absent in F5VPN routeset) 10: default via 192.168.1.1 dev eth0 proto static Matt Ventura Sat, 24 Jan 2015 15:04:55 -0800 [2] (slightly rearranged) Basically, your final routing table, in plain English, always tricky, that plain English :-) should look like this: Please correct me where I get it wrong: 1. Traffic to 192.168.1.0/24 should go through eth0 192.168.1.0/24 dev eth0 proto kernel scope link src ${LOCAL_ETH0_IPN} which is original route#=3 == OpenVPN route#=8 #1 shouldn't ever be touched by either VPN. OpenVPN respects it, but F5VPN removes it! 2. Traffic to the OpenVPN server's external IP should go through eth0 to 192.168.1.1 ${OPEN_VPN_PUBLIC_IPN} via 192.168.1.1 dev eth0 which is OpenVPN route#=7 #2 is something you'll probably need to manually add before (or after, not sure) starting the F5 VPN. I should be able to script that (more below). 3. Traffic to the F5 VPN server's external IP (I assume this is the 134.x.x.x one) (correct, though F5_VPN_PUBLIC_IPN changes per-connection, hence the parameterization) should go through the OpenVPN ptp endpoint (10.8.0.5) on dev=tun0? I.e. ${F5_VPN_PUBLIC_IPN} via ${OPEN_VPN_ENDPT_IPN} dev tun0 proto none metric 1 If so, that's F5VPN route#=5 4. All other traffic should go through the F5 VPN's ptp endpoint (10.144.x.x). Does '128.0.0.0/1' == 'all other traffic'? If so, 128.0.0.0/1 via ${F5_VPN_ENDPT_IPN} dev ppp0 proto none metric 1 is F5VPN route#=4 The F5 client seems to be adamant about having route #4 in place, so we don't need to worry about that. OK. As mentioned above, you should remove the default routing to the OpenVPN server i.e., proposed route#={1, 3, 4}, which are also OpenVPN route#={1, 3, 4} and just have [F5_VPN_PUBLIC_IPN] route through the 10.8.0.5, rather than 0/1 and 128/1. i.e., F5VPN route#=5. But then (IIUC) we're routing 128.0.0.0/1 but not 0.0.0.0/1. If so, does 0.0.0.0/1 not need routed? (And why did I not take the networking elective when I got my BSCS ?-( Meanwhile, assuming I understand correctly, it sounds like, after I start the F5VPN client on my client/laptop, I need to produce the routes given above with something like the following bash scriptlet: ### IP-related envvars ## (hopefully) constant IP addresses # public IP# (as visible to, e.g., whatismyip.com) of linode/jumpbox running OpenVPN server
network newbie seeks help combining routesets for VPN tunnel
link src 10.8.0.6 # F5VPN route#=3 5: 10.144.0.1 dev ppp0 proto kernel scope link src 10.144.1.8 # 2nd route in Hartge's Trinity == OpenVPN route#=5 (compare with F5VPN route#=4) 6: 128.0.0.0/1 via 10.8.0.5 dev tun0 # inherited from original route#=2 == OpenVPN route#=6 (absent in F5VPN routeset) 7: 169.254.0.0/16 dev eth0 scope link metric 1000 # OpenVPN route#=7 8: SER.VER.IP.NUM via 192.168.1.1 dev eth0 # almost F5VPN route#=5 ... but which dev should this take? eth0, ppp0, tun0? 9: F5.VPN.IP.NUM via 10.8.0.5 dev proto none metric 1 # inherited from original route#=3 == OpenVPN route#=8 (absent in F5VPN routeset) 10: 192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.142 Question 1: what is the difference between 'src' and 'via' in `ip route` syntax? I see `info ip-route` via ADDRESS the address of the nexthop router. [The] sense of this field depends on the route type. For normal unicast routes it is either the true next hop router or, if it is a direct route installed in BSD compatibility mode, it can be a local address of the interface. For NAT routes it is the first address of the block of translated IP destinations. src ADDRESS the source address to prefer when sending to the destinations covered by the route prefix. but am not sure how to apply this knowledge to route statements. Question 2: which dev[ice] should traffic to F5.VPN.IP.NUM go on? Such traffic has gotta go via the OpenVPN server == SER.VER.IP.NUM (which is usually serviced by `dev tun0`) but ultimately wants to go to F5.VPN.IP.NUM (which is usually serviced by `dev ppp0`). Question 3: What am I missing? Conversely, what do I have that is superfluous? Your assistance is appreciated! Tom Roche tom_ro...@pobox.com [1]: https://bitbucket.org/tlroche/linode_jumpbox_config/wiki/Home#rst-header-intended-solution [2]: https://lists.debian.org/debian-user/2015/01/msg00830.html [3]: https://lists.debian.org/debian-user/2015/01/msg00831.html [4]: https://bitbucket.org/tlroche/linode_jumpbox_config/wiki/Home#rst-header-f5nap [5]: https://en.wikipedia.org/wiki/Thesis,_antithesis,_synthesis [6]: https://bitbucket.org/tlroche/linode_jumpbox_config/wiki/Home#rst-header-productive-past [7]: https://bitbucket.org/tlroche/linode_jumpbox_config/wiki/Home#rst-header-f5vpn-only-connection -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87bnlnsxl6@pobox.com
Re: network newbie seeks assistance debugging iptables for VPN tunnel
Back to this task after long detours! well, almost: Matt Ventura Fri, 23 Jan 2015 12:47:21 -0800 [1] The F5 VPN is throwing its default route over the original one, and that's causing traffic to the OpenVPN server to try to route over the F5 VPN. Obviously this doesn't work because the traffic to the F5 VPN needs to go through the OpenVPN link, so it becomes circular. What you need to do is add a route, something like: route add external IP of OpenVPN server gw 192.168.1.1 dev eth0 so that the traffic to the OpenVPN server can be routed properly. Sven Hartge Fri, 23 Jan 2015 21:53:35 +0100 [2] (tweaked) That would complete the VPN Trinity: * one route 0/1 * one route 128/1 * one host route to the other VPN endpoint (making it reachable regardless of other routes) I will give that a shot ... after I take care of a bit more real life :-( Meanwhile, I have uploaded a new'n'improved client_networking_investigation.txt[3] (improved notably by my increasing facility with `ip` syntax). However it presently lacks - your routing advice above - scripting of connectivity checks (e.g., `ping`, `nslookup`) which I will add (feel free to suggest others). I'm especially interested in the 'zombie routes' (i.e., I del a route, it disappears from `ip route show`, then reappears later) and other network-restoration oddities I'm observing (see states 5-8[3]), so I'd be especially interested in knowing how to prevent that. (I suspect it's due to my crude manner of starting/stopping OpenVPN on the client, but ICBW.) Your assistance is appreciated! Tom Roche tom_ro...@pobox.com [1]: https://lists.debian.org/debian-user/2015/01/msg00830.html [2]: https://lists.debian.org/debian-user/2015/01/msg00831.html [3]: https://bitbucket.org/tlroche/linode_jumpbox_config/downloads/client_networking_investigation.txt -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87egqlrx06@pobox.com
SIOCDELRT, or: proper syntax to delete default route for an interface?
0.0.0.0 dev ppp0 SIOCDELRT: No such process me@client:~$ sudo route del -net default netmask 255.255.255.255 gw 0.0.0.0 dev ppp0 SIOCDELRT: No such process `info route` is not helping, nor are my websearches finding helpful doc. What am I doing wrong? TIA, Tom Roche tom_ro...@pobox.com [1]: https://bitbucket.org/tlroche/linode_jumpbox_config/wiki/Home#rst-header-intended-solution [2]: https://bitbucket.org/tlroche/linode_jumpbox_config/wiki/Home#rst-header-networking-problem [3]: https://lists.debian.org/debian-user/2015/01/msg00779.html -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87k30es73k@pobox.com
Re: network newbie seeks assistance debugging iptables for VPN tunnel
Tom Roche Thu, 22 Jan 2015 12:43:17 -0500 [1] summary: Smells like progress! If I'm guessing correctly, the `route` changes imposed by connecting to the F5VPN[2] are conflicting with my server/jumpbox's current `iptables`[3] (through which my client seeks to tunnel[4]). Does that claim seem warranted? If so, how to fix the server firewall? Matt Ventura Thu, 22 Jan 2015 10:58:38 -0800 [5] (rearranged) another option would be to simply run the F5 VPN client on the linode. Alas, no: 1. Several years ago (when I was first struggling with getting the F5NAP to work directly[6]), I tried to find a headless alternative (e.g., something like a NetworkManager plugin), but was told by F5 that there was no such client for linux (at least, with the make/model of F5VPN that the agency had installed). 2. Several months ago (when linode.com was first recommended to me), I was sternly warned that linodes prefer to be run headless, and that running Firefox on a linode would be expensive and painful, if it worked at all. I'm assuming ppp0 is the F5 VPN interface. Me, too: connecting to the F5VPN[2] creates that interface on the client, and disconnecting from the F5VPN removes it from the client. Try deleting the first entry in the routing table after bringing up the F5 VPN (something like 'route del default ppp0' if memory serves) will check and see if it fixes the problem. This will probably break connectivity to the VPN until you restart it, but see if you can access the internet in general. Will do. I've got an appt, but will be back soonest. Thanks in advance! Hoping soon to get back to work on my *real* project, Tom Roche tom_ro...@pobox.com [1]: https://lists.debian.org/debian-user/2015/01/msg00774.html [2]: https://bitbucket.org/tlroche/linode_jumpbox_config/downloads/client_networking_investigation.txt [3]: https://bitbucket.org/tlroche/linode_jumpbox_config/downloads/server_iptables_L.txt [4]: https://bitbucket.org/tlroche/linode_jumpbox_config/wiki/Home#rst-header-intended-solution [5]: https://lists.debian.org/debian-user/2015/01/msg00779.html [6]: https://bitbucket.org/tlroche/linode_jumpbox_config/wiki/Home#rst-header-f5nap -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87mw5asg8x@pobox.com
Re: network newbie seeks assistance debugging iptables for VPN tunnel
summary: Smells like progress! If I'm guessing correctly, the `route` changes imposed by connecting to the F5VPN[3] are conflicting with my server/jumpbox's current `iptables` (through which my client seeks to tunnel[7]. Does that claim seem warranted? If so, how to fix the server firewall? details: Matt Ventura Wed, 21 Jan 2015 09:58:38 -0800 [1] First thing to check would be the routing table while the VPN is active. Tom Roche Wed, 21 Jan 2015 16:33:43 -0500 [2] The `route -n` for while the OpenVPN connection is active is here[3], which is part of a longer section[4] with all the gory details ... Matt Ventura Wed, 21 Jan 2015 22:18:57 -0800 [5] I meant the routing table when the F5 VPN is active, when the connectivity breaks. The bad news is, I should have realized that :-) The good news is, that seems quite revealing, esp in the now-upgraded context of the revised connectivity-debugging scenario[3] (which I also reran to verify results): connecting to the F5VPN (after logging into the remote-access website) creates an interface=ppp0 and extensively rewrites the routing table! https://bitbucket.org/tlroche/linode_jumpbox_config/downloads/client_networking_investigation.txt ### 4. After connecting to F5VPN (requires login to remote-access website) ... me@client:~$ date ; sudo route -n Thu Jan 22 11:48:48 EST 2015 Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 0.0.0.0 10.144.15.100 128.0.0.0 UG1 00 ppp0 0.0.0.0 192.168.1.1 0.0.0.0 UG0 00 eth0 10.144.0.1 0.0.0.0 255.255.255.255 UH0 00 ppp0 128.0.0.0 10.144.15.100 128.0.0.0 UG1 00 ppp0 134.67.15.3010.8.0.5255.255.255.255 UGH 1 00 tun0 So now I'm guessing that: 1. (from `whois 134.67.15.30`) 134.67.15.30 is the agency's VPN server. 2. I need to reconcile the above `route`ing with my server's current firewall config[6]: https://bitbucket.org/tlroche/linode_jumpbox_config/downloads/server_iptables_L.txt Chain INPUT (policy ACCEPT) target prot opt source destination fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- 10.8.0.0/24 anywhere REJECT all -- anywhere anywhere reject-with icmp-port-unreachable ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain fail2ban-ssh (1 references) target prot opt source destination DROP all -- 222.186.34.202 anywhere RETURN all -- anywhere anywhere So my questions are: 1. Am I guessing correctly? 2. If so, how to reconcile the `route`ing change imposed by the F5VPN with my server's current firewall config[6]? Thanks again for your prompt assistance, Tom Roche tom_ro...@pobox.com [1]: https://lists.debian.org/debian-user/2015/01/msg00733.html [2]: https://lists.debian.org/debian-user/2015/01/msg00744.html [3]: https://bitbucket.org/tlroche/linode_jumpbox_config/downloads/client_networking_investigation.txt [4]: https://bitbucket.org/tlroche/linode_jumpbox_config/wiki/OpenVPN_install#rst-header-dns-problem [5]: https://lists.debian.org/debian-user/2015/01/msg00761.html [6]: https://bitbucket.org/tlroche/linode_jumpbox_config/downloads/server_iptables_L.txt [7]: https://bitbucket.org/tlroche/linode_jumpbox_config/wiki/Home#rst-header-intended-solution -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87ppa6socq@pobox.com
