The officially official Devuan Forum!

You are not logged in.

#1 Re: Hardware & System Configuration » Issues with Laptop Lid Suspend/Hibernate and Panel Plugins » 2017-12-07 22:08:50

ulno wrote:

acpi-script hack

That's such a beautifully mis-informed notion!

It reads as a praise to the layers and layers of code in between the person and the action, simply to make a drawing of it, so it can be operated without articulated thought.

Other than that, I have nothing smile

#2 Re: Hardware & System Configuration » Clarity regarding eth0 device name » 2017-11-28 03:33:34

There's a long and sad story about udev versions here. The more recent version has the name scrambling as a net_id "builtin", and basically, preservation of sanity requires the boot command line to include


With that, your network interfaces supposedly are left as named by the kernel modules, i.e., the eth adapter that is quickest to register is named eth0, the next one eth1 and so on.

#3 Re: Hardware & System Configuration » Configure a network filtering proxy to be used system-wide. » 2017-11-24 12:28:41

You probably can set something up based on using a network namespace for the proxy server. That's in principle the same as the notion of it running in a VM, but without the VM.

The default namespace would be set up with its default route into the proxy namespace. The proxy namespace would be set up with its default route through NAT back out to the default namespace, and that traffic would need rule based routing to channel it through an outgoing NAT.

Or alternatively, you use rule based routing to direct traffic into the proxy namespace, and rely on the default route for the final channeling. I think you'll need the two NAT in either case.

#4 Re: Hardware & System Configuration » Persistent Block Device Names on Ascii » 2017-11-24 09:25:08

Perhaps you have two examples of namings at two different reboots? E.g., a blkid snap of each? And it probably wouldn't hurt to see an lspci snap as well. (I'm not sure; not really my forte, but I'm guessing what would be useful background info)

With /etc/fstab you assign block devices to mount points, and there you have a few different ways to refer to the block devices, where I think using labels or UUID are the reliable approaches if your hardware is moody. In my experience, most hardware is not moody, and I do well in using the /dev points for identification. But it sounds like that doesn't work for you.

I wouldn't think of using udev to dream up identifications, since it's merely concerned with making sure there are /dev points for the partitions, unless for some reason you want to insist that a partition of a certain label (or UUID) also end up at a certain /dev point. If it works correctly, udev should also be setting up identification mapping for label and UUID and whatnot to the associated /dev.

#5 Re: Installation » Iptables with Devuan » 2017-11-19 22:53:36

The direct answer is "No". The notion of "master file" only concerns that example, and refers to the "salient path name" encoded into the automatic setup script. (As you know, that example is not ideal in my view, with the automatic setup attached to and repeated with any and all interface(s) coming up.)

iptables-persistent instead enshrines the path names /etc/iptables/rules.v4 and /etc/iptables/rules.v6 as being its "master files".

#6 Re: Installation » Iptables with Devuan » 2017-11-19 01:27:40

So I can focus on how to setup rules, could you please come up with a suggestion on how to do loading of rules the best way with Devuan? Just to have something running I have temporary installed gufw/ufw.

There are "wheels" of many colours for this smile ufw isn't too bad although it does introduce a (confusion?) layer between the ufw rules and the actual iptables rules. But I'm sure you'll easily find proponents talking more warmly about ufw.

I'm happy with raw iptables, so I install and use the iptables-persistent package.

Regarding Iptables How-To's that are out there, are there any differences between a systemd system and Devuan that I need to be aware of?

Not really. Of course, for those kiddies, the "word" iptables has got the extra meaning of being the name of a service in addition to being the program for manipulating the kernel tables.

#7 Re: Hardware & System Configuration » PostgreSQL 9.6 and pgAdmin4 v1.5 Installation » 2017-11-17 23:41:04

  Installed: (none)
  Candidate: 9.6.3-1~bpo8+1
  Version table:
     9.6.3-1~bpo8+1 0
        100 jessie-backports/main amd64 Packages

#8 Re: Installation » How to install the latest python? » 2017-11-14 21:33:20

By the looks of it, "python" doesn't make use of the "alternatives" set up, but have /usr/bin/python as a link (to python2.7). You might change that but that could have severe ramifications, because there are more than a few system programs using python, and these may well expect and/or utilize python2.7.

