Bug#818065: console-setup is not read correctly at boottime and must be started manually
This happened to me as well, check if a slight change to the systemd unit file helps: /lib/systemd/system/console-setup.service RequiresMountsFor=/usr /tmp i.e. add /tmp My /tmp is mounted as tmpfs so that could pose a problem. After changing this line console-setup seems to start normally during the boot up. On Sat, 26 Nov 2016 18:55:59 +0100 Nicolas LE CAM wrote: > Package: console-setup > Version: 1.153 > Followup-For: Bug #818065 > > Dear Maintainer, > > *** Reporter, please consider answering these questions, where appropriate *** > > * What led up to the situation? > * What exactly did you do (or not do) that was effective (or > ineffective)? > * What was the outcome of this action? > * What outcome did you expect instead? > > *** End of the template - remove these template lines *** > > MIME-Version: 1.0 > Content-Transfer-Encoding: 8bit > Content-Type: text/plain; charset="UTF-8" > From: Nicolas LE CAM > To: Debian Bug Tracking System <818...@bugs.debian.org> > Subject: Re: console-setup is not read correctly at boottime and must be started > manually > Bcc: Nicolas LE CAM > > Package: console-setup > Version: 1.153 > Followup-For: Bug #818065 > > Dear Maintainer, > > Same problem here, I'm not sure if it's exactly the same cause though. > > In my case it seems to be a problem with /tmp availability or writability so also related to bug #620491 except this one was happening with sysvinit and is marked fixed. > > $ systemctl status console-setup.service > ● console-setup.service - Set console font and keymap > Loaded: loaded (/lib/systemd/system/console-setup.service; enabled; vendor preset: enabled) > Active: failed (Result: exit-code) since Sat 2016-11-26 18:17:30 CET; 14min ago > Process: 386 ExecStart=/lib/console-setup/console-setup.sh (code=exited, status=1/FAILURE) > Main PID: 386 (code=exited, status=1/FAILURE) > CPU: 393ms > > nov. 26 18:17:30 rio systemd[1]: Starting Set console font and keymap... > nov. 26 18:17:30 rio console-setup.sh[386]: /bin/setupcon: 866: /bin/setupcon: cannot open /tmp/tmpkbd.LsV4Kk: No such file > nov. 26 18:17:30 rio systemd[1]: console-setup.service: Main process exited, code=exited, status=1/FAILURE > nov. 26 18:17:30 rio systemd[1]: Failed to start Set console font and keymap. > nov. 26 18:17:30 rio systemd[1]: console-setup.service: Unit entered failed state. > nov. 26 18:17:30 rio systemd[1]: console-setup.service: Failed with result 'exit-code'. > > Executing /lib/console-setup/console-setup.sh in the console seems to fix the problem, no more errors reported afterwards : > > $ systemctl status console-setup.service > ● console-setup.service - Set console font and keymap > Loaded: loaded (/lib/systemd/system/console-setup.service; enabled; vendor preset: enabled) > Active: active (exited) since Sat 2016-11-26 18:32:54 CET; 14min ago > Process: 340 ExecStart=/lib/console-setup/console-setup.sh (code=exited, status=0/SUCCESS) > Main PID: 340 (code=exited, status=0/SUCCESS) > Tasks: 0 (limit: 4915) > Memory: 0B
Bug#879106: debian-installer-utils: "list-devices disk" should consider persistent memory block devices
Package: debian-installer-utils Version: 1.119 Severity: normal Tags: d-i Dear Maintainer, When booting an .iso image via HTTP boot from UEFI, the .iso image will be exposed to the OS as a ramdisk via the ACPI NFIT table, and will be picked up by the existing NFIT code in the kernel, which will expose it as a /dev/pmemXXX device. For example, # blkid /dev/pmem0: UUID="2017-10-17-14-41-11-00" LABEL="ISOIMAGE" TYPE="iso9660" Currently, debian-installer will fail to find this block device, and complain that the installer media cannot be found. Please add support for pmemXXX block device nodes to list-devices so that they may be found automatically when using HTTP boot to install. -- Ard. -- System Information: Debian Release: 9.1 APT prefers stable APT policy: (500, 'stable') Architecture: arm64 (aarch64) Kernel: Linux 4.14.0-rc4-00014-g981584ed1827 (SMP w/24 CPU cores; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
Bug#879130: empty mirror list on non released architectures
Package: choose-mirror
Version: 2.82
Severity: whishlist
Tags: patch
X-Debbugs-CC: "Helge Deller" , "John Paul Adrian Glaubitz"
, "James Clarke"
Dear Maintainer,
The following is a reformulation of a previous bug
report by Helge Deller [1].
