You are not logged in.
- Topics: Active | Unanswered
#376 Re: Off-topic » SSH tunnel from PC's VNC client to a VM's desktop on separate VM Host » 2023-04-12 05:22:19
1) Am I benefitting from the magical protection of "SSH tunneling" in my interactions all the way between my PC VNC client and the VM desktop?
or
2) Does this protection only extend to the connection between the PC VNC client and the VM Host, leaving communication between the VM Host and the VM itself protected only by VNC security? Perhaps I need to create another SSH tunnel on the VM host?
There is no "magic protection" here, security is both an ongoing process and a matter of understanding what it is you are doing. SSH encryption extends between SSH client and SSH server, nothing more and nothing less. Likewise SSH authentication.
An SSH tunnel is exactly what the name implies, encapsulating and tunnelling other arbitrary TCP traffic through an SSH connection, where it benefits from whatever encryption your SSH session is using.
This is very useful for protecting unencrypted traffic over the open 'net (or as an ad-hoc "VPN"), but of questionable benefit on a trusted LAN. Operative word there is of course "trusted". If your LAN is not secure, you likely have bigger fish to fry... Such as isolating (or better, disposing of) internet-of-trash devices, and putting guest wireless connections on a restricted VLAN and/or dedicated access point.
In your scenario, the VNC client (remmina or whatever) makes an unencrypted VNC connection to port 5901 on localhost, where your SSH client is listening. SSH tunnels the connection inside it's encrypted channel to the remote machine, where the SSH server forwards it (unencrypted) to whatever is listening on the remote machine's port 5901 - in this case qemu's built-in VNC server.
Anything relating to the security of qemu (and it's VNC server) or the VM it is running is out of SSH's influence. It's simply passing network traffic from one machine to another.
Bear in mind that if the SSH server on the VM host can make a VNC connection to qemu, so can other processes or users on that machine.
You will still need to ensure the VNC server is configured to listen only on localhost and/or firewalled, and it has some kind of authentication enabled.
Local connections between processes (i.e. VNC client -> SSH client, SSH server -> qemu) are generally safe without any encryption, as they never leave the machine anyway. That said, if someone else has root on the server (i.e. it's not yours), all bets are off.
#377 Re: Desktop and Multimedia » What are my options to install latest version of Gnome DE? » 2023-04-05 13:18:10
Run unstable (Ceres) (with the usual "you are now a tester" caveats), or run a rolling-release distro.
#378 Re: Desktop and Multimedia » What are my options to install latest version of Gnome DE? » 2023-04-05 12:48:58
Welcome to Debian Stable (or more accurately, a distro with almost 1:1 tracking of the same).
Not having the latest SNS in the stable repos is not a bug, it's a feature. If a rolling-release with rapid updates is what you want, run a rolling release.
#379 Re: Desktop and Multimedia » how to easily copy a windows partition? » 2023-04-03 10:32:23
OP should really have just copied them to an external drive!
Or, ya know, answered the question I posed in the very first reply WRT what kind of backup they wanted. Vague questions beget suboptimal answers, what else is new. 
@OP: "Restoring" a dd disk image is simply reversing the dd command, and will return the disk to the exact state it was in when you imaged it (broken windows install included). However this is likely not what you want.
To restore files from the image you will first need to mount it as a loopback filesystem.
Assuming it's a raw disk image (i.e the ".qcow" extension is irrelevant and qemu is not involved), you want something like 'mount -o loop,offset=[offset of the partition you want] [image file] [mountpoint]', or 'losetup --partscan --find [image file]' to find the partitions for you and create device nodes you can mount like any other filesystem.
Examples of several approaches here, among other places easily found with a web search.
If you want accurate advice, please be accurate WRT to partitions, disks, filesystems, and most importantly, your end-goal. As Camtaf said, this would have been easier if we had known you wanted to restore your files rather than the entire disk.
#380 Re: Desktop and Multimedia » how to easily copy a windows partition? » 2023-04-02 12:41:26
dd if=/dev/sdX of=/media/sdY/your.qcow2 bs=10M status=progress
I suggest the same as zapper says above. Well worth the time.
dd is simple, but it's also pretty slow as it'll copy everything, including empty blocks.
load a linux live distro
use a 'live' Linux pendrive
There's no need for a live distro here, regardless of the method used.
Just make the windows partition is not mounted and you can do it from Devuan (as the OP requested). dd is of course available by default, and partimage and clonezilla (which includes partimage) are in the repos.
#381 Re: Desktop and Multimedia » how to easily copy a windows partition? » 2023-04-01 18:15:42
How long is a piece of string?