A safer way could be to patch it only for yourself (and not root), e.g., by having $HOME/bin early in your $PATH, and make $HOME/bin/python a link to /usr/bin/python3. That will be an override for the user but not for root.

#9 Re: Installation » Iptables with Devuan » 2017-11-10 22:26:58

Hmm, by attaching the loading of table rules to the event(s) of bringing up an interface, you probably make life a little bit difficult for yourself. It's not "wrong" per se, and probably the only major complication is that in a typical set up, the network interfaces are brought up by udev in the pre-pivot boot up stage.

If that is your case, you will need to ensure that the rules files are included in your initrd, as well as the iptables-restore program and its dependencies (libraries). (I believe the if-pre-up.d script gets pulled in to the initrd automagically when remaking initrd).

Or alternatively, make that not be your case by not letting udev start networking. I.e., remove all "allow-hotplug" phrases from /etc/nework/interfaces. Possibly use "auto <if>" phrases instead, which tells the post-pivot networking init script that "these are yours, mate", or if then you also have a separate network manager, you'll need to leave all song and dance to it.

EDIT: I see from your other post that you're using wicd, so my thought about udev is probably not applicable here. Maybe it's enough to make your script exit more promptly when lo is brought up; or even tie it explicitly to $IFACE=wlan0.

#10 Re: Forum Feedback » [Discussed] Direct Search - site feature » 2017-11-06 08:01:48

I suppose one could squeeze in a small search field at the top right somewhere... or maybe with themed placement (and looks). It's added to the list; somewhere above "Swedish localization" :-)

#11 Re: Off-topic » How to create a self-extracting, self-executing tarball » 2017-11-04 02:27:53

Surely all GNU/Linux users would have some shell installed

Yes, according to FSSTND, you'll need to venture off the ranch for that one.

#12 Re: Off-topic » How to create a self-extracting, self-executing tarball » 2017-11-04 00:22:31

Good script.

One (small) remaining problem would be that it's still a script and not a binary; it relies on a pre-installed interpreter (bash), and is thus not fully self contained. Of course, that's not much of a problem except for those who take offence to installing bash, and those who wants a suid program.

But if you want that covered as well, you could write up that header function in C (probably with some minor variation to the separation logic), and then pack such a binary in front of a tar to make a binary, self-executable tar. The point being that you can concatenate anything to a binary executable without that destroying it.

(Or, rather than C, you could use newlisp, which in fact includes an embedding method similar to this.)

On the other hand, as a binary, it'll instead be sensitive to the architecture, and thus less universally distributable -- swings and carousels.

#13 Re: Hardware & System Configuration » Florence on SLIM » 2017-10-28 01:11:01

Fair enough. If you are in the mood for tinkering, it's not really a difficult thing to start an X program over slim. The fundamental aspects are to have the XAUTHORITY and DISPLAY properly set when starting the program, and to start the program at the right time, i.e., after slim.

I don't have florence but can illustrate using xvkbd instead.

For example, it might be sufficient to add a line into your /etc/rc.local file, making it look like this at the end:

( sleep 5 ; XAUTHORITY=/var/run/slim.auth DISPLAY=:0 /usr/bin/xvkbd ) &
exit 0

That line supposedly will start the virtual keyboard xvkbd upon reboot, after 5 seconds, on top of the slim login splash.

You will need to adjust as appropriate for florence of course.

Note that (assuming it works) the virtual keyboard only comes up after reboot, and not again when you log out. But maybe that is sufficient.

#14 Re: Hardware & System Configuration » Florence on SLIM » 2017-10-27 03:08:02

the.drewster wrote:

The bit I can't get working is getting Florence to work on SLIM.

Could you be specific, please. Is it that you cannot start the keyboard over slim? or that it comes up but its input is not delivered to slim's login box? Or something else. Please include any error responses of any commands that your try.

#15 Re: Hardware & System Configuration » working method for module blacklisting? » 2017-10-26 02:56:50

Since I (and you?) don't have cups, disabling it for cups is not a solution.

