You are not logged in.
Yes, it was confusing and I chewed on it for quite some time myself. I think he recommended pkgmaster because it is the source for all the other pkg mirrors would eliminate exposure to the many mirrors in the round robin.
OK, i switched my sources.list from deb.devuan.org to pkgmaster.devuan.org i did an apt-get update, I've taken all the possible updates. So, i'll keep eyes open in the APT matter on following.
golinux, thank you for your clarification / suggestions.
BR,
Nili
Hello golinux, thanks for pointing the link out. I read it carefully, but I'm a bit unclear.
Please let me start by explaining my information a bit.
I'm on Devuan 1 (jessie) 32bit
Current apt status:
#! nili ~ $ apt-cache policy apt
apt:
Installed: 1.0.9.8.5
Candidate: 1.0.9.8.5
Version table:
*** 1.0.9.8.5 0
500 http://deb.devuan.org/merged/ jessie-security/main i386 Packages
100 /var/lib/dpkg/status
1.0.9.8.4 0
500 http://deb.devuan.org/merged/ jessie/main i386 Packages
according to CVE-2019-3462 is noted for "jessie-security" have been patched/fixed
Source Package Release Version Status
apt (PTS) jessie (security) 1.0.9.8.5 fixed
My sources.list:
deb http://deb.devuan.org/merged jessie main contrib non-free
deb http://deb.devuan.org/merged jessie-updates main contrib non-free
deb http://deb.devuan.org/merged jessie-security main contrib non-free
deb http://deb.devuan.org/merged jessie-backports main contrib non-free
it is said from KatolaZ
The safest way would actually be to manually download the deb packages of apt from the debian-security pool (more information available below), or to use pkgmaster.devuan.org in your sources.list to do the upgrade (pkgmaster.devuan.org is not a rough mirror...).
^This part is that I'm confused.
I've done APT successfully upgraded to version 1.0.9.8.5 2 via "deb http://deb.devuan.org/merged jessie-security"
Is it necessary for me to switch hosts to "pkgmaster.devuan.org" or make other manual interventions?
Forgive me for my lack of understanding on this part.
BR,
Nili
Hello! I just received an update for package "apt" on Devuan 1 (Jessie)
Start-Date: 2019-01-23 15:02:58
Commandline: apt-get upgrade
Upgrade: apt:i386 (1.0.9.8.4, 1.0.9.8.5), libudev1:i386 (215-17+deb8u8, 215-17+deb8u9), udev:i386 (215-17+deb8u8, 215-17+deb8u9), libapt-pkg4.12:i386 (1.0.9.8.4, 1.0.9.8.5), apt-utils:i386 (1.0.9.8.4, 1.0.9.8.5), libapt-inst1.5:i386 (1.0.9.8.4, 1.0.9.8.5), libjpeg62-turbo:i386 (1.3.1-12, 1.3.1-12+deb8u1)
End-Date: 2019-01-23 15:03:20
I usually look at DSA for specific packages to read more about the update.
For this APT update, Noticed that an intervention is required:
Since the vulnerability is present in the package manager itself, it is recommended to disable redirects in order to prevent exploitation during this upgrade only, using:
apt -o Acquire::http::AllowRedirect=false update
apt -o Acquire::http::AllowRedirect=false upgrade
I mean, Does it apply to us Devuan users as well?
I ask this question because doing those commands is associated by a notice, (located inside the above DSA link).
So far, I have not done any action except updating APT.
Any advice/info would clarify a bit more about this security advisory.
Thank you for your attention.
BR,
Nili
What app are you using for the topbar, and can you post/link to a config? It looks great.
It's simple conky-std.
Posted on BL Forum. For conky i used:
-Font Iosevka (download)
-hddtemp
-lm-sensors
Thank you siva!
@ Nili: STAR and CROWZ both use the JWM setup similar to Manjaro, where the configuration files are in usr/.config/jwm.
Not sure if this was what you were describing as your attempt.
cheers
zephyr
@zephyr , please forgive me, just now i've caught your message. Yes, that's what i mean, if STAR/CROWZ have similar JWM configs it must be excellent for those that are looking for minimalistic stack WM also a nice view of JWM.
Hello! Today I found that during the update process libuuid-perl wants to be removed.
