You are not logged in.
IMHO..
I think they have a point there but I don't think there's room for BSD kernels to be on our list of goals right now.
I think having a libre port of a BSD distro is a good idea in itself because it would create a new libre OS, and I hope it works out for them.
About the the BSDs in general.. in FreeBSD binary builds often have dbus and pulse by default. BSD is another option, but not a real escape route.
It's better for us to just keep releasing Devuan as we have been.
Thanks for doing this write-up, I like it very much and have seen people coming over to Devuan using this post.
Cheers!
humm, here I am again - in an old topic.
I tried to check, 'talk.devuan.org/t/os-documentation-how-to-package-for-devuan/568', but never loaded!
I happened to archive the old content at the dev1fanboy installation wiki before talk.do dissapeared(?), see https://git.devuan.org/dev1fanboy/Upgra … ging-guide
It's not well formatted as it's just a backup of what was there, and see that I've changed my post above to reflect that.
I'm not an expert but I think this would do it:
Change --enable-official-branding to --disable-official-branding and rename your package in debian/control to whatever name you like. I think so long as you don't use their artwork and don't call it palemoon you should be fine.
lf I remember the browser will call itself "New Moon" by default. That would seem ok in the meantime, but you'd want to rename eventually I think.
Otherwise just use the mozconfig they provide, but it will limit you to the defaults.
Firejail does the same thing on firefox. It is a feature not a bug. Since information can pass both ways, it prevents access to your personal information. It took me a while to adjust to it.
Indeed the sandbox only lets you access downloads. So if you want to upload something into your browser (e.g an email attachment) just drop it in downloads first. If you want to add more append whitelist <directory path> to /etc/firejail/palemoon.profile.
It's worth noting about Firejail that Steve Pusser also offers a newer version of firejail that's compatible with Palemoon (which releases quickly and has no LTS), so it's best to use his builds.
Just need to maybe get with a packager and have them package the newest version, the microcode version in the repo is the next-to-latest version, it's from July 2017 and the newest one is November 2017, so it's not like the current jessie microcode package is way old or anything.
I kinda doubt it has any fixes for meltdown in it.
Also Intel looks to have pulled the latest microcode for 2018, so most people have to wait for this to change.
Thank you for the information but your subject is slightly misleading.
Spectre has only partially been dealt with and the fix seems very far away.
True, the title was poorly chosen. Really this should be titled "How to mitigate Meltdown and Spectre" as it's unclear if they will ever be fixed. This is basically just how to apply the mitigations if/when they are available.
From what I can tell about Spectre it needs mitigations in userland, and maybe even mitigations during compile time using a patched gcc.
@miroR I've made some initial changes for that and more to follow, please let me know in a couple of days if you find more. A couple of pages are gone now, so I need to try to remember their locations but with any luck I should be able to unbreak most of the links. If you have a git account, I'd appreciate any other feedback you have or opening of issues.
There's a little confusion about my name, I go by dev1fanboy only on the wiki but it remains under that name so that users can still find what they are looking for. A little bit of changing in links were required due to naming the pages after releases, because it's clearer what releases they can be used for. On the other hand, because it's frustrating for users the wiki pages should mirror the git repo soon. So I'll have a contributors area and a more readable area for users.
If you could point out which links are breaking that would be helpful. I'll of course fix those, or redirect to the renamed pages.
About the D-Bus pages, ascii has surf2 so when ascii is released I may just use that instead of Firefox.
And I don't even remember where I posted that I would contact dev1fanboy about something related to sans-dbus. I can tell that I tried (and contacted wrong Devuaner instead -- Ralph Ronquest I PM'ed, having mixed the nicknames somehow... But dev1fanboy's old email expired, which I had from Devuan DNG ML. So I have to post it here:
dev1fanboy, pls. either revert to the old locations that you previously had, or at least do not change those addresses any more...
( I'm referring to your Devuan Install, and esp. sans-dbus wiki pages. )And also, cosider my new posts, as well as:
sans-dbus in Devuan: low level core installation of dbus remain
https://dev1galaxy.org/viewtopic.php?id=1825Correct me if I'm wrong, or confirm my research if you find it correct!
