Re: [Dng] Devuan Alpha i386 - developers release series on Vagrant
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/07/2015 06:49 PM, Jaromil wrote: yep. And I for one will be doing everything possible to have third-party packaging systems like gem, pip, composer and others supported and preferred in Devuan. This is something that Debian has been fighting all the time and for the worst IMHO. Language specific package managers are closer to upstream and keep more up to date the software offered. I much prefer the Debian way, i.e. having stable, known-good versions of all those Python modules rather than manually following upstream. As an admin I find it rather tiresome to keep track of dozens of installed third-party packages and their vulnerabilities and compatibility. That said, as long as you don't actively try to get rid of these packages I don't see an issue with better integration of pip friends. - -- Stefan Ott http://www.ott.net/ -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBAgAGBQJU+0LaAAoJENlTbTnJZqYo2qgP/jVnUuNTJThC2eZIARPzR9pL PDHJZ1WQ3fk4D9hQ/EPHS/chTcnNAxt7pLT6VgjJCqs4APeSg9PTtedMP/d8rYAk OdojfO9DPcFVT+fWi2g7FFshC0AHSdfwKc/zhaIMdvhrw0IHgsuxU2UdPwrlSfxo 5whvCEFjCelyCToQAnOsx8F1lUdfl3kO5aHyObXGJsoGiwuQpT1O2vvyZ1NqkOSK SPdUO9Hm8lOHEbJF7wKQFE30mvWy50x+WAswJet2FrLuPPVKvgJ1pYrvbzGU+au2 EfH+3qtiG7UjBWDxfVbOPdO2rVypLxZfgGmKrakrX4cVEq3w4kh4tB1hgLD9MZPW 7ThjzmnPRRibYGv/wvrHfi7yjk24jfRxrB5wBp7ggn+L/5UseaiiYEOk96pUnusz VySHVCmxA7S1sRYzT3S9en9YzAqgxivAriOSocqfbUUbMMFJINQb/iV3kpfDR9hY PxBiVsWuFH1u32DkrSFBJKHkn8t66gUxzkEZMpCq9rCBNi4njmMtX9kJlOgrecvG yuVFak0Ykf2+EM4tGC1r/fElBtbIltb1cIxjNTQeJFhSJ21rl3nvp26JYdcSTc1n PZ9WNS8irA9JOzHhmurFR7dA7RY0OOkUdB8Y/4EVzJmW/xN53CE9Xphf95GgRqcT H/M3KuxUVObJ86mPPlCZ =yywL -END PGP SIGNATURE- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [Dng] release names
On Sat, Mar 7, 2015 at 4:16 PM, Klaus Hartnegg hartn...@uni-freiburg.de wrote: Just want to say that I really like this idea of naming releases after minor planets, such as Ceres. It's a way cool idea. +1 Cool yes, but useful? Numbers have the huge advantage that everybody knows their order, which is quite important when referring to versions. Most people will want the latest version, which will always be the latest advertised on the site. Keeping tabs does matter, so a wikipage could solve that. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [Dng] release names
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 03/07/2015 11:16 AM, Klaus Hartnegg wrote: Am 04.03.2015 um 23:10 schrieb Robert Storey robert.sto...@gmail.com: Just want to say that I really like this idea of naming releases after minor planets, such as Ceres. It's a way cool idea. Cool yes, but useful? Numbers have the huge advantage that everybody knows their order, which is quite important when referring to versions. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng My 2 cents worth: BSD uses numbers; e.g., 4.2.1, 10.0 Release #0 SUN-OS used numbers The kernel uses number with appending text. For example, my current Debian Wheezy kernel is 3.4.105-WMM.default So, for any system that maintains its version Via an RCS like coding, I would suggest something like Dng.x.y.z-keyname where keyname is an indication or purpose. For example, PAE-beta or PAE-default. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iF4EAREIAAYFAlT7M5EACgkQpY/BHpBmP2pQngD+LTQMpLQbMdYMS80+JZRaE4jt YpTioo+g6vSUovEDU4gA/2a1Qw4wzms9Vg3iDYItOIo/pT5Fmp4ZFBsODTLu3Svl =cBXE -END PGP SIGNATURE- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [Dng] release names
On 03/07/15 14:21, william moss wrote: Cool yes, but useful? Numbers have the huge advantage that everybody knows their order, which is quite important when referring to versions. *** Release *NAMES* never replaced version numbers. Hence Debian 8 Jessie and Devuan 1.0 Jessie. == hk -- _ _ We are free to share code and we code to share freedom (_X_)yne Foundation, Free Culture Foundry * https://www.dyne.org/donate/ signature.asc Description: OpenPGP digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [Dng] Plan for Devuan to use Mozilla products as is
