The officially official Devuan Forum!

You are not logged in.

#1 Re: Desktop and Multimedia » Jessie to Ascii upgrade: Chromium 62.0.3202.75 vs. 62.0.3202.89-1 » 2017-11-11 12:09:08

For completeness:

fsmithred wrote:

Those libraries are only jessie. Find out why they are there.

# aptitude why libgnutls-deb0-28
Manually installed, current version 3.3.8-6+deb8u7, priority standard
No dependencies require to install libgnutls-deb0-28
fsmithred wrote:

Maybe tell apt which chromium you want.

# apt-get install chromium=62.0.3202.89-1~deb9u1
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following packages were automatically installed and are no longer required:
  libwebp5 libwebpdemux1
Use 'apt autoremove' to remove them.
The following additional packages will be installed:
  libminizip1 libre2-3
Suggested packages:
  chromium-l10n chromium-shell chromium-driver chromium-widevine
The following packages will be REMOVED:
  libgnutls-deb0-28 libhogweed2 libnettle4
The following NEW packages will be installed:
  libminizip1 libre2-3
The following packages will be upgraded:
  chromium
1 upgraded, 2 newly installed, 3 to remove and 2 not upgraded.
Need to get 51.3 MB/51.5 MB of archives.
After this operation, 5122 kB of additional disk space will be used.
Do you want to continue? [Y/n] y

Many Thanks

#2 Desktop and Multimedia » Jessie to Ascii upgrade: Chromium 62.0.3202.75 vs. 62.0.3202.89-1 » 2017-11-11 11:01:36

leloft
Replies: 4

Upgrading from Jessie to Ascii on a remote machine. 

# apt-cache policy chromium
chromium:
  Installed: 57.0.2987.98-1~deb8u1
  Candidate: 62.0.3202.89-1~deb9u1
  Version table:
     62.0.3202.89-1~deb9u1 500
        500 http://pkgmaster.devuan.org/merged ascii-security/main amd64 Packages
     61.0.3163.100-1~deb9u1 500
        500 http://pkgmaster.devuan.org/merged ascii/main amd64 Packages
        500 http://packages.devuan.org/merged ascii/main amd64 Packages
*** 57.0.2987.98-1~deb8u1 100
        100 /var/lib/dpkg/status

# apt-get upgrade chromium
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Calculating upgrade... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
libgnutls-deb0-28 : Depends: libnettle4 (>= 2.7) but it is not going to be installed
libhogweed2 : Depends: libnettle4 (= 2.7.1-5+deb8u2) but it is not going to be installed
E: Broken packages

# cat /etc/apt/sources.list
deb http://linux-libre.fsfla.org/pub/linux-libre/freesh freesh main
deb http://pkgmaster.devuan.org/merged/ ascii main
deb http://pkgmaster.devuan.org/merged/ ascii-updates main
deb http://pkgmaster.devuan.org/merged/ ascii-security main
deb http://pkgmaster.devuan.org/merged/ ascii-proposed-security main
deb http://pkgmaster.devuan.org/merged/ ascii-proposed main
deb http://pkgmaster.devuan.org/merged/ ascii-backports main
deb http://pkgmaster.devuan.org/merged/ ascii-proposed-updates main

#Devuan JESSIE repositories
#deb http://packages.devuan.org/merged/  jessie main
#deb http://packages.devuan.org/merged/ jessie-security main

# Devuan repositories
deb http://packages.devuan.org/merged ascii main
deb-src http://packages.devuan.org/merged ascii main

Could anyone explain the unmet dependency (libnettle 2.7.1.5)? is it a systemd thing? I'm running Chromium 62.0.3202.75 on ascii on another machine (this one); the sources.list is the same on both machines but this machine has no libnettle4.

Thanks for your time.