The mirror list for non released architectures is empty -
"manual selection" is the only choice available.
The patch below make use of the 'Ports-architecture' fields
in the mirror masterlist to create a non empty mirror list.
A file 'port_architecture' is created on non released architectures
for the use of other packages.
Regards,
JH Chatenet
[1] : http://lists.debian.org/debian-boot/2017/05/msg00029.html
--- a/Makefile
+++ b/Makefile
@@ -79,6 +79,7 @@
debian/httplist-countries: $(MASTERLIST) debian/iso_3166.tab
./mirrorlist httplist $^
+ # As a side effect, a file 'port_architecture' is created on non
released architectures
debian/httpslist-countries: $(MASTERLIST) debian/iso_3166.tab
./mirrorlist httpslist $^
--- a/debian/clean
+++ b/debian/clean
@@ -1 +1,2 @@
debian/choose-mirror-bin.templates
+port_architecture
--- a/debian/rules
+++ b/debian/rules
@@ -26,3 +26,10 @@
./sort-templates
# Make sure templates are not obviously broken (#834383):
[ ! -d debian/choose-mirror-bin/DEBIAN ] || grep -qs '^Template:'
debian/choose-mirror-bin/DEBIAN/templates
+
+override_dh_auto_install:
+ dh_auto_install
+ # Expose the file 'port_architecture' for the use of other packages
+ifneq (,$(filter choose-mirror-bin, $(shell dh_listpackages)))
+ if test -e port_architecture; then install -D -m 0644 port_architecture
debian/choose-mirror-bin/usr/lib/choose-mirror/port_architecture; fi
+endif
--- a/mirrorlist
+++ b/mirrorlist
@@ -104,12 +104,35 @@
$data[$id]->{rating}=$rating;
}
+# Defaults for released architectures
+my $archive_archlist = 'archive-architecture';
+my $archive_type = "archive-$type";
+
+# Is $hostarch a port architecture ?
+# Such architectures appear in a Ports-architecture: field
+# As an exception, deb.debian.org carries port architectures but has no
Ports-architecture: field
+foreach my $id (0..$#data) {
+ if (exists $data[$id]->{'ports-architecture'} &&
+ $data[$id]->{'ports-architecture'} ne "any") {
+ my @arches = split ' ', $data[$id]->{'ports-architecture'};
+ my %arches = map { $_ => 1 } @arches;
+ if (exists $arches{$hostarch} or exists $arches{'!'.$hostarch})
{
+ $archive_archlist = 'ports-architecture';
+ $archive_type = "ports-$type";
+ open(PORTARCHITECTURE,"> port_architecture") || die
"Unable to write port_architecture\n";
+ print PORTARCHITECTURE "1";
+ close PORTARCHITECTURE;
+ last;
