Re: How to find installed packages not in APT?

[Max Nikulin]

On 05/02/2025 02:07, Greg Wooledge wrote:

Start with aptitude(8).  Instead of talking about some "aptitude
reference manual", it should just say "see apt-patterns(7)".


No, it should not. Query languages are similar, but still are not identical

Greg, earlier your noticed that apt list does not support ~P for 
provides. Another example is ~d for description. My quest with getting 
list of packages installed from repositories other than stable (I have a 
few ones from testing) finished with "aptitude search" instead of "apt 
list" query.

Re: SMTP servers

[Tom Browder]

On Tue, Feb 4, 2025 at 11:10 Chris Green  wrote:

> ...

> > Has anyone been able to buy the ebook and convert it to Kindle
> > satisfactorily?
> >
> No, it's one of the reasons I use Kobo readers, they are much more
> friendly to standard format e-publishing.


Thank you very much, Chris--that's what I was afraid of.

But, can your Kobo reader handle the Kindle format?

What model do you recommend?

-Tom

hardware ebook readers (was Re: SMTP servers)

[Jonathan Dowland]

On Tue Feb 4, 2025 at 6:25 PM GMT, Tom Browder wrote:

But, can your Kobo reader handle the Kindle format?

What model do you recommend?


Chiming in: I love my Kobo Libra 2, which I think is now discontinued 
and replaced with the Kobo Libra Colour.


It cannot read the kindle format natively (mobi/azw) but converting from 
one to the other is easy. Calibre (already mentioned) can do it; there's 
also a tool "kepubify" which can improve an ePUB's performance on Kobo 
readers: https://pgaskin.net/kepubify/


Books purchased from Amazon are encrypted with DRM: this can be 
reasonably easily removed with "deDRM" tools that plug into Calibre.


One thing I like about the Kobo is how hackable it is. I've got 
syncthing on mine, so to add a book to it I merely have to copy the file 
to my local folder, and syncthing does the rest.




--
Please do not CC me for listmail.

👱🏻  Jonathan Dowland
✎j...@debian.org
🔗   https://jmtd.net

Re: Encrypted /boot partition gets decrypted twice during boot

[Loren M. Lang]

On Tue, Feb 04, 2025 at 09:52:03AM +0100, to...@tuxteam.de wrote:
> On Tue, Feb 04, 2025 at 12:18:10AM -0800, Loren M. Lang wrote:
> > On Mon, Feb 03, 2025 at 10:39:25PM +, Automætic wrote:
> > > Hi,
> > > 
> > > I'm configuring a new Debian installation on my workstation, with both 
> > > the /boot partition and the root filesystem encrypted:
> > > - /dev/nvme0n1p1 -> /EFI
> > > - /dev/nvme0n1p2 -> LUKS2 (pbkdf2) -> /boot
> > > - /dev/nvme0n1p3 -> LUKS2 -> LVM containing root and other volumes
> > > 
> > > The system boots, but requires entering the /boot password twice:
> > > Once for GRUB, and once again during systemd initialization.
> > 
> > I think the solution is to not encrypt the /boot partition. That
> > partition shouldn't contain anything sensitive on it anyways [...]
> 
> That's what I do currently, but to be fair, this exposes you to
> someone replacing your boot kit by something else (which could,
> for example, record your passphrase and pass it on).

I don't see how this actually adds any security because it will be GRUB
that needs to first ask you for your passphrase and it will be the GRUB
that was loaded from your unencrpyted EFI partition. You've just moved
the goal post on step earlier in the boot process. Without Secure Boot
and possibly some use of the TPM, you can't protect against that.

Now, if the concern is that something might modify the /boot partition
while the OS is loaded then you probably don't want /boot mounted
anyways after GRUB decrypts it and grabs the kernel/initrd/config it
needs. However, you are also already compromised by that point anyways.

/boot should be about as sensitive as EFI is in this model and Secure
Boot can protect both by following the standard chain of signatures for
each file it loads.

> 
> This can also, of course, be mitigated by some secure boot schema
> (provided you control your BIOS -- most of the time it's someone
> else, anyway ;-)
> 
> This has been known by the (somewhat sexist) term "Evil Maid
> Attack" [1].
> 
> It all depends on the threat model(s) you start from.
> 
> Cheers
> 
> [1] https://en.wikipedia.org/wiki/Evil_Maid_attack
> -- 
> t



-- 
Loren M. Lang
lor...@north-winds.org
http://www.north-winds.org/
IRC: penguin359


Public Key: http://www.north-winds.org/lorenl_pubkey.asc
Fingerprint: 7896 E099 9FC7 9F6C E0ED  E103 222D F356 A57A 98FA


signature.asc
Description: PGP signature

Re: WLAN with /etc/network/interfaces

[Cindy Sue Causey]

On Tue, 2025-02-04 at 07:05 +1100, George at Clug wrote:
> Rainer,
> 
> I believe others have responded. 
> 
> Just for my curiosity, Is Network Manager installed?  Would you be
> able to use nmclli to set a static IP address? Or maybe systemctl ?