#3 Re: Desktop and Multimedia » xserver-xorg-core/legacy ascii issues. » 2017-09-12 12:39:36

We know this, but we are between a rock and a hard place: AFAIK xserver-xorg-core (the new X  running without root privileges) has a systemd dependency (https://packages.debian.org/sid/xserver-xorg-core), whereas the -legacy version doesn't, but at the cost of the security.  That's why I like to drop down to a console if I leave the machine unattended.
 
I (sort of) understand from postings elsewhere on this forum and dng list that a solution may be on its way: something to do with udev/eudev.  And yes, it's a high price to pay for those windows, but you try earning a living without them.  Be like going back to 'sneakernet'.

#5 Desktop and Multimedia » xserver-xorg-core/legacy ascii issues. » 2017-09-12 10:48:07

leloft
Replies: 5

I have upgraded my third machine to ascii, but the first two are headless and so I don't know if this is specific to the third machine.  The problem that I face is this: on jessie, exiting openbox returned me to a console but kept me logged in and so I was able to leave long print runs overnight while still shutting down the X server.  After upgrading to ascii, firstly I couldn't startx at all, but installing xdm has cured that (albeit with a debian-native logo), but I cannot drop down to a console and remain logged in.  I have to choose between overnight user-space operations + X server or nothing.  This is inconvenient to put it moderately.  So, formally:

a) What files should I have
b) with what permissions
c) in which directories
to run xserver-xorg-* from a console logged in as a normal user, allowing me to refresh X simply by exiting openbox.  This used to be accomplished in all 'jessies' both devuan and debian by changing /usr/bin/slim for /usr/bin/true in /etc/X11/default-display-manager, but I cannot get this to work: X kept reporting an I/O error.  Changing it to /usr/bin/xdm works as above.

Is there any mileage in starting an 'xserver-xorg-legacy in ascii' hint thread?
Many thanks

#6 Re: Desktop and Multimedia » Security updates for devuan jessie » 2017-09-06 14:09:37

fsmithred wrote:

To see if you pulled in packages from backports or testing, you can run

aptitude search ~i -F"%p# %v# %t#"

Clean bill of health: piping this through 'grep backports' or 'grep testing' returns nothing. 
.
Many thanks for this most helpful answer.

Edit:
Although piping it through 'grep bpo9' turned up:

geoip-database                         20170713-1~bpo9+1                       
manpages                               4.12-1~bpo9+1                           
manpages-dev                           4.12-1~bpo9+1

which I have now uninstalled and reinstalled from jessie-backports:

piping it through 'grep geoip-database' gives
geoip-database                         20170512-1~bpo8+1      jessie-backports

and through 'grep manpages' gives
manpages                               3.74-1                 jessie-backports 
manpages-dev                           3.74-1                 jessie-backports

and through 'bpo9' gives nothing.

So now I have to figure how stretch-backports got into the sources.list and check my other machines.

But i'd like to repeat my thanks for such a helpful answer.

#7 Re: Desktop and Multimedia » Security updates for devuan jessie » 2017-09-06 08:52:46

fsmithred wrote:

What packages did you get from debian that you should not have gotten?

I wish I could answer that with any degree of confidence.  After the unauthorized packages incident, I uninstalled as much as I could remember flashing passed me in the terminal. Due to the incomplete logs, I could only guess.  Is there a way to compare installed packages with those held in devuan repositories on a system-wide basis, not an individual package basis?

I have tried three times to offer a better answer to your question, but I keep getting timed out.  I exported the apt-get purge and reinstall sequence of packages, but it runs to over 1000 words which I feel is too long to post, although I am happy to email or otherwise provide it if that would help.  However, a better solution would be to see if I have any 'debian-native, non-devuan' packages installed. and post the results of that.  So any pointers on what commands would achieve that would be most helpful.
Many thanks

f

#8 Re: Desktop and Multimedia » Security updates for devuan jessie » 2017-09-02 13:09:37

fsmithred wrote:

I checked with someone who knows more than both of us put together (CenturionDan):

if that happens then there is a debian stanza in either /etc/apt/sources or /etc/apt/sources.d/