+ }
+ }
+}
+
# Filter out mirrors that don't carry the target architecture.
my @newdata;
foreach my $id (0..$#data) {
- if (exists $data[$id]->{'archive-architecture'} &&
- $data[$id]->{'archive-architecture'} ne "any") {
- my @arches = split ' ', $data[$id]->{'archive-architecture'};
+ if (exists $data[$id]->{$archive_archlist} &&
+ $data[$id]->{$archive_archlist} ne "any") {
+ my @arches = split ' ', $data[$id]->{$archive_archlist};
if (grep /^!/, @arches) {
my %notarches = map { substr($_, 1) => 1 } grep /^!/,
@arches;
next if exists $notarches{$hostarch};
@@ -124,9 +147,11 @@
if ($type =~ /(.*)list/) {
my $type=$1;
+ $archive_type =~ s/list$//;
+
open (LIST, ">debian/${type}list-countries") or die
"debian/${type}list-countries: $!";
foreach my $id (0..$#data) {
- next unless exists $data[$id]->{"archive-$type"} and
+ next unless exists $data[$id]->{$archive_type} and
exists $data[$id]->{country};
my $cc = $data[$id]->{country};
die "Error: country code '$cc' does not occur in iso-3166 table"
@@ -154,13 +179,13 @@
else {
$cc=$q.$data[$id]->{country}.$q;
}
- next unless exists $data[$id]->{"archive-$type"} and defined
$cc;
- if (! exists $data[$id]->{'archive-architecture'}) {
- print STDERR "warning: missing archive-architecture for
mirror ".$data[$id]->{site}."; assuming it contains all architectures.\n";
+ next unless exists $data[$id]->{$archive_type} and defined $cc;
+ if (! exists $data[$id]->{$archive_archlist}) {
+ print STDERR "warning: missing
(archive|ports)-architecture for mirror ".$data[$id]->{site}."; assuming it
contains all architectures.\n";
}
print OUT "\t{",
join(", ", $q.$
Processed: Change severity to wishlist
Processing commands for cont...@bugs.debian.org: > severity 879130 wishlist Bug #879130 [choose-mirror] empty mirror list on non released architectures Severity set to 'wishlist' from 'normal' > End of message, stopping processing here. Please contact me if you need assistance. -- 879130: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879130 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#879145: net-retriever doesn't pull udebs from the 'unreleased' distribution
Package: net-retriever
Version: 1.44
Severity: wishlist
Tags: patch
X-Debbugs-CC: "Helge Deller" , "John Paul Adrian Glaubitz"
, "James Clarke"
Dear Maintainer,
net-retriever pulls udeb packages from one sole suite
(the one registered in mirror/udeb/suite).
Non released architectures from www.debian-ports.org may store
some udebs in the suite 'unreleased' too. These are currently
neglected by net-retriever.
The patch below enables the use of both suites by net-retriever
on non released architectures. (A file 'port_architecture'
should be created previously by another package, e.g.
choose-mirror-bin. See #879130)
Regards,
JH Chatenet
--- a/net-retriever
+++ b/net-retriever
@@ -84,31 +84,9 @@
exit 1
}
-cmd="$1"
-shift
-
-case "$cmd" in
-retrieve)
- fetch "$@"
- exit $?
- ;;
-
-packages)
- rm -f "$1"
- touch "$1"
-
- # Setting codename to a suite is not very nice, but can do no harm
- if ! db_get mirror/udeb/suite || [ -z "$RET" ]; then
- if [ -f /etc/udebs-source ]; then
- RET=$(cat /etc/udebs-source)
- else
- db_get mirror/codename
- fi
- fi
- codename="$RET"
-
+get_packages () {
Release="/tmp/net-retriever-$$-Release"
- fetch "dists/$codename/Release" "$Release" || exit $?
+ fetch "dists/$codename/Release" "$Release" || return $?
# If gpgv and a keyring are installed, authentication is
# mandatory by default.
if type gpgv >/dev/null && [ -f "$keyring" ]; then
@@ -157,6 +135,43 @@
break
done
done
+
+ return $ret;
+}
+
+cmd="$1"
+shift
+
+case "$cmd" in
+retrieve)
+ fetch "$@"
+ exit $?
+ ;;
+
+packages)
+ rm -f "$1"
+ touch "$1"
+
+ # Setting codename to a suite is not very nice, but can do no harm
+ if ! db_get mirror/udeb/suite || [ -z "$RET" ]; then
+ if [ -f /etc/udebs-source ]; then
+ RET=$(cat /etc/udebs-source)
+ else
+ db_get mirror/codename
+ fi
+ fi
+ codename="$RET"
+
+ get_packages "$1" || exit $ret
+
+ if [ -e /usr/lib/choose-mirror/port_architecture ]; then
+ # Port architectures use both suites 'unstable' and 'unreleased'
+ # We append the 'Packages' file from 'unreleased' to the one
from 'unstable'
+ # We don't require the availability of 'unreleased'
+ codename="unreleased"
+ get_packages "$1"
+ fi
+
exit $ret
;;
Bug#879147: debian-ports support when installing the kernel and extra packages
Package: base-installer
Version: 1.171
Severity: wishlist
Tags: patch
X-Debbugs-CC: "Helge Deller" , "John Paul Adrian Glaubitz"
, "James Clarke"
Dear Maintainer,
bootstrap-base installs a kernel and some extra packages as its last
steps ('install_kernel' and 'install_extra').
