^ Very nice Nili.

New Debian bullseye system:

I have to use the Liquorix kernel to get my RTL8852AE wireless card working so I'm generating a unified kernel image from it and signing that with my own SecureBoot key using this script:

#!/bin/sh -e

dir=/etc/secureboot
keys=$dir/keys/db
image=debian.efi
esp=/efi
splash=$dir/splash.ppm
kernel=$(readlink -f /vmlinuz)
initrd=$(readlink -f /initrd.img)

echo 'Creating unified kernel image...'

objcopy \
   --add-section .osrel="/etc/os-release" --change-section-vma .osrel=0x20000 \
   --add-section .cmdline="/etc/kernel/cmdline" --change-section-vma .cmdline=0x30000 \
   --add-section .splash="$splash" --change-section-vma .splash=0x40000 \
   --add-section .linux="$kernel" --change-section-vma .linux=0x2000000 \
   --add-section .initrd="$initrd" --change-section-vma .initrd=0x3000000 \
   /usr/lib/systemd/boot/efi/linuxx64.efi.stub /tmp/"$image"

echo 'Unified kernel image created'

sbsign \
   --key "$keys"/DB.key \
   --cert "$keys"/DB.crt \
   --output "$esp"/"$image" \
   /tmp/"$image"

echo 'Kernel image signed'

rm /tmp/"$image"

echo 'All done :-)'

^ That's saved to /usr/local/bin/gen_unified with the script called in /etc/kernel/postinst.d/zz-secureboot & /etc/initramfs/post-update.d/zz-secureboot so it's applied whenever the kernel or initramfs is changed.

Microsoft, Debian & Ubuntu keys won't boot on this machine :-)

Well I can't reproduce the problem so I can't help. I have no problem installing packages in my test container.

EDIT: and I've just installed a new Debian bullseye system from Alpine using a similar method. Everything works fine.

Note that the ctrl_interface & update_config lines are only needed for the wpagui application.

It's probably best the delete the un-hashed (commented) psk lines from the wpa_supplicant.conf network stanzas to prevent casual snooping. The hash is unsalted and so trivial to reverse but it's better than nothing.

I would actually recommend iwd over wpa_supplicant because it handles roaming better, it's more secure with a smaller code base and it has fewer dependencies. The only caveat with Devuan is that the orphan-sysvinit-scripts package is needed and the init script needs to be copied over and enabled manually as per https://dev1galaxy.org/viewtopic.php?id=4865.

See https://wiki.debian.org/WiFi/HowToUse#Using_IWD & https://wiki.archlinux.org/title/Iwd for usage guides; iwd does not use /etc/network/interfaces or ifupdown at all.

Debian do not recommend those tools and I have seen quite a few problem threads over at forums.debian.net caused by Rufus not burning images correctly.

The recommended technique is

cp devuan.iso /dev/sdX ; sync

Reference: https://www.debian.org/CD/faq/index.en.html#write-usb

Why have you recommended two different sizes for the BIOS boot partition? I use sectors 34-2047 because they should be free in any correctly-aligned disk. Note that the BIOS boot partition should *not* have a filesystem applied.

What about the swap line? You seem to have missed that.

Simpler version:

grep '^/dev' /proc/self/mounts > /etc/fstab

^ That will only copy lines starting with /dev to /etc/fstab. Note that /proc/mounts is a symlink to /proc/self/mounts so it's probably best to use the latter.

And I still think you should at least mention the existence of genfstab(8) for people who are used to installing Arch and don't want to manually edit fstab. The same goes for arch-chroot(8) as an alternative to manual mounting & chrooting.

As I mentioned in your last thread security updates should not be considered optional. They are absolutely essential for users of the stable release.

Windows should *always* be set to UTC. There is no reason whatsoever to force Devuan to use localtime. See my ArchWiki link in your last thread for the Registry hack needed to correct Windows' time standard.

The --target option is irrelevant in Devuan because it supplies separate GRUB packages for UEFI & non-UEFI systems. The UEFI version of GRUB presumes that the EFI system partition is mounted under /boot/efi and the ID defaults to "Devuan" for SecureBoot to work.

And anyway it's better to use dpkg to set the bootloader options so that they are saved in the debconf database and re-applied after the bootloader package is updated.

So for non-UEFI systems use

apt install grub-pc
dpkg-reconfigure grub-pc

And for UEFI systems use

apt install grub-efi-amd64
dpkg-reconfigure grub-efi-amd64

There is also a grub-efi-ia32 package for machines with 32-bit UEFI firmware.

iwd is better than wpasupplicant but it does need the init script supplied by the orphan-sysvinit-scripts package.

elogind should handle all permissions for access to input, audio and video hardware. Adding users to those groups should be considered a security risk and so is probably not advisable.

The disk group membership is root-equivalent, please do not recommend that.

The games group is for games to record high scores, users are not supposed to be added to that group at all.

Devuan's sudo is already configured to grant access to users in the sudo group so why not just use that instead?

And finally can you please use code tags to display commands rather than italics? It would make the guide easier to follow. The board also offers list tags that you can use instead of copy & pasting bullet points manually.

All the Devuan installer will do is add a new directory to the EFI system partition and add a new boot entry to the top of the list in the motherboard NVRAM. You can always re-instate the Void GRUB menu by placing it at the top instead:

efibootmgr -o xxxx,yyyy

Replace xxxx & yyyy with the boot numbers for Void & Devuan, respectively. Running efibootmgr with no arguments will list the current NVRAM boot entries and their order.

Tomorrow by Chris Beckett. I think the library tried to trick me by putting it in the sci-fi section but it seems to be "proper" literature. Still an interesting read though, I might even finish it.

The relevant configuration line is

fullscreen_key="F11"

Have you tried F11? I bind it to ` instead for that Quake console feel :-)

The OP can add a custom menuentry in Void for Devuan that boots from the /vmlinuz & /initrd.img symlinks in the Devuan root partition that always point to the latest version:

menuentry 'Devuan' {
   search.fs_uuid $uuid
   linux /vmlinuz ro quiet root=UUID=$uuid
   initrd /initrd.img
}

Replace $uuid with the actual (filesystem) UUID of the Devuan root partition and put that stanza at the end of the file at /etc/grub.d/40_custom in Void then run this command in Void:

# grub-mkconfig -o /boot/grub/grub.cfg

Carole Cadwalladr[0]'s tweet about the Great Information War:

https://twitter.com/carolecadwalla/stat … 6548013062

[0] The Guardian journalist who helped expose the Facebook-Cambridge Analytica story.

Back in GNOME:

Online accounts are integrated. I feel dirty.

I think so, yes.

Looks like Synaptic & apt-mark both use the dpkg database whereas apt & apt-get will check the pinning and aptitude will accept either input.