Can't see it:

$ ls -al /etc/apt
total 84
drwxr-xr-x   6 root root  4096 Sep  1 09:03 .
drwxr-xr-x 126 root root 12288 Sep  2 05:14 ..
drwxr-xr-x   2 root root  4096 Sep  1 09:03 apt.conf.d
-rw-r--r--   1 root root    99 Sep  1 09:03 listchanges.conf
drwxr-xr-x   2 root root  4096 Sep  1 09:03 preferences.d
-rw-r--r--   1 root root  1240 Sep  1 09:03 sources.list
-rw-r--r--   1 root root     0 Sep  1 09:03 sources.list~
drwxr-xr-x   2 root root  4096 Sep  1 09:03 sources.list.d
-rw-r--r--   1 root root 40508 Sep  1 09:03 trusted.gpg
-rw-r--r--   1 root root  3530 Sep  1 09:03 trusted.gpg~
drwxr-xr-x   2 root root  4096 Sep  1 09:03 trusted.gpg.d

$ ls -al /etc/apt/sources.list.d
total 12
drwxr-xr-x 2 root root 4096 Sep  1 09:03 .
drwxr-xr-x 6 root root 4096 Sep  1 09:03 ..
-rw-r--r-- 1 root root  247 Sep  1 09:03 devuan.list

$ cat /etc/apt/sources.list.d/devuan.list
# autogenerated by devuan-baseconf
# decomment following lines to  enable the developers devuan repository
#deb http://packages.devuan.org/devuan jessie main contrib non-free
#deb-src http://packages.devuan.org/devuan jessie main contrib non-free

$ cat /etc/apt/sources.list
#
deb http://linux-libre.fsfla.org/pub/linux-libre/freesh freesh main

# deb cdrom:[Debian GNU/Linux 1.0 _Jessie_ - Official Beta2 amd64 DVD Binary-1 20161128-18:28]/ jessie contrib main non-free

#deb cdrom:[Debian GNU/Linux 1.0 _Jessie_ - Official Beta2 amd64 DVD Binary-1 20161128-18:28]/ jessie contrib main non-free

deb http://auto.mirror.devuan.org/merged/ jessie main
#deb-src http://gb.mirror.devuan.org/merged/ jessie main

# jessie-security, previously known as 'volatile'
deb http://packages.devuan.org/merged/ jessie-security main
#deb-src http://gb.mirror.devuan.org/merged/ jessie-security main

# jessie-updates, previously known as 'volatile'
deb http://auto.mirror.devuan.org/merged/ jessie-updates main
#deb-src http://gb.mirror.devuan.org/merged/ jessie-updates main

# jessie-backports, previously on backports.debian.org
#deb http://auto.mirror.devuan.org/merged/ jessie-backports main
#deb-src http://gb.mirror.devuan.org/merged/ jessie-backports main

#Devuan repositories
deb http://packages.devuan.org/merged jessie main
#deb-src http://packages.devuan.org/merged jessie main

Silly question for my own clarity: are CenturianDan's '/etc/apt/sources' and '/etc/apt/sources.d'  missing from my '/etc/apt/*' or are they shorthand for '/etc/apt/sources.list' and '/etc/apt/sources.list.d'? Where else should I be looking?  Sorry if i've missed the point.

#9 Re: Desktop and Multimedia » Security updates for devuan jessie » 2017-09-02 07:44:44

I can offer half an answer to my own question (Q2, post#6):

If Amprolla is down or otherwise unavailable, apt-get appears to use the underlying debian repos in consequence.  This results in a whole bunch of unauthenticated packages (because I have the devuan keyring not the debian) including packages which are normally held back.  Although this constitutes using mixed repos, it appears like normal behaviour to apt-get, and so it simply gets logged as a striaghtforward upgrade.  This has happened three times now: it appears that this behaviour is reproducible.  I don't know enough to call it a bug, but it seems serious enough to warrant flagging up.  Perhaps someone who knows more than me could confirm and escalate if necessary.  For the rest of us noobs, just exercise caution if Amprolla is unavailable.