I was going to respond with something similar yesterday, just couldn't
"find" the words. Today.

$ nmtui

I ended up forced into using network-manager last year when my previous
favorite went the (dinosaur?) way of LILO. Not a clue how I tripped over
nmtui, but it works for me connecting to a personal Netgear WIFI router
hardwired to my Internet service provider.

There's a "man nmtui" for it. I was able to figure it out by randomly
poking and prodding at buttons. Nmtui has worked for me multiple times
when I couldn't connect to the Internet using other, more recogizable
methods found in how-to tutorials online.

It's been working flawlessly for months so I had to poke and prod again
to relearn it. "Edit a connection" offers an "Add" option. My hope is
that something in the resulting dropdown menu will provide a viable fix
here.

Nmtui doesn't specificaly state WLAN in that "Add" dropdown menu. I
still feel confident in posting this because my own battle repeatedly
included WLAN references via e.g. "dmesg|grep rename" which provides my
system's new name for wlan0 (auto-created at boot).

"apt-file find nmtui" shows network-manager brings it in with which is
great if and when that's already installed.

THANK YOU, Developers... yet again! Best wishes...

Cindy :)
-- 
Talking Rock, Pickens County, Georgia, USA
* runs with birdseed! *

Re: How to find installed packages not in APT?

[Mike Castle]

On Tue, Feb 4, 2025 at 4:04 AM Andrew M.A. Cater  wrote:
> apt list '~o'

Where is '~o' documented?  apt(1) mentions dpkg-query, but I couldn't
find it mentioned there either.

I'm pretty sure I've seen it somewhere, but I couldn't find it when I
saw this command mentioned previously in this thread.

mrc

Re: How to find installed packages not in APT?

[Mike Castle]

Also, I don't think there should be any need to run it as root.

And sorry for the bad line wrapping.

Re: SMTP servers

[Tom Browder]

On Fri, Jan 3, 2025 at 12:37 Thomas Anderson <
thomas.ander...@little-beak.com> wrote:

> I also belong to the group of long time mailserver owners. I started it

...

I just bought the hard copy of the new book. I use Kindle also and would
love to buy it, but the author doesn't sell his books in the Kindle format
any more. I have tried converting ebooks to Kindle with varying results.

Has anyone been able to buy the ebook and convert it to Kindle
satisfactorily?

Thanks.

-Tom

Re: How to find installed packages not in APT?

[Greg Wooledge]

On Tue, Feb 04, 2025 at 08:12:42 -0800, Mike Castle wrote:
> On Tue, Feb 4, 2025 at 4:04 AM Andrew M.A. Cater  wrote:
> > apt list '~o'
> 
> Where is '~o' documented?  apt(1) mentions dpkg-query, but I couldn't
> find it mentioned there either.

It's documented as part of "aptitude", I believe, but it's not in the
aptitude(8) man page, because that would be too easy.


includes this paragraph (buried deep, searching for ~ eventually gets
to it):

This command accepts package names or patterns as arguments. If
the string contains a tilde character (“~”) or a question mark
(“?”), it will be treated as a search pattern and every package
matching the pattern will be considered (see the section “Search
Patterns” in the aptitude reference manual).

So apparently you need to find the "aptitude reference manual".  Whatever
that is.  I'm pretty sure it's not anywhere on a Standard installation.

It's not in 
as far as I can see, either.

Maybe it's in
?
Who knows.

Re: How to find installed packages not in APT?

[Andrew M.A. Cater]

On Tue, Feb 04, 2025 at 11:23:58AM -0500, Greg Wooledge wrote:
> On Tue, Feb 04, 2025 at 08:12:42 -0800, Mike Castle wrote:
> > On Tue, Feb 4, 2025 at 4:04 AM Andrew M.A. Cater  
> > wrote:
> > > apt list '~o'
> > 
> > Where is '~o' documented?  apt(1) mentions dpkg-query, but I couldn't
> > find it mentioned there either.
> 
> It's documented as part of "aptitude", I believe, but it's not in the
> aptitude(8) man page, because that would be too easy.
> 

It's documented as part of aptitude and apt, yes.

> 
> includes this paragraph (buried deep, searching for ~ eventually gets
> to it):
> 
> This command accepts package names or patterns as arguments. If
> the string contains a tilde character (“~”) or a question mark
> (“?”), it will be treated as a search pattern and every package
> matching the pattern will be considered (see the section “Search
> Patterns” in the aptitude reference manual).
> 

I think it's just searching for a status matching ?o - so that matches
"obsolete", for example.

Trying it with '~i' gives you everything that is i[nstalled], by comparison.
That's a long list, going down to zstd.

aptitude list -h gives you more help detail.

Hope this helps - all the best, as ever,

Andrew Cater
(amaca...@debian.org)

> 

Re: How to find installed packages not in APT?