Go look at the code, it's open is a common argument i hear from pro-systemd advocates. Curious. About looking at the code: have you personally audited chrome's code, top to bottom, OpenBSD-style? 'Cos if you haven't - it is a big piece of software -, well your argument is moot Nuno, when I say this, I'm not trying to be rude, or nasty or mean.The fact that you don't like Google is noted, and accepted. If you aren't going to make the effort to look at the code, please do not pass judgment on the authors or their efforts. Otherwise, you are offering only second hand knowledge: hearsay and not fact. That's not an argument associated with systemd, that is the whole point of open source. It is actually about the level of trust. No one can possibly argue that the code is tainted or not when they have not reviewed the code. Nor has anyone on this list likely to have reviewed the vast majority of the code for all of a Linux distribution. Either Devuan trusts the community to police the code or it doesn't. Just to be clear, I did not advocate Chrome at any point. Chromium is not Chrome. A derived software is not the same as the original. Chrome is made from Chromium, not the other way around. Much the same way, LibreOffice is NOT the original OpenOffice, nor is Lotus Symphony. I think after this, I'm going to lessen responding to the general list. I'm *not* pointing fingers at you, Nuno or anyone's behavior. I am just as guilty of the same, but any time I decide to spend on Devuan could be more productive: better spent packaging or coding. I totally get the need to vent, or just rant sometimes - but the constant antagonism toward certain software, their authors, and the paranoia is starting to get to me. Some of the discussions have been great! I especially liked the one on languages. However, most seem to go nowhere. Is there a dev list available where I can track the progress of Devuan toward Alpha? With that, I will leave you to your devices for a while. t.j. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [Dng] Plan for Devuan to use Mozilla products as is
On Fri, Mar 6, 2015 at 7:06 PM, T.J. Duchene t.j.duch...@gmail.com wrote: If someone has issue with the code, it's open. Go look for yourself. I beg everyone's kind indulgence and excuse me for saying this, but the conspiracy theories about Google and the Chromium source code come from people who have never actually looked at the code. Then again, I bet they haven't looked at the Firefox code either. Go look at the code, it's open is a common argument i hear from pro-systemd advocates. Curious. About looking at the code: have you personally audited chrome's code, top to bottom, OpenBSD-style? 'Cos if you haven't - it is a big piece of software -, well your argument is moot. Some people already pointed out there are times where chromium doesn't cut it, so hey, i bet the VUA wouldn't mind you repackaging chromium for Devuan :) Cheers, Nuno ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [Dng] [bikeshedding] release names
Maybe it's just me but I don't understand what you're contemplating. Why do you think Devuan should use a more complicated set of suites than Debian? Ceres is aliased to `sid`, so it's not testing, but unstable. The way Debian handles testing, code freezes, etc. is not 1:1 with Devuan (or so I hope), so jessie+1 in both distributions will certainly be different (more than Jessie). My guess is that the automation jaromil and nextime are setting up now will ease the integration of upstream packages, in a way that will make Devuan a faster moving target than Debian. It's not necessary to rush things and make anything more complicated: Debian's release cycle has been delivering stability and we should probably keep most of it. If Devuan release cycle differs, it's on the pace it integrates new packages in Ceres, not how these packages enter testing, IMO. == hk -- _ _ We are free to share code and we code to share freedom (_X_)yne Foundation, Free Culture Foundry * https://www.dyne.org/donate/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [Dng] Devuan Alpha i386 - developers release series on Vagrant