network newbie seeks assistance debugging iptables for VPN tunnel
[note: following contains ASCII art in the middle, and footnoted links at the end] summary: I need to tunnel one SSL VPN (F5, running on one debian host) through another (OpenVPN, running on another debian host), but lose networking (e.g., `ping`) after the F5 VPN connects. I'm not sure whether this is due to my firewall/iptables or VPN configuration, but suspect the former. Unfortunately I am not knowledgeable regarding networking, so I'd appreciate any assistance you could provide. details: I need to remotely (off the physical LAN) SSH into some firewalled compute clusters to do environmental modeling (e.g., this[1]). Formerly I could do this from my debian laptop using the cluster-provider-mandated F5VPN[2]. However, access policy changed[3] (notably to require a single registered IP#), so I can no longer do this directly (i.e., just running the F5VPN from my laptop). I seek to adapt to the new policy (and resume work on my project) by implementing a VPN tunnel through a debian linode. Design details here[4], but my design can be roughly summarized with the following ASCII art (appropriately rendered here[4]): -MY CONTROL AGENCY CONTROLLED- firewall +--+ +---+ +---+ | +-+ | laptop + | | linode + | | remote-access | | | cluster | | F5NAP + | -- | OpenVPN + | -- | website + | -|- | node(s) | | OpenVPN | | security | | F5VPN | | | | +--+ +---+ +---+ | +-+ (Implementation details here[5]) The good news is, the following sequence works: I can 1. start an OpenVPN server on the linode[6] 2. start an OpenVPN client on my laptop[7], after which http://www.whatismyip.com shows the IP# of my linode (which is registered) 3. start the F5VPN client (an F5NAP'ed Firefox[8]), and from that still see my linode's IP#. 4. using the F5VPN client, login to the agency's remote-access website, and bring up the F5VPN's control UI (e.g., to start/stop/logout). The bad news is[9], as soon as I start the F5VPN, and see status==Connected in its web UI, I lose IP networking. I had originally thought this was just a DNS problem, but I cannot even `ping` IP#s, e.g., $ ping -c 4 141.101.120.15 # == www.whatismyip.com PING 141.101.120.15 (141.101.120.15) 56(84) bytes of data. --- 141.101.120.15 ping statistics --- 4 packets transmitted, 0 received, 100% packet loss, time 3022ms (The only consolation here is that the network failure kills the tunnel, which causes my client to regain its networking ... but also its access to the registered IP#.) I had thought that this problem was due to OpenVPN misconfiguration on my part, but now suspect that I need to tweak my server firewall[10] (which is `iptables`, running on Debian 7.8) in order to allow my OpenVPN configuration to work. Unfortunately I don't know enough about IP/TCP/UDP/Linux/Debian networking, so I'd appreciate assistance from someone more knowledgeable. Apologies if this is a FAQ or LMGTFY, but my websearches have not found anything that seems to matching my usecase. Pointers to doc or other educational resources are also appreciated. TIA, Tom Roche tom_ro...@pobox.com [1]: https://bitbucket.org/tlroche/aqmeii-na_n2o/wiki/Home [2]: https://bitbucket.org/tlroche/linode_jumpbox_config/wiki/Home#rst-header-f5vpn-only-access [3]: https://bitbucket.org/tlroche/linode_jumpbox_config/wiki/Home#rst-header-aug-2014-policy-change [4]: https://bitbucket.org/tlroche/linode_jumpbox_config/wiki/Home#rst-header-intended-solution [5]: https://bitbucket.org/tlroche/linode_jumpbox_config/wiki/Home#rst-header-id6 [6]: https://bitbucket.org/tlroche/linode_jumpbox_config/wiki/OpenVPN_install#rst-header-test-server-startup [7]: https://bitbucket.org/tlroche/linode_jumpbox_config/wiki/OpenVPN_install#rst-header-test-client-startup [8]: https://bitbucket.org/tlroche/linode_jumpbox_config/wiki/Home#rst-header-f5nap [9]: https://bitbucket.org/tlroche/linode_jumpbox_config/wiki/Home#rst-header-network-problem [10]: https://bitbucket.org/tlroche/linode_jumpbox_config/downloads/server_iptables_L.txt -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87vbk0rpkj@pobox.com
Re: network newbie seeks assistance debugging iptables for VPN tunnel
Tom Roche Wed, 21 Jan 2015 12:50:04 -0500 [1] I need to tunnel one SSL VPN (F5, running on one debian host) through another (OpenVPN, running on another debian host), but lose networking (e.g., `ping`) after the F5 VPN connects. I'm not sure whether this is due to my firewall/iptables or VPN configuration, but suspect the former. Unfortunately I am not knowledgeable regarding networking, so I'd appreciate any assistance you could provide. ... slightly revised ASCII art -MY CONTROL AGENCY CONTROL- firewall +--+ +---+ +---+ | +-+ | laptop + | | linode + | | remote-access | | | cluster | | F5NAP + | -- | OpenVPN | -- | website + | -|- | node(s) | | OpenVPN | | server + | | F5VPN server | | | | | client | | security | | | | | | +--+ +---+ +---+ | +-+ Matt Ventura Wed, 21 Jan 2015 09:58:38 -0800 [2] First thing to check would be the routing table while the VPN is active. The `route -n` for while the OpenVPN connection is active is here[3], which is part of a longer section[4] with all the gory details ... and thanks! your prompt assistance is appreciated, Tom Roche tom_ro...@pobox.com [1]: https://lists.debian.org/debian-user/2015/01/msg00732.html [2]: https://lists.debian.org/debian-user/2015/01/msg00733.html [3]: https://bitbucket.org/tlroche/linode_jumpbox_config/downloads/client_networking_investigation.txt [4]: https://bitbucket.org/tlroche/linode_jumpbox_config/wiki/OpenVPN_install#rst-header-dns-problem -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87sif3sts8@pobox.com
Re: [newbie] OpenVPN: {DNS, ping, ssh} work, HTTP fails
For the benefit of OP with similar {concerns, interests, problems}, I have documented my process @ https://bitbucket.org/tlroche/linode_jumpbox_config/wiki/Home Part is scripted, and part is not, but even the part that is *not* scripted provides cut'n'pasteable console input. The good news is, at this point https://bitbucket.org/tlroche/linode_jumpbox_config/wiki/OpenVPN_install#rst-header-client-test the server's IP# is visible from the outside world, e.g., @ http://www.whatismyip.com/ . The bad news is, this is only part of what I need, which is to run another SSL VPN through the tunnel, which is failing--more on that separately (though that may be getting OT for this list). HTH, Tom Roche tom_ro...@pobox.com -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87r3x2sxuk@pobox.com
Re: [newbie] OpenVPN: {DNS, ping, ssh} work, HTTP fails
summary: I have a routing problem on the server side of the VPN, as diagnosed by Mart van de Wege[1]: veel dank Mart! I hope to fix that problem using these linode instructions[2]. details: Tom Roche Sat, 08 Nov 2014 23:47:29 -0500 [3] My jumpbox/server firewall is currently set to forward everything, using `iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE`: Pascal Hambourg Sun, 09 Nov 2014 13:13:16 +0100 [4] This rule doesn't forward anything, it just enables masquerading. IPv4 forwarding is enabled with sysctl net.ipv4.ip_forward=1. Correct: I also have me@jumpbox:~$ fgrep -e 'forward' /etc/sysctl.conf # Uncomment the next line to enable packet forwarding for IPv4 net.ipv4.ip_forward=1 # Uncomment the next line to enable packet forwarding for IPv6 #net.ipv6.conf.all.forwarding=1 on the server. Indeed I am a network newbie as previously advertised :-( In any case, current firewall behavior is as noted: me@jumpbox:~$ date ; sudo iptables -L Sat Nov 8 16:42:06 EST 2014 Chain INPUT (policy ACCEPT) target prot opt source destination fail2ban-ssh tcp -- anywhereanywhere multiport dports ssh Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain fail2ban-ssh (1 references) target prot opt source destination RETURN all -- anywhere anywhere Mart van de Wege Sun, 09 Nov 2014 12:02:46 +0100 [1] What I suspect is a routing problem on the other side of the VPN. Can you ping IP addresses beyond your VPN? What does the output of traceroute show? Good questions! I will add these to the Debian wiki[5] because your suspicions are correct. Before starting OpenVPN on either the laptop/client or the jumpbox/server: me@laptop:~$ date ; pgrep -l openvpn | wc -l Sun Nov 9 09:24:43 EST 2014 0 me@laptop:~$ date ; ping -c 4 www.whatismyip.com Sun Nov 9 09:24:48 EST 2014 PING www.whatismyip.com (141.101.120.15) 56(84) bytes of data. 64 bytes from 141.101.120.15: icmp_seq=1 ttl=57 time=94.7 ms 64 bytes from 141.101.120.15: icmp_seq=2 ttl=57 time=157 ms 64 bytes from 141.101.120.15: icmp_seq=3 ttl=57 time=88.3 ms 64 bytes from 141.101.120.15: icmp_seq=4 ttl=57 time=88.8 ms --- www.whatismyip.com ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 15621ms rtt min/avg/max/mdev = 88.370/107.325/157.369/29.002 ms me@laptop:~$ date ; traceroute www.whatismyip.com Sun Nov 9 09:25:17 EST 2014 traceroute to www.whatismyip.com (141.101.120.15), 30 hops max, 60 byte packets 1 192.168.15.1 (192.168.15.1) 0.850 ms 0.838 ms 1.378 ms 2 71-23-64-2.clt.clearwire-wmx.net (71.23.64.2) 75.041 ms 75.040 ms 75.030 ms 3 71.22.7.161 (71.22.7.161) 75.293 ms 75.287 ms 75.661 ms 4 66-192-62-1.static.twtelecom.net (66.192.62.1) 75.260 ms 75.619 ms 75.600 ms 5 ash1-pr1-xe-2-3-0-0.us.twtelecom.net (66.192.244.214) 84.267 ms 84.467 ms 84.456 ms 6 xe-0.equinix.asbnva01.us.bb.gin.ntt.net (206.126.236.12) 84.429 ms 86.913 ms 86.863 ms 7 ae10.ar2.iad1.us.as4436.gtt.net (69.31.31.168) 96.019 ms 96.242 ms 95.980 ms 8 as13335.xe-7-0-3.ar1.iad1.us.as4436.gtt.net (69.31.31.90) 95.604 ms 95.585 ms as13335.xe-9-0-2.ar1.iad1.us.as4436.gtt.net (69.31.30.14) 96.170 ms 9 * as13335.xe-7-0-3.ar1.iad1.us.as4436.gtt.net (69.31.31.90) 95.515 ms 95.520 ms 10 141.101.120.15 (141.101.120.15) 96.397 ms 96.392 ms 95.841 ms After starting OpenVPN on first the jumpbox/server then the laptop/client, off-VPN routing is indeed hosed: me@laptop:~$ date ; pgrep -l openvpn | wc -l Sun Nov 9 09:31:27 EST 2014 1 me@laptop:~$ date ; ping -c 4 www.whatismyip.com Sun Nov 9 09:31:33 EST 2014 PING www.whatismyip.com (141.101.120.14) 56(84) bytes of data. --- www.whatismyip.com ping statistics --- 4 packets transmitted, 0 received, 100% packet loss, time 3023ms me@laptop:~$ date ; traceroute www.whatismyip.com Sun Nov 9 09:33:06 EST 2014 traceroute to www.whatismyip.com (141.101.120.15), 30 hops max, 60 byte packets 1 10.8.0.1 (10.8.0.1) 99.579 ms 99.584 ms 104.230 ms 2 * * * ... 30 * * * Note also that the jumpbox/server is a linode running a stock Debian (`cat /etc/debian_version`=='7.7'), which are apparently able to support OpenVPN, per these linode.com-hosted instructions[6]. They are vague in places, which made me switch to the Debian wiki[5], but now I suspect that I need to switch back to its section='Tunneling All Connections through the VPN'[2]. So I'll give that a try. (Eventually I prefer only to tunnel ssh and the SSL VPN through the OpenVPN to the cluster, so I'll probably be back later :-) Your assistance is appreciated! Tom Roche tom_ro...@pobox.com [1] https://lists.debian.org/debian-user/2014/11/msg00463.html [2] https