[Mike Castle]

On Tue, Feb 4, 2025 at 8:34 AM Greg Wooledge  wrote:
>
> On Tue, Feb 04, 2025 at 08:12:42 -0800, Mike Castle wrote:
> > On Tue, Feb 4, 2025 at 4:04 AM Andrew M.A. Cater  
> > wrote:
> > > apt list '~o'
> >
> > Where is '~o' documented?  apt(1) mentions dpkg-query, but I couldn't
> > find it mentioned there either.
>
> It's documented as part of "aptitude", I believe, but it's not in the
> aptitude(8) man page, because that would be too easy.

Ahhh.  Never used aptitude, not even installed on my systems.  (Then
again, I still use dselect sometimes so... )

Re: How to find installed packages not in APT?

[Andrew M.A. Cater]

On Tue, Feb 04, 2025 at 08:43:28AM -0800, Mike Castle wrote:
> On Tue, Feb 4, 2025 at 8:34 AM Greg Wooledge  wrote:
> >
> > On Tue, Feb 04, 2025 at 08:12:42 -0800, Mike Castle wrote:
> > > On Tue, Feb 4, 2025 at 4:04 AM Andrew M.A. Cater  
> > > wrote:
> > > > apt list '~o'
> > >
> > > Where is '~o' documented?  apt(1) mentions dpkg-query, but I couldn't
> > > find it mentioned there either.
> >
> > It's documented as part of "aptitude", I believe, but it's not in the
> > aptitude(8) man page, because that would be too easy.
> 
> Ahhh.  Never used aptitude, not even installed on my systems.  (Then
> again, I still use dselect sometimes so... )
>

Hi Mike,

Mentioning dselect - that will give you all the obsolete packages it
can't find - usually at the top of the interface but it does need
some degree of expertise to unravel what it shows.

(I just used dselect to find obscure packages I'd long since thought
that I'd purged).

All the very best, as ever,

Andrew Cater
(amaca...@debian.org) 

Re: Encrypted /boot partition gets decrypted twice during boot

[Loren M. Lang]

On Mon, Feb 03, 2025 at 10:39:25PM +, Automætic wrote:
> Hi,
> 
> I'm configuring a new Debian installation on my workstation, with both the 
> /boot partition and the root filesystem encrypted:
> - /dev/nvme0n1p1 -> /EFI
> - /dev/nvme0n1p2 -> LUKS2 (pbkdf2) -> /boot
> - /dev/nvme0n1p3 -> LUKS2 -> LVM containing root and other volumes
> 
> The system boots, but requires entering the /boot password twice:
> Once for GRUB, and once again during systemd initialization.

I think the solution is to not encrypt the /boot partition. That
partition shouldn't contain anything sensitive on it anyways. In order
to avoid decrypting it twice, there would need to be some mechanism for
GRUB to pass the encryption information through to the Linux kernel
system or initrd environment and I am not aware of any such mechanism.
GRUB passes the kernel command-line which is public and visible under
/proc/cmdline, details on the initrd that was loaded, and a few other
parameters like memory size and video mode, but there's no standard way
to pass extra details like crypto keys that need to be kept secret.

With that said, don't take my word for it as I may not be completely
informed. However, I don't think it'll likely be worth the effort,
especially when things go wrong. I did take a look at the GRUB 2 source
code and discovered some support for an MBR-encrypted by TrueCrypt, but
it seems to be strongly linked with some kind of El Torito CD-ROM boot
image and is likely more complex than is worth it. Feel free to prove my
earlier assertion wrong. :-)

-Loren

> 
> Both devices are properly configured in /etc/crypttab with the UUIDs for 
> /dev/nvme0n1p2 and /dev/nvme0n1p3 respectively (as outputted by blkid).
> GRUB_CMDLINE_LINUX contains the correct cryptdevice parameters for both 
> partitions, also with UUIDs.
> 
> I checked the initramfs contents using 'unmkinitramfs' in /tmp/initramfs/ to 
> review main/cryptroot/crypttab, but it only contains an entry for lvm_crypt, 
> boot_crypt is missing.
> That leads me to believe that after GRUB hands off control to the kernel, the 
> boot_crypt mapping is lost.
> Systemd then attempts to decrypt boot_crypt again.
> 
> Things I attempted:
> 1. Systemd unit overrides to prevent the second decryption
> 2. Moving the boot_crypt entry to the first line in crypttab, just in case 
> the cryptroot hook located at /usr/share/initramfs-tools/hooks/cryptroot 
> processes only the first entry. Of course, that didn't do anything - Debian 
> is pretty stable after all.
> 3. Various initramfs configuration attempts
> 
> Every time after making changes, I executed:
> update-initramfs -u -k all
> grub-install --target=x86_64-efi --efi-directory=/efi (I deleted my old 
> /boot/efi folder and remapped the /dev/nvme0n1p1 device to /efi in /etc/fstab 
> and as far as I can see, it works fine)
> update-grub
> reboot now
> 
> Very, very often, my changes resulted either in timeouts and /boot not being 
> mounted, or the overrides not working.
> 
> So here are some questions I need help with:
> 1. Why isn't a crypttab entry for boot_crypt included in the initramfs?
> 2. Is there a recommended way to preserve the device mapping from GRUB?
> 3. Is this setup even supported/recommended?
> 
> System details:
> Kernel: 6.1.0-30-amd64
> Debian version: 6.1.124-1 (2025-01-12) x86_64 GNU/Linux
> 'dpkg -l | grep -E "grub|cryptsetup" outputs the following packets:
> cryptsetup, cryptsetup-bin, cryptsetup-initramfs, grub-common, 
> grub-efi-amd64, grub-efi-amd64-bin, grub-efi-amd64-signed, grub2-common and 
> libcryptsetup12:amd64
> 
> I really hope you can help me.
> Best regards,
> Automætic