#! nili ~ $ update
Hit http://pkgmaster.devuan.org jessie InRelease
Hit http://pkgmaster.devuan.org jessie-updates InRelease
Hit http://pkgmaster.devuan.org jessie-security InRelease
Hit http://pkgmaster.devuan.org jessie-backports InRelease
Hit http://pkgmaster.devuan.org jessie/main i386 Packages
Hit http://pkgmaster.devuan.org jessie-updates/main i386 Packages
Hit http://pkgmaster.devuan.org jessie-security/main i386 Packages
Hit http://pkgmaster.devuan.org jessie-backports/main i386 Packages
Ign http://pkgmaster.devuan.org jessie/main Translation-en_US
Ign http://pkgmaster.devuan.org jessie/main Translation-en
Ign http://pkgmaster.devuan.org jessie-updates/main Translation-en_US
Ign http://pkgmaster.devuan.org jessie-updates/main Translation-en
Ign http://pkgmaster.devuan.org jessie-security/main Translation-en_US
Ign http://pkgmaster.devuan.org jessie-security/main Translation-en
Ign http://pkgmaster.devuan.org jessie-backports/main Translation-en_US
Ign http://pkgmaster.devuan.org jessie-backports/main Translation-en
Reading package lists... Done
#! nili ~ $ upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... The following package was automatically installed and is no longer required:
libuuid-perl
Use 'apt-get autoremove' to remove it.
Done
The following packages will be upgraded:
linux-base
1 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 19.7 kB of archives.
After this operation, 46.1 kB disk space will be freed.
Do you want to continue? [Y/n] n
Abort.
This is my sources list:
deb http://pkgmaster.devuan.org/merged jessie main
deb http://pkgmaster.devuan.org/merged jessie-updates main
deb http://pkgmaster.devuan.org/merged jessie-security main
deb http://pkgmaster.devuan.org/merged jessie-backports main
First time I see such a thing on the stable, A few ago when actively when i used testing, I faced very often similar situations that came out as temporary bug.
Is it a bug that I just have to wait? OR let it go libuuid-perl? To me it seems not look like a simple package that i should let out. From Debian DSA there is no news for this.
Do someone know anything about this case?
Thank you!
System runs...:
Devuan GNU/Linux 1 (jessie)
Linux coeurlinux 3.16.0-4-686-pae #1 SMP Debian 3.16.51-3 (2017-12-13) i686 GNU/Linux
P.S. update/upgrade command shortened it as alias on .bashrc.
alias update="sudo apt-get update"
alias upgrade="sudo apt-get upgrade"
Edit: Found this SECURITY THREAD about this case.
I gave the update linux-base, removed libuuid-perl and installed again. Currently it seems quiet, i'll look at it later.
This thread is solved! Thank you for the attention.
Nili
Today i messed with JWM aswell, i was a bit overjoyed. I got something made, but I was not that happy at the end.
I wanted to do something similar to the JWM-Manjaro. Those Manjaro-Guru's are too cool with JWM
I'm not very familiar with this stack WM, i even forgotten Openbox config after a long time with tiles.
After wiping out JWM, back on Openbox
Heavy inspired by addy-dclxvi, i even use one of his Openbox theme, slightly modified for my needs.
Qogir Gtk Theme Really great GTK2/3 theme, based on Arc gtk by horst3180.
Rest: tint2, conky-std, compton & obmenu.
Congrat for your scrots
Damn! i missed this thread, Congrats to the lucky ones
Congratulation and thanks for everything you have done.
@ivanovnegro Hi mate, Welcome! Glad to have you here and thanks for sharing your first impressions
Enjoy and Best regards!
Congratulation! Thank you for all the dedicated time and efforts!
You're absolutely right wdq, Sorry for the noise mate, i was stupid talking general specific infos of my customs on your thread.
Edit: I just cleaned the wasted generated by me.
Congratulation on your OS!
Regards!
Indeed i don't have "linux-image-686-pae" installed. I have installed right, got the update itself. Thanks
Yes, i use GRUB, but don't have multiple OS's installed.
I only have plain Jessie Devuan NETINS customized that listen fine on GRUB settings.
I consider solved my request regarding Kernel Security Update. Thanks GNUser for explained and suggested
Thanks for asking GNUser!
Sure...
console-setup-linux 1.123
libselinux1:i386 2.3-2
linux-base 3.5
linux-image-3.16.0-4-686-pae 3.16.51-3
util-linux 2.26.2-6+devuan1
util-linux-locales 2.25.2-6
Hello!
Debian released an Security Update for Linux Kernel Image on 01 May 2018
I believe we should taken it sometime later, today is the second day but i still see "0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded." on my console.
Debian said :
For the oldstable distribution (jessie), these problems have been fixed in version 3.16.56-1
While i am still on :
Linux kernel 3.16.0-4-686-pae #1 SMP Debian 3.16.51-3 (2017-12-13) i686 GNU/Linux
This absence has any reason?