On 03/07/15 05:59, JeremyBekka C wrote: how can I get Vagrant to run in Gentoo? *** As mentioned at [0], the way to go is to install it using Rubygems. https://git.devuan.org/devuan/devuan-project/wikis/try-devuan-on-vagrant == hk -- _ _ We are free to share code and we code to share freedom (_X_)yne Foundation, Free Culture Foundry * https://www.dyne.org/donate/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [Dng] with pax flags, Java works fine - (was Hardened Devuan)
Just to clarify... *Java will run* with a grsecurity hardened kernel, with pax enabled. It just needs mprotect disabled for the specific programs that need it disabled. (and also many other things need this... python, kdeinit4, skype, kscreenlocker_greet, thunderbird, firefox, plugin-container, gdb, utox, grub-probe, etc. also firefox needs JIT disabled for optimal stability). For this you need some kernel features enabled; I recommend the one using xattrs because then the binaries don't need modifications (or backups, and modified binaries won't run properly in a non-grsec kernel, but they run fine with xattrs). Set the extended file system attribute with: setfattr -n user.pax.flags -v m Konsole output /usr/lib*/jvm/java-*-openjdk-*/jre/bin/java (example path, may not be right for Debian openjdk) I have been running grsecurity kernels on my desktop at home and the office for about a year now, with Java and everything in use. Also, you can set pax to soft mode to temporarily disable those protections. And the kernel buffer displays errors when such things are needed, so it is easy enough to identify why a program doesn't work, to enable those flags: [ 477.346273] PAX: From 192.168.179.200: execution attempt in: stack, 3cc7c968000-3cc7c989000 3fde000 [ 477.346451] PAX: terminating task: /usr/bin/grub-script-check(grub-script-che):7163, uid/euid: 0/0, PC: 03cc7c987cf0, SP: 03cc7c986698 [ 477.346631] PAX: bytes at PC: 41 bb 30 27 40 00 49 ba e0 7c 98 7c cc 03 00 00 49 ff e3 90 [ 477.346784] PAX: bytes at SP-8: 044d68d0 00404011 0001 044d6850 044d68d0 044d68d1 044d8911 044d8910 00405ca6 0002 On 03/07/2015 12:31 PM, Martijn Dekkers wrote: I am not sure I follow - is the plan for Devuan to be default hardened/grsec, or is it supposed to be an optional choice somehow? As was already pointed out, java won't run. Lots and lots of server workloads run Java On 7 March 2015 at 12:42, Jaromil jaro...@dyne.org mailto:jaro...@dyne.org wrote: dear Neo Futur and other members of the Devuan hardening team: please consider the Alpha release series a minimal base you can use to start working on the kernel patches, building them and testing them. In fact, this release series is mostly intended to receive feedback from developers and adjust to their needs. Please also let me know what is the format you prefer working on. Right now I can release virtualbox images and vagrant boxes using the SDK but I can also add support for Docker, Qemu, AWS, Google engine, DigitalOcean, OpenStack, Parallels etc. In a close future Devuan's signed releases will be available in all these formats, hoping they come handy to the sysadmins among our audience. I'm just trying to figure out what to prioritize now in order to facilitate your good plans. ciao ___ Dng mailing list Dng@lists.dyne.org mailto:Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [Dng] Devuan Alpha i386 - developers release series on Vagrant
On Sat, Mar 07, 2015 at 06:49:34PM +0100, Jaromil wrote: On 7 March 2015 15:48:18 CET, hellekin helle...@dyne.org wrote: On 03/07/15 05:59, JeremyBekka C wrote: how can I get Vagrant to run in Gentoo? *** As mentioned at [0], the way to go is to install it using Rubygems. https://git.devuan.org/devuan/devuan-project/wikis/try-devuan-on-vagrant yep. And I for one will be doing everything possible to have third-party packaging systems like gem, pip, composer and others supported and preferred in Devuan. This is something that Debian has been fighting all the time and for the worst IMHO. Language specific package managers are closer to upstream and keep more up to date the software offered. I haven't discussed this issue with other VUAs, but that's my agenda Well but all of these language-specific packagers are already available