[newbie] OpenVPN: {DNS, ping, ssh} work, HTTP fails
Sat Nov 8 17:48:25 2014 ifconfig_pool_read(), in='TomRoche,10.8.0.4', TODO: IPv6 Sat Nov 8 17:48:25 2014 succeeded - ifconfig_pool_set() Sat Nov 8 17:48:25 2014 IFCONFIG POOL LIST Sat Nov 8 17:48:25 2014 TomRoche,10.8.0.4 Sat Nov 8 17:48:25 2014 Initialization Sequence Completed me@laptop:~$ sudo openvpn --script-security 2 --config /etc/openvpn/client1.conf Sat Nov 8 17:49:12 2014 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Sat Nov 8 17:49:12 2014 Socket Buffers: R=[212992-131072] S=[212992-131072] Sat Nov 8 17:49:12 2014 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay Sat Nov 8 17:49:12 2014 UDPv4 link local: [undef] Sat Nov 8 17:49:12 2014 UDPv4 link remote: [AF_INET]jump.box.IP.num:1194 Sat Nov 8 17:49:12 2014 TLS: Initial packet from [AF_INET]jump.box.IP.num:1194, sid=25df7af6 0ece4089 Sat Nov 8 17:49:13 2014 VERIFY OK: depth=1, my config data/ Sat Nov 8 17:49:13 2014 VERIFY OK: nsCertType=SERVER Sat Nov 8 17:49:13 2014 VERIFY OK: depth=0, my config data/ Sat Nov 8 17:49:14 2014 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Sat Nov 8 17:49:14 2014 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Sat Nov 8 17:49:14 2014 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Sat Nov 8 17:49:14 2014 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Sat Nov 8 17:49:14 2014 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA Sat Nov 8 17:49:14 2014 [TomRoche] Peer Connection Initiated with [AF_INET]jump.box.IP.num:1194 Sat Nov 8 17:49:16 2014 SENT CONTROL [TomRoche]: 'PUSH_REQUEST' (status=1) Sat Nov 8 17:49:16 2014 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' Sat Nov 8 17:49:16 2014 OPTIONS IMPORT: timers and/or timeouts modified Sat Nov 8 17:49:16 2014 OPTIONS IMPORT: --ifconfig/up options modified Sat Nov 8 17:49:16 2014 OPTIONS IMPORT: route options modified Sat Nov 8 17:49:16 2014 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Sat Nov 8 17:49:16 2014 ROUTE_GATEWAY lap.top.gate.way/255.255.255.0 IFACE=eth0 HWADDR=la:pt:op:MAC:ad:dr Sat Nov 8 17:49:16 2014 TUN/TAP device tun0 opened Sat Nov 8 17:49:16 2014 TUN/TAP TX queue length set to 100 Sat Nov 8 17:49:16 2014 do_ifconfig, tt-ipv6=0, tt-did_ifconfig_ipv6_setup=0 Sat Nov 8 17:49:16 2014 /sbin/ip link set dev tun0 up mtu 1500 Sat Nov 8 17:49:16 2014 /sbin/ip addr add dev tun0 local 10.8.0.6 peer 10.8.0.5 Sat Nov 8 17:49:16 2014 /etc/openvpn/update-resolv-conf tun0 1500 1542 10.8.0.6 10.8.0.5 init dhcp-option DNS 8.8.8.8 Sat Nov 8 17:49:16 2014 /sbin/ip route add lap.top.IP.num/32 via lap.top.gate.way Sat Nov 8 17:49:16 2014 /sbin/ip route add 0.0.0.0/1 via 10.8.0.5 Sat Nov 8 17:49:16 2014 /sbin/ip route add 128.0.0.0/1 via 10.8.0.5 Sat Nov 8 17:49:16 2014 /sbin/ip route add 10.8.0.1/32 via 10.8.0.5 Sat Nov 8 17:49:16 2014 GID set to nogroup Sat Nov 8 17:49:16 2014 UID set to nobody Sat Nov 8 17:49:16 2014 Initialization Sequence Completed I then see the following on my client: * `ifconfig` shows a new entry=`tun0`, which looks correct * I can `ping` the server using either its real IP# or `10.8.0.1` * I can `ssh` to the server using either its real IP# or `10.8.0.1` * `nslookup www.whatismyip.com` gives correct results ... but I get no connection if I open a new instance of Firefox and browse to http://www.whatismyip.com/ :-( Looking up www.whatismyip.com... succeeds quickly but the status line continues to display Connecting to www.whatismyip.com... until the attempt times out. I also get the same behavior (connection timeout) if I open a new instance of Chrome, or if I browse to http://www.whatismyip.com/ with a Firefox opened prior to starting OpenVPN. FWIW I get the same behavior browsing to any URI, including (e.g.) Google. This is a major problem for me! For the SSL VPN to work, I need to start a Firefox and run it (since the SSL VPN's vendor only supports it on Linux via a Firefox plugin) to access a particular remote-access website. Furthermore I need the SSL VPN to run through the jumpbox/OpenVPN. (Don't ask, it's a long, sad story ...) How can I fix this? Alternatively, what should I do to further debug the problem? your assistance is appreciated, Tom Roche tom_ro...@pobox.com -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87bnoht9dk@pobox.com
Re: [newbie] OpenVPN: {DNS, ping, ssh} work, HTTP fails
for completeness, added server firewall settings below: Tom Roche Sat, 08 Nov 2014 21:07:03 -0500 https://lists.debian.org/debian-user/2014/11/msg00440.html summary: I'm running [OpenVPN] from an LMDE [client through a Debian jumpbox/server]. After I [start the server, start the client] most IP-based applications seem to work from the client, but web browsing fails: e.g., client's Firefox cannot connect to http://www.whatismyip.com/ . How to fix or debug? details: (Apologies in advance if you feel this is a question better asked elsewhere. If so, please let me know where to ask. The OpenVPN forums are quite slow to respond in my experience, hence I'm asking here first.) I have a laptop running up-to-date LMDE (`cat /etc/debian_version`=='jessie/sid'), including Firefox version=33.0. From that laptop I need to access a compute cluster. The cluster formerly required only an SSL VPN (enabled by a Firefox plugin) to access, but now has several additional requirements, which I seek to satisfy by running the SSL VPN through a jumpbox running an OpenVPN server. The jumpbox is a linode running a vanilla Debian (`cat /etc/debian_version`=='7.7'). Note that I have been using the laptop successfully for a few years with LMDE and without network problems. Currently I have the client/laptop connected by wire directly to an ISP-supplied modem/router. With `openvpn` NOT running on my client/laptop, I see the following: * `ifconfig` shows no entry='tun0' (just the usual entries for 'eth0', 'lo', 'wlan0'), and shows the expected client IP# bound to 'eth0'. * I can `ping` my jumpbox/server using its real IP#, but cannot `ping 10.8.0.1` * I can `ssh` to my jumpbox/server using its real IP#, but cannot `ssh 10.8.0.1` * `nslookup www.whatismyip.com` gives correct results * browsing to http://www.whatismyip.com/ shows my client's IP# (as also shown in `ifconfig`) Both the client and server setups are quite generic OpenVPN-wise, and are almost exactly as described on the Debian wiki here https://wiki.debian.org/openvpn%20for%20server%20and%20client Note particularly that my client and server configurations are currently near-exact copies of those listed at that Debian wiki page: the only changes are my server IP# (obfuscated below) and the name of my client: me@jumpbox:~$ date ; cat /etc/openvpn/server.conf Sat Nov 8 16:49:00 EST 2014 port 1194 proto udp dev tun ca /etc/openvpn/ca.crt cert /etc/openvpn/server.crt key /etc/openvpn/server.key dh /etc/openvpn/dh1024.pem server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt push redirect-gateway def1 bypass-dhcp push dhcp-option DNS 8.8.8.8 # google public DNS keepalive 10 120 comp-lzo user nobody group nogroup persist-key persist-tun status openvpn-status.log verb 3 me@laptop:~$ date ; cat /etc/openvpn/client1.conf Sat Nov 8 16:51:31 EST 2014 client dev tun proto udp remote ser.ver.IP.num 1194 resolv-retry infinite nobind user nobody group nogroup persist-key persist-tun mute-replay-warnings ca /etc/openvpn/ca.crt cert /etc/openvpn/client1.crt key /etc/openvpn/client1.key ns-cert-type server comp-lzo verb 3 up /etc/openvpn/update-resolv-conf down /etc/openvpn/update-resolv-conf My jumpbox/server firewall is currently set to forward everything, using `iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE`: me@jumpbox:~$ date ; sudo iptables -L Sat Nov 8 16:42:06 EST 2014 Chain INPUT (policy ACCEPT) target prot opt source destination fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain fail2ban-ssh (1 references) target prot opt source destination RETURN all -- anywhere anywhere After I start `openvpn` on first the server and then the client, I see no OpenVPN errors on either the server or the client: me@jumpbox:~$ sudo openvpn --script-security 2 --config /etc/openvpn/server.conf Sat Nov 8 17:48:25 2014 OpenVPN 2.2.1 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Jun 18 2013 Sat Nov 8 17:48:25 2014 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Sat Nov 8 17:48:25 2014 Diffie-Hellman initialized with 1024 bit key Sat Nov 8 17:48:25 2014 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ] Sat Nov 8 17:48:25 2014 Socket Buffers: R=[212992-131072] S
Skype substitutes for current Debian?
Having recently received the Skype email requiring reinstall with new version, I'd like to learn more about available, working substitutes for Skype for D7/wheezy, possibly current testing/jessie, and maybe even more robust bits of sid. (For brevity, I'll refer to that collectively as D7++.) Particularly I'm interested in the following usecase: someone receives request from OP to do an interview by Skype, the service with which the OP is most familiar. Are there, e.g., 1. Skype-compatible clients for D7++ which could be used to connect directly to an OP running Skype? 2. Alternate services (e.g., Google Hangout) with ease-of-use sufficiently approximate to Skype that the D7++ user could reasonably propose to an OP of {usual, not very strong} IT-literacy? 3. Skype-compatible clients for D7++ which could be used to connect directly to an OP running that alternate service? I'm especially interested in evaluations of https://wiki.debian.org/skype free and open source alternative[s,] community-owned and supported by Debian, such as the VoIP ekiga , linphone , or jitsi ? I'm especially *not* here interested in discussion of the relative evilness of various corporations and governments, that having been covered well in the thread beginning @ https://lists.debian.org/debian-user/2014/08/msg00061.html TIA, Tom Roche tom_ro...@pobox.com -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87vbq041k4@pobox.com
'box' as noun, was: wireless can DHCP but not DNS?