-- 
Loren M. Lang
lor...@north-winds.org
http://www.north-winds.org/
IRC: penguin359


Public Key: http://www.north-winds.org/lorenl_pubkey.asc
Fingerprint: 7896 E099 9FC7 9F6C E0ED  E103 222D F356 A57A 98FA


signature.asc
Description: PGP signature

Re: How to find installed packages not in APT?

[Andrew M.A. Cater]

On Mon, Feb 03, 2025 at 11:33:50PM -0500, gene heskett wrote:
> On 2/3/25 21:10, Mike Castle wrote:
> > On Mon, Feb 3, 2025 at 5:16 PM Loren M. Lang  wrote:
> > > Basically, I want to identify any software that I couldn't reinstall on
> > > a fresh install of Debian from the official Debian archives.
> > Will this work as a starting place for you?
> > 
> > comm -23 <(dpkg-query -W -f '${Package} ${Version}\n' | sort -u)
> > <(apt-cache dumpavail | awk '/^Package:/ {package = $NF} /^Version:/
> > {version = $NF} /^$/ {print package, version}' | sort -u)
> 
> looking for any clue that might fix my busted bookworm install, however this
> will not execute, either as me or sudo: error reported is no permission for
> /dev/fd/63 when in fact /dev/fd/ only contains 0, 1, 2, 3 as subdirs.
> 

apt list '~o'

That's probably a good start as listed in another message in the thread.
Try that one as well.

If you have so many busted packages, come back to the list.

All the very best, as ever,

Andy  
(amaca...@debian.org)

> 
> > .
> 
> Cheers, Gene Heskett, CET.
> -- 
> "There are four boxes to be used in defense of liberty:
>  soap, ballot, jury, and ammo. Please use in that order."
> -Ed Howdershelt (Author, 1940)
> If we desire respect for the law, we must first make the law respectable.
>  - Louis D. Brandeis
> 

Re: How to find installed packages not in APT?

[gene heskett]

On 2/4/25 00:02, Greg Wooledge wrote:

On Mon, Feb 03, 2025 at 23:33:50 -0500, gene heskett wrote:

  gene@coyote:/$ sudo -i
root@coyote:~# comm -23 <(dpkg-query -W -f '${Package} ${Version}\n' | sort
-u)
<(apt-cache dumpavail | awk '/^Package:/ {package = $NF} /^Version:/
{version = $NF} /^$/ {print package, version}' | sort -u)
comm: missing operand after ‘/dev/fd/63’
Try 'comm --help' for more information.
-bash: /dev/fd/63: Permission denied

Is there a newline in the middle of this command that shouldn't be
there?

The errors that you're seeing here are consistent with the comm -23
command only having ONE of the <() process substitutions as an argument,
and then the second <() proc sub being on a line by itself.

hobbit:~$ sudo -i
[sudo] password for greg:
root@hobbit:~# <(echo hi)
-bash: /dev/fd/63: Permission denied

I'm guessing you pasted the command out of a mail program or web browser,
in which the code had an extra newline added.

There should be a space (not a newline) between "-u)" and "<(apt-cache".
Thank you, you were correct, and I fed it to wc -l to get 3807 in the 
listing.

.


Cheers, Gene Heskett, CET.
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author, 1940)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis

Re: add user to a group and logout/login to apply

[Vasyl Vavrychuk]

On Tue, Feb 4, 2025 at 4:27 AM Max Nikulin  wrote:
>
> On 02/02/2025 22:51, Vasyl Vavrychuk wrote:
> > On the other hand, I've checked that with Debian 12 and GNOME it is
> > not enough to logout and login to see that a user is added to a group.
> >
> > Any comments?
>
> Wait a bit longer before next login (and check there is no VT or ssh
> logins at the same time).
>
> systemd-analyze cat-config systemd/logind.conf | grep UserStopDelay
> #UserStopDelaySec=10

Waiting for 10+ seconds after logout helped. Thank you!

Re: WLAN with /etc/network/interfaces

[Anssi Saari]

George at Clug  writes:

> iptables (which I like), nftables (which I ask, Why?)

For a few years now, well, almost a decade, iptables has been a hollow
shell with nftables inside. Why nftables? Because it unifies firewall
for ipv4, ipv6 and bridges, so we don't need to have separate iptables,
ip6tables and ebtables. I'm very happy with that and probably software
maintainers are happy too, with less maintenance load.

I tend to think users should pick something a little higher level for
firewall management and stick with it. No idea if there's a
recommendation or default in Debian, the wiki entry seems rather old
school.