There's a fair bit of reading for the topic(s) but if I understand, there is something wrong with the Ceres APT pinning? I believe in Ceres you won't be able to avoid systemd that way if you use either dbus or xorg, and will have to make do with libsystemd0 being installed (also for ascii in some areas). I am actually considering removing that document, since it's not that useful anymore for that reason.. unless anyone finds it still useful somehow?
As far as full D-Bus removal it's very difficult if you need a fully featured browser from the Devuan repos. Firefox was mentioned mostly because you don't need to have the dbus daemon installed and running, so maybe your suggestion is not to be concerned about features and go with no dbus at all?
The changes to the wiki do seem to be confusing people, what I'll point to.. is that contributors can't easily view the source of those pages with the older location. Just as a note you can update older posts on d1g, but I may have to revert things anyway if enough people are finding it confusing. Does anyone agree with that? It would be good to have some feedback about that.
Some information about mitigating the recent issues for Devuan users. I don't own any AMD hardware, so these instructions are for intel only.
It's worth knowing that Devuan does nothing to change the kernel images, and provides the Debian packaged kernels. So you can check with the Debian security tracker for the current status of the kernel packages.
https://security-tracker.debian.org/tra … kage/linux
Meltdown is fixed in all the Devuan branches, so you can upgrade your kernel right now to protect against meltdown.
apt-get update
apt-get dist-upgrade
This should be enough to get the kernel updates if you have the linux-image-<insertyourarch> virtual package installed. Otherwise search for the latest image version.
apt-cache search ^linux-image-
And install it like this for example.
apt-get install linux-image-3.16.0-5-amd64
Intel recently released new microcode. It's not known for sure if it's related to meltdown/spectre yet, but if you want to update the microcode anyway here's how to go about it. You don't need to do this if your motherboard vendor has released a BIOS update with the microcode.
Find and download the latest microcode from downloadcenter.intel.com. The latest at time of writing is here.
Change to the /lib/firmware directory (as root).
cd /lib/firmware/
And unpack the tarball here.
tar xf /home/youruser/Downloads/microcode*tgz
The Gentoo wiki page here explains how to convert the ucode into an initrd image that grub can use.
On Devuan install the iucode-tool package.
apt-get install iucode-tool
And generate the image for grub to use (if you use a boot partition make sure it's mounted).
iucode_tool -S --write-earlyfw=/boot/early_ucode.cpio /lib/firmware/intel-ucode/*
And you will need to make the changes in /etc/grub.d/10_linux as pointed out in the grub section. When you're happy with the changes update grub like this.
dpkg-reconfigure grub-pc
And you'll need to reboot for the changes to take effect.
reboot
And see the verification section from the gentoo wiki as well.
If you're an NVIDIA driver user you should update those to 384.111 for the stable release and 390.25 for the latest version (not covered here). You'll need to use the nvidia.com driver search feature to find those versions.
After upgrading and installing the new kernel as you suggested, the situation was exactly the same as before, I could not even get into a virtual console unless I was in recovery mode. What helped a bit was replacing the intel driver with vesa because then I could at least get into a normal virtual console, however starting slim or X still did not work (Permission denied).
So you probably can get around the issue by forcing xorg to use only the vesa driver for now. That seems like the best option to me unless you really do need the accelerated driver, at least until you can find a better work-around.
I think the problem with xorg permissions is already known and I noticed there was an update yesterday for the xserver-xorg-legacy package that allows setting permissions for xorg (dpkg-reconfigure xserver-xorg-legacy). Using the console users only setting and starting as root works fine for me.
You seem to have narrowed it down quite a bit there. You only have problems when the intel driver loads so you could try a few work-arounds if you want, like disabling modesetting or maybe try the pci=noacpi boot parameter.
You should upgrade the kernel after the dist-upgrade. If the backported kernel doesn't solve the problem you could just remove it and the backports repo.