Lisi Reisz Fri, 23 May 2014 17:10:49 +0100 box is a verb, so I found it confusing. You are indeed confused. As a native speaker of English, I can assure you, 'box' is both noun and verb. Also, having been in computing in the US for decades, I can assure you, 'box' as a noun is widely used to refer to informatic devices generically. FWIW, Tom Roche tom_ro...@pobox.com -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87ha4gz9ew@pobox.com
wireless can DHCP but not DNS?
summary: box ethernets via wire, but all wireless fails, including known-good providers: `ifconfig -a` shows a wireless IP#, but `nslookup` fails. How to fix or debug? details: I'm running LMDE UP8 https://en.wikipedia.org/wiki/Linux_Mint#Linux_Mint_Debian_Edition http://blog.linuxmint.com/?p=2544 up-to-date on a new ThinkPad (new to me, anyway :-) with $ inxi -Fxz System:Host: filter Kernel: 3.11-2-amd64 x86_64 (64 bit, gcc: 4.8.1) Desktop: Cinnamon 2.0.14 Distro: LinuxMint 1 debian ... Network: Card-1: Intel Centrino Advanced-N 6200 driver: iwlwifi ver: in-tree: bus-ID: 03:00.0 IF: wlan0 state: down mac: filter Card-2: Intel 82577LM Gigabit Network Connection driver: e1000e ver: 2.3.2-k port: 1820 bus-ID: 00:19.0 IF: eth0 state: up speed: 100 Mbps duplex: full mac: filter I run wired ethernet at home and work, and installed debian on the newer laptop via wire without problems. I also have an older laptop with an older LMDE (UP5) which I won't be updating until I get everything working on the newer box :-( Wireless works as expected on the older laptop, including at the following locations: * home (FreedomPop Hub Burst modem/router, security=WPA personal with encryption=AES) * nearby municipal wireless (unsecured) * work (security=WPA enterprise) But at each of those locations, wireless fails on the newer laptop in the same way: I can DHCP (at least, I get an IP address) but not DNS ... which makes no sense to me! For example: At home I can enable wireless on the modem/router, then startup the older box. It autoconnects to that SSID, and then me@OldBox:~$ date ; nslookup www.google.com ; date Thu May 22 13:08:43 EDT 2014 Server: 192.168.15.1 Address: 192.168.15.1#53 ... me@OldBox:~$ date ; sudo ifconfig -a Thu May 22 13:08:45 EDT 2014 ... wlan0 Link encap:Ethernet HWaddr filter inet addr:192.168.15.56 Bcast:192.168.15.255 Mask:255.255.255.0 inet6 addr: filter Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:40217 errors:0 dropped:0 overruns:0 frame:0 TX packets:32431 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:15583645 (14.8 MiB) TX bytes:9273602 (8.8 MiB) I can then browse to pages normally (using firefox). I then disable the old box's wireless (via NetworkManager), enable the new box's wireless, and connect ... or at least, NetworkManager gives connection notification. But when I do me@NewBox ~ $ date ; nslookup www.google.com ; date Thu May 22 13:11:22 EDT 2014 ;; connection timed out; no servers could be reached Thu May 22 13:11:37 EDT 2014 me@NewBox ~ $ date ; sudo ifconfig -a Thu May 22 12:53:07 EDT 2014 ... wlan0 Link encap:Ethernet HWaddr filter inet addr:192.168.15.71 Bcast:192.168.15.255 Mask:255.255.255.0 inet6 addr: filter Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:998 errors:0 dropped:0 overruns:0 frame:0 TX packets:1099 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:77446 (75.6 KiB) TX bytes:177995 (173.8 KiB) FWIW, I have the same wireless experience at the other locations (open municipal wifi and secured wifi @ work): older box just works, newer box connects and gets IP# but can't DNS (or browse). Given that the older box (and in the latter cases, lots of other devices) works with these SSIDs, I suspect they are not misconfigured. Given that NetworkManager seems happy, and DHCP at least partly works, on the newer box, I suspect the newer box does not have a hardware problem. So I tend to suspect a software problem on the newer box. Am I missing something? Mostly I'd like to know, 1. How to fix or debug the newer laptop? 2. How can the newer box get an IP# but no DNS server#s? I've used DHCP for many years but don't recall seeing this behavior before, except with misconfigured routers--which does not seem to apply in this case, because, in every instance, the old box works as expected. Your assistance is appreciated, Tom Roche tom_ro...@pobox.com -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87sio1zl57@pobox.com
Re: wireless can DHCP but not DNS?
Tom Roche Thu, 22 May 2014 15:08:36 -0400 summary: box ethernets via wire, but all wireless fails, including known-good providers: `ifconfig -a` shows a wireless IP#, but `nslookup` fails. How to fix or debug? Brian Thu, 22 May 2014 20:46:38 +0100 You could compare (and post) /etc/resolv.conf on new and old machines. Thanks! that is *almost* the solution to my problem: It reminded me of something I previously read: https://wiki.debian.org/NetworkConfiguration#The_resolvconf_program When resolvconf is properly installed, the resolv.conf configuration file at /etc/resolv.conf is replaced by a symbolic link to /etc/resolvconf/run/resolv.conf And in fact the symlink I had made (more below) was gone: me@NewBox ~ $ date ; ls -alh /etc/resolv.conf Thu May 22 15:18:49 EDT 2014 -rw-r--r-- 1 root me 174 May 19 11:04 /etc/resolv.conf me@NewBox ~ $ date ; cat /etc/resolv.conf Thu May 22 15:18:57 EDT 2014 # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN nameserver 192.168.1.1 And restoring the symlink restores my ability to DNS on other networks (other than wired to my own switch): me@NewBox ~ $ date ; ls -alh /etc/resolvconf/run/ Thu May 22 15:19:07 EDT 2014 total 4.0K drwxr-xr-x 3 root root 100 May 22 15:13 . drwxr-xr-x 26 root root 1000 May 22 15:13 .. -rw-r--r-- 1 root root0 May 17 22:54 enable-updates drwxr-xr-x 2 root root 60 May 22 15:13 interface -rw-r--r-- 1 root root 174 May 22 15:13 resolv.conf me@NewBox ~ $ date ; sudo ln -sf /etc/resolvconf/run/resolv.conf /etc/resolv.conf Thu May 22 15:19:21 EDT 2014 me@NewBox ~ $ date ; ls -alh /etc/resolv.conf Thu May 22 15:19:27 EDT 2014 lrwxrwxrwx 1 root root 31 May 22 15:21 /etc/resolv.conf - /etc/resolvconf/run/resolv.conf me@NewBox ~ $ date ; nslookup www.google.com Thu May 22 15:19:34 EDT 2014 Server: 152.19.240.8 Address: 152.19.240.8#53 So I'd declare this solved, except for one thing: I've been logging the process by which I've been setting up the new box, and I see in my log that I previously made this symlink! So I'd like to know, * how to prevent my resolv.conf symlink to be overwritten in future? or * is there a way that I can be notified if/when something overwrites it in future? FWIW, my currently-installed resolvconf is me@NewBox ~ $ apt-cache policy resolvconf resolvconf: Installed: 1.74 Candidate: 1.74 Version table: *** 1.74 0 500 http://debian.linuxmint.com/latest/ testing/main amd64 Packages 100 /var/lib/dpkg/status thanks again, Tom Roche tom_ro...@pobox.com -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87ppj5z7i6@pobox.com
[multiarch] easy fix for interarchitectural package conflict?
) but it is not going to be installed. emacs24 : Depends: libgif4 (= 4.1.4) but it is not going to be installed. ... Option 2 seems unacceptable at this point: I can't telework without the VPN enabled by the F5NAP, and getting on the physical LAN would be *very* difficult at the moment. But perhaps there are currently elsewhere versions of libgif4:* without interarchitectural conflict? If so, how to access them? Which seems to leave option 3: is there a way that *I* (a debian packaging newbie) can resolve the conflict between libgif4:amd64 and libgif4:i386 with minimal pain? I very much need to get back to Real Work(tm). Apologies if this is a FAQ, but I didn't see any information on this topic targeting a package end-user while either casually DDGing or a less casual read of https://wiki.debian.org/Multiarch (which seems more targeted to package maintainers). Feel free to pass pointers to Fine Manuals; I will cheerfully RTFM. your assistance is appreciated, Tom Roche tom_ro...@pobox.com -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87y4yhmhtd@pobox.com
Re: [multiarch] easy fix for interarchitectural package conflict?
https://lists.debian.org/debian-user/2014/05/msg00291.html [Tom Roche Sun, 04 May 2014 16:04:30 -0400] me@it ~ $ inxi -r Repos: Active apt sources in file: /etc/apt/sources.list.d/google-chrome.list deb http://dl.google.com/linux/chrome/deb/ stable main Active apt sources in file: /etc/apt/sources.list.d/official-package-repositories.list deb http://packages.linuxmint.com debian main upstream import deb http://debian.linuxmint.com/latest/ testing main contrib non-free deb http://debian.linuxmint.com/latest/security testing/updates main contrib non-free deb http://debian.linuxmint.com/latest/multimedia testing main non-free deb http://extra.linuxmint.com debian main me@it ~ $ sudo aptitude -s install icedtea-7-plugin:i386 ... The following packages have unmet dependencies: libgif4 : Conflicts: libgif4:i386 but 4.1.6-10 is to be installed. libgif4:i386 : Conflicts: libgif4 but 4.1.6-10 is installed. https://lists.debian.org/debian-user/2014/05/msg00294.html [Sven Joachim Sun, 04 May 2014 22:21:45 +0200] [you have an] older version of libgif4 than the one in jessie/sid[, since] Multiarch support was enabled in 4.1.6-11 back in December 2013. So how to get a multiarch version of libgif4? My guess is, the sequence 1. add a repository 2. update packages 3. update package=libgif4:i386 4. install package=icedtea-7-plugin:i386 5. remove repository ... is that correct? If so, which repo to add? My guess is deb http://ftp.debian.org/debian/ testing main contrib non-free No? TIA, Tom Roche tom_ro...@pobox.com -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87vbtlmerf@pobox.com
SOLVED: [multiarch] easy fix for interarchitectural package conflict?
summary: 1. Repo=debian-testing was the fix. 2. Where to put bug on package=icedtea-netx ? 3. Pointers to recommended docs on setting up a VM for running a VPN are appreciated. details: https://lists.debian.org/debian-user/2014/05/msg00294.html [Sven Joachim Sun, 04 May 2014 22:21:45 +0200] [you have an] older version of libgif4 than the one in jessie/sid[, since] Multiarch support was enabled in 4.1.6-11 back in December 2013. https://lists.debian.org/debian-user/2014/05/msg00302.html [Tom Roche Sun, 04 May 2014 17:10:28 -0400] [So] 1. add [repository=`deb http://ftp.debian.org/debian/ testing main contrib non-free`] 2. update packages 3. update package=libgif4:i386 4. install package=icedtea-7-plugin:i386 5. remove repository [correct?] It was. After NEW_REPO_LINE='deb http://ftp.debian.org/debian/ testing main contrib non-free' NEW_REPO_LIST_FN='debian-testing.list' # files in .../sources.list.d/ need extension=list REPO_LIST_DIR='/etc/apt/sources.list.d' NEW_REPO_LIST_FP=${REPO_LIST_DIR}/${NEW_REPO_LIST_FN} sudo touch ${NEW_REPO_LIST_FP} #sudo echo -e ${NEW_REPO_LINE}\n ${NEW_REPO_LIST_FP} # above fails: gotta run the whole thing as `sudo`: #sudo sh -c echo -e '${NEW_REPO_LINE}\n' ${NEW_REPO_LIST_FP} # above fails: prepends '-e ' sudo sh -c echo '${NEW_REPO_LINE}\n' ${NEW_REPO_LIST_FP} cat ${NEW_REPO_LIST_FP} sudo aptitude update I was able to install {libgif4:amd64 , libgif4:i386} cleanly. Installing java for the F5NAP was a bit more annoying--package=icedtea-netx handles file=/usr/bin/policyeditor IMHO buggily--but I got that installed, and symlinked the appropriate IcedTeaPlugin.so for firefox-3.6.28. Not particularly clean, but now the VPN (F5NAP plus 32-bit firefox) works. (And still works, after backing out the repository change, and re-updating packages.) I would like to know where to report the problem with {icedtea-netx , /usr/bin/policyeditor} to prevent problems for OP, so, if you know, please lemme know where/how best to do that. Regarding the suggestions to install the VPN via a 32-bit VM and network appropriately: the problem is, I don't know how to do that. I would appreciate pointers to doc for next time, or for OP who might stumble upon this thread. By contrast, I knew I could make the above/multiarch approach work, since I'd done it before. Unfortunately, I hadn't *documented* it before, but I did this time. Hopefully multiarch support will be {even better, more transparent} in future. FWIW, Tom Roche tom_ro...@pobox.com -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87sioonbe0@pobox.com
solved: `ls` shows file, `bash` says No such file ???
