thought we'd also just serve the gzip'ed file over HTTP, but
no, we HTML-encode it, unless raw=1 is passed. And even then we don't do
that. Maybe that's a thing we should fix. Not that it would help any
browsers that still want to render the whole file into a buffer.
Kind regards
Philipp Kern
ely it doesn't look like there was progress on #887649 this
cycle either. So I fear that we'll end up needing to tag both #887649
and #885563 bookworm-ignore. :(
Kind regards
Philipp Kern
think
that there is much value in the CD images in the first place. There's a
theoretical possibility to use them but I'm not even sure if they would
work properly at this point - it's definitely untested.
Kind regards
Philipp Kern
is still true.
Kind regards
Philipp Kern
y) in a GR:
https://www.debian.org/vote/2007/vote_003
And it was unclear how much of it can actually be changed without a GR -
despite ~all bullet points saying "initial policy". A power to set
policy has not been conferred to a team with this GR. At least that's
what I recall. ;
hink this could be done by default when there is a reasonably large
> swap partition.
Do we mask tmp.mount in a standard installation? I.e. do we diverge from
the systemd default here?
Kind regards
Philipp Kern
On 14.06.20 17:20, Philipp Kern wrote:
> On 11.05.20 11:53, Winfried Münch wrote:
>> package: s390-tools
>>
>> Version: current Installer from 04.05.2020 21:14
>> http://ftp.halifax.rwth-aachen.de/debian/dists/buster/main/installer-s390x/current/images/generic/
>>
ng so we don't end up
> without the corresponding source in the archive.
grub2 for sure as it's GPL-3, but is it actually required for shim,
which is BSD?
Kind regards
Philipp Kern
self
given how hard it is to integrate with existing Debian infrastructure to
test it properly - unless you are an admin there already. Even a qemu
setup would have spotted this particular bug. But without any users who
care I also don't think it is worth spending much time on this.
Kind regards and sorry
Philipp Kern
VT220 SCLP even
something you get on a real z machine? Not that we shouldn't fix qemu,
of course. But Hercules might be closer to the real thing in this regard.
Kind regards
Philipp Kern
functional less, just like in busybox-static with the same
> build options.
There is nano though. (I'd still second less. I think we can spare the
space.)
> ftpput to transfer files out would good option too.
The age of FTP has long passed.
Kind regards
Philipp Kern
h the interface to be used.
Kind regards
Philipp Kern
little reluctant to blindly merging this patch (originally
>> labeled “untested”) without a go from its author. Philipp, should
>> I go ahead?
>
> Totally understood! I just wanted to make sure to revive this issue, as
> I'd also like to get it fixed in Ubuntu! Like I said, I will do my best
> to test and reproduce the fix with stock Debian.
I think this should be fine and we're early in the release cycle to find
potential problems if there are any.
Obviously it'd be great to have a test hardness with a DHCP server
sending various bits and us verifying that netcfg did the right thing.
But I'd surprised to find the time for that myself.
Kind regards and thanks
Philipp Kern
ally that would have been solved by
InRelease...
Kind regards
Philipp Kern
[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926035
ation layer.
Unfortunately the locking bit is still true for many machines, so even
if it is quick, it can be hard to get the drive into the state where the
BIOS did not have an opportunity to block the user from triggering the
erase operation.
Kind regards
Philipp Kern
could you
apply for a static UID assignment? I would also prefer the latter, but I
honestly don't know how messy the migration would be...
(If so, I guess this bug should be reassigned to apt.)
Kind regards and thanks
Philipp Kern
On 2019-06-21 20:36, Ben Hutchings wrote:
On Thu, 2019-06-20 at 20:33 +0200, Philipp Kern wrote:
On 20/06/2019 09:50, Ansgar Burchardt wrote:
> Ansgar Burchardt writes:
> > (I don't maintain debootstrap.)
> >
> > I don't think it is a good idea to require deb
that need to be touched in addition.
Kind regards
Philipp Kern
of
deliverability. (Where I mostly wish you good luck. It's not a fight I
want to have, which is also why I mostly stopped using my @debian.org
address.)
Kind regards
Philipp Kern
maybe it should obey the
parallelization setting of the build process. But then it's already a
build process and if you want that to not be detrimental to your desktop
performance, you nice it. Apart from that thing I really struggle to
find something "antisocial" in that build-depe
verification. Unfortunately it does not tell me what exactly failed
verification. But shim looks ok from Windows.
Kind regards and thanks for all your work on making this finally happen
Philipp Kern
y this makes me. This is awesome. Thank you
(and everyone else who contributed to this effort) for doing the right
thing! And obviously kudos to Dell for staffing this.
The plugin library seems to be on [2] and there's a sizable set of them.