Re: Encrypted /boot partition gets decrypted twice during boot

[didier gaumet]

Hello,

From what I understand, a year ago, grub2 upstream LUKS2 support was 
still only initial and thus not complete:

https://savannah.gnu.org/bugs/?55093

So it still probably better to stick with LUKS1 for /boot for now

Re: How to find installed packages not in APT?

[Max Nikulin]

On 04/02/2025 23:12, Mike Castle wrote:

On Tue, Feb 4, 2025 at 4:04 AM Andrew M.A. Cater wrote:

apt list '~o'

Where is '~o' documented?


- 
https://www.debian.org/releases/bookworm/amd64/release-notes/ch-upgrading.en.html#obsolete

- apt-patterns(7)

However "aptitude search" is a bit more powerful than "apt list".

Re: How to find installed packages not in APT?

[Mike Castle]

On Tue, Feb 4, 2025 at 8:47 AM Andrew M.A. Cater  wrote:
> Mentioning dselect - that will give you all the obsolete packages it
> can't find - usually at the top of the interface but it does need
> some degree of expertise to unravel what it shows.
>
> (I just used dselect to find obscure packages I'd long since thought
> that I'd purged).

That's pretty much why I used dselect all the time.

These days I maintain a set of personal meta-packages that lists all
the software I know I want installed and about once a quarter I do
something like "apt-mark showmanual | grep -v mrc-$(hostname) | xargs
apt-mark auto" followed by "apt autopurge".  (A few more steps in
there like checking for transitional packages I can now remove and see
if I am going to remove any packages I installed adhoc and decide I
now want to keep.)

mrc

Re: SMTP servers

[Chris Green]

Tom Browder  wrote:
> [-- text/plain, encoding 7bit, charset: UTF-8, 18 lines --]
> 
> On Fri, Jan 3, 2025 at 12:37 Thomas Anderson <
> thomas.ander...@little-beak.com> wrote:
> 
> > I also belong to the group of long time mailserver owners. I started it
> 
> ...
> 
> I just bought the hard copy of the new book. I use Kindle also and would
> love to buy it, but the author doesn't sell his books in the Kindle format
> any more. I have tried converting ebooks to Kindle with varying results.
> 
> Has anyone been able to buy the ebook and convert it to Kindle
> satisfactorily?
> 
No, it's one of the reasons I use Kobo readers, they are much more
friendly to standard format e-publishing.

-- 
Chris Green
·

Re: How to find installed packages not in APT?

[Greg Wooledge]

On Tue, Feb 04, 2025 at 16:44:06 +, Andrew M.A. Cater wrote:
> On Tue, Feb 04, 2025 at 11:23:58AM -0500, Greg Wooledge wrote:
> > 
> > includes this paragraph (buried deep, searching for ~ eventually gets
> > to it):
> > 
> > This command accepts package names or patterns as arguments. If
> > the string contains a tilde character (“~”) or a question mark
> > (“?”), it will be treated as a search pattern and every package
> > matching the pattern will be considered (see the section “Search
> > Patterns” in the aptitude reference manual).
> > 
> 
> I think it's just searching for a status matching ?o - so that matches
> "obsolete", for example.
> 
> Trying it with '~i' gives you everything that is i[nstalled], by comparison.
> That's a long list, going down to zstd.
> 
> aptitude list -h gives you more help detail.

The tilde patterns are definitely not in the output of "aptitude list -h".
I just installed it to try it to find out.

A google search for "aptitude reference manual" brings me to
 which is entitled
"aptitude user's manual".  It has a "Search patterns" section
(at )
which might or might not be what the man page was talking about.

Following the pages,
 is the
first place the tilde is mentioned.  It has a link to

which FINALLY appears to document the feature.

Since the table is practically at the top of the page, we don't really
need the anchor reference, so my final answer is:

  https://www.debian.org/doc/manuals/aptitude/ch02s04s05.en.html

That easily typed and easily memorized link appears to be what we
wanted to see when we typed the overly long and convoluted "man apt".

Re: WLAN with /etc/network/interfaces

[Max Nikulin]

On 02/02/2025 21:01, Rainer Dorsch wrote:

root@outdoor:~# cat /etc/network/interfaces

[...]

auto wlan0


Is there a chance that "allow-hotplug wlan0" might help? I use 
NetworkManager for WiFi interfaces, so my remarks may have no sense. 
Simply ignore them that case. My expectation is that hotplug might wait 
till completion of device initialization.



root@outdoor:~# ip a

[...]

3: wlan0:  mtu 1500 qdisc fq_codel state UP
group default qlen 1000
 link/ether b8:5a:f7:82:aa:c2 brd ff:ff:ff:ff:ff:ff


Are there anything related to wpasupplicant or dhclient in the logs 
(sudo journalctl -b)? There should be a way to make the tools more 
verbose. I can not suggest specific commands, but perhaps "iw" and 
"wpa_cli" may provide some info related to device state at this moment.



root@outdoor:~# ifdown wlan0
Killed old client process
Internet Systems Consortium DHCP Client 4.4.3-P1


So dhclient was running. Have you tried to wait for ~10 minutes? My 
experience is that if ethernet cable is unplugged during boot then it 
may take several minutes to get IP address after the cable is connected 
(the reason to prefer NetworkManager on laptops). It is again the 
hypothesis that dhclient is started too early before the link is ready.