summary: solution: install jessie package=libc6:i386 et al details: https://lists.debian.org/debian-user/2014/05/msg00126.html [Tom Roche Fri, 02 May 2014 22:25:34 -0400] me@it ~ $ /usr/local/share/firefox-3.6.28/firefox-bin bash: /usr/local/share/firefox-3.6.28/firefox-bin: No such file or directory [127]me@it ~ $ lsalh /usr/local/share/firefox-3.6.28/firefox-bin -rwxr-xr-x 1 root staff 44K Mar 6 2012 /usr/local/share/firefox-3.6.28/firefox-bin [`lsalh` is indeed an alias] Thanks to all! but esp der.hans and Monsta: https://lists.debian.org/debian-user/2014/05/msg00145.html [der.hans Fri, 2 May 2014 22:28:25 -0700 (MST)] it looks to me like the necessary libc isn't actually installed. http://forums.linuxmint.com/viewtopic.php?f=190t=166506p=855700#p855869 [Monsta on Sat May 03, 2014 3:40 am] Such not found messages usually indicate the absence of 32-bit libc6... me@it ~ $ ldd /usr/local/share/firefox-3.6.28/firefox-bin not a dynamic executable # libc6:i386, dependencies, and recommended from `aptitude -s` me@it ~ $ sudo aptitude install libc6:i386 gcc-4.8-base:i386 libc6-i686:i386 libgcc1:i386 The following NEW packages will be installed: gcc-4.8-base:i386 libc6:i386 libc6-i686:i386 libgcc1:i386 0 packages upgraded, 4 newly installed, 0 to remove and 0 not upgraded. ... Setting up gcc-4.8-base:i386 (4.8.2-1) ... Setting up libc6:i386 (2.17-97) ... Setting up libgcc1:i386 (1:4.8.2-1) ... ... Setting up libc6-i686:i386 (2.17-97) ... Processing triggers for libc-bin ... me@it ~ $ ldd /usr/local/share/firefox-3.6.28/firefox-bin linux-gate.so.1 (0xf7775000) libpthread.so.0 = /lib/i386-linux-gnu/i686/cmov/libpthread.so.0 (0xf774) libxul.so = not found libmozjs.so = not found libxpcom.so = not found libplds4.so = not found libplc4.so = not found libnspr4.so = not found libdl.so.2 = /lib/i386-linux-gnu/i686/cmov/libdl.so.2 (0xf7739000) libgtk-x11-2.0.so.0 = not found libatk-1.0.so.0 = not found libgdk-x11-2.0.so.0 = not found libgdk_pixbuf-2.0.so.0 = not found libpangocairo-1.0.so.0 = not found libpango-1.0.so.0 = not found libcairo.so.2 = not found libgobject-2.0.so.0 = not found libgmodule-2.0.so.0 = not found libglib-2.0.so.0 = not found libX11.so.6 = not found libasound.so.2 = not found libm.so.6 = /lib/i386-linux-gnu/i686/cmov/libm.so.6 (0xf76f4000) libstdc++.so.6 = not found libgcc_s.so.1 = /lib/i386-linux-gnu/libgcc_s.so.1 (0xf76d7000) libc.so.6 = /lib/i386-linux-gnu/i686/cmov/libc.so.6 (0xf7527000) /lib/ld-linux.so.2 (0xf7776000) So now I have something to work with! which is great, because it's a long commute to my cluster's physical LAN! https://lists.debian.org/debian-user/2014/05/msg00129.html [Mike Kupfer Fri, 02 May 2014 21:02:48 -0700] The error message from bash is... unfortunate, to say the least. I'd like to bug-report, except https://lists.debian.org/debian-user/2014/05/msg00146.html [Sven Joachim Sat, 03 May 2014 07:38:28 +0200] [bash] can't do any better though, because the kernel just reports ENOENT when you try to run a program and its ELF interpreter [is] missing. I'm the first to admit that I am, as a software developer, probably several orders of magnitude less than the linux kernel folks. That being said, in all my code I try to provide error messages that at best help the user actually solve the problem, and at least do not misrepresent the etiology. So if anyone has suggestions regarding how/where to put a bug that might result in a positive outcome, please lemme know. thanks all! Tom Roche tom_ro...@pobox.com -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/871twao43t@pobox.com
`ls` shows file, `bash` says No such file ???
For background on my problem (and why I very much need to solve it), see http://forums.linuxmint.com/viewtopic.php?f=190t=166506p=855700#p855700 But the essence of the problem appears to be me@it ~ $ /usr/local/share/firefox-3.6.28/firefox-bin bash: /usr/local/share/firefox-3.6.28/firefox-bin: No such file or directory [127]me@it ~ $ lsalh /usr/local/share/firefox-3.6.28/firefox-bin -rwxr-xr-x 1 root staff 44K Mar 6 2012 /usr/local/share/firefox-3.6.28/firefox-bin me@it ~ $ sudo /usr/local/share/firefox-3.6.28/firefox-bin sudo: unable to execute /usr/local/share/firefox-3.6.28/firefox-bin: No such file or directory me@it ~ $ groups me sudo staff lpadmin How is it possible that `ls` can list a file, but `bash` says No such file? Note that everything else seems to work on this box, which FWIW is me@it ~ $ uname -a Linux it 3.11-2-amd64 #1 SMP Debian 3.11.8-1 (2013-11-13) x86_64 GNU/Linux me@it ~ $ cat /etc/debian_version jessie/sid so it's not like the box is just broken. FWIW, /usr/local/share/firefox-3.6.28/firefox-bin is 32-bit, while the rest of the box is 64-bit. I don't see how that could cause *this* problem, but that's the only thing unusual about /usr/local/share/firefox-3.6.28/firefox-bin (of which I'm aware). desperately confused, Tom Roche tom_ro...@pobox.com -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/877g63oaxt@pobox.com
Re: `ls` shows file, `bash` says No such file ???
Tom Roche Fri, 02 May 2014 22:25:34 -0400 For background on my problem (and why I very much need to solve it), see http://forums.linuxmint.com/viewtopic.php?f=190t=166506p=855700#p855700 But the essence of the problem appears to be me@it ~ $ /usr/local/share/firefox-3.6.28/firefox-bin bash: /usr/local/share/firefox-3.6.28/firefox-bin: No such file or directory [127]me@it ~ $ lsalh /usr/local/share/firefox-3.6.28/firefox-bin -rwxr-xr-x 1 root staff 44K Mar 6 2012 /usr/local/share/firefox-3.6.28/firefox-bin Mike Kupfer Fri, 02 May 2014 21:02:48 -0700 I ran into this issue (with a different binary, on Ubuntu 12.04) a week or two ago, and it was in fact the mismatch between 32-bit and 64-bit. So try installing the 64-bit FF Alas, as detailed @ link above, I cannot: I must run a VPN which - the developer (F5) only supports for linux clients as browser plugins (?!?) for firefox-3.x and firefox-8.x - my workplace's servers' version of the F5 backend only supports the frontend version that runs on firefox-3.x and there are no 64-bit builds of firefox-3.x. But it gets worse :-( As detailed @ link above, I have formerly made firefox-3.6.28+F5NAP work on two different debian boxes! Including one virtually identical to the box in question! So this is a *solved* problem ... I just don't know the solution :-( The error message from bash is... unfortunate, to say the least. Indeed. Where to report this bug? TIA, Tom Roche tom_ro...@pobox.com -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/874n17o5db@pobox.com
Re: [APT] how to debug Hash Sum mismatch?
http://lists.debian.org/debian-user/2013/01/msg01054.html (rearranged) you are only having trouble with the CRAN repositories? Correct. (And, yes, I do have bzip2 :-) 3 packages upgraded, ... and 1603 not upgraded. ^ Is there a reason for not upgrading all those packages? Yes: I'm currently on LMDE UP5, those packages are LMDE UP6, I don't want to upgrade this box until I get my spare box updated. [ https://answers.launchpad.net/ubuntu/+question/6841) suggests] rm /var/cache/apt/pkgcache.bin rm /var/cache/apt/srcpkgcache.bin alas, no fix: $ sudo rm /var/cache/apt/pkgcache.bin /var/cache/apt/srcpkgcache.bin /var/lib/apt/lists/partial/* /var/lib/apt/lists/* ; sudo apt-get update ... $ sudo aptitude install r-base r-base-core r-recommended r-base-dev ... E: Failed to fetch http://mirrors.nics.utk.edu/cran/bin/linux/debian/squeeze-cran/r-base-core_2.15.2-1~squeezecran.0_amd64.deb: Hash Sum mismatch There are also plenty of hits on google for: W: Failed to fetch bzip2: Hash Sum mismatch I'll try that. thanks anyway, Tom Roche tom_ro...@pobox.com -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87obgak071@pobox.com
Re: [APT] how to debug Hash Sum mismatch?
summary: trying to update R packages from recommended mirrors @ http://cran.r-project.org/mirrors.html This has worked well for a long time, but now I keep getting errors like Failed to fetch mirror URI//squeeze-cran/deb name/: Hash Sum mismatch No fix from either sudo rm /var/lib/apt/lists/partial/* sudo rm /var/lib/apt/lists/* sudo aptitude update or sudo rm /var/lib/apt/lists/partial/* sudo rm /var/lib/apt/lists/* sudo apt-get update details: http://lists.debian.org/debian-user/2013/01/msg00995.html I'm getting E: Failed to fetch http://lib.stat.cmu.edu/R/CRAN/bin/linux/debian/squeeze-cran/r-base-core_2.15.2-1~squeezecran.0_amd64.deb: Hash Sum mismatch So I changed my sources.list - deb http://lib.stat.cmu.edu/R/CRAN/bin/linux/debian squeeze-cran/ + deb http://watson.nci.nih.gov/cran_mirror/bin/linux/debian squeeze-cran/ did `sudo aptitude update`, and got W: Failed to fetch bzip2:/var/lib/apt/lists/partial/watson.nci.nih.gov_cran%5fmirror_bin_linux_debian_squeeze-cran_Packages: Hash Sum mismatch So I changed my sources.list - deb http://lib.stat.cmu.edu/R/CRAN/bin/linux/debian squeeze-cran/ - deb http://watson.nci.nih.gov/cran_mirror/bin/linux/debian squeeze-cran/ + deb http://mirrors.nics.utk.edu/cran/bin/linux/debian squeeze-cran/ did `sudo aptitude update`, and got W: Failed to fetch bzip2:/var/lib/apt/lists/partial/mirrors.nics.utk.edu_cran_bin_linux_debian_squeeze-cran_Packages: Hash Sum mismatch http://lists.debian.org/debian-user/2013/01/msg00997.html Without knowing all your details, I'd probably: rm /var/lib/apt/lists/* rm /var/lib/apt/lists/partial/* then try updating again. Unfortunately, no fix: me@it:~ $ sudo rm /var/lib/apt/lists/* rm: cannot remove `/var/lib/apt/lists/partial': Is a directory me@it:~ $ sudo rm /var/lib/apt/lists/partial/* me@it:~ $ sudo emacs -nw -q /etc/apt/sources.list me@it:~ $ sudo aptitude update ... W: Failed to fetch bzip2:/var/lib/apt/lists/partial/lib.stat.cmu.edu_R_CRAN_bin_linux_debian_squeeze-cran_Packages: Hash Sum mismatch E: Some index files failed to download. They have been ignored, or old ones used instead. E: Couldn't rebuild package cache me@it:~ $ sudo emacs -nw -q /etc/apt/sources.list me@it:~ $ sudo rm /var/lib/apt/lists/partial/* ; sudo rm /var/lib/apt/lists/* ; sudo aptitude update ... W: Failed to fetch bzip2:/var/lib/apt/lists/partial/watson.nci.nih.gov_cran%5fmirror_bin_linux_debian_squeeze-cran_Packages: Hash Sum mismatch E: Some index files failed to download. They have been ignored, or old ones used instead. E: Couldn't rebuild package cache me@it:~ $ sudo emacs -nw -q /etc/apt/sources.list me@it:~ $ sudo rm /var/lib/apt/lists/partial/* ; sudo rm /var/lib/apt/lists/* ; sudo aptitude update ... W: Failed to fetch bzip2:/var/lib/apt/lists/partial/mirrors.nics.utk.edu_cran_bin_linux_debian_squeeze-cran_Packages: Hash Sum mismatch E: Some index files failed to download. They have been ignored, or old ones used instead. E: Couldn't rebuild package cache For the helluvit, I also tried `apt-get`, which does not fail-fast like `aptitude`: me@it:~ $ sudo rm /var/lib/apt/lists/partial/* ; sudo rm /var/lib/apt/lists/* ; sudo apt-get update ... Reading package lists... Done me@it:~ $ sudo aptitude install r-base r-base-core r-recommended r-base-dev liblapack3 liblapack-dev The following NEW packages will be installed: r-base-dev The following packages will be upgraded: r-base r-base-core r-recommended 3 packages upgraded, 1 newly installed, 0 to remove and 1603 not upgraded. Need to get 21.1 MB of archives. After unpacking 500 kB will be used. Do you want to continue? [Y/n/?] Get: 1 http://mirrors.nics.utk.edu/cran/bin/linux/debian/ squeeze-cran/ r-base-core 2.15.2-1~squeezecran.0 [21.0 MB] Get: 2 http://mirrors.nics.utk.edu/cran/bin/linux/debian/ squeeze-cran/ r-base 2.15.2-1~squeezecran.0 [37.1 kB] Get: 3 http://mirrors.nics.utk.edu/cran/bin/linux/debian/ squeeze-cran/ r-recommended 2.15.2-1~squeezecran.0 [2,688 B] Get: 4 http://mirrors.nics.utk.edu/cran/bin/linux/debian/ squeeze-cran/ r-base-dev 2.15.2-1~squeezecran.0 [3,906 B] Fetched 21.1 MB in 12s (1,650 kB/s) E: Failed to fetch http://mirrors.nics.utk.edu/cran/bin/linux/debian/squeeze-cran/r-base-core_2.15.2-1~squeezecran.0_amd64.deb: Hash Sum mismatch What else to try? TIA, Tom Roche tom_ro...@pobox.com -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87r4l7kfd1@pobox.com
[APT] how to debug Hash Sum mismatch?
