Re: [DNG] ..devuan to the rescue? Easiest possible newbie email server setup, ideas?
Alessandro Vesely via Dng wrote: >> I have no choice over the neighbours ! > Don't buy overly cheap connections... Doesn't matter how much you pay - unless you get an entire net-block to yourself then you have no control over the neighbours. Only the ISP has control over the neighbours. > Another possibility to discard spammers claiming to be your domain is to set > SPF -all. That, however, has other drawbacks. I think you missed the context. For *MY* mail server, I can ignore any SPF records etc - if the connecting client claims to be me then I know it's lying. Simon ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] X11: safe to remove?
iirc (seen it in buster upgrades), pinentry-gtk2 / pinentry-gnome3 bring in xauth package, which brings in X11. i would remove pinentry+xauth packages first, then X11 with autoremove - deborphan, and install pinentry-ncurses later, if needed.. 2c, d. On 9/29/20 4:57 AM, tempforever via Dng wrote: I manage a few remote servers that are running Devuan. Recently (last week) I noticed a couple updates to some x11 libraries. I went ahead and updated. But now, I'm wondering if it's okay to remove them altogether? I do not use any graphical user interface on them. I only connect via ssh, and issue text-only commands. I'm a little concerned about just removing these libraries though. The one in particular that I remembered updating was libx11-6. Apparently there is a bit of dependencies on it, and I don't want to break anything. On beowulf: # apt remove libx11-6 Reading package lists... Done Building dependency tree Reading state information... Done The following packages were automatically installed and are no longer required: fontconfig-config fonts-dejavu-core libdrm-amdgpu1 libdrm-common libdrm-intel1 libdrm-nouveau2 libdrm-radeon1 libdrm2 libfontconfig1 libfontenc1 libgl1-mesa-dri libglapi-mesa libglvnd0 libice6 libllvm7 libpciaccess0 libsm6 libx11-data libx11-xcb1 libxau6 libxcb-dri2-0 libxcb-dri3-0 libxcb-glx0 libxcb-present0 libxcb-shape0 libxcb-sync1 libxcb1 libxdmcp6 libxshmfence1 x11-common Use 'apt autoremove' to remove them. The following packages will be REMOVED: libgl1 libglew2.1 libglu1-mesa libglx-mesa0 libglx0 libx11-6 libxaw7 libxcomposite1 libxcursor1 libxdamage1 libxext6 libxfixes3 libxft2 libxi6 libxinerama1 libxmu6 libxmuu1 libxpm4 libxrandr2 libxrender1 libxt6 libxtst6 libxv1 libxxf86dga1 libxxf86vm1 mesa-utils x11-utils x11-xserver-utils xauth 0 upgraded, 0 newly installed, 29 to remove and 0 not upgraded. After this operation, 8,081 kB disk space will be freed. Do you want to continue? [Y/n] n I don't think I should need any font or drm stuff. On ascii, I get a much longer list: # apt remove libx11-6 Reading package lists... Done Building dependency tree Reading state information... Done The following packages were automatically installed and are no longer required: dconf-gsettings-backend dconf-service fontconfig fontconfig-config fonts-dejavu-core gconf-service gconf2-common glib-networking glib-networking-common glib-networking-services gsettings-desktop-schemas hicolor-icon-theme libatk1.0-0 libatk1.0-data libavahi-client3 libavahi-common-data libavahi-common3 libblas-common libblas3 libck-connector0 libcolord2 libcroco3 libcups2 libdatrie1 libdconf1 libdrm-amdgpu1 libdrm-intel1 libdrm-nouveau2 libdrm-radeon1 libdrm2 libepoxy0 libfontconfig1 libfontenc1 libgbm1 libgck-1-0 libgconf-2-4 libgcr-3-common libgcr-base-3-1 libgdk-pixbuf2.0-common libgfortran3 libgl1-mesa-dri libglapi-mesa libgnome-keyring-common libgnome-keyring0 libgraphite2-3 libgtk-3-common libgtk2.0-common libgtop-2.0-10 libgtop2-common libharfbuzz0b libice6 libjbig0 libjpeg62-turbo libjson-glib-1.0-0 