[   19.474457] brcmfmac mmc0:0001:1: firmware: failed to load brcm/
brcmfmac4330-sdio.solidrun,cubox-i-q.bin (-2)

[...]

[   23.420532] ieee80211 phy0: brcmf_p2p_create_p2pdev: timeout occurred
[   23.427094] ieee80211 phy0: brcmf_cfg80211_add_iface: add iface p2p-dev-
wlan0 type 10 failed: err=-5


Are firmware files necessary for p2p device only? If 
firmware-b43-installer and firmware-b43legacy-installer packages can not 
help, can firmware be obtained e.g. from vendor images for this board?

Re: How to find installed packages not in APT?

[David Wright]

On Tue 04 Feb 2025 at 12:15:32 (-0500), Greg Wooledge wrote:
> On Wed, Feb 05, 2025 at 00:00:13 +0700, Max Nikulin wrote:
> > - apt-patterns(7)
> 
> Why isn't this linked/referenced from apt(8) or apt-get(8) or aptitude(8)?
> I just checked all three, and it's not on any of them.
> 
> That's slightly easier to remember than
> , I
> suppose.  Not that I'll remember it by the next time this question is
> asked again.  Not without it being referenced from somewhere that
> humans will actually look.

I'm in the habit of typing:

  man apt-  

I would not fancy the job of coordinating or unifying all the APT
documentation that's sprung up over the years.

Cheers,
David.

Re: How to find installed packages not in APT?

[Loren M. Lang]

On Tue, Feb 04, 2025 at 12:15:32PM -0500, Greg Wooledge wrote:
> On Wed, Feb 05, 2025 at 00:00:13 +0700, Max Nikulin wrote:
> > - apt-patterns(7)
> 
> Why isn't this linked/referenced from apt(8) or apt-get(8) or aptitude(8)?
> I just checked all three, and it's not on any of them.

It is references in the SEE ALSO section of the apt(8) man page which is
how I found it, but only after someone else on this list pointed me at
the `apt list '~o'` command. Also, it is references earlier under the
list subcommand:

   list
  list is somewhat similar to dpkg-query --list in
  that it can display a list of packages satisfying
  certain criteria. It supports glob(7) patterns for
  matching package names, apt-patterns(7), as well as
  options to list installed (--installed),
  upgradeable (--upgradeable) or all available 
(--all-versions) versions.

I am still trying to figure out where that data comes from. Maybe it
literally is just what I asked for, matching packages from the installed
list and without a matching entry in a current Apt repository list file?
So, then will my broadcom driver appear in the obsolete list if I
comment out the non-free-firmware section from sources.list? I'll have
to test that out.

> 
> That's slightly easier to remember than
> , I
> suppose.  Not that I'll remember it by the next time this question is
> asked again.  Not without it being referenced from somewhere that
> humans will actually look.
> 

-- 
Loren M. Lang
lor...@north-winds.org
http://www.north-winds.org/
IRC: penguin359


Public Key: http://www.north-winds.org/lorenl_pubkey.asc
Fingerprint: 7896 E099 9FC7 9F6C E0ED  E103 222D F356 A57A 98FA


signature.asc
Description: PGP signature

Re: How to find installed packages not in APT?

[Greg Wooledge]

On Tue, Feb 04, 2025 at 11:25:46 -0600, David Wright wrote:
> On Tue 04 Feb 2025 at 12:15:32 (-0500), Greg Wooledge wrote:
> > On Wed, Feb 05, 2025 at 00:00:13 +0700, Max Nikulin wrote:
> > > - apt-patterns(7)
> > 
> > Why isn't this linked/referenced from apt(8) or apt-get(8) or aptitude(8)?
> > I just checked all three, and it's not on any of them.
> > 
> > That's slightly easier to remember than
> > , I
> > suppose.  Not that I'll remember it by the next time this question is
> > asked again.  Not without it being referenced from somewhere that
> > humans will actually look.
> 
> I'm in the habit of typing:
> 
>   man apt-  
> 
> I would not fancy the job of coordinating or unifying all the APT
> documentation that's sprung up over the years.

It doesn't need to be unified.  The pages just need to refer to each
other properly.

Start with aptitude(8).  Instead of talking about some "aptitude
reference manual", it should just say "see apt-patterns(7)".  There
are several places where that change should happen.  Then, for good
measure, add apt-patterns(7) to the SEE ALSO section.

Next, look at apt(8).  The list subcommand mentions "glob(7) patterns".
But that's not really accurate, is it?  It should talk about
apt-patterns(7) instead.  And then add it to the SEE ALSO, and voila.

Re: How to find installed packages not in APT?