There are about 50 bazillion ways to copy a partition, starting with a dead simple 'cp' of the files or 'dd' to an image file...
Personally I quite like the flexibility and features of clonezilla, but it all depends what kind of backup you want - just the files, a full disk image with the boot sectors and all that jazz, or a bitwise clone to another disk?
#382 Re: Devuan » Increasing need for RAM » 2023-03-31 08:14:34
$ cat /etc/devuan_version ; free -m
chimaera
total used free shared buff/cache available
Mem: 128887 102819 21226 61 4841 24548
Swap: 16383 179 16204And this box doesn't even run a GUI 
I will never understand this constant obsessing over memory, it's like some kind of religion here.
#383 Re: Installation » [SOLVED] mail filtering in console » 2023-03-31 06:40:09
The traditional unixy solution (and likely the lightest on resources) is probably the old (fetchmail / getmail) -> procmail (+formail) -> (maildir / mda) construct. Assemble parts as needed 
I was running fetchmail + procmail via cron as my mail filtering / delivery system for many years, though I have since moved to getmail for retrieval and sieve within dovecot for filtering, as the box also acts as an IMAP server these days anyway.
The 'net at large should provide plenty of fetchmail/procmail/formail info, it's a system as old as the hills. Procmail filter syntax is a mite arcane, but it's very powerful once you get your head around it. Also here.
Alternatively (or if you're discouraged by the length of procmail's beard), you might just want to set up a real mailserver and use sieve scripts. As mentioned I use dovecot, but there are several other options.
As for alpine... I'm not sure why one would want to use a mail reader for automated retrieval and filtering, but if it can do it it can do it I guess. I'd consider fetchmail / getmail and a filter and/or mda of choice the more appropriate hammer though.
Any more detailed suggestions dependent on more detailed explanation of your setup (e.g. "mail dirs" meant in the traditional *nix maildir sense or folders within a maildir / mbox, where these boxes are and how your end-user readers access them, where your IMAP server is, etc.).
All the above assumes primarily syncing to and working with mail in local mailboxes or on your own mailserver (since that's how I do it), If you're more into manipulating a remote IMAP server you don't control I'll be of little use to you, and maybe something like alpine is the way to do it...
Or perhaps imapfilter. That one looks pretty promising for such a task, and could be combined with e.g. getmail or imapsync if you want a local backup as well.
#384 Re: Other Issues » Where do I report bugs in devuan-backports packages? » 2023-03-28 13:30:12
please file a report so it gets fixed.
I have, and it has been. My question, i.e. are bugs in backports handled separately as they are in debian, appears to be answered by stint of said bug report being accepted.
It would still be nice if this was clearly explained on the bug reporting section of the devuan site.
That it was fixed so quickly is great. Logging being screwed up on multiple machines for multiple months before I noticed this, and me (who is not a package maintainer) being the only one who did... That isn't great at all.
Unfortunately, as systemd and other assorted crap (eg.: zeigeist) advance and dig their tentacles into the workings of Debian, that task becomes more and more difficult.
It is something most people are not aware of.
-----------------------------------> You seem to be one of them. <-----------------------------------
I am well aware of it. Awareness does not make it any less of a problem when such borkage continues to slip through.
it seldom happens in Devuan.
It happens in Devuan far more often than it does in Debian, and in far sillier ways.
if I take you to your word, you will most probably leave the ever growing Devuan user base.
Which is a real pity as Devuan could use another 'somebody', more so if it is one with your bug-tracking skills.
You can take my word as: I am getting ever closer to migrating systems that I need to work reliably, without the intrusion of random "oops" class bugs in critical packages, over to Slackware or FreeBSD.
Apparently, Devuan derives from Debian and Veteran Unix Administrators... I took this to mean that the distro would cater to administrators (who, ya know, administer things, like production servers), and inherit the stability and reliabilty of Debian... Rather than turn into another hobby distro for anti-conformist tinkerers with old laptops.
I appear to be mistaken, if the apparent focus on desktop customisation and the attitude I see from many people here have any bearing on things.
As for my bug-tracking skills... That's kinda my point. If my relatively meagre expertise and attention are all that stands between Devuan and undetected broken packages in the repos, we have problems. How am I the only one to have noticed this, in rsyslog of all things?
If you need the type of trust and assurances that Debian has given/gives you, you may want to consider going back to Debian.
I need some level of confidence that I can run headless servers, with unattended upgrades, and not have them break unexpectedly because somebody forgot to change the distro name in a default config or misplaced a patch in a shipping package version.