in Debian, aside with hundreds of packaged stuff that just fits well together, as in the case of pythor or ruby. I won't ever prefer to use pip or gem if I am not forced to do so. Mixing up is always an easy way of messing up, IMHO. You should do it only if you know exactly what you are up to, and if you are ready to blame yourself for any mess you will have to deal with, not your distro My2Cents KatolaZ -- [ Enzo Nicosia aka KatolaZ --- GLUG Catania -- Freaknet Medialab ] [ me [at] katolaz.homeunix.net -- http://katolaz.homeunix.net -- ] [ GNU/Linux User:#325780/ICQ UIN: #258332181/GPG key ID 0B5F062F ] [ Fingerprint: 8E59 D6AA 445E FDB4 A153 3D5A 5F20 B3AE 0B5F 062F ] ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [Dng] Plan for Devuan to use Mozilla products as is
On Sat, Mar 07, 2015 at 02:19:43PM -0600, T.J. Duchene wrote: https://lists.debian.org/debian-security-announce/2015/msg00031.html I think ^THIS is probably the biggest reason not to use Chromium. Never mind whether it's affiliated with Google or whether that makes it untrustworthy. If you can't keep it updated for the full lifetime of the release, it could be written by the most trustworthy vendor on Earth and it still wouldn't qualify for a good default. Hi, Isaac! That seems very strange to me. I see no reason why they cannot backport patches to the Wheezy version of Chromium. Debian has been doing that since day one on other packages. Any upstream project could change the build environment could happen to any project, at any time. Debian has never demanded that an upstream project stay the same for their convenience before now. The fact that Debian chose to stop building updates for that reason shows a lack of commitment to Wheezy. Unless there is something I don't know about - It's not that they can't use or generate a patch. They simply won't. t.j. Iceweasel and Chromium are both updated to the upstream-supported version periodically (when the current version is no longer supported). The amount of churn between versions and the number of versions means that it would be very difficult to backport patches. HTH, Isaac Dunham ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [Dng] Devuan Alpha i386 - developers release series on Vagrant
On Sat, 7 Mar 2015 02:11:35 +0100 Jaromil jaro...@dyne.org wrote: Hi all, This is the initial release of the Alpha series, base-system stripped at minimum and distributed in Vagrant format (virtualbox provider), to make the life of developers working on core components as vdev easier. Vagrant is a very cool tool, check it out http://vagrantup.com I'll distribute new releases of the Devuan Alpha cycle virtual machine via Vagrant and Atlas. This is version 0.1 and can be tested on any PC running any operating system. To have this image running, install the latest Vagrant - not the one from your package manager, but the updated version from the vagrant website download section - then type into a terminal: mkdir ~/vagrant cd ~/vagrant vagrant init jaromil/devuan-alpha-i386 vagrant up I follow the preceding instructions on my wheezy machine (I'm never upgrading to jessie), and here's what happens: slitt@mydesq2:~/vagrant$ vagrant up VirtualBox is complaining that the installation is incomplete. Please run `VBoxManage --version` to see the error message which should contain instructions on how to fix this error. slitt@mydesq2:~/vagrant$ VBoxManage --version WARNING: The character device /dev/vboxdrv does not exist. Please install the virtualbox-ose-dkms package and the appropriate headers, most likely linux-headers-amd64. You will not be able to start VMs until this problem is fixed. 4.1.18_Debianr78361 slitt@mydesq2:~/vagrant$ I installed Vagrant from the .deb off the website, and I installed virtualbox-ose-dkms and linux-headers-amd64 already. I spoze I could find some mknod command to make /dev/vboxdrv, but suspect that would just make things worse. Any idea how to run this on Wheezy, or how to start narrowing down this problem I'm having? Thanks, SteveT Steve Litt* http://www.troubleshooters.com/ Troubleshooting Training * Human Performance ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