I'm trying to update debian packages for R, for which the recommended mirrors are listed @ http://cran.r-project.org/mirrors.html My sources.list formerly contained deb http://lib.stat.cmu.edu/R/CRAN/bin/linux/debian squeeze-cran/ with which I was able to keep up-to-date for many months. But tonight I'm getting E: Failed to fetch http://lib.stat.cmu.edu/R/CRAN/bin/linux/debian/squeeze-cran/r-base-core_2.15.2-1~squeezecran.0_amd64.deb: Hash Sum mismatch So I changed my sources.list - deb http://lib.stat.cmu.edu/R/CRAN/bin/linux/debian squeeze-cran/ + deb http://watson.nci.nih.gov/cran_mirror/bin/linux/debian squeeze-cran/ did `sudo aptitude update`, and got W: Failed to fetch bzip2:/var/lib/apt/lists/partial/watson.nci.nih.gov_cran%5fmirror_bin_linux_debian_squeeze-cran_Packages: Hash Sum mismatch So I changed my sources.list - deb http://lib.stat.cmu.edu/R/CRAN/bin/linux/debian squeeze-cran/ - deb http://watson.nci.nih.gov/cran_mirror/bin/linux/debian squeeze-cran/ + deb http://mirrors.nics.utk.edu/cran/bin/linux/debian squeeze-cran/ did `sudo aptitude update`, and got W: Failed to fetch bzip2:/var/lib/apt/lists/partial/mirrors.nics.utk.edu_cran_bin_linux_debian_squeeze-cran_Packages: Hash Sum mismatch Given that CRAN is a fairly reliable organization, and I have just failed with 3 recommended mirrors, I'm wondering if something is wrong on my end. How to debug? TIA, Tom Roche tom_ro...@pobox.com -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87zjzwk39z@pobox.com
Re: startup: separate /var partition hoses /run, shm (shared memory)?
http://lists.debian.org/debian-user/2012/11/msg00679.html On every startup, on the initial {black screen, white text} I get errors beginning with Mount point '/run' does not exist. Skipping mount. and ending (just before it goes to X) with many (10 n 100) lines beginning with shm_open() failed I suspect this is related to having a separate /var partition, since, once the box is booted and I'm logged in, I see that * /run is symlinked to /var/run http://lists.debian.org/debian-user/2012/11/msg00682.html /var/run [should] be symlinked to /run. So /run should be a tmpfs and /run/shm and /run/lock part of it. Also /dev/shm should [be] symlinked to /run/shm as well. Can you post your /etc/fstab and output from 'df -hl' command? http://lists.debian.org/debian-user/2012/11/msg00684.html $ cat /etc/fstab proc/proc procdefaults0 0 # /dev/sda3 UUID=81371084-8857-4621-8859-733596cf4862 /boot ext4 rw,errors=remount-ro0 0 # /dev/sda5 UUID=1ac01fa0-3a44-4ff9-9d9c-3634e2d7d741 swapswapsw 0 0 # /dev/sda6 UUID=43f3e818-1727-4c73-bead-480a413d73df / ext4 rw,errors=remount-ro0 1 # /dev/sda7 UUID=e19d7759-64d9-4371-b648-fb4a7ba9882c /usrext4 rw,errors=remount-ro0 0 # /dev/sda8 UUID=89d00ebd-7c22-4170-8cab-9e1a1273bc70 /optext4 rw,errors=remount-ro0 0 # /dev/sda9 UUID=064fea46-d50f-4e9b-b88b-af430ae667e0 /varext4 rw,errors=remount-ro0 0 # /dev/sda10 UUID=0473c32c-5667-4725-8c7b-b9b931e81f54 /tmpext4 rw,errors=remount-ro0 0 # /dev/sda11 UUID=575d3851-e472-45b2-be69-db4db84fedba /home ext4 rw,errors=remount-ro0 0 $ find / -maxdepth 1 -type d | grep -ve '/$' | sort | xargs du -hls 2 /dev/null 9.1M/bin 62M /boot 684K/dev 30M /etc 17G /home 457M/lib 5.2M/lib32 4.0K/lib64 16K /lost+found 4.0K/mnt 111M/opt 0 /proc 4.0K/.pulse 4.0K/root 13M /sbin 4.0K/selinux 4.0K/srv 0 /sys 72K /tmp 4.9G/usr 470M/var http://lists.debian.org/debian-user/2012/11/msg00685.html Do you have the initscripts package and its dependencies installed? apparently: $ sudo aptitude install initscripts No packages will be installed, upgraded, or removed. ... http://lists.debian.org/debian-user/2012/11/msg00686.html You're quasi running Sid Not really: I'm running LMDE testing, which is ~all debian testing. Your assistance is appreciated, Tom Roche tom_ro...@pobox.com -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87sj89iqxi@pobox.com
[APT] how to recover from /var overflow?
LMDE is a directly-debian-derived, rolling-release, APT-packaged distro. Since I'm not getting help @ its forum, and my problem seems to involve APT directly, I'm hoping this is a good place to ask. If there's a better place to ask APT questions, please lemme know, and feel free to forward. My problem is http://forum.linuxmint.com/viewtopic.php?f=198t=116918 Recently I attempted to upgrade an LMDE box from UP4 to UP5 These update packs are collections of APT packages. via `gksudo mintupdate`. IIUC, the Mint Update Manager is just another GUI frontend to APT, except that it also knows about update packs. Note also that, except for installing update packs (a few times per year), I use * `aptitude` for day-to-day package management (approx weekly) * `apt-get` for major upgrades I left [the box] running, and returned to find a dialog (forgot which app popped it) showing /var maxed (mostly in /var/cache/). Fortunately that box has a separate /var partition, so the box still boots. Unfortunately, `gnome-terminal`s are somewhat hosed: the frame pops up, but I get no prompt. Fortunately, {console, virtual terminal, text terminal}s, e.g. C-A-F1, still works as expected. Unfortunately, it has physical partitions, making partition resizing problematic. (I intend to install LVM Real Soon Now :-) Meanwhile, how to fix this problem? I.e., how to restore my APT to a stable state, such that I can reattempt update? I'm guessing the first steps are like 1. boot to console, login 2. `sudo aptitude clean` 3. reboot 4. boot to X, login 5. `sudo apt-get update` 6. `sudo apt-get dist-upgrade` 7. `sudo apt-get -f install` but I Could Be Wrong: is there anything else I can/should do *with APT* to prevent /var overflow? As noted above, I know I should make my /var partition larger, but for now, that is not feasible. TIA, Tom Roche tom_ro...@pobox.com -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/871ufujqaz@pobox.com
startup: separate /var partition hoses /run, shm (shared memory)?
What must one do to make /run mount appropriately on startup if one has a separate /var partition? What I mean, why I ask: Awhile ago, I got a new box with win7 preinstalled. I repartitioned, adding separate partitions for swap, /, /boot, /home, /tmp, /usr, /var (in addition to the win7 partition). I then installed LMDE (Linux Mint Debian Edition, a directly-debian-derived, rolling-release, APT-packaged distro). This has worked well, except for a problem at startup, whether after restart (i.e., warm boot) or shutdown (i.e., cold boot): On every startup, on the initial {black screen, white text} I get errors beginning with Mount point '/run' does not exist. Skipping mount. and ending (just before it goes to X) with many (10 n 100) lines beginning with shm_open() failed I suspect this is related to having a separate /var partition, since, once the box is booted and I'm logged in, I see that * /run is symlinked to /var/run * /run/shm is a directory I'm wondering, how to fix this problem? E.g., can I make /var (and therefore /var/run) mount before whatever is trying to mount /run? If there is a better place to ask this question, please lemme know. TIA, Tom Roche tom_ro...@pobox.com -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87y5i2i4zj@pobox.com
Re: startup: separate /var partition hoses /run, shm (shared memory)?