I especially need them not to stay broken through multiple updates - as happened here until I pointed out the borked script.
Hell, I don't have something as important as system logging go tits-up with a routine upgrade even on my bleeding-edge Gentoo desktop. If Devuan can't match the rollingist of roll-your-own rolling-release distros in terms of core package QA, I really don't know what purpose it serves.
What are we trying to achieve here anyway, Debian without the init upheaval or Debian without the stability and reliability?
Maybe FreeBSD is the answer after all.
Just looked into the Daedalus version, that looks not literally the same but as far as I can tell shows the desired two options.
Yeah, it's just the chimaera-backports package. Dog knows how that happened considering the backports are from daedalus to begin with.
#385 Other Issues » Where do I report bugs in devuan-backports packages? » 2023-03-28 05:48:14
- steve_v
- Replies: 7
Debian asks that bugs in backports be reported to the debian-backports mailing list, however there appears to be no corresponding information on the Devuan bugtracker page... Do bugs in e.g. chimaera-backports go to the main bugs.devuan.org address or what? Who exactly maintains these packages anyway?
Owing to the above lack of information, I'll post this here for web-search purposes: rsyslog from chimera-backports is currently broken WRT logrotate, due to (the usual) unpatched systemd bullshit. Do I assume this package is pulled direct from debian?
Specifically, the file '/usr/lib/rsyslog/rsyslog-rotate' installed by rsyslog-8.2302.0-1~bpo11+1devuan1 (and 8.2208.0-1~bpo11+1devuan1 before it) contains:
#!/bin/sh
if [ -d /run/systemd/system ]; then
systemctl kill -s HUP rsyslog.service
fiWhere it should be (and is in rsyslog-8.2102.0-2+devuan3):
#!/bin/sh
if [ -d /run/systemd/system ]; then
systemctl kill -s HUP rsyslog.service
else
invoke-rc.d rsyslog rotate > /dev/null
fiThus, logrotate fails to HUP rsyslogd if rsyslog is installed from backports, thoroughly borking log rotation (and things that read those logs).
Please, please tell me somebody is actually checking packages (and their config files) for systemd-isms before allowing them into Devuan (-backports), this is not the first time this kind of thing has happened and it is seriously eroding my trust in the distribution.
Syslog is a critical service, breaking it during routine updates is an extremely bad look. Installing backports on debian, by contrast, has caused me no grief at all in the last ~20 years.
#386 Re: Other Issues » [SOLVED] /.config and /.cache with Daedalus » 2023-03-06 04:23:19
# apt purge pulseaudio && apt autoclean && apt autoremove
Much as I too dislike pulseaudio, if one wants such niceties as on-the-fly switching of bluetooth sinks and whatnot, pure ALSA is a PITA.
While it is still far too complicated IMO, pipewire does at least solve some of the more glaring deficiencies of pulseaudio. Anyone wanting modern convenience features on a laptop or such will probably need one or the other.
Edit 1: Except the phone and tablet have systemd, of course, and setting up pipewire without that is a bit more complicated.
Edit 2: Actually, the "Alpine solution" turned out to be pretty simple. pipewire-launcher.sh worked without modifications.
FWIW, I have been playing with pipewire on my (openrc) Gentoo desktop too. Gentoo uses exactly the same pipewire-launcher.sh (anybody's guess who nicked it from who), and while it should work on any distro it does come with one problem - it has no facility for terminating pipewire / wireplumber when the user logs out.
That's not a big deal on a single-user system, nor is it a problem if one has logind set to kill user processes (which in turn breaks the old-school ability to background a task and leave it running after logout though).
If neither of those are true however, it results in stale pipewire processes left running and blocking the sound device when one user logs out and another logs in.
To solve this, I lifted a solution from slackware, namely using daemon to manage the equivalent of systemd "user-units".
The result is 3 autostart files (pipewire, pipewire-pulse, wireplumber), like e.g.:
[Desktop Entry]
Version=1.0
Name=Pipewire
Comment=PipeWire media server
Exec=/usr/bin/daemon --bind --respawn --pidfiles=$XDG_RUNTIME_DIR --name=pipewire /usr/bin/pipewire
Terminal=false
Type=Application
X-GNOME-Autostart-Phase=Initialization
X-KDE-autostart-phase=1
X-GNOME-HiddenUnderSystemd=true
X-KDE-HiddenUnderSystemd=true
X-systemd-skip=trueZero launcher shell scripts or hacky anti-race sleeps, and the ability to do things like:
$ daemon --list
cdemu
pipewire
pipewire-pulse
pipewire-wireplumber
systembus-notifyAs well as stopping, starting, and restarting these user daemons without resorting to pkill and co, giving them pid files, retrying failed starts, and binding to the user's logind session so they exit when they should.