#10 Hardware & System Configuration » linux-libre kernel 4.1.43 upgrade » 2017-08-17 17:24:09

leloft
Replies: 5

I would like to upgrade to the current LTS linux-libre kernel v4.9 from the old LTS 4.1, but I do not know how to load and which modules I will need to implement my current iptables ruleset which relies on conntrack.  I understand that the automatic loading of the connection tracking modules was discontinued in v4.7.   All the howtos that I have found so far are either introductory articles on iptables and netfilter or far too advanced for my current position on the linux learning curve: I can't even decide whether a stateless firewall would be lunacy or genius!  Advice and/or links would be welcome and I thank you all in advance.

#11 Re: Other Issues » Boinc » 2017-08-13 17:21:23

I am also experiencing Boinc problems after upgrading to ascii this morning.  It appears to be related to the kernel version:

Machine 1: upgraded between Sun, 13 Aug 2017 11:14:00 +0100 and Sun, 13 Aug 2017 11:39:04 +0100 from jessie to ascii using

deb     http://auto.mirror.devuan.org/merged ascii main
deb-src http://auto.mirror.devuan.org/merged ascii main
deb     http://auto.mirror.devuan.org/merged ascii-updates main
deb-src http://auto.mirror.devuan.org/merged ascii-updates main
deb     http://auto.mirror.devuan.org/merged ascii-security main
deb-src http://auto.mirror.devuan.org/merged ascii-security main
deb     http://auto.mirror.devuan.org/merged ascii-backports main
deb-src http://auto.mirror.devuan.org/merged ascii-backports main

# Devuan repositories
deb http://packages.devuan.org/merged ascii main
deb-src http://packages.devuan.org/merged ascii main

Boinc: 7.6.33
kernel: 3.16.0-4-amd64
Boinc working on 4/4 cores, but unable to use boinccmd
********************************************************

Machine 2 upgraded between Sun, 13 Aug 2017 04:00:09 +0100 and Sun, 13 Aug 2017 04:33:18 +0100 from jessie to ascii using

deb http://gb.mirror.devuan.org/merged/   ascii main
deb-src http://gb.mirror.devuan.org/merged/ ascii main

# jessie-security, previously known as 'volatile'
deb http://gb.mirror.devuan.org/merged/ ascii-security main
deb-src http://gb.mirror.devuan.org/merged/ ascii-security main

# jessie-updates, previously known as 'volatile'
deb http://gb.mirror.devuan.org/merged/ ascii-updates main
deb-src http://gb.mirror.devuan.org/merged/ ascii-updates main

# jessie-backports, previously on backports.debian.org
deb http://gb.mirror.devuan.org/merged/ ascii-backports main
deb-src http://gb.mirror.devuan.org/merged/ ascii-backports main

# Devuan repositories
deb http://packages.devuan.org/merged ascii main
deb-src http://packages.devuan.org/merged ascii main

Boinc: 7.6.33
kernel: 4.9.0-3-amd64
Boinc working on 1/2 cores only, unable to use boincmd
***************************************************
Machines 3,4,5 running devuan jessie
Boinc: 7.4.23
kernel: 3.16.0-4-amd
Boinc running on 2/2 cores on all three machines, boinccmd works.
***************************************************
Note: the machine that upgraded from gb.mirror upgraded the kernel, but the machine that upgraded from auto.mirror did not.
I now have two versions of ascii one running the 3.16.0-4 (jessie) and one running the 4.9.0-3.
I am locked out of the 4.9.0-3 machine following a reboot.
I don't think it's the firewall (connection tracking modules not loaded in 4.9.0-3): turning iptables into ACCEPTing everything doesn't help with the boinccmd issues.