http://lists.debian.org/debian-user/2012/11/msg00679.html On every startup, on the initial {black screen, white text} I get errors beginning with Mount point '/run' does not exist. Skipping mount. and ending (just before it goes to X) with many (10 n 100) lines beginning with shm_open() failed I suspect this is related to having a separate /var partition, since, once the box is booted and I'm logged in, I see that * /run is symlinked to /var/run http://lists.debian.org/debian-user/2012/11/msg00682.html Since /run is meant to replace all temporary filesystems in RAM I would expect this to be other way around, ie /var/run to be symlinked to /run. So /run should be a tmpfs and /run/shm and /run/lock part of it. Also /dev/shm should [be] symlinked to /run/shm as well. Can you post your /etc/fstab and output from 'df -hl' command? $ cat /etc/fstab proc/proc procdefaults0 0 # /dev/sda3 UUID=81371084-8857-4621-8859-733596cf4862 /boot ext4 rw,errors=remount-ro0 0 # /dev/sda5 UUID=1ac01fa0-3a44-4ff9-9d9c-3634e2d7d741 swapswapsw 0 0 # /dev/sda6 UUID=43f3e818-1727-4c73-bead-480a413d73df / ext4 rw,errors=remount-ro0 1 # /dev/sda7 UUID=e19d7759-64d9-4371-b648-fb4a7ba9882c /usrext4 rw,errors=remount-ro0 0 # /dev/sda8 UUID=89d00ebd-7c22-4170-8cab-9e1a1273bc70 /optext4 rw,errors=remount-ro0 0 # /dev/sda9 UUID=064fea46-d50f-4e9b-b88b-af430ae667e0 /varext4 rw,errors=remount-ro0 0 # /dev/sda10 UUID=0473c32c-5667-4725-8c7b-b9b931e81f54 /tmpext4 rw,errors=remount-ro0 0 # /dev/sda11 UUID=575d3851-e472-45b2-be69-db4db84fedba /home ext4 rw,errors=remount-ro0 0 $ find / -maxdepth 1 -type d | grep -ve '/$' | sort | xargs du -hls 2 /dev/null 9.1M/bin 62M /boot 684K/dev 30M /etc 17G /home 457M/lib 5.2M/lib32 4.0K/lib64 16K /lost+found 4.0K/mnt 111M/opt 0 /proc 4.0K/.pulse 4.0K/root 13M /sbin 4.0K/selinux 4.0K/srv 0 /sys 72K /tmp 4.9G/usr 470M/var http://lists.debian.org/debian-user/2012/11/msg00680.html Does [LMDE] still use init? $ ps aux | fgrep init root 1 1.7 0.0 10636 832 ?Ss 00:08 0:01 init [2] me3253 0.0 0.0 7772 708 pts/0S+ 00:10 0:00 fgrep init $ ps aux | fgrep upstart me3264 0.0 0.0 7740 704 pts/0S+ 00:10 0:00 fgrep upstart $ ps aux | fgrep systemd me3266 0.0 0.0 7740 704 pts/0S+ 00:10 0:00 fgrep systemd Note LMDE != Mint: latter now comes in several versions, of which LMDE is one. $ lsb_release -ds Linux Mint Debian Edition $ cat /etc/debian_version wheezy/sid $ uname -rv 3.2.0-3-amd64 #1 SMP Thu Jun 28 09:07:26 UTC 2012 Your assistance is appreciated, Tom Roche tom_ro...@pobox.com -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87vcd6hzqd@pobox.com
Re: `dget --build` permissions problem
Tom Roche Thu, 12 Jul 2012 12:59:34 -0400 me@it:/tmp/gdal$ dget --build http://ftp.de.debian.org/debian/pool/main/g/gdal/gdal_1.9.0-3.dsc fails at end (after long successful build) with error: could not create '/usr/local/lib/python2.6/dist-packages/osgeo': Permission denied ... error: could not create '/usr/local/lib/python2.7/dist-packages/osgeo': Permission denied ... dpkg-buildpackage: error: debian/rules build gave error exit status 2 I have kludged-around the problem as described @ https://alioth.debian.org/tracker/index.php?func=detailaid=313720group_id=30241atid=410558 gdal_1.9.0-3 source package fails to build without `sudo` in makefile If there is A Better Way(tm), please lemme know. HTH, Tom Roche tom_ro...@pobox.com -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87wr27xxsu@pobox.com
`dget --build` permissions problem
summary: I'm almost able to build a package, except me@it:/tmp/gdal$ dget --build http://ftp.de.debian.org/debian/pool/main/g/gdal/gdal_1.9.0-3.dsc fails at end (after long successful build) with error: could not create '/usr/local/lib/python2.6/dist-packages/osgeo': Permission denied ... error: could not create '/usr/local/lib/python2.7/dist-packages/osgeo': Permission denied ... dpkg-buildpackage: error: debian/rules build gave error exit status 2 How to solve this `dget --build` problem? details: I'm running $ lsb_release -ds Linux Mint Debian Edition $ cat /etc/debian_version wheezy/sid $ uname -rv 3.2.0-2-amd64 #1 SMP Sun Mar 4 22:48:17 UTC 2012 $ cat /etc/apt/sources.list deb http://packages.linuxmint.com/ debian main upstream import deb http://debian.linuxmint.com/latest testing main contrib non-free deb http://debian.linuxmint.com/latest/security testing/updates main contrib non-free deb http://debian.linuxmint.com/latest/multimedia testing main non-free ... To assimilate some data, I need to install app=gdalwarp = 1.9, and therefore package=gdal-bin = 1.9, but the version currently provided by LMDE is 1.7.3. I noted http://packages.debian.org/search?keywords=gdal-binsearchon=namessuite=allsection=allsourceid=mozilla-search Package gdal-bin ... wheezy (testing) [...] 1.9.0-3+b1 so I attempted to install gdal-bin from wheezy: me@it:/etc/apt$ sudo cp sources.list sources.list_20120710_1834 me@it:/etc/apt$ sudo emacs -nw -q sources.list me@it:/etc/apt$ diff -wB sources.list_20120710_1834 sources.list 20c20 #deb http://ftp.debian.org/debian/ testing main contrib non-free --- deb http://ftp.debian.org/debian/ testing main contrib non-free me@it:~$ sudo aptitude update # very not up-to-date Unfortunately, me@it:~$ sudo aptitude install -s gdal-bin ... The following packages have unmet dependencies: ... libpoppler19: Depends: libfontconfig1 (= 2.9.0) but 2.8.0-2.1ubuntu3 is installed. libfontconfig1 has major reverse depends, including emacs, xulrunner, cinnamon, gnome-shell, MATE, so I'd prefer not to update that in the current configuration. Seeking an alternative install, I was advised to try installing from the source package. This seemed sensible, since I didn't hafta pull from experimental: http://ftp.de.debian.org/debian/pool/main/g/gdal/ gdal-bin_1.9.0-3+b1_amd64.deb 25-Jun-2012 09:03 325K ... gdal_1.9.0-3.dsc 05-Jun-2012 15:47 2.2K So I installed `dget` from package=devscripts, and did me@it:/tmp/gdal$ dget --build http://ftp.de.debian.org/debian/pool/main/g/gdal/gdal_1.9.0-3.dsc This discovered many unmet dependencies, but I didn't need an uplevel libfontconfig1, and I only had to touch my sources.list once, to get libsqlite3-dev version=3.7.13-1 from the wheezy repo. I then ran me@it:/tmp/gdal$ dget --build http://ftp.de.debian.org/debian/pool/main/g/gdal/gdal_1.9.0-3.dsc again, which did a long [configure, make]-type build, ending with error: could not create '/usr/local/lib/python2.6/dist-packages/osgeo': Permission denied ... error: could not create '/usr/local/lib/python2.7/dist-packages/osgeo': Permission denied make[1]: *** [install] Error 1 make[1]: Leaving directory `/tmp/gdal/gdal-1.9.0/swig/python' make: *** [build-stamp] Error 2 dpkg-buildpackage: error: debian/rules build gave error exit status 2 I thought the fix might be to run as root, but that also failed (much more quickly): me@it:/tmp/gdal$ sudo dget --build http://ftp.de.debian.org/debian/pool/main/g/gdal/gdal_1.9.0-3.dsc dget: retrieving http://ftp.de.debian.org/debian/pool/main/g/gdal/gdal_1.9.0-3.dsc ... dscverify: gdal_1.9.0-3.dsc failed signature check: gpg: keyblock resource `/root/.gnupg/secring.gpg': file open error gpg: Signature made Tue 05 Jun 2012 09:24:57 AM EDT using DSA key ID E9F2C747 gpg: fatal: /root/.gnupg: directory does not exist! secmem usage: 1408/1408 bytes in 2/2 blocks of pool 1408/32768 Validation FAILED!! So I'm wondering, how to fix or work around the `dget --build` permissions problem? `dget` seems to have almost completely built gdal-bin, so I'd prefer to just finish that, rather than, e.g., build separately from source tarballs. TIA, Tom Roche tom_ro...@pobox.com -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87zk74yky1@pobox.com
how to fix aptitude errors upgrading LMDE UP3 - UP4
(Apologies if this is not the correct place to post (is there an apt-user or aptitude-user list?), but it's been helpful in past.) As detailed @ http://forum.linuxmint.com/viewtopic.php?f=198t=99035 recently I successfully upgraded a box with Linux Mint Debian Edition Update Pack 3 (with which I've been a happy ubuntu refugee) to the recently-announced LMDE UP4. Saturday (14 Apr 2012) I tried to do this on another box (after again doing both a full duplicity backup and a clonezilla). mintupdate (which I launched, as before, from console with `gksudo mintupdate `) just kept dying, silently, in many different places. I tried again Sunday (15 Apr) night, with same results. Eventually I gave up, and went back to aptitude, launched via `sudo aptitude update ; sudo aptitude full-upgrade` aptitude did not die silently! and chugged on until finished. However, on finish it reported, at the end of a very long scroll (thank you, gnome-terminal :-) dpkg: dependency problems prevent configuration of with regard to 35 different packages (followed by details for each one) before ending with Errors were encountered while processing: # sorted by me brasero evince file-roller gconf2 gdm3 gnome-applets gnome-bluetooth gnome-control-center gnome-disk-utility gnome-panel gnome-power-manager gnome-session gnome-settings-daemon gnome-themes-standard gnome-user-share gvfs gvfs-backends gvfs-bin libgconf2-4 libgnome2-common murrine-themes nautilus nautilus-actions nautilus-open-terminal nautilus-sendto nautilus-share network-manager network-manager-gnome network-manager-pptp network-manager-pptp-gnome rhythmbox rhythmbox-plugins totem totem-mozilla totem-plugins Current status: 29 broken [+29], 1128 updates [-112], 35600 new [-1]. Obviously I'm gonna need network-manager* and gnome* and will very much want most of the rest. How to fix? Note that, as noted above, I can (presumably :-) rollback to a working LMDE UP3 if required. Your assistance is appreciated, Tom Roche tom_ro...@pobox.com -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87aa2br0ee@pobox.com
Re: how to fix aptitude errors upgrading LMDE UP3 - UP4
Wayne Topa Mon, 16 Apr 2012 15:24:26 -0400 I just looked for lmde in the debian packages and it is not there and it's not in the original post @ http://lists.debian.org/debian-user/2012/04/msg01217.html either, because LMDE is not a package I am guessing the lmde might be a Linux Mint package. You would be wrong. LMDE is a Mint distribution based on, and completely compatible with, debian. Its packages are pure debian, not ubuntu or mint. Indulekha Mon, 16 Apr 2012 14:52:34 -0500 Have you tried apt-get -f install? No, and using apt-get rather than aptitude was the right idea: http://www.debian.org/doc/manuals/debian-reference/ch02.en.html#_literal_apt_get_literal_literal_apt_cache_literal_vs_literal_aptitude_literal 2.2.1. apt-get / apt-cache vs. aptitude ... * apt-get is most suitable for the major system upgrade between releases, etc. So I did sudo apt-get update sudo apt-get dist-upgrade sudo apt-get -f install which got the packages fixed and installed, as verified by subsequent $ sudo apt-get update ... $ sudo apt-get dist-upgrade Reading package lists... Done Building dependency tree Reading state information... Done Calculating upgrade... Done 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. and then I was able to reboot and $ sudo aptitude update ... $ sudo aptitude -s full-upgrade No packages will be installed, upgraded, or removed. 0 packages upgraded, 0 newly installed, 0 to remove and 0 not upgraded. your assistance is appreciated, Tom Roche tom_ro...@pobox.com -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87ty0jywqq@pobox.com
how to transfer APT packages between different devices?
summary: My old laptop is up-to-date on LMDE (Linux Mint Debian Edition), with many add-on APT packages. I'm now qualifying a new laptop, from a different vendor, on which I have installed LMDE from live USB. How best/easiest to transfer the packages from the first laptop to the second, without causing (e.g.) driver problems? (And please lemme know soonest, since I have much acceptance testing to do but can't return for refund after 2 Dec 2011.) details: I have a 2-year-old laptop (call it laptop_0) from one vendor. It has served me well, but the battery is shot, the HD makes ominous intermittent clicking noises, it's no longer SOTA, and in any case I could use a backup laptop. This week my university put some quite high-powered laptops on clearance for a good price, so I'm evaluating one (call it laptop_1). I can return it by Friday (2 Dec) for full refund. I regularly backup my packages on laptop_0 using a script that * copies /etc/apt/sources.list to a designated backup directory * copies /etc/apt/sources.list.d/ to the backup directory * redirects `dpkg --get-selections` to a file in the backup directory I have in the past restored my packages from laptop_0 to laptop_0 (e.g., after ubuntu upgrades) with a script that reverses the above process: * restores /etc/apt/sources.list from the backup directory * restores /etc/apt/sources.list.d/ from the backup directory * redirects the backed-up package list to `dpkg --set-selections` * apt-get install -y dselect * dselect update * apt-get dselect-upgrade * aptitude update I installed 64bit LMDE 201109 Gnome http://www.linuxmint.com/download_lmde.php from live USB (using unetbootin) on laptop_1 without difficulty. laptop_1 has some problems with LMDE, e.g., - it hangs if I try to suspend with a USB drive attached (but it sleeps/restores normally otherwise - hibernation fails, i.e., instead of restoring it just reboots (but so does laptop_0) Other than that :-) it seems worth the price, but I've done relatively little testing (e.g., power management, DVD and stream playing). To do more a more substantial comparison I need to get roughly the same packages installed on both boxes. (Particularly I want to benchmark building and running a scientific model I help develop.) Unfortunately there are important differences between the two (though both are 64bit Intel with NVIDIA). I noticed this the hard way when I attempted to restore (using the second procedure above) the packages from laptop_0 onto laptop_1: laptop_1 booted, but then put up a crippled GINA (the graphical login screen) into which I could not type (the keyboard was not working, though the mouse was). Fortunately I just rebooted and reinstalled LMDE (which took all of 10 minutes--one suspects Windows will never install that quickly :-) and laptop_1 is again functional. So obviously my current package-restore procedure only works to restore onto on the same device from which the packages were backed up. I'm wondering, how best to do package-transfer? E.g., can I script a procedure that is smart enough to not transfer inappropriate packages (e.g., those causing driver conflicts)? Alternatively, I need to know (more-or-less) or determine what not to transfer, so I can edit my package list by hand (before running the package-restore script), or otherwise human-run the process (hopefully with some tool automation). Or is it time for Something Completely Different? What do you believe is the best way to transfer packages between non-identical devices? Please lemme know soonest--I can't return laptop_1 for full refund after 2 Dec 2011. TIA, Tom Roche tom_ro...@pobox.com -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87ehwpbulu@pobox.com
Re: how to transfer APT packages between different devices?