[Greg Wooledge]

On Tue, Feb 04, 2025 at 11:04:16 -0800, Loren M. Lang wrote:
> On Tue, Feb 04, 2025 at 12:15:32PM -0500, Greg Wooledge wrote:
> > On Wed, Feb 05, 2025 at 00:00:13 +0700, Max Nikulin wrote:
> > > - apt-patterns(7)
> > 
> > Why isn't this linked/referenced from apt(8) or apt-get(8) or aptitude(8)?
> > I just checked all three, and it's not on any of them.
> 
> It is references in the SEE ALSO section of the apt(8) man page which is
> how I found it,

Not in Bookworm, it isn't.  But you're saying it's been improved in
Trixie or something?  That's good!

> Also, it is references earlier under the
> list subcommand:
> 
>list
> list is somewhat similar to dpkg-query --list in
> that it can display a list of packages satisfying
> certain criteria. It supports glob(7) patterns for
> matching package names, apt-patterns(7), as well as
> options to list installed (--installed),
> upgradeable (--upgradeable) or all available 
> (--all-versions) versions.

Hah.  All the things I asked for in the message I wrote 5 minutes ago
are apparently already done in some future version of Debian.

> I am still trying to figure out where that data comes from. Maybe it
> literally is just what I asked for, matching packages from the installed
> list and without a matching entry in a current Apt repository list file?

Yes.  That's all there is.

> So, then will my broadcom driver appear in the obsolete list if I
> comment out the non-free-firmware section from sources.list? I'll have
> to test that out.

You also have to run "apt update" or an equivalent.

Re: SMTP servers

[Chris Green]

Tom Browder  wrote:
> [-- text/plain, encoding 7bit, charset: UTF-8, 19 lines --]
> 
> On Tue, Feb 4, 2025 at 11:10 Chris Green  wrote:
> 
> > ...
> 
> > > Has anyone been able to buy the ebook and convert it to Kindle
> > > satisfactorily?
> > >
> > No, it's one of the reasons I use Kobo readers, they are much more
> > friendly to standard format e-publishing.
> 
> 
> Thank you very much, Chris--that's what I was afraid of.
> 
> But, can your Kobo reader handle the Kindle format?
> 
Not directly but I've used Calibre to convert when I've really needed
to.

> What model do you recommend?
> 
Decide what size you want and then go for any extras if possible.  I
wanted a reasonably large screen and buttons for page forward and
backward so I have a Kobo Forma.  If you're not wanting buttons then
there's more (and cheaper) available.

-- 
Chris Green
·

Re: How to find installed packages not in APT?

[Tim Woodall]

On Mon, 3 Feb 2025, Loren M. Lang wrote:


On Mon, Feb 03, 2025 at 11:09:58AM +, Andy Smith wrote:

Hi Loren,

On Sun, Feb 02, 2025 at 11:29:45PM -0800, Loren M. Lang wrote:

I am looking for a way to find all packages that have been installed on
my system according to dpkg, but don't have a matching entry in Apt.


Packages installed with dpkg -i *do* show in apt, so can you be more
specific about what you are looking for?


Yes, I am specifically trying to find packages that don't match entries
from the package lists downloaded in main, non-free, contrib, etc.
Basically, I want to identify any software that I couldn't reinstall on
a fresh install of Debian from the official Debian archives.



I forget which option it is but
apt list "~c"

or

apt list "~o"

is probably close to what you want - I think it's the second. The first
I think is for uninstalled packages that have config left behind but I
didn't make notes.

IIRC this also works:

apt list --installed | grep ,local

which I used for ages before I discovered the "~o" option. The comma is
important to filter out any packages that have local in their name, for
example:
libencode-locale-perl/stable,now 1.05-3 all [installed,automatic]

Re: How to find installed packages not in APT?

[debian-user]

Greg Wooledge  wrote:
> On Tue, Feb 04, 2025 at 11:04:16 -0800, Loren M. Lang wrote:
> > On Tue, Feb 04, 2025 at 12:15:32PM -0500, Greg Wooledge wrote:  
> > > On Wed, Feb 05, 2025 at 00:00:13 +0700, Max Nikulin wrote:  
> > > > - apt-patterns(7)  
> > > 
> > > Why isn't this linked/referenced from apt(8) or apt-get(8) or
> > > aptitude(8)? I just checked all three, and it's not on any of
> > > them.  
> > 
> > It is references in the SEE ALSO section of the apt(8) man page
> > which is how I found it,  
> 
> Not in Bookworm, it isn't.  But you're saying it's been improved in
> Trixie or something?  That's good!
> 
> > Also, it is references earlier under the
> > list subcommand:
> > 
> >list
> >   list is somewhat similar to dpkg-query --list
> > in that it can display a list of packages satisfying
> >   certain criteria. It supports glob(7)
> > patterns for matching package names, apt-patterns(7), as well as
> >   options to list installed (--installed),
> >   upgradeable (--upgradeable) or all available
> > (--all-versions) versions.  
> 
> Hah.  All the things I asked for in the message I wrote 5 minutes ago
> are apparently already done in some future version of Debian.