To make testing the screen problem a bit easier you could disable the display manager.
update-rc.d -f slim remove
Do this before you dist-upgrade. That should let you upgrade the kernel and make other tests without having to recover.
To start the display manager and test the xserver you can just use
/etc/init.d/slim start
So it's probably the same as this issue.
You could try using noapic or nolapic as a kernel parameter, it's been known to fix some blank screen issues in the past.
Or try with the latest kernel from ascii-backports.
apt-get -t ascii-backports install linux-image-4.13.0-0.bpo.1-amd64
Failing that you could try to use the xorg vesa driver instead of the intel driver.
It's helpful to narrow down the issue a bit. At what point does the screen go black? Is it immediate or only when the xserver starts?
For those who want to upgrade to ASCII, I have made the instructions available on my wiki here. The instructions are only for upgrading from Devuan Jessie to Devuan ASCII. I expect this to be straight forward except for non-standard installs, but please open an issue if you experience any problems.
It's not available in the Jessie release, but is available in ASCII. In general it's not recommended to mix repos, but you could try apt pinning if you need to this.
As we were just talking about it another thread, I thought I would share some tips for using Palemoon and some of it's extensions. Feel free to add here if you have any tips yourself.
Sandboxing Palemoon can be done with firejail.
apt-get install firejail
Firejail already has a profile for Palemoon so you don't need to configure it.
firejail palemoon
That's it, sandboxed.
Update: If you run into issues disable seccomp support in /etc/firejail/palemoon.profile
#seccomp
One of the problems with some XUL extensions is that PM is not compatible with australis that some extensions use. Australis is a newer user interface and theme Firefox uses. But that doesn't mean these extensions don't always work, just that the interface is broken.
One work around for incompatible extensions is to use the moon tester tool extension. This makes it possible to use the install button for some AMO extensions, even if they are not completely compatible.
The Classic Add-ons archive extension provides a viewable archive of XUL extensions.
Some extensions that work:
uBlock Origin has working legacy builds.
Greasemonkey for Palemoon is interesting for tinkering with in browser user scripts.
The noscript legacy builds for Firefox 52 ESR work in PM (missing upper tray icon).
HTTPSEverwhere version 5.2.21 works except for the interface.
Yes if I remember correctly.
(certainty > 99,9 %)
The installer menus make it look complicated, so it's easy to make a mistake there.
Be sure to post /etc/crypttab and /etc/fstab as mentioned. You can just login with your root password at the maintenence shell and do cat /etc/crypttab and cat /etc/fstab.
This was recently removed from my wiki since KatolaZ's d1h guide is more up to date. But it might be useful to check the version in I archived from a while back to pick up some bits and pieces.
I would prefer a mixt usage of my distribution:
kernel 64 bit to respect the architecture of my PC
but 32 bit binaries!
I think what you're looking for is an x32 port, like Debians x32 port: https://wiki.debian.org/X32Port. It's an unfinished port with not enough interest as far as I can tell.
The closest Devuan has to that is an install from a 32-bit i386 ISO, as there is no x32 port in Devuan.
If you're looking for a simpler system another option is to not support 32-bit in your system, which will make your install simpler and remove some packages.
dpkg --remove-architecture i386
apt-get update
apt-get autoremove --purge
You can remove 32-bit support in the kernel as well if you compile your own.
Just to clarify, did you create the encrypted volume with the installer?
golinux wrote:Geoff 42 wrote:There is no GUI method to shutdown the system as lxde only allows logout/lock and slim does not have any options to shutdown. I have a quick kludge with xmessage and sudo.
Geoff'man slim' offers suggestions for alternate actions. Note that I have not tried any of them. YMMV.
I have had a look at "man slim" and you can indeed shutdown the system there by giving the username "halt". However, it does then prompt you for the root password, which I do know ;-) but my partner does not. I persuaded her that Linux was better than Windows by telling her that Penguin Solitaire was better than MS Solitaire. I think that I should not ask her to shutdown with this method, but with a nice tidy menu option.
Geoff
Give lightdm a try, it has all those buttons/menus etc plus better support upstream vs slim.