I managed to get the (standard) ASCII 4.9.0-4-amd64 kernel to avoid loading parport and friends by having boot parameter


together with blacklisting:

# echo blacklist parport > /etc/modprobe.d/blacklist-parport.conf
# echo blacklist parport_pc >> /etc/modprobe.d/blacklist-parport.conf
# update-initramfs -u

It needs both kernel parameter and blacklisting. Possibly lp=0 would work as well, but I couldn't bother testing it.

#16 Re: Hardware & System Configuration » working method for module blacklisting? » 2017-10-25 23:13:17

Someone on a not dissimilar platform had success with the problem in 2009: … 455&page=2
The key was to "also disable loading lp module in default configuration of cups in /etc/default/cups".

#17 Re: DIY » GNU/Linux laptop as router, vpn router, or wifi repeater » 2017-10-20 03:14:09

btw if you care about  IEEE Registration Authority, a "locally administered mac address" needs bit 2 of first byte set and bit 1 cleared. Thus "5e" would be better than "5c".
see eg

#19 Re: Hardware & System Configuration » Issues with Laptop Lid Suspend/Hibernate and Panel Plugins » 2017-10-16 22:13:05

Ideally you should insert the locking program before the suspend action as otherwise it'll wake up unlocked until the locking starts. For example:

if [  "$3" = "close" ] ; then
     DISPLAY=:0 su -c "xtrlock -b" ralph &
     /usr/bin/obsession-exit -s

Note also that (afaik) the lid button script is run by acpid as root and not "the DE user", so a sudo isn't needed, but some way to ensure GUI access is. The added command line above includes the two parts of making the locking program (xtrlock) have the right $DISPLAY set up, and (via su) be the right user (for my laptop).

#20 Re: Hardware & System Configuration » [SOLVED] ascii wicd naming issue » 2017-10-16 21:14:54

Just picking up the smallest of your crumbs:

you can bold inside a quote block smile

which could provide a similar layout separation as a code block, though not scrolling.

As for network interface re-naming, I can't offer anything not already said. Basically it's a udev thingy, and (stupid as it is, one might think), one of those warts that come with the "modern" and "improved" wheel. Slightly easier to fix than rid yourself of avahi and gvfs and packaged and uuidd and whatnot, I think.

#21 Re: Hardware & System Configuration » How to send a signal whenever mouse button is clicked? [SOLVED] » 2017-10-11 12:38:51

A smaller footprint  solution would simply read byte triplets from /dev/input/mice, where <9,0,0> means left button down, and <8,0,0> means left button up; all other triplets mean other things. I would use newlisp, of course, to remain in small foot print scripting, but a small C program could also do.

#22 Re: Off-topic » Arguments against systemd » 2017-10-08 00:37:42

I liked post #19 though; it was short and succinct, and its mere presence so elegantly violated its own sentiment.

#23 Re: Off-topic » Arguments against systemd » 2017-10-07 08:45:13

Sorry. I lost interest there. Too many words. To paraphrase Ramsey: "What you can't say in just a few words, you should whistle.".

#24 Re: Off-topic » Arguments against systemd » 2017-10-07 05:59:43

Why don't you find yourself a blog site somewhere, where it'd be good and natural to line up all those beautiful words. This forum is populated by mostly intelligent people with no need or desire to waste (more) time and thought on systemd.

#25 Re: DIY » UFW Rules: Can anyone confirm this? » 2017-10-02 21:20:17

To be clear, ICMP is a protocol and not a port; it's the Internet Control Message Protocol, whereby routers may exchange meta-data about IP level connectivity. There are several networking protocols to consider, both within the IP class (such as in particular TCP and UDP), and outside the IP class (in a range of varying obscurity).

As said before, there is no such thing as "invisible" on the Internet, short of not being connected at all. But there is a gray scale of "protection layers" of setting blockages for certain network traffic, depending on how you want your host to handle it. I'.e., like the rules you showed on top, which indeed tells the host to drop certain incoming ICMP packets, rather than deliver them to their normal handling (by the kernel). I think you'd do well in dropping IGMP as well, and then consider blocks for TCP and UDP messaging, which offer the majority of intentionally harmful networking.

Board footer

Forum Software