Even an AMT updater. :o
Kind regards and thanks
Phi
a proprietary binary
run on the host. That's its own can of worms. (Which technically is true
for the EFI update too, but it's staged from outside of Linux on
boot-up.)
Kind regards and thanks
Philipp Kern
On 26/12/2018 22:32, Steve McIntyre wrote:
On Wed, Dec 26, 2018 at 10:27:35PM +0100, Cyril Brulebois wrote:
Steve McIntyre (2018-12-26):
Philipp Kern (2018-12-26):
I'm not sure, though, if there is some philosophical objection here in
that fwupd downloads non-free blobs and/or that D
hould make these available
to our users by default as well.
I'm not sure, though, if there is some philosophical objection here in
that fwupd downloads non-free blobs and/or that Debian does not actually
ship the blobs themselves.
Kind regards and thanks
Philipp Kern
their infrastructure
correctly. But there might still be value in having that option
available with some signage on how to do it right.
Kind regards
Philipp Kern
[1] In EFI mode Linux is the one requesting the files. Otherwise the
boot loader can provide them, which works fine at least with grub and iPXE.
le to copy additional
root certificates into the initrd pre-install. (At least it used to work
before HTTPS was generally available.)
Kind regards and thanks
Philipp Kern
. The latter is
mapped to -j, which breaks (because it's put into MAKEFLAGS) and the
former maps to -J.
Julien is right in that there is a bug here that's worth fixing but the
default build environment which is incredibly hard to discover does not
expose them.
Kind regards
Philipp Kern
st option to ever have been
introduced and not removed. Try -J instead. :(
Kind regards
Philipp Kern
On 10.09.2018 09:20, Philipp Kern wrote:
> [+mirrors@]
>
> On 07.09.2018 14:42, Julien Cristau wrote:
>> Control: retitle -1 choose-mirror: hide mirror selection by default
>>
>> On 09/04/2018 11:07 AM, Julien Cristau wrote:
>>> If switching the mirror question
questions by default.
What's mirroradm's take on this?
Kind regards and thanks
Philipp Kern
resolves.
I think such a scheme could work for apt too.
Arguably the correct way would be to fetch the PAC and execute it to
determine the proxy for the host. Of course that'd require interpreting
Javascript.
Kind regards
Philipp Kern
o wonder if we actually have sensible escalation points to solve
problems for the users and the bandwidth to do so. That concern is
especially grave if we're going to auto-hide the question by default.
Defaulting is something that makes sense to me.
Kind regards
Philipp Kern
[0] https://rt.de
ite random data (or in the case of
non-encrypted disks zeros) to the disk before deploying the system into
production.
Kind regards
Philipp Kern
derstand why that
is, but at the same time we then need to attenuate our feedback.
Anticipating the consequences requires a certain familiarity that new
contributors don't have. Still automatic pre-release testing is
something very useful.
Kind regards
Philipp Kern
[1]
https://salsa.debian.org/installer-team/debootstrap/merge_requests/16#note_35325
On 2018-08-24 14:29, Holger Wansing wrote:
Holger Wansing wrote:
Philipp Kern wrote:
> I have uploaded it now. I suppose we can still fix it after the fact if
> it's wrong.
I have triggered a l10n-sync run on dillon, to sync the new strings to
the translators material.
And sadly
On 2018-08-20 00:44, Steve McIntyre wrote:
On Tue, Aug 14, 2018 at 02:08:06PM +0200, Philipp Kern wrote:
https://salsa.debian.org/installer-team/partman-auto-lvm/merge_requests/1/diffs?commit_id=ac7bdd5b4e3cbeec24c7ecdd5e96f8fcfa7b9ee1
aims to import a patch from Ubuntu to introduce an
: Is sublevel 3 the right one for this question? It does come
with Ubuntu's set of translations already. I hope that those are ok to
import as well.
Kind regards and thanks
Philipp Kern
On 2018-07-31 10:46, Philipp Kern wrote:
On 2018-07-31 09:24, Philipp Kern wrote:
I buy the argument for attached removable file systems. It looks like
today fstrim iterates over /proc/self/mountinfo and trims all
non-pseudo/non-netfs. On the other hand enough guides on the internet
say that to
On 2018-07-31 09:24, Philipp Kern wrote:
I buy the argument for attached removable file systems. It looks like
today fstrim iterates over /proc/self/mountinfo and trims all
non-pseudo/non-netfs. On the other hand enough guides on the internet
say that to have a working system with an SSD, you
t by default.
I think the appropriate protection against a weekly(!) cronjob that
TRIMs your disk are a) backups and b) a filesystem that supports
snapshots and can recover from corruption. Keeping blocks around also
just makes forensics easier. (It's a double-edged sword.)
Kind regards
Philipp Kern
signature.asc
Description: OpenPGP digital signature
t I need to add DEBCONF_DEBUG=5 to the
grub command line, but that won't send the messages off the server.
log_host/log_port as documented on [1]?
