Hi Devs, Got myself in a bit of a pickle. Upgraded two machines (#2 and #1) from jessie to ascii, got two different kernels (#2 got v3.16 and #1 got v4.9) from the (.gb.mirror and .auto.mirror respectively) sources, both machines ran into issues with boinc (https://dev1galaxy.org/viewtopic.php?id=1139), subsequently some or all results from machine#1 running kernel 4.9 were rejected from the project as 'Errors'.
Problems with boinccmd not yet resolved (?MySQL and localhost), but downgrading boinc (and libboinc7) from 7.6.33 (ascii) to 7.4.23 (jessie) got the boinc-client working normally on machine #2. However, the v4.9 kernel on machine #1 does not load the connection tracking modules (as from v4.7), and (?so) my iptables ruleset was ineffective, the host key got changed and I got (ssh) locked out of machine #1 .From the console, I found auth.log had been wiped, and configurations had been returned to default in /etc/pam.d/login, etc/pam.d/sshd, /etc/security/access.conf. I repartitioned and reinstalled jessie on machine #1. I have upgraded kernel 3.19 to linux-libre-4.1 on 5 of the 7 devuan machines (including machine#2 (ascii) and machine#1 (jessie) without apparent issues, but the LTS 4.1 is only supported until september 2017 and so i'd like to upgrade to the current LTS (4.9), but need to resolve the conntrack issue. I posted (https://dev1galaxy.org/viewtopic.php?id=1549) for advice but have not yet heard back. I have 2 specific questions: 1) Could someone please check that the default options (=keep existing config) in the ascii upgrade with respect to /etc/pam.d (and others) are being applied unless specifically overridden by user? 2) Which netfilter modules need to be loaded to restore the stateful firewall (and thus my existing iptables ruleset)? I can then upgrade the ascii machine to the native (v4.9) kernel. Sorry this post is so long, and hope that it's not inappropriate to post it on dng: if there is a problem with the pam.d in ascii in some environments, I judged it better to raise the issue here rather than on the public forum. Hope that's ok thanks fraser _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng