The officially official Devuan Forum!

You are not logged in.

#1 Re: Hardware & System Configuration » U2F and FIDO2 tokens in Devuan » 2021-08-28 04:05:21

If starting chromium under root then U2F works fine in Beowulf too.

How can I enable U2F under a general non root user?

Shall I add the user to some group? Which one?

#2 Re: Devuan Derivatives » An example of how Trinity Desktop Env (TDE) can look on Devuan ASCII » 2021-08-14 15:46:57

Micronaut wrote:

This is a large information dump, but the astonishing final message here is that you are not denying the accusation. TDE really is a risky thing to use in a contemporary networked environment? That's mind-boggling.

The more complex DE is the less secure it is, I guess KDE5 is one of the most complex ones.
I have much less instability issues with TDE than with KDE4, I even refused to run KDE5 as a DE, only using a few applications from it.

Security is a very very tricky topic and to get something really secure you have to isolate it by air, use only secure hardware (at least ARM or may be SPARC, POWER, etc.). You can read more in OpenBSD mailing lists if you have enough time to learn all this stuff.

For easy security just run Trinity DE on the Devuan host and run modern GUI programs inside a KVM guest with its kernel having option lockdown=confidentiality, also SELinux or other MAC can be useful. Connect to it via VNC, such config provides at least some very basic security. Guest shall run a very light WM like IceWM. For better security you need to have a dedicated VM for each application similar to like Qubes does it. Say browser in KVM1, Telegram in KVM2, Pidgin in KVM3, and preferably they all would even run on a different baremetal host, not where Trinity is installed.

#3 Re: Devuan Derivatives » An example of how Trinity Desktop Env (TDE) can look on Devuan ASCII » 2021-08-11 02:04:31

I generally use Trinity for offline programs and run online programs like browsers and chats in a KVM virtual machine with a minimum IceWM DE, later I will move online VM to another hardware host, even other architecture like ARM or PowerPC.

Trinity is an ideal full featured DE for an offline desktop, say for development or office works.
While IceWM is good for minimal relatively secure VMs, even for docker containers having SSH, VNC and X11 forwarding.

You can run highly secure firecracker dockers with IceWM and online programs on a different dedicated host.
https://firecracker-microvm.github.io/

I guess the best security can be achieved if using SmartOS (SunOS) hypervisor with Firecracker and OpenBSD guest VMs  for online programs inside them.

SmartOS -> Solaris zones -> BHYVE VM -> Alpine guest with Firecracker & SELinux enabled -> Alpine nested VM with Docker -> Container with IceWM on Debian/Devuan  and other needed online programs.
or
SmartOS -> Solaris zones -> BHYVE VM -> OpenBSD guest with IceWM and other needed online programs.

Virtualization Management Solution:
https://danube.cloud/#features

https://docs.danube.cloud/user-guide/esdc/features.html

https://www.reddit.com/r/selfhosted/com … _cloud_ce/

https://www.reddit.com/r/selfhosted/com … pdate_now/

Chat:
https://gitter.im/erigones/DanubeCloud

SmartOS:

https://en.wikipedia.org/wiki/SmartOS

https://www.joyent.com/triton/compute

#4 Re: Devuan Derivatives » An example of how Trinity Desktop Env (TDE) can look on Devuan ASCII » 2021-07-26 11:06:33

steve_v wrote:

Does TDE not build on Beowulf or something?

There are ready prebuilt stable packages of the Trinity desktop environment for both ASCII and Beowulf:

deb http://mirror.ppa.trinitydesktop.org/trinity/trinity-r14.0.0/debian ascii main

deb http://mirror.ppa.trinitydesktop.org/trinity/trinity-r14.0.0/debian beowulf main

and even beta packages for Chimaera:

deb http://mirror.ppa.trinitydesktop.org/trinity/deb/trinity-testing chimaera deps main
apt-get update
aptitude install tde-trinity

https://wiki.trinitydesktop.org/Debian_ … structions

#5 Re: Devuan Derivatives » An example of how Trinity Desktop Env (TDE) can look on Devuan ASCII » 2021-07-26 07:12:06

steve_v wrote:

Then again, I'm not really sure why one would want to run ASCII with a bunch of backports now that Beowulf is stable... Does TDE not build on Beowulf or something?

Being called stable does not mean being actually stable especially in terms of compatibility with old third party deb packages and scripts.

Some things could be depricated in new release, somewhere CLI syntax or API could change slightly.

I have Chimaera with kernel v5.13.latest with lockdown=confidentiality in a KVM guest which you can see on the right side of the last screenshot and it works fine. I can access it and its programs by many ways like VNC, X2GO and ssh -X chimaera gui_program.

#6 Re: Devuan Derivatives » An example of how Trinity Desktop Env (TDE) can look on Devuan ASCII » 2021-07-26 05:32:16

steve_v wrote:
NicePics13 wrote:

the desktop with OS (including ZFS) consumes only 1Gb

Bloat!
Slackware 7.1 consumes <4MB RAM at the CLI with default services loaded, and somewhere around 18MB at a KDE 1.1 desktop. tongue

Please take into account that my Devuan ASCII is capable to run relatively modern software from its repository and ZFS 0.8.6 from more recent Debian releases, many WINE version till the latest, many Windows compatible programs like Microsoft Office, Far, IrfanView, DotNet tools like DevArt Entity Developer.

And only ZFS alone takes over 512Mbs of RAM for its ARC and L2ARC tables and ZFS requires 64bit OS which consumes more RAM than 32bit one.

#7 Re: Devuan Derivatives » An example of how Trinity Desktop Env (TDE) can look on Devuan ASCII » 2021-07-25 23:02:38

Virtual machine takes 3 Gbs of RAM and the desktop with OS (including ZFS) consumes only 1Gb:

attachment.php?aid=3157577&nr=1&thumb=1&picture=1&d=1627254082900

#8 Re: Devuan Derivatives » An example of how Trinity Desktop Env (TDE) can look on Devuan ASCII » 2021-07-25 22:19:02

It was a disaster for me after KDE4 yet on Debian has being constantly updated and often broken less or more, especially when they migrated KNotes to SQLite and added systemD trojan.

Almost each apt-get upgrade revealed some new bugs or inconveniences. I have even tried to switch to XFCE temporary, but I am used to be a WinXP/KDE user. Even start menu was broken several times and I was in hurry to make my current work done instead of tweaking that KDE4 hell. My upgrade to KDE5 was just a test of zfs rollback feature almost in 5 minutes after my first login to KDE5 joke.

I treat most things happening in desktop development like systemD, Wayland, KDE5, etc. like a Linux on the way to migrate to Windows 10 like OS. It may be good sometimes for games or may be multimedia works, but for a daily work I prefer a rock solid Xorg + Trinity without nasty systemD shit.

Trinity looks for me like a Windows XP on steroids and on Devuan ASCII + Libre kernel 4.19.latest + ZFS its stability on relatively small desktop loads is comparable to SunOS Solaris most likely.

I did not install Trinity earlier only because I did not know about it and even if I would knew about its existence I would not believe how stable it is between upgrades, no menus or buttons are broken or lost their positions.
Workstation running many different browsers and WINE programs dayly can run for weeks and even months from a single boot without any hangs, even xkilling some hung apps generally would not lock the whole TDE.
And if realy needed kicker can be easily (x)killed and started again even without restarting slim DM.

I have not found any significant bugs in Trinity so far since 2019 except some glitches with keyboard layout switch which sometimes (may be 2-3 times per month) looses Russian variant and I have to reapply the settings to return it back. But may be it is some bootkit activity and not a Trinity bug, who knows.

There are some ideas about migrating Trinity DE to Qt4, and I do NOT welcome such ideas smile

Trinity already works just fine with almost any KDE5, GTK and other applications from repository, is not it enough ? TDE developers, please just keep it stable as long as possible without any major upgrades.

And I would like very much if Debian_STRETCH / Devuan_ASCII would prolong their support period by say 2030 smile

#9 Re: Devuan Derivatives » An example of how Trinity Desktop Env (TDE) can look on Devuan ASCII » 2021-07-24 06:42:08

andyprough wrote:

I can see them just fine, I don't get a cloudflare error message. I'm using LibreWolf browser with noscript and ublock - maybe there's some difference in my browser setup.

Picture's URLs have been replaced already, you would not see them via old URLs at least from this forum thread.

#10 Re: Devuan Derivatives » An example of how Trinity Desktop Env (TDE) can look on Devuan ASCII » 2021-07-23 22:02:37

samhain wrote:

Your screenshots don't show. "This content has been restricted. Using Cloudfare's basic service in this manner is a violation of the Terms of Service ..."

Could you please attach the screenshots to your postings?

Does this forum support attachments?

#11 Re: Devuan Derivatives » An example of how Trinity Desktop Env (TDE) can look on Devuan ASCII » 2021-07-23 16:01:50

A small vertical launch bar on the left side of the screen is auto-hidden:

attachment.php?aid=3154388&nr=2&thumb=1&picture=1

#14 Other Issues » Docker service does not restart from Ansible » 2021-05-27 00:30:25

bimon
Replies: 0

Hello,

Following Ansible code does NOT start docker service under Devuan Beowulf:

    - name: Ensure docker deamon is running
      service:
        name: docker
        state: started

cat /var/log/docker.log:

Failed to start containerd: exec: "docker-containerd": executable file not found in $PATH

Though following code works fine:

    - name: Start docker service
      command: service docker start 
      args:
        warn: False

Lets try SSH:

ssh host "service docker start"

works fine (without a further fix) too.

I was able to fix the problem by customizing docker's rc script by adding:

export PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin

at the top of the file: /etc/init.d/docker

Is it a bug?

#15 Installation » How to activate S6 init together with OpenRC? » 2021-05-20 10:45:07

bimon
Replies: 1

Hello,

I use OpenRC with my Devuan installation.

Now I would like to extend it with S6 supervisor.

Please let me know how to activate it?

I have installed following packages and rebooted.

root@chimaera:/usr/share/doc/s6# dpkg -al | grep s6
ii  libfs6:amd64                                                2:1.0.8-1                                                 amd64        X11 Font Services library
ii  libncurses6:amd64                                           6.2+20201114-2                                            amd64        shared libraries for terminal handling
ii  libs6-2.10:amd64                                            2.10.0.2-1                                                amd64        small and secure supervision software suite (shared library)
ii  s6                                                          2.10.0.2-1                                                amd64        small and secure supervision software suite
ii  s6-doc 

I still do not see S6 process tree which is present for example in linuxserver.io docker images.

May be docs contain this info, but I would like at least a fast start into beginning of using it and then learn it deeper.

#16 Re: Installation » When ZFS 2 is backported to Debian10 and therefore Devuan Beowulf too? » 2021-02-24 16:58:22

I am waiting for serios bug reports, hopefully no serious bugs are found in two months and then I can try OpenZFS 2 on my host too.

Actually I think it is generally a good idea to upgrade to the last minor subversion (which has not regression issues which happens too sometimes, e.g. v0.7.7 and v0.7.10) after a new major is released.

For example v0.7.12 seems good for me on one host, also using v0.8.5 on another one because v0.7.12 could not handle zmirror split on it and resilvering got into an endless repeatable cycle, I waited about 4 times changing different parameters, before upgrade to 0.8.5 fixed this issue.

#17 Re: Installation » When ZFS 2 is backported to Debian10 and therefore Devuan Beowulf too? » 2021-02-24 09:09:07

Btw, Debian stable already has ZFS v2x:

https://packages.debian.org/search?suit … ywords=zfs

zfs-linux (2.0.3-1~bpo10+1) buster-backports; urgency=medium

  * Rebuild for buster-backports.

-- Mo Zhou <lumin@debian.org>  Tue, 23 Feb 2021 22:57:17 +0800

Anyway, I am afraid of upgrading to it on critical hosts yet

It has been released in source only a few weeks ago, lets wait about a couple of months smile

#18 Re: Installation » When ZFS 2 is backported to Debian10 and therefore Devuan Beowulf too? » 2021-02-11 12:42:38

I hardly believe Oracle proprietary ZFS can compete with OpenZFS v2+ in a long term, say 5-10 years since today.
Open source has much more attention and eyes to check the code compared to a small team of proprietary developers, it is like OpenBSD is leading universal OS in security area.

I guess the best what Oracle can do 10 years later is to just steal the code from OpenZFS and resell in under its own brand. It is like a commercial Lindows Linux distro respin.

Even if it is not correct to compare Linux with Solaris, we still have different BSDs like FreeBSD and NetBSD which may be a better choice for a Solaris ZFS contest?

All BSDs like FreeBSD and NetBSD get their ZFS code now from the same ZOL OpenZFS upstream developed by the ZOL team.

#19 Re: Installation » When ZFS 2 is backported to Debian10 and therefore Devuan Beowulf too? » 2021-02-11 12:33:44

Did not Oracle fire many ZFS and Solaris developers who went and landed in companies like Joyent (SmartOS)?
Most likely some of them or even almost all of them finally will join their efforts working on OpenZFS v2 which is a ZOL fork now.

What do you mean under device removal?
Does not ZOL v0.8.x allow to push out a vdev mirror from the pool? I tested it, works fine btw.

#20 Re: Installation » When ZFS 2 is backported to Debian10 and therefore Devuan Beowulf too? » 2021-02-11 10:09:06

Head_on_a_Stick wrote:
bimon wrote:

Do you have any experience with the latest OpenZFS v2.x?

No. ZoL is a hacky mess, the only true ZFS implementation is the Solaris version.

EDIT: have you tried OpenIndiana?

I tried Nexenta about 10 years ago and then about 7 years ago I tried OpenIndiana.

Also I began to use ZOL since about 2012 and find it very reliable for me so far, it survived different  electromagnetic attacks on my storage from power line.
Pools generally died only a few days or weeks after the attack so that I had time to backup via replication and then restore back.
I would loose all my valuable data tens of times already if I would not have saint ZOL in use.

Now I have a very long chain of different filters and separating voltage transformers (about 10 items in total) in my power line and attacks are not effective anymore, I did not see any checksum errors a few months already.

Thanks very much to developers of ZFS on Linux who saved me from many problems!

Is not OpenZFS v2 fork of ZFS on Linux the most up to date and only one which actually gets any recent development?
As far as I know other BSDs now just get ZFS code from OpenZFS v2 (portable ZOL) upstream, they do not develop ZFS by themselves anymore, most likely it is the same for Illumos (OpenSolaris) forks like SmartOS, OpenIndiana, etc. ?

#21 Installation » When ZFS 2 is backported to Debian10 and therefore Devuan Beowulf too? » 2021-02-11 04:49:28

bimon
Replies: 8

Hello,

Please let me know your idea about an approximated not obligatory estimate of when can we expect OpenZFS v2.x in Devuan Beowulf backports?

What I actually need is its feature of a persistent L2ARC.
I am not going to use it for a critical data in backups but it may be good for a server which is replicated often to a more old and stable ZFS version.

I guess it would be a great pleasure to start relatively heavy KVM virtual machines from persistent L2ARC very fast after rebooting the server having storage pool?

I refer to these packages:

https://packages.debian.org/search?suit … ywords=zfs

Will not this feature of persistent L2ARC appear in the 0.8.x branch of ZFS on Linux earlier?

Do you have any experience with the latest OpenZFS v2.x?

Is it less stable and/or reliable on Linux (I do not care about BSD right now) than ZFS on Linux v0.7.12 and/or v0.8.5  ?

#22 Re: Installation » How is it possible that Java update breaks Trinity DE? » 2021-01-19 05:29:13

Head_on_a_Stick wrote:
bimon wrote:

What is the best method to get a list of packages for a downgrade if I have a list of packages those I would like to keep at backports level?

You could try an emergency downgrade to ASCII then re-install the (limited) packages you want from backports.

The "version collisions" of which you speak are more likely the more backported packages that are installed so trying to install everything you can from backports doesn't make much sense IMO.

Is it possible to apt-mark hold some package at backported level and then do an emergency downgrading?

#23 Re: Other Issues » Why rustc does not work under non root account? » 2021-01-18 17:30:03

Well, I installed from Internet using standard method described at:

https://riptutorial.com/rust/example/27821/setting-up

and everything works fine.

#24 Other Issues » Why rustc does not work under non root account? » 2021-01-18 00:23:56

bimon
Replies: 2

Hello,

I have installed following versions of Rust packages:

ii  libstd-rust-1.34:amd64                                           1.34.2+dfsg1-1~deb9u1                                    amd64        Rust standard libraries                                                                                                             
ii  libstd-rust-1.41:amd64                                           1.41.1+dfsg1-1~deb9u1                                    amd64        Rust standard libraries                                                                                                             
ii  libstd-rust-dev:amd64                                            1.41.1+dfsg1-1~deb9u1                                    amd64        Rust standard libraries - development files                                                                                         
ii  rust-doc                                                         1.41.1+dfsg1-1~deb9u1                                    all          Rust systems programming language - Documentation                                                                                   
ii  rust-gdb                                                         1.41.1+dfsg1-1~deb9u1                                    all          Rust debugger (gdb)                                                                                                                 
ii  rust-lldb                                                        1.41.1+dfsg1-1~deb9u1                                    all          Rust debugger (lldb)                                                                                                                
ii  rust-src                                                         1.41.1+dfsg1-1~deb9u1                                    all          Rust systems programming language - source code                                                                                     
ii  rustc                                                            1.41.1+dfsg1-1~deb9u1                                    amd64        Rust systems programming language   

Compiling from root works fine, but from a non root user I get following error:

rustc main.rs
error: linking with `cc` failed: exit code: 1
  |
  = note: "cc" "-Wl,--as-needed" "-Wl,-z,noexecstack" "-m64" "-L" "/usr/lib/rustlib/x86_64-unknown-linux-gnu/lib" "main.main.7rcbfp3g-cgu.0.rcgu.o" "m                                                                                      ain.main.7rcbfp3g-cgu.1.rcgu.o" "main.main.7rcbfp3g-cgu.2.rcgu.o" "main.main.7rcbfp3g-cgu.3.rcgu.o" "main.main.7rcbfp3g-cgu.4.rcgu.o" "main.main.7rcbf                                                                                      p3g-cgu.5.rcgu.o" "-o" "main" "main.4s37gsrti678ik8u.rcgu.o" "-Wl,--gc-sections" "-pie" "-Wl,-zrelro" "-Wl,-znow" "-nodefaultlibs" "-L" "/usr/lib/rust                                                                                      lib/x86_64-unknown-linux-gnu/lib" "-Wl,--start-group" "-Wl,-Bstatic" "/usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/libstd-2b8ce385717c133f.rlib" "/us                                                                                      r/lib/rustlib/x86_64-unknown-linux-gnu/lib/libpanic_unwind-bfdb904b514c26fa.rlib" "/usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/libhashbrown-7519d6bf                                                                                      50917898.rlib" "/usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/librustc_std_workspace_alloc-16e1de1aad2c3dfc.rlib" "/usr/lib/rustlib/x86_64-unknown-lin                                                                                      ux-gnu/lib/libbacktrace-8ed76b3ed1b96667.rlib" "/usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/libbacktrace_sys-2b9293c7b8f41cd3.rlib" "/usr/lib/rustli                                                                                      b/x86_64-unknown-linux-gnu/lib/librustc_demangle-854234105dc1a978.rlib" "/usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/libunwind-a6a6d047de166dab.rlib                                                                                      " "/usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/libcfg_if-1c0cf4a4fbb9635d.rlib" "/usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/liblibc-efaf138ef5c1d                                                                                      0b8.rlib" "/usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/liballoc-e28446567bdd0cc8.rlib" "/usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/librustc_std_w                                                                                      orkspace_core-7d724940c36772e7.rlib" "/usr/lib/rustlib/x86_64-unknown-linux-gnu/lib/libcore-ef8dee7216df56b3.rlib" "-Wl,--end-group" "/usr/lib/rustlib                                                                                      /x86_64-unknown-linux-gnu/lib/libcompiler_builtins-a5f50861fed71e63.rlib" "-Wl,-Bdynamic" "-ldl" "-lrt" "-lpthread" "-lgcc_s" "-lc" "-lm" "-lrt" "-lpt                                                                                      hread" "-lutil" "-lutil"
  = note: collect2: fatal error: ld terminated with signal 4 [Illegal instruction]
          compilation terminated.


error: aborting due to previous error

Earlier I thought my old CPU is not supported by rust compiler, but since root is able to compile then CPU is not related to the problem?

Is it a simple test program, which should compile fine:

fn main() {                                                                                                                                                                                                                                 
    println!("Hello, world!");                                                                                                                                                                                                              
}  

Compiled binary under root displays what is expected when run:

./main 
Hello, world!

My system is after:

apt-get dist-upgrade -t=ascii-backports

#25 Re: Installation » Tried to add a printer manually and it did not work for me. » 2021-01-16 22:04:05

apt-get dist-upgrade -t=ascii-backports

Actually I always treated my HP 1000W printer config as a magic for myself. It was relatively difficult to do even in Debian without backports.
I am almost sure nothing changes if I downgrade from backports back to the updates and security.

Board footer

Forum Software