Fractionally more effort (IIRC daemon is in the devuan repos already), but cleaner and more flexible IMO.
Just something to consider, FWIW I strongly suspect we're going to need something like daemon for more than just pipewire in future (I'm also using it for cdemu-daemon and the dbus-notifier part of earlyoom here), as systemd user-units become more popular.
To return to the OT, yes, this /.config and /.cache garbage is created on chimera (default desktop-live/refracta install) as well, and AFAICT the culprit is pulseaudio. Removing pulse will prevent their creation but not remove them if they exist, as they are not tracked by dpkg (for extra nastiness).
Whatever ones opinion of pulseaudio, it shouldn't be creating XDG configuration directories in the system root and so long as devuan is shipping it in the default desktop, I absolutely consider this a bug to be fixed.
I don't have a debian install to compare right now, but my suspicion is that this has to do with pulse assuming systemd and doing broken things when started as root by traditional init (i.e. when XDG_FOO isn't set).
#387 Re: Other Issues » [SOLVED] /.config and /.cache with Daedalus » 2023-03-05 18:44:21
home directory
If you read the OP, you'll notice that there are no home directories involved at all, so XDG_HOME_WHATEVER has nothing to do with anything.
The directories in question are /.config and /.cache - i.e. hidden directories in the system root.
I don't have the machine with me ATM (I'll check later), but IIRC I've seen the same with a chimaera install, and only where pulseaudio is involved.
Whether this is a bug or just expected janky behaviour for potteringware, it is, at the least, extremely ugly.
#388 Re: Hardware & System Configuration » Dying machine? » 2023-02-01 06:36:39
how can i debug if the hardware is erroneous?
I'd start by passing 'debug' on the kernel command line and seeing if it spits out anything more useful, then proceed to booting a different operating system to eliminate software entirely.
Most anything will likely do for that, but since the hardware was almost certainly designed to run Windows, as distasteful as it may be that's not a completely terrible option for testing.
As for isolating a hardware fault, the obvious answer would be to try to reproduce the problem in as minimal a configuration as you can. Remove expansion cards and extraneous peripherals, swap or replace PSU, memory modules, that kind of thing.
I don't see a smoking gun in your logs (though I do wonder what exactly pppd is up to at the end there), so a process of elimination would be the next logical step.
Aside, what Altoid said. I have plenty of old hardware, some of it going back to the mid '90s, and it still works just fine.
Assuming something is no good simply because it's old is kinda silly (as is insisting on DOS filename extensions when we have perfectly good magic for that matter).
#389 Re: Other Issues » Scrolling Output in the Console Window » 2023-01-24 20:43:38
It's been enabled by default since stretch, at least for the GNOME desktop.
I was unaware that it's enabled by default now, but then I would be, because "expert" mode netinstalls with --no-recommends, and, well, GNOME *shudder*.
#390 Re: Other Issues » Scrolling Output in the Console Window » 2023-01-24 20:33:23
What could possibly go wrong?
IME, very little. unattended-upgrades has been available (as opposed to mandatory, ala microsoft) in debian and derivatives for as long as I can remember, and I have several machines that have been running it for well over a decade without any drama (with one notable recent exception, but that was a "devuan shipped nonfunctional configs", not "unattended-upgrades ate my lunch").
I probably wouldn't bother with it on a desktop pc, but for headless boxes, especially if you have many headless boxes you can't be arsed updating manually one at a time (or remembering they exist for that matter), it's pretty dang handy.
Scrolled up and down on the local console and it works again.
Wait, what? Are you telling me that this stupid "nobody uses TTYs any more" regression has actually been fixed?
#391 Re: Devuan » My fears about the /usr merge » 2023-01-24 19:40:31
may or may not be in line with a users best interests.
Oh don't be silly, redhat knows your best interests, and they're working hard to turn that nasty open-source "bazaar" of disorganised, quarrelsome nerds and their toys into a shiny, polished, corporate friendly product you can be proud to use. Trust me, you're going to absolutely love it (or else...)
*begins countdown for this "warning" becoming a hard-nope, complete with another asinine "Gentoo folks, this is your wakeup call." from some droid over at freedesktop.org*
#392 Re: Devuan » My fears about the /usr merge » 2023-01-24 07:26:01
for people like me it just gives *many* more opportunities to fuck things up.
Stick to the profile defaults then, and it's just Arch with more waste heat and fewer linking problems. @preserved-rebuild goes "Brrr"
As for broken compilers... Well, if you want to break your compiler that's optional as well.
