golinux wrote:

@fungus . . . possibly PEBKAC?

What is PEBKAC?

https://classic.startpage.com//do/search?&query=PEBKAC

@fungus . . . possibly PEBKAC?

No, I am good with copy paste of instructions.  I installed, updated, and upgraded the Refracta 9 and only added Openbox and a few LXDE pkgs.  Then I tried installing OpenRC and I reported all the files that appeared uninstallable due to missing dependencies.  Then I switched to ceres and they were there.  So I installed OpenRC with ceres being open.  It was the only way I could install OpenRC, then deleted sysv-rc and executed a command specified by the installation to reboot.  All well.  I repeated the whole procedure a 2nd time on a different machine.  Same repositories.  Same problem.
Some days later when I checked to what is installed and appears as local I thought with ceres disabled the pkg that came from there would seem as local with no counterpart in ascii.  Wrong, they appeared as ascii pkgs.

If there is a pebkac problem it exists around the chair of the repository manager, or there is a MIM problem.
I urge you to check on the vegetable addresses of the reps and whether they correspond to the pkgmaster.  I think something is messed up in there.

So there is some funky business going on with the amprolla3 repositories that make them misbehave from time to time.
At a later point when ceres was turned off and reupdated, the ceres packages should have been seen as "local" installations, but didn't, they appeared as native to ascii.  So I assume that part of the repository is available and unavailable without producing an error to the user.

Well I did the update just now, reloading Synaptic just showed the Linux image metapackage and one other as upgradable, not the kernel itself, but when I upgraded the two packages it installed the new kernel but in addition to the older kernel, so now have two. I assume the older can be deleted but just wondering why it didn't do it as an upgrade instead?

If I understand what you're saying, I believe the same happened to me, and I'd assume that's the desired behavior. I have the linux-image-amd64 meta package installed, and after adding the jessie-security source the upgrade pulled in linux-image-3.16.0-5-amd64 (with the new 3.16.51-3+deb8u1 version) in addition to my existing linux-image-3.16.0-4-amd64, making the newer the default in grub.

If the new kernel were to cause any issues, I'd be able to boot to the old one using the arrow keys in the grub menu. Since it was OK, after rebooting, I uninstalled the old one, and did an update-grub. If that's what you're referring to I'd expect that as a safeguard.

Those are all valid jessie repositories, pick and choose.  Some may not have a contrib and non-free components.

Thanks! I think the fact that I used the expert non-graphical install may be how I ended up with just the jessie source. I've now added the security source. For our purposes I think that will do for now, as adding either the updates or the backports actually doesn't cause anything new to install anyway. Sorry for sending the thread a bit off topic too.

deb https://pkgmaster.devuan.org/merged/ jessie main contrib non-free
deb https://pkgmaster.devuan.org/merged/ jessie-backports main contrib non-free
deb https://pkgmaster.devuan.org/devuan/ jessie-proposed main contrib non-free
deb https://pkgmaster.devuan.org/devuan/ jessie-proposed-backports main contrib non-free
deb https://pkgmaster.devuan.org/devuan/ jessie-proposed-security main contrib non-free
deb https://pkgmaster.devuan.org/merged/ jessie-proposed-updates main contrib non-free
deb https://pkgmaster.devuan.org/merged/ jessie-security main contrib non-free
deb https://pkgmaster.devuan.org/merged/ jessie-updates main contrib non-free

https://sysdfree.wordpress.com/151

I used the expert non-graphical install. I'm wondering if there wasn't something in that that I selected incorrectly, though I don't recall that.

Strange... I used the expert+graphical install, here's my "uncommented" sources.list

deb http://it.mirror.devuan.org/merged/ jessie main non-free contrib 
deb http://it.mirror.devuan.org/merged/ jessie-security main contrib non-free 
deb http://it.mirror.devuan.org/merged/ jessie-updates main contrib non-free 

deb http://packages.devuan.org/devuan/ jessie-proposed main 
deb http://packages.devuan.org/merged/ jessie main contrib non-free 

I'm not 100% sure but I think I never modified this by hand

I have to say that I did find your sources.list quite strange-looking... ^__^; Are you sure no one "tinkered" with it?

That wasn't the entire file, but it was in fact the only uncommented source in the file. The only change I made to the original one from the install was to comment out the line for the install CD ISO, as I was packaging it as a VM. The file also has the sources for the deb-src commented.

I can tell you for sure that jessie-security wasn't in there.

EDIT: Are backports and updates also supposed to be in there? Those were never in mine either. I used the expert non-graphical install. I'm wondering if there wasn't something in that that I selected incorrectly, though I don't recall that.

Tom

Is there some reason that the default sources.list from the install wouldn't include that by default? I can also see we were missing a number of updates because of that.

I have to say that I did find your sources.list quite strange-looking... ^__^; Are you sure no one "tinkered" with it?

You should look up the three debian security alerts

https://meltdownattack.com/
https://spectreattack.com/
https://meltdownattack.com/meltdown.pdf
https://spectreattack.com/spectre.pdf

https://security-tracker.debian.org/tra … -2017-5715
https://security-tracker.debian.org/tra … -2017-5753
https://security-tracker.debian.org/tra … -2017-5754

https://xenbits.xen.org/xsa/advisory-254.html
https://googleprojectzero.blogspot.co.u … -side.html
http://blog.cyberus-technology.de/posts … tdown.html
https://01.org/security/advisories/intel-oss-10003

It looks like you are missing jessie-security... Try adding this:

deb http://us.mirror.devuan.org/merged/ jessie-security main non-free contrib

That doesn't do it either. What it gets me is even more confusing:

apt list --upgradable | grep linux

WARNING: apt does not have a stable CLI interface yet. Use with caution in scripts.

linux-image-3.16.0-4-amd64/stable 3.16.51-2 amd64 [upgradable from: 3.16.43-2+deb8u2]
linux-image-amd64/jessie-security 3.16+63+deb8u1 amd64 [upgradable from: 3.16+63]

I have no clue what that second one even is.

I do in fact have the linux-image-amd64 meta package installed. Nothing I do seems to find that linux-image-3.16.0-5-amd64, but rather newer versions of linux-image-3.16.0-4-amd64. Earlier I tried adding jessie-updates and that didn't work either and was even more confusing. That wanted to pull in a version of linux-image-3.16.0-4-amd64 that was 3.16.51-3, but NOT the 3.16.51-3+deb8u1 that actually has the fix. Insane.

My company is sort of really dying for this one. I hope someone has suggestions because this is getting more confusing with everything I try.

SOLVED: OK...Now I think I get it. That new version of the linux-image-amd64 meta package from jessie-security (3.16+63+deb8u1) actually ends up pulling in linux-image-3.16.0-5-amd64 with the 3.16.51-3+deb8u1 version.

That was confusing. Is there some reason that the default sources.list from the install wouldn't include that by default? I can also see we were missing a number of updates because of that.

Tom

tlathm wrote:

Am I missing something here or am I maybe just hitting a mirror that hasn't synced yet or something?

I assume you did run "apt-get update", so I guess you are indeed using a mirror not updated yet...?

Definitely. I just updated to 3.16.51-2 and now it tells me everything's up to date. Really seems odd. This is all I have enabled in /etc/apt/sources.list:

deb http://us.mirror.devuan.org/merged/ jessie main non-free contrib

Is that correct?

Tom