This is my sources list
deb http://pkgmaster.devuan.org/merged/ jessie main non-free contrib
deb-src http://pkgmaster.devuan.org/merged/ jessie main non-free contrib
# jessie-security, previously known as 'volatile'
deb http://pkgmaster.devuan.org/merged/ jessie-security main contrib non-free
deb-src http://pkgmaster.devuan.org/merged/ jessie-security main contrib non-free
# jessie-updates, previously known as 'volatile'
deb http://pkgmaster.devuan.org/merged/ jessie-updates main contrib non-free
deb-src http://pkgmaster.devuan.org/merged/ jessie-updates main contrib non-free
# Devuan repositories
deb http://packages.devuan.org/merged jessie main contrib non-free
deb-src http://packages.devuan.org/merged jessie main contrib non-free
Usually i have taken immediately the security updates it never lasted two days.
Thanks for your feedback.
Edited: cleared i686 from title
Nili
Thanks for the explanation that i expected greenjeans.
Thought what they're for? fortunately not pulse, gtk3 or other undesirables imposed by force from Debian campus.
That's good for me.
Quite right when you say, not everything can be installed if we don't want. So we keep the weight under control.
Kernel 4.9 (stretch) can't have the same size as 3.16 (jessie) after so many years. So the size changes is understandable.
In fact, I had imagined a few possibility but I doubted, so I asked
I prefer to install the CLI WAY during installation (old method of advanced).
I never select anything on the tasksel. I use startx, window manager and other individual tools required to start and use.
Maybe it's time to look at Refracta-Snapshot to check what can i do with it. Thanks!
I will try to take a look for Devuan Ascii.
You've given me the answers and the suggestions i wanted to know.
Thank you for finding time for me.
All the best,
Regards!
Nili
Forgive me for this question but I am obliged to do it to take out my curiosity
What have been changed or added that weight of NETINST ISO? has moved to 70MB more than Jessie? I have no problem with weight, but my concern is things that are inside. So, i want to know what's the difference of
Jessie-ISO
devuan_jessie_1.0.0_i386_NETINST.iso 24-May-2017 00:16 267M
to Ascii-ISO
devuan_ascii_2.0.0-beta_i386_NETINST.iso 13-Feb-2018 11:58 340M
What other support are added, Wayland, Vulkan, GTK3 with those 70MB?
Personally I would like a Devuan ISO 100MB where i can build it myself. 340MB is more heavy than LinuxBBQ, antiX or other minimal distro those two are almost completed distro.
antiX core is only 156.00 MB. NETINST Devuan is core too but 340MB?
If this trend is ever in growing, for me it is not as minimal as it is said. I have a doubt that a python 3 is added, because i remember when i tried Debian stretch month ago was set, maybe i am wrong on Devuan Ascii. No problem with python3 but we're on minimal ISO, if i want something enough to install myself. I think some packages are better to be forced set as rec instead of dep. Or, maybe it's the Debian way to blame for the fat ISO on each release.
You are doing wonderful works preventing many unrighteous things, i am glad to use Devuan Jessie.
A lighter ISO it would be fantastic and ideal.
Thank you!
Best regards!
Nili
I use steve blacks hosts file as well, fantastic resource. Ive not heard of yhonay adblocks hosts, will have to check that out.
I also use a customized user.js and ublockO.
There was a good conversation @StevenBlack/hosts for this host.
Also updated frequently. I was there and caught it. Since then, i regularly use them
Of course they do not have the ability to block host on real time like proper ad-block with menu (right/left-click "block it!"),
But we can do pretty much blockages manually @hosts with IP aswell. Also this technique i find lighter for my browser or system resources.
Pale Moon for Linux release binaries
http://linux.palemoon.org/download/mainline/
I use ^this host for my copy, of course by choosing the architecture. Extract and run from a $HOME directory.
https://github.com/StevenBlack/hosts
https://github.com/Yhonay/antipopads
StevenBlack & Yhonay adblocks by using hosts@etc. Efficient enough for my purposes.
about:config?filter=/^javascript.enable/
Block javascript with double-click, enough to create a shortcut-link to Bookmar Toolbar.
Navigating with JavaScript disabled by set the value "false".
#find how many linux images are installed on the system.
dpkg -l | grep linux-image
I use it for many years 3.16 series. Very pleased and I say to go up to end of LTS with it.
ii linux-image-3.16.0-4-686-pae 3.16.51-2 i386 Linux 3.16 for modern PCs