Tom Roche Wed, Nov 30, 2011 at 8:36 AM My old laptop is up-to-date on LMDE with many add-on APT packages. I'm now qualifying a new laptop, from a different vendor, on which I have installed LMDE from live USB. How best/easiest to transfer the packages from the first laptop to the second, without causing (e.g.) driver problems? Ralf Mardorf Wed, 30 Nov 2011 17:13:28 +0100 Why don't you just backup your running Linux by tar from a live cd e.g. to an USB stick, partition the new drive and extract it on the new laptop? The old laptop's partitioning is very different from the new laptop's. The old laptop is pure linux. The new laptop has a first rescue partition from the vendor and a second W7 partition (which I would like to keep for occasional use, notably ArcGIS), followed by the linux partitions. But the rest of your suggestion resembles what I believe I need: start in recovery mode I shoulda thoughta that :-) and I know how. What I don't know is, how to identify and change [packages] that need to be changed, e.g. the graphics driver. How do I determine the names of the packages that need to be changed? E.g., if I observe a graphics problem, how to tell which packages are involved? your assistance is appreciated, Tom Roche tom_ro...@pobox.com -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/878vmxy1rw@pobox.com
Re: debugging package breakage
summary: my questions are about + using Debian packaging and its tools (notably apt-*, aptitude) + fixing problems with same *not* - fixing broken functionality - LMDE - LMDE repositories If there is a better place to ask end-user-level questions about Debian packaging and its tools (vs dev- or builder-level), please point me to it. Meanwhile, I'm interested in ways to make `aptitude` see as unbroken packages that appear (notably, to `apt-get`) to be in fact unbroken. One such way is proposed below (purging and re-installing `aptitude`), but it appears problematic (more below). details: First, thanks to Darac Marjal for his detailed explanation of how to use the ncurses-based `aptitude` TUI to fix the following: original post @ http://lists.debian.org/debian-user/2011/08/msg01104.html Tom Roche Thu, 18 Aug 2011 23:20:43 -0400 me@it:~$ aptitude search ?broken iB acl - Access control list utilities iB coreutils - GNU core utilities iB cups- Common UNIX Printing System(tm) - server iB libacl1-dev - Access control list static libraries and headers iB libarchive1 - Single library to read/write tar, cpio, pax, zip, iso9660, etc. iB libgnomevfs2-0 - GNOME Virtual File System (runtime libraries) iB libisofs6 - library to create ISO9660 images iB ntfs-3g - read-write NTFS driver for FUSE iB rsync - fast remote file copy program (like rcp) iB samba - SMB/CIFS file, print, and login server for Unix However, given the 5 facts below, ISTM the problem is with `aptitude`, not the packages. Scott Ferguson Fri, 19 Aug 2011 14:28:44 +1000 I understand that you're trying to illustrate what you think is not working (ie. shown by Aptitude as broken but what is it that *is not* working? *Aptitude* appears (to me--ICBW) to be not working properly, based on the following 5 facts: F1 My LMDE box is not broken functionally (aside from last.fm audio, which I'm assuming is unrelated to the above): only some packages are, and only in aptitude (more on that below). Specifically, none of the functionality that I would expect to be broken from the above appears to be broken. Not that I've done exhaustive testing, but certainly all the coreutils that I've used appear to work. F2 I appreciate that, at some fundamental level, LMDE != Debian. However, Marc Shapiro Thu, 18 Aug 2011 23:00:40 -0700 Linux Mint Debian Edition is based directly on Testing, with a rolling release. [LMDE is *not* the same as Mint's] regular version which is based on Ubuntu with discrete releases. So LMDE does not use Ubuntu's 'instant potato mix', but it does mash its own. They *claim* to be 100% compatible with Debian and NOT compatible with Ubuntu. See also http://blog.linuxmint.com/?p=1527 (but note that LMDE 64-bit, which I'm using, has arrived since then). In order of increasing Debianosity, Ubuntu LMDE Debian. F3 LMDE has its own repositories. where is your /etc/apt/sources.list is pointing to? me@it:~$ sudo cat /etc/apt/sources.list deb http://packages.linuxmint.com/ debian main upstream import deb http://debian.linuxmint.com/latest testing main contrib non-free deb http://security.debian.org/ testing/updates main contrib non-free deb http://www.debian-multimedia.org testing main non-free If it is pointing to Debian repositories LMDE may not be as 100% compatible as they say. That's entirely possible, and if my package-breakage problem appears to be due to problems with one or more of these repositories I will certainly raise that issue with the LMDE folks. However, at this point, the problem appears to be limited to my `aptitude`: * There is no functional correlate to the aptitude package breakage (see fact 1). * The packages appear OK in `apt-get` (see next fact). F4 My `apt-get` shows no breakage, but my `aptitude` does: me@it:~$ sudo apt-get check | wc -l 3 me@it:~$ sudo apt-get check Reading package lists... Done Building dependency tree Reading state information... Done me@it:~$ aptitude search ?broken iB acl - Access control list utilities iB coreutils - GNU core utilities iB cups- Common UNIX Printing System(tm) - server iB libacl1-dev - Access control list static libraries and headers iB libarchive1 - Single library to read/write tar, cpio, pax, zip, iso9660, etc. iB libgnomevfs2-0 - GNOME Virtual File System (runtime libraries) iB libisofs6 - library to create ISO9660 images iB ntfs-3g - read-write NTFS driver for FUSE iB rsync - fast remote file copy program (like rcp) iB samba - SMB/CIFS file, print, and login server for Unix F5 While setting up this box, I first used `apt-get` then `aptitude`. FWIW I've been doing this since I started using Ubuntu (few years/ releases), based on my reading of http://www.debian.org/doc/manuals/debian-reference/ch02
Re: debugging package breakage
Tom Roche Sunday 21 August 2011 16:48:07 me@it:~$ sudo cat /etc/apt/sources.list deb http://packages.linuxmint.com/ debian main upstream import deb http://debian.linuxmint.com/latest testing main contrib non-free deb http://security.debian.org/ testing/updates main contrib non-free deb http://www.debian-multimedia.org testing main non-free Lisi Reisz Sun, 21 Aug 2011 19:16:13 +0100 Why did you use sudo? velocity(fingers) velocity(brain) It is not necessary for this command ... but so what? it's `cat` ... -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87obzi7gph@pobox.com
debugging package breakage
in $(aptitude -F %p search ?broken) ; do for CMD in \ sudo aptitude install -f ${PACKAGE} \ ; do echo -e ${CMD} eval ${CMD} done echo done but that just repeats No packages will be installed, upgraded, or removed. So I'm confused. Why does `aptitude` think these packages are broken? If it's wrong (i.e., the packages are not broken), how do I correct its misperception? If it's correct, how do I fix the packages, if `aptitude` won't force install? Feel free to forward or to point me to FM to RT, and TIA, Tom Roche tom_ro...@pobox.com -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87d3g2xf1w@pobox.com
how/where to ask questions about dpkg/APT and tools?
My dpkg/APT knowledge/skills need to go from near-beginner to at least intermediate-level fairly quickly, but I have lots questions. Where to go (e.g., what forums, lists, IRCs, other sites) to ask them? Why I ask: From using desktop ubuntu for a few years (and server ubuntu for longer, and mint for a few months) I have some experience with APT. Mostly I have used non-interactive command-line `aptitude` (i.e., `sudo aptitude update|full-upgrade|install|remove|purge ...`) rather than, e.g., * the interactive, character-mode-graphical `aptitude` (i.e., `sudo aptitude`) * full GUIs (e.g., synaptic, Ubuntu Software Center) This worked well, because I kept up-to-date and because ubuntu shielded me from massive breakage. However it does require (more or less) periodic reinstalls; after the latest, I indulged my desire to switch to rolling release. Yesterday I installed LMDE http://blog.linuxmint.com/?p=1604 and am presently barely functional (i.e., I have emacs and firefox), thanks largely to the update pack functionality in mintupdate-debian http://blog.linuxmint.com/?p=1781 and the mint intermediate repos me@it:~$ cat /etc/apt/sources.list deb http://packages.linuxmint.com/ debian main upstream import deb http://debian.linuxmint.com/latest testing main contrib non-free deb http://security.debian.org/ testing/updates main contrib non-free deb http://www.debian-multimedia.org testing main non-free However I currently - have 888 updates (per mu-d) - have 69 broken packages (per `aptitude`) - need to get some bigger apps/functions running (e.g., chromium, libreoffice, DVD playing) - fear breaking big things (e.g., X, GNOME) I suspect getting out of this hole quickly will require more knowledge of APT and its tools than I currently have, so I'm trying to learn the interactive `aptitude` via its tutorial http://algebraicthunk.net/~dburrows/projects/aptitude/doc/en/index.html and any other tools that might help (e.g., I've heard of `debdelta` but know nothing about it), but I already have questions, so am wondering: * Are there places to ask questions that specialize in APT and its tools? Esp that are kind to the less advanced practitioner ?-) * Is this list a good place for APT questions? It's pretty high-volume, and debian is a much broader topic than APT, but if it's the best thing available, I can cope. * Since I'm an LMDE user, should I just stay on its forum? http://forums.linuxmint.com/viewforum.php?f=141 I suspect my concerns are more generic (i.e., applicable to debian and any derived distros, not just LMDE), but I Could Be Wrong. Feel free to reply directly to me (as well as the list) and to forward, and TIA, Tom Roche tom_ro...@pobox.com -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/877h6eiqev@pobox.com
Ubuntu - LMDE: migrate packages using `aptitude` alone?
summary: I'm preparing to migrate a laptop from Ubuntu Lucid to Linux Mint Debian Edition 10 and want to have the same packages (c.p.) active after the migration. I believe I know how to migrate the packages using `dpkg` and `apt-get`, but would prefer to migrate the packages using `aptitude` alone. Is this possible? Are there reasons not to do this? details: I've been running Ubuntu on a laptop mostly happily for some time, but have wanted to get * proprietary multimedia working out of the box * rolling releases (aka, more updates without upgrades) So when I heard about LMDE, I immediately tried it, and was pleased to see that everything (that I checked, anyway) worked OOTB (i.e. when booting the live DVD). I'm now preparing to migrate Ubuntu - LMDE. The box has separate root and home partitions, so to CMA I first made * images of both partitions (using clonezilla) * backed up /home (with a script using partly `duplicity` and partly just `rsync`) The final thing I believe I need to do (please suggest anything else I should know) is to backup the list of currently-active (installed and selected) packages so as to be able to restore them quickly and completely in the new environment, so that I don't need to manually install, e.g., chromium and emacs. Am I missing anything? If not: From other reading, one way to do this is # in terminal in ubuntu dpkg --get-selections ${PACKAGE_FILE} # in terminal in LMDE sudo dpkg --set-selections ${PACKAGE_FILE} sudo apt-get dselect-upgrade sudo aptitude update sudo aptitude -s full-upgrade Is that correct? If so: I've been managing its packages exclusively with `aptitude` and would prefer to continue doing so. I'd like to know, 1 Is there a way to do all of the above using only `aptitude`? if not, 2 Is there a way to do all of the above using only `aptitude` and `dpkg`? I.e. is there an `aptitude` equivalent of `apt-get dselect-upgrade`? FWIW I don't see that argument in `info aptitude`. alternatively, 3 Is there a reason to prefer the [`dpkg`, `apt-get`, `aptitude`] workflow above to a purely-`aptitude` workflow for this usecase? If possible please reply to me as well as the list (I'm on the digest), and TIA, Tom Roche tom_ro...@pobox.com -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87y667y15i@pobox.com
Re: Ubuntu - LMDE: migrate packages using `aptitude` alone?
Tom Roche Wed, 26 Jan 2011 13:23:37 -0500 The final thing I believe I need to do [to migrate Ubuntu - LMDE] is to backup the list of currently-active (installed and selected) packages so as to be able to restore them quickly and completely in the new environment, so that I don't need to manually install, e.g., chromium and emacs. Am I missing anything? If not: From other reading, one way to do this is # in terminal in ubuntu dpkg --get-selections ${PACKAGE_FILE} # in terminal in LMDE sudo dpkg --set-selections ${PACKAGE_FILE} sudo apt-get dselect-upgrade sudo aptitude update sudo aptitude -s full-upgrade Roman Khomasuridze Wed, 26 Jan 2011 23:23:58 +0400 one thing you have to take in account while doing dpkg --get-selections part: AFAIK Ubuntu package naming [departed] quite much from Debian’s, and thus LMDE's ([especially] python packages as i recall), so you _might_ experience some problems when [you do] dpkg --set-selections... Can work around these package-naming differences? If not, how best to prepare or react? thanks for your assistance, Tom Roche tom_ro...@pobox.com -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87pqrjxu2t@pobox.com