libjson-glib-1.0-common liblapack3 liblcms2-2 libllvm3.9 libpam-gnome-keyring libpango-1.0-0 libpangoft2-1.0-0 libpciaccess0 libpixman-1-0 libproxy1v5 libquadmath0 librest-0.7-0 libsecret-1-0 libsecret-common libsm6 libsoup-gnome2.4-1 libsoup2.4-1 libthai-data libthai0 libtiff5 libtxc-dxtn-s2tc0 libwayland-client0 libwayland-cursor0 libwayland-server0 libwebp6 libx11-data libx11-xcb1 libxau6 libxcb-dri2-0 libxcb-dri3-0 libxcb-glx0 libxcb-present0 libxcb-render0 libxcb-shape0 libxcb-shm0 libxcb-sync1 libxcb-util0 libxcb-xfixes0 libxcb1 libxdmcp6 libxkbcommon0 libxshmfence1 p11-kit p11-kit-modules python-numpy x11-common xkb-data Use 'apt autoremove' to remove them. The following additional packages will be installed: elogind libelogind0 libpam-elogind pinentry-curses python-urwid wicd-curses Suggested packages: pinentry-doc Recommended packages: policykit-1 The following packages will be REMOVED: adwaita-icon-theme analog at-spi2-core consolekit dbus-x11 gconf2 gcr gksu gnome-keyring gtk-update-icon-cache libatk-bridge2.0-0 libatspi2.0-0 libcairo-gobject2 libcairo2 libegl1-mesa libgail-common libgail18 libgcr-ui-3-1 libgd3 libgdk-pixbuf2.0-0 libgksu2-0 libgl1-mesa-glx libglade2-0 libglew2.0 libglu1-mesa libgtk-3-0 libgtk-3-bin libgtk2.0-0 libgtk2.0-bin libnotify4 libpam-ck-connector libpangocairo-1.0-0 libpolkit-backend-consolekit-1-0 libpolkit-gobject-1-0 libpolkit-gobject-consolekit-1-0 librsvg2-2 librsvg2-common libstartup-notification0 libwayland-egl1-mesa libx11-6 libxaw7 libxcomposite1 libxcursor1 libxdamage1 libxext6 libxfixes3 libxft2 libxi6 libxinerama1 libxmu6 libxmuu1 libxpm4 libxrandr2 libxrender1 libxt6 libxtst6 libxv1 libxxf86dga1 libxxf86vm1 mesa-utils notification-daemon pinentry-gnome3 pinentry-gtk2 python-cairo python-glade2 python-gtk2 python-notify wicd-gtk x11-utils x11-xserver-utils xauth The foll
[DNG] Complete system HDD encryption w/o LLVM.
Hello. I've seen on the DeVuan web wite an article on complete system HDD encryption using LLVM. I have tried that one and found that it is impossible to change partiotion sizes once it was autopartiotioned, using LLVM full system HDD encryption. Question is, Is it possible to to achieve same goal without LLVM -- i.e. to partition system HDD with fdisk, and then still have full encryption? Thanks for any advance. Andrey. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Complete system HDD encryption w/o LLVM.
On Tue, Sep 29, 2020 at 08:58:42PM +0700, Андрей via Dng wrote: > Question is, Is it possible to to achieve same goal without LLVM -- > i.e. to partition system HDD with fdisk, and then still have full > encryption? Yes, or at least, mostly. There needs to be unencrypted data that contains the decryption code. GRUB itself can handle LUKS decryption, but that would involve a manual installation. There are a number of ways to encrypt a system, in any event, and you can certainly use the "manual" partitioning in the Debian installer to set up a system that's largely encrypted, without LVM, but remember to supply an un- encrypted /boot, as unless something's changed very recently, Debian (and Devuan by extension) doesn't know to configure GRUB to unlock an encrypted /boot. I found this that talks about encrypted /boot (or /boot on encrypted root) but it would require manual installation, and I'm not sure how easy it'd be to adapt Debian's GRUB scaffolding to accomodate it. Might be easy, might be nearly impossible. But: https://wiki.archlinux.org/index.php/Grub#Encrypted_/boot -- Mason Loring Bliss (( If I have not seen as far as others, it is because ma...@blisses.org )) giants were standing on my shoulders. - Hal Abelson signature.asc Description: PGP signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Complete system HDD encryption w/o LLVM.