#393 Re: Devuan » My fears about the /usr merge » 2023-01-24 06:17:10
fundamentally broken
Fundamentally broken if you run systemd perhaps. On sane distros (such as gentoo), /usr on it's own partition is just one of a great many possible configurations, in this case filed under "may require an initrd, won't work with systemd, not recommended for newcomers".
split-usr is just another USE flag, and it's up to the end-user to determine whether or not it's set. As it should be.
The same goes, of course, for systemd itself.
As of this moment, a couple of applications I use still have file-collisions (in this case upstream binary names) with a symlinked /bin/, so I'll flip that flag when (and if) I'm good and ready.
I notice a large percentage of the "in-comprehensive list of software" in that link you posted appear to be products of the redhat/LP/gnome/freedesktop cabal... Purely coincidental I'm sure.
#394 Re: Installation » why this solution not working on Devuan Chimaera? » 2023-01-24 05:49:54
Another prime example of why I'm not being nice any more. ^
If you want people to help you, ragging on the distro for not supporting the weird crap you're trying to do really isn't the way.
You come in here with an attitude like that, you're liable to get the same right back.
Reporting people who call you out is just another nail in the coffin, particularly if you're so childish as to make an exhibition of it. We don't owe you anything, and neither does Devuan - it even states such right there in the console when you log in.
#395 Re: Hardware & System Configuration » [SOLVED] nginx modules-available error » 2023-01-21 18:43:30
I misread this thread as installing the module to populate defaults rather than merely using it because the OP wanted it.
One of many reasons to read the manuals rather than just copying random things from stackoverflow...
#396 Re: Hardware & System Configuration » [SOLVED] nginx modules-available error » 2023-01-21 18:23:36
include /etc/nginx/modules-enabled/realupnow.conf;
Well yeah, obviously. If you tell nginx to incude a file, it's going to try to load it, and it's going to bitch if it doesn't exist.
modules-enabled should (IIRC, I actually run apache, but the config directory layout is much the same, it's a Debian thing) contains symlinks to files in modules-available, which in turn contain load_module directives pointing at dynamic module .so files.
Only you can explain the presence of that include line, it's certainly not in any default configuration shipped with Devuan.
Am I correct that I need to install nginx-module-geoip?
That depends on whether or not you want to use module-geoip, no? I can't make that determination for you.
Ed. Since we're playing the edit game...
WDYT?
I think you should slow down, and go read the nginx manuals instead of jumping on random stackexchange and reddit posts.
Aside, while having your site definition in modules-enabled might work if you include it from some other config, it's pretty high on the list of "things that will cause a bunch of gratuitious confusion in about 2 hours time". Put it where it's supposed to go.
#397 Re: Hardware & System Configuration » [SOLVED] nginx modules-available error » 2023-01-21 17:59:58
As you haven't told us what's in that file, I suppose I have to guess...
Going by your previous threads, perhaps it's the site definition for something you're trying to serve on the domain realupnow.com? If that is case, it's simply in the wrong directory, and the only explanation I can think of is that somebody put it there...
#398 Re: Installation » "target_home" dir after installation? » 2023-01-21 10:08:16
why i cant here do the same?
As HoaS implied in the very first reply to this thread, you can. With the not-refracta bootable install image.
If you insist on using the live image, a workaround has already been suggested.
Complaining about a missing feature in refracta installer achieves nothing. If you really want it, nobody is stopping you from implementing it yourself.
#399 Re: Installation » why this solution not working on Devuan Chimaera? » 2023-01-20 04:33:38
solution for normal distros but not for "knee develop" semi working devuan
ROFL. Devuan not including out-of-tree kernel patches for fossilised proprietary drivers is not a bug. Go hassle Nvidia to fix their trash.
All your threads are this same BS. Vague problem descriptions with insufficient debugging information, pigheaded insistence on doing things some $other_os way, then a bunch of complaining when you inevitably break your install. I'm done trying to help you, you just don't listen.
Bye now, have fun. I await your next reinstall thread with bated breath (and popcorn).
#400 Re: Installation » why this solution not working on Devuan Chimaera? » 2023-01-19 03:15:40
Because following some random blog post and using third-party executable installers rather than the repos is a sure-fire way to mess up your install?
The debian documentation and discussion boards are replete with warnings not to do this, and for good reason.
Other than that, if you want help you will need to provide a whole lot more information (with command output and such in code tags, not blurry screenshots) than just "why not working". Nobody here is psychic, and I for one am all out of patience for guessing games.
Board footer