I think part of the confusion is that there are various references to a
mythical "Aptitude Reference Manual" which are actually [I think]
referring to the "aptitude reference guide" otherwise known as Chapter
2 of the "aptitude user's manual" -
https://www.debian.org/doc/manuals/aptitude/ch02.en.html and which
contains a section on search patterns that itself contains a subsection
on search term reference
https://www.debian.org/doc/manuals/aptitude/ch02s04s05.en.html

Re: hardware ebook readers (was Re: SMTP servers)

[Chris Green]

Jonathan Dowland  wrote:
> 
> One thing I like about the Kobo is how hackable it is. I've got 
> syncthing on mine, so to add a book to it I merely have to copy the file 
> to my local folder, and syncthing does the rest.
> 
Now that's neat, I use syncthing on other systems, adding it to my
Kobo Forma would be really handy, how do you do it?
-- 
Chris Green
·

Re: hardware ebook readers

[Geert Stappers]

On Tue, Feb 04, 2025 at 07:34:48PM +, Jonathan Dowland wrote:
> On Tue Feb 4, 2025 at 6:25 PM GMT, Tom Browder wrote:
> > But, can your Kobo reader handle the Kindle format?
> > 
> > What model do you recommend?
> 
> Chiming in: I love my Kobo Libra 2, which I think is now discontinued and
> replaced with the Kobo Libra Colour.
> 
> It cannot read the kindle format natively (mobi/azw) but converting from one
> to the other is easy. Calibre (already mentioned) can do it; there's also a
> tool "kepubify" which can improve an ePUB's performance on Kobo readers:
> https://pgaskin.net/kepubify/
> 
> Books purchased from Amazon are encrypted with DRM: this can be reasonably
> easily removed with "deDRM" tools that plug into Calibre.
> 
> One thing I like about the Kobo is how hackable it is. I've got syncthing on
> mine, so to add a book to it I merely have to copy the file to my local
> folder, and syncthing does the rest.
> 

My experience with KoBo was very short:

* Unboxed the device
* Had to read through the "EULA"
* Saw on with Wireshark that each "next page of EULA" was a "phone home"
* Put the device back in the original box
* Got refund (and did buy another "Ebook reader")


 

Groeten
Geert Stappers
-- 
Silence is hard to parse

Re: Encrypted /boot partition gets decrypted twice during boot

[tomas]

On Tue, Feb 04, 2025 at 12:18:10AM -0800, Loren M. Lang wrote:
> On Mon, Feb 03, 2025 at 10:39:25PM +, Automætic wrote:
> > Hi,
> > 
> > I'm configuring a new Debian installation on my workstation, with both the 
> > /boot partition and the root filesystem encrypted:
> > - /dev/nvme0n1p1 -> /EFI
> > - /dev/nvme0n1p2 -> LUKS2 (pbkdf2) -> /boot
> > - /dev/nvme0n1p3 -> LUKS2 -> LVM containing root and other volumes
> > 
> > The system boots, but requires entering the /boot password twice:
> > Once for GRUB, and once again during systemd initialization.
> 
> I think the solution is to not encrypt the /boot partition. That
> partition shouldn't contain anything sensitive on it anyways [...]

That's what I do currently, but to be fair, this exposes you to
someone replacing your boot kit by something else (which could,
for example, record your passphrase and pass it on).

This can also, of course, be mitigated by some secure boot schema
(provided you control your BIOS -- most of the time it's someone
else, anyway ;-)

This has been known by the (somewhat sexist) term "Evil Maid
Attack" [1].

It all depends on the threat model(s) you start from.

Cheers

[1] https://en.wikipedia.org/wiki/Evil_Maid_attack
-- 
t


signature.asc
Description: PGP signature

Re: Encrypted /boot partition gets decrypted twice during boot

[Michel Verdier]

On 2025-02-03, Automætic wrote:

> Both devices are properly configured in /etc/crypttab with the UUIDs
> for /dev/nvme0n1p2 and /dev/nvme0n1p3 respectively (as outputted by
> blkid).

You set this manually ?

> I checked the initramfs contents using 'unmkinitramfs' in
> /tmp/initramfs/ to review main/cryptroot/crypttab, but it only contains
> an entry for lvm_crypt, boot_crypt is missing.

It seems the right way as initrd is loaded from /boot which is already
unencrypted. And this is why update-initramfs filters your /etc/crypttab
and puts only root fs in initrd /cryptroot/crypttab. To avoid asking a
second password after initrd, you could use a key file in your
/etc/crypttab.

I don't know much about grub but it could set a different mapping from
what you set in /etc/fstab. If you really want to investigate if this
mapping is up during initrd, you could add a script in
/etc/initramfs-tools/scripts/init-premount with something like :

#!/bin/sh

# initramfs magic

PREREQ=""
prereqs()
{
echo "$PREREQ"
}

case $1 in
prereqs)
prereqs
exit 0
;;
esac

echo "sourcing initramfs functions"
. /scripts/functions

# Begin real processing below this line

blkid >> /run/initramfs/my.log
mount >> /run/initramfs/my.log

Run update-initramfs and after booting you should get logs in
/run/initramfs/my.log