#12 Re: News & Announcements » How you can help Devuan » 2017-08-12 10:46:28

Hi.
Who would I communicate with about what 'donating a hosted machine' would entail.  I'd be happy to support in this way; I'd need someone to talk (walk!) me through the process and its implications, but in principle and at first glance I may be able to support devuan in this way.

#13 Re: Desktop and Multimedia » Security updates for devuan jessie » 2017-08-11 09:56:04

darry1966 wrote:

Well you have backports and security repos enabled so thats what you need.

$ cat /var/log/apt/history.log.1 | tail -n 5

Start-Date: 2017-07-29  10:17:48
Commandline: apt-get upgrade
Upgrade: mysql-server-core-5.5:amd64 (5.5.55-0+deb8u1, 5.5.57-0+deb8u1), mysql-server-5.5:amd64 (5.5.55-0+deb8u1, 5.5.57-0+deb8u1), mysql-client:amd64 (5.5.55-0+deb8u1, 5.5.57-0+deb8u1), mysql-client-5.5:amd64 (5.5.55-0+deb8u1, 5.5.57-0+deb8u1), mysql-common:amd64 (5.5.55-0+deb8u1, 5.5.57-0+deb8u1), libmysqlclient18:amd64 (5.5.55-0+deb8u1, 5.5.57-0+deb8u1), mysql-server:amd64 (5.5.55-0+deb8u1, 5.5.57-0+deb8u1)
End-Date: 2017-07-29  10:18:21

$ cat /var/log/apt/history.log

Start-Date: 2017-08-05  08:43:27
Commandline: apt-get install --reinstall devuan-keyring
Reinstall: devuan-keyring:amd64 (2016.11.22)
End-Date: 2017-08-05  08:43:30

Start-Date: 2017-08-11  10:51:39
Commandline: apt-get upgrade
Upgrade: geoip-database:amd64 (20170512-1~bpo8+1, 20170713-1~bpo9+1), libsoup2.4-1:amd64 (2.48.0-1, 2.48.0-1+deb8u1), fonts-opensymbol:amd64 (102.7+LibO5.2.7-1~bpo8+1, 102.10+LibO5.4.0-1~bpo9+1), libsoup-gnome2.4-1:amd64 (2.48.0-1, 2.48.0-1+deb8u1), libreoffice-nlpsolver:amd64 (0.9+LibO5.2.7-1~bpo8+1, 0.9+LibO5.4.0-1~bpo9+1), manpages-dev:amd64 (4.10-2~bpo8+1, 4.12-1~bpo9+1), manpages:amd64 (4.10-2~bpo8+1, 4.12-1~bpo9+1), libreoffice-wiki-publisher:amd64 (1.2.0+LibO5.2.7-1~bpo8+1, 1.2.0+LibO5.4.0-1~bpo9+1), libreoffice-librelogo:amd64 (5.2.7-1~bpo8+1, 5.4.0-1~bpo9+1), linux-libc-dev:amd64 (4.9.30-2+deb9u2~bpo8+1, 4.11.6-1~bpo9+1)
End-Date: 2017-08-11  10:52:21

# apt-get update && apt-get -t jessie-backports install chromium
Reading package lists...
Building dependency tree...
Reading state information...
chromium is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 23 not upgraded.

#apt-get -t stretch-backports install chromium
Reading package lists...
Building dependency tree...
Reading state information...
chromium is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 38 not upgraded.

$ apt-cache show chromium | sed -n 1,3p
Package: chromium
Source: chromium-browser
Version: 57.0.2987.98-1~deb8u1

_________________________________________________________________
Debian Security Advisory DSA-3926-1                   security@debian.org
https://www.debian.org/security/                          Michael Gilbert
August 04, 2017                       https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : chromium-browser
CVE ID         : CVE-2017-5087 CVE-2017-5088 CVE-2017-5089 CVE-2017-5091
                 CVE-2017-5092 CVE-2017-5093 CVE-2017-5094 CVE-2017-5095
                 CVE-2017-5097 CVE-2017-5098 CVE-2017-5099 CVE-2017-5100
                 CVE-2017-5101 CVE-2017-5102 CVE-2017-5103 CVE-2017-5104
                 CVE-2017-5105 CVE-2017-5106 CVE-2017-5107 CVE-2017-5108
                 CVE-2017-5109 CVE-2017-5110 CVE-2017-7000

For the stable distribution (stretch), these problems have been fixed in
version 60.0.3112.78-1~deb9u1.