Kind regards
Philipp Kern
[1] https://www.debian.org/releases/stretch/amd64/ch05s03.html.en
On 16.07.2018 14:46, Philipp Kern wrote:
> I fudged that locally on dillon adding a "(C)?" to the wrapper script.
> I'll also start another daily on barriere to see if it works now. I'll
> try to commit the fix to the repo, too.
Fixed in
https://salsa.debian.
o commit the fix to the repo, too.
Kind regards
Philipp Kern
signature.asc
Description: OpenPGP digital signature
bazaar.launchpad.net/~ubuntu-core-dev/partman-crypto/ubuntu/revision/736
>
> Could the Ubuntu patch please also be included in Debian?
> Adding this patch also partially solves bug #869897.
This has been discussed on [1] and was subsequently merged.
Kind regards and thanks
Philipp Kern
er are
notorious for requiring their users to use a hard-coded fe80::1 default
gateway. (And ifupdown supports this correctly.)
Kind regards
Philipp Kern
ange for it differently if
they need it. So the question is if we can prevent people from shooting
themselves into the foot and making their life actively worse with this
change.
Kind regards
Philipp Kern
On 5/21/18 3:06 PM, Cyril Brulebois wrote:
> Philipp Kern (2018-05-21):
>> So what's the current contract with apt? ASCII-armored files need to go
>> into .asc and binary files into .gpg? Is the right way to infer ASCII
>> armor to grep for the preamble?
> That would
g we'd want to preserve?
(I sort of agree that we should drop files into the right place, on the
other hand the fix would be "apt-install gnupg" with the current setup.)
Kind regards
Philipp Kern
signature.asc
Description: OpenPGP digital signature
Hi,
On 5/20/18 2:19 AM, Hideki Yamane wrote:
> On Fri, 18 May 2018 21:15:35 +0200
> Philipp Kern wrote:
>> I suppose the test harness is autopkgtest? Is there prior art on how to
>> set that up on Salsa? (Picking the backend and making sure that it
>> works, for instanc
On 5/20/18 12:30 PM, Hideki Yamane wrote:
> On Sun, 20 May 2018 10:14:13 +0200
> Philipp Kern wrote:
>> So the way it works with your patch is that local variables are
>> inherited by called functions (but not the caller). So from and dest
>> from just_get() are visib
On 5/20/18 1:24 AM, Hideki Yamane wrote:
> On Sat, 19 May 2018 20:18:17 +0200
> Philipp Kern wrote:
>> You local'ed from and dest and now don't pass it anymore to
>> wgetprogress. How does this work?
> It is passed to wget via $@
So the way it works with your pa
On 19.05.2018 07:14, Hideki Yamane wrote:
> On Mon, 14 May 2018 00:48:53 +0200
> Philipp Kern wrote:
>> any new about incorporating Raphael's suggestion? There's still a grave
>> bug opened against debootstrap right now (on a version that is in testing).
>
On 5/17/18 10:36 AM, Raphael Hertzog wrote:
> On Wed, 16 May 2018, Philipp Kern wrote:
>> I think what would be useful is coming up with a bunch of test cases and
>> adding them to Gitlab's CI feature.
> We have a few tests (probably need to be expanded) in debian/test
doesn't usually roll on code reviews, but of course I don't
disagree that they would be useful. But I don't think the solution is
"allow to push" -> "no one". Gitlab doesn't stop you from doing the
reviews anyway even if that's not set.
Kind regards
Philipp Kern
st forgot to push or if willingly kept
> it out for now...
Unmarking pending for this reason.
Kind regards and thanks
Philipp Kern
set -- "$PRIVATEKEY" "$@"
> fi
> if [ -n "$CERTIFICATE" ]; then
> set -- "$CERTIFICATE" "$@"
> fi
> if [ -n "$CHECKCERTIF" ]; then
> set -- "$CHECKCERTIF" "$@"
> fi
> if wgetprogress "$@"; then
> [...]
>
> Here we should be safe even if those 3 variables do contain spaces.
any new about incorporating Raphael's suggestion? There's still a grave
bug opened against debootstrap right now (on a version that is in testing).
Kind regards and thanks
Philipp Kern
tag 886016 + pending
thanks
Hi,
On 2/21/18 2:10 PM, Julien Cristau wrote:
> On 02/15/2018 11:31 AM, Philipp Kern wrote:
>> On 2018-01-01 17:01, Julien Cristau wrote:
>>> following patch looks at the Acquire-By-Hash field in (In)Release to get
>>> Packages from the by-
dling.
Kind regards and thanks
Philipp Kern
o not work well on a traditional filesystem if not
sharded by, say, hash prefix).