The patch below enables the use of the 'unreleased' distribution on
non released architectures during these steps. (A file 'port_architecture'
should be created previously by another package, e.g.
choose-mirror-bin. See #879130)
Regards,
JH Chatenet
--- a/library.sh
+++ b/library.sh
@@ -873,6 +873,11 @@
APTSOURCE="$PROTOCOL://$MIRROR$DIRECTORY"
echo "deb $APTSOURCE $DISTRIBUTION $COMPONENTS" > $APT_SOURCES
+
+ if [ -e /usr/lib/choose-mirror/port_architecture ]; then
+ # Port architectures use both suites 'unstable' and
'unreleased'
+ echo "deb $APTSOURCE unreleased $COMPONENTS" >>
$APT_SOURCES
+ fi
fi
}
Bug#879151: debian-ports support when setting up sources.list
Package: apt-mirror-setup Version: 0.129 Severity: wishlist Tags: patch X-Debbugs-CC: "Helge Deller" , "John Paul Adrian Glaubitz" , "James Clarke" Dear Maintainer, apt-mirror-setup currently doesn't create an entry for the 'unreleased' distribution in the file /etc/apt/sources.list on non released architectures. The patch below enables this. (A file 'port_architecture' should be created previously by another package, e.g. choose-mirror-bin. See #879130) Regards, JH Chatenet --- a/generators/50mirror +++ b/generators/50mirror @@ -162,6 +162,14 @@ exit 1 fi +if [ -e /usr/lib/choose-mirror/port_architecture ]; then + # There are no non-free nor contrib repositories + # for non released architectures + db_set apt-setup/non-free false + db_fset apt-setup/non-free seen true + db_set apt-setup/contrib false +fi + STATE=1 while true; do case "$STATE" in @@ -239,6 +247,11 @@ echo "deb $protocol://$hostname$directory $codename $dists" > $file + if [ -e /usr/lib/choose-mirror/port_architecture ];then + # Port architectures use both suites 'unstable' and 'unreleased' + echo "deb $protocol://$hostname$directory unreleased $dists" >> $file + fi + if apt-setup-verify --from $PROGRESS_FROM --to $PROGRESS_TO $file; then done=1 else @@ -261,4 +274,10 @@ deb_src="# deb-src" fi -echo "$deb_src $protocol://$hostname$directory $codename $dists" >> $file +if [ -e /usr/lib/choose-mirror/port_architecture ];then + # Hardcode the default regular debian mirror + # There is no source repository on debian-ports mirrors + echo "$deb_src $protocol://deb.debian.org/debian $codename $dists" >> $file +else + echo "$deb_src $protocol://$hostname$directory $codename $dists" >> $file +fi
Bug#795735: partman-crypto: always encrypt swap
It's a shame that encrypted swap by default hasn't happened yet for debian. As i see it, the three outstanding concerns are: a) source of entropy at boot time b) actual hardware performance c) suspend-to-disk boot time entropy - The linux kernel's getrandom() situation is much better today than it was two years ago. It's actually possible to get blocking bytes when needed early, without forcing yourself into a blocking situation later once the kernel's prng is initialized. See getrandom(2) and random(4) for more details. actual hardware performance --- I suspect the cost is negligible on most hardware today, particularly when compared to the disk I/O. If you're swapping, you're likely to be waiting for the disk, not waiting for the CPU. That said, i agree that users with specialized situations ought to be able to disable this. But the default should still be on. suspend-to-disk --- If the user suspends to disk, then the memory will be written to disk. this is definitely a leak. However, we currently write the memory to disk *without* suspending to disk, so even if we don't handle suspend-to-disk "safely" it's still a win to encrypt swap, because we protect the people who do *not* suspend to disk. So that's the simplest solution to the suspend-to-disk problem: just punt on it for now, and leave that case unprotected. If suspend-to-disk (or rather, resume-from-disk) is the only problem, then we should look for ways to opportunistically take advantage of other non-disk hardware on which we could store any ephemeral keys needed for restoration. For example, on systems with rewritable nvram, it's conceivable that we could suspend to the encrypted volume, and then stash the ephemeral encryption key in nvram. Upon resume, read the key from nvram into main memory, clear the nvram, and restore from the encrypted volume. This isn't perfectly secure (an attacker with both the disk and the nvram can recover your memory from the suspend file) but it is a significant win against an attacker who physically removes the hard disk. So i think we ought to outline the steps that need to be taken to make this happen by default. Which pieces need to be updated, and how? --dkg signature.asc Description: PGP signature