For the unstable distribution (sid), these problems have been fixed in
version 60.0.3112.78-1 or earlier versions.
__________________________________________________________________

So what am I doing wrong?  Any help with the following four questions would be appreciated.

Q1. Why is apt not replacing chromium v57 with v60? 
Q2. Why are there no log entries for the failed updates, which included an aborted 'unauthenticated packages' warning which prompted the reinstallion of devuan-keyring and the subsequent apt-key update?
Q3. Devuan bug report logs - #24 devuan-project: Cannot update Chromium (https://bugs.devuan.org/db/24/24.html) refers to a solution at  https://dev1galaxy.org/viewtopic.php?id=444, but the link is broken.  Does anyone have a working link?
Q4. Why am I not getting any security updates at all: kernel and postgresql are still unpatched, but the jessie-
and stretch-backports updates worked ok?

Any ideas what might be going on?

Many Thanks

#14 Re: Desktop and Multimedia » Security updates for devuan jessie » 2017-08-11 06:50:55

garyz.dev1 wrote:

What does the /etc/apt/sources.list show -- can you list it for us?

# deb cdrom:[Debian GNU/Linux 1.0 _Jessie_ - Official Beta2 amd64 DVD Binary-1 20161128-18:28]/ jessie contrib main non-free

#deb cdrom:[Debian GNU/Linux 1.0 _Jessie_ - Official Beta2 amd64 DVD Binary-1 20161128-18:28]/ jessie contrib main non-free

deb http://auto.mirror.devuan.org/merged/ jessie main
#deb-src http://gb.mirror.devuan.org/merged/ jessie main

# jessie-security, previously known as 'volatile'
deb http://packages.devuan.org/merged/ jessie-security main
#deb-src http://gb.mirror.devuan.org/merged/ jessie-security main

# jessie-updates, previously known as 'volatile'
deb http://auto.mirror.devuan.org/merged/ jessie-updates main
#deb-src http://gb.mirror.devuan.org/merged/ jessie-updates main

# jessie-backports, previously on backports.debian.org
deb http://auto.mirror.devuan.org/merged/ jessie-backports main
#deb-src http://gb.mirror.devuan.org/merged/ jessie-backports main

# Devuan repositories
deb http://packages.devuan.org/merged jessie main
#deb-src http://packages.devuan.org/merged jessie main

deb http://auto.mirror.devuan.org/devuan jessie-proposed main
#deb-src http://auto.mirror.devuan.org/devuan jessie-proposed main

Thanks for your responses

#15 Desktop and Multimedia » Security updates for devuan jessie » 2017-08-10 06:36:19

leloft
Replies: 32

New forum member greets the community.  Very happy with devuan: running it on all seven machines at work.  Finding it extremely stable even under heavily loaded production machines.  Well done you all!  I am struggling to understand how to apt-get security updates now that debian jessie has gone oldstable.  Could I ask a possibly dumb question please.

What should I have in my sources.list to keep my devuan jessie up to date.?I am particularly concerned with the 23 CVEs in the security advisory 3926-1 (chromium) and the 10 CVEs in 3927-1 (kernel), although the debian oldstable patches are not yet available for the kernel.  I only run chromium on two of the machines, chrome on a third, the rest are headless.

So: should I upgrade chromium to chrome and use the google repository, or is there an additional repository that I should include in sources.list to keep things devuan.  I am not getting any updates at all at the moment.

Hope it's not too dumb a question.

Many Thanks for the hard work going on behind the scenes.  It's very much appreciated.

Board footer

Forum Software