On 29/09/2020 14:58, Андрей via Dng wrote: > Question is, Is it possible to to achieve same goal without LLVM -- > i.e. to partition system HDD with fdisk, and then still have full > encryption? Luks encrypt the whole HDD or a large partition first then overlay LVM to get resizeable volumes and snap-shotting etc. Check the current LUKS grub support, last time I checked grub only supports LUKS not LUKS2, an important consideration if you want /boot encrypted. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Complete system HDD encryption w/o LLVM.
On 29/09/2020 15:27, Mason Loring Bliss wrote: > On Tue, Sep 29, 2020 at 08:58:42PM +0700, Андрей via Dng wrote: > >> Question is, Is it possible to to achieve same goal without LLVM -- >> i.e. to partition system HDD with fdisk, and then still have full >> encryption? > > Yes, or at least, mostly. There needs to be unencrypted data that contains > the decryption code. GRUB itself can handle LUKS decryption, but that > would involve a manual installation. > > There are a number of ways to encrypt a system, in any event, and you can > certainly use the "manual" partitioning in the Debian installer to set up a > system that's largely encrypted, without LVM, but remember to supply an un- > encrypted /boot, as unless something's changed very recently, Debian (and > Devuan by extension) doesn't know to configure GRUB to unlock an encrypted > /boot. > > I found this that talks about encrypted /boot (or /boot on encrypted root) > but it would require manual installation, and I'm not sure how easy it'd be > to adapt Debian's GRUB scaffolding to accomodate it. Might be easy, might > be nearly impossible. But: > > https://wiki.archlinux.org/index.php/Grub#Encrypted_/boot Do it in stages: Stage 1 Devuan install CD: partition 1 unencrypted /boot partition 2 Luks encrypted everything else Stage 2 Copy /boot over onto / * rebuild the initramfs in the NEW /boot on / * ^^^ you will need to hack the initramfs-tools scripts or they will exclude the Luks key ^^^ Stage 3 Rip apart the new initramfs and confirm correctly built, repeat Stage 2 if not. Stage 4 - point of no return'ish Re-configure and re-install grub to load the kernel from partition 2 /boot Stage 5 - ok i lied, it's Linux and anything is recoverable almost Boot into recovery from the Devuan Install CD Re-install grub to boot the first partition kernel, the original /boot. Have a cup of coffee and work out what you did wrong and try Stage 2 on again :) I kept two differing grub configurations making life easier by symlinking, unencrypted in partition 1 /boot, encrypted in partition 2 /boot When you are satisfied, wipe partition 1. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Complete system HDD encryption w/o LLVM.
On Tue, Sep 29, 2020 at 04:02:35PM +0100, g4sra via Dng wrote: > Copy /boot over onto / > * rebuild the initramfs in the NEW /boot on / * > ^^^ > ^^^ you will need to hack the initramfs-tools scripts or they will > exclude the Luks key ^^^ If you include the "initramfs" option in /etc/crypttab, keys noted in entries marked with that will be automatically included. -- Mason Loring Bliss (( If I have not seen as far as others, it is because ma...@blisses.org )) giants were standing on my shoulders. - Hal Abelson signature.asc Description: PGP signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Complete system HDD encryption w/o LLVM.
On 29/09/2020 19:05, Mason Loring Bliss wrote: > On Tue, Sep 29, 2020 at 04:02:35PM +0100, g4sra via Dng wrote: > >> Copy /boot over onto / >> * rebuild the initramfs in the NEW /boot on / * >> ^^^ > ^^^ you will need to hack the initramfs-tools scripts or they will >> exclude the Luks key ^^^ > > If you include the "initramfs" option in /etc/crypttab, keys noted in > entries marked with that will be automatically included. > Not in the scripts I had, they explicitly excluded any keys for the root filesystem because Debian Devs know better than me (including them in an initramfs is insecure). > > ___ > Dng mailing list > Dng@lists.dyne.org > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng > ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