Instead it would need to restrict itself to only attempt metadata
fetches by-hash by passing some sort of flag around.
Kind regards and thanks
Philipp Kern
e" is not a bad one. ;-)
Kind regards
Philipp Kern
signature.asc
Description: OpenPGP digital signature
case. That's
probably easy to take care of[2]. But are there other changes that would
need to land in lockstep to make this work?
Kind regards and thanks
Philipp Kern
[1] I now added it to d-i's mrconfig, because leaving it out of there is
somewhat confusing.
[2] I'm unsure ye
*)
part where you commented out the problematic line. In that case the
variable set and setup_merged_usr would simply be skipped.
Kind regards
Philipp Kern
On 10/28/2017 11:31 AM, Julian Andres Klode wrote:
> On Fri, Oct 27, 2017 at 11:24:51PM +0200, Philipp Kern wrote:
>> The other half of the point is that sid is symlinked to various suites,
>> so when we fix debootstrap we'd have a script divergence for the coming
>> rel
o HTTPS?
We could then still apply Michael's patch, as long as we use
&url-debian-installer; properly for the URL. (The link wouldn't work
as-is anyway because it should use &releasename; instead of hard-coding
"stretch".)
Kind regards and thanks
Philipp Kern
signature.asc
Description: OpenPGP digital signature
On 10/27/2017 9:52 PM, Julian Andres Klode wrote:
> On Fri, Oct 27, 2017 at 09:40:00PM +0200, Philipp Kern wrote:
>> [ +jak +deity ]
>>
>> On 2017-10-25 12:38, Petr Cech wrote:
>>> apt 1.6~alpha removed binary package apt-transport-https and therefor
>>>
empty
transitional package for now.
Kind regards and thanks
Philipp Kern
could install a SIGSYS signal handler to print
which syscall was blocked, but did not find anything yet.
Does a seccomp kill land in dmesg?
Kind regards
Philipp Kern
of architecture consistency. :/
Kind regards
Philipp Kern
se it's local configuration, I think. This mechanism loses the key
agility we have with debian-archive-keyring and the reference of a file
updatable by a package instead of a single key but that's maybe fair in
the context of local configuration[*].
Kind regards
Philipp Kern
[*] But ne
be shipped in udebs? As in do we expect
.udebs to be selfcontained? I was a bit perplexed that libkmod2-udeb
does not ship shared library and thus system one is used which is
built differently.
(all of udeb is build without hardening, but deb library is built with
hardening)
Maybe you should file bugs and/or discuss this on -boot.
Kind regards
Philipp Kern
uration.
>
> I suggest the debian installer should be able to deal with link local ipv6
> addresses.
You redacted your link-local address to be dead:beef::. I suppose what
you actually mean is one with a fe80:: prefix? (I.e. it'd have been more
helpful to redact the MAC/actual address.)
Kind regards
Philipp Kern
signature.asc
Description: OpenPGP digital signature
also don't seem to state why this should
work in the first place.
Kind regards
Philipp Kern
signature.asc
Description: OpenPGP digital signature
nly get more so.
>
> (Indeed, it wouldn't be too much of a stretch to justify removing
> *non*-HTTP support!)
>
>> Marga's been looking into this lately, see #802591 & #802596.
>
> These have now been closed :)
Yup, and should have fixed this issue wi
tely the standard setup does not ship
with the mitigating controls.
Kind regards
Philipp Kern
signature.asc
Description: OpenPGP digital signature
z240's firmware is broken. Do you use
the current UEFI BIOS? If not, I'd at least try to upgrade it.
Also the installer's syslog (/var/log/installer/syslog* on the installed
system) would be helpful to see.
Kind regards
Philipp Kern
signature.asc
Description: OpenPGP digital signature
rned on. And
change it to make brute force attacks harder.
Of course in any kind of company context I would despise *rules* (which
this comment is not - it's just a suggestion) because they lower security.
Kind regards
Philipp Kern
signature.asc
Description: OpenPGP digital signature
olicy at the root inode works or not. (And I tried to
confirm both questions, but encryption didn't work with loop filesystems
because of the blocksize, unfortunately.)
Kind regards
Philipp Kern
signature.asc
Description: OpenPGP digital signature
to
sudo to root.)
Kind regards
Philipp Kern
signature.asc
Description: OpenPGP digital signature
he other hand the address it handed out has a lifetime of
5 months. -_-
~ # ip add
[...]
inet6 2002:903:15f:550:72e2:84ff:fe14:24ee/64 scope global dynamic
valid_lft 2591868sec preferred_lft 604668sec
Kind regards
Philipp Kern
v4 server
on the network where you tried this? Because the DHCP client seems to be
unable to acquire an address. Does an IPv6 nameserver work? (Assuming
your 6to4 connectivity actually works.)
Also it'd be helpful to see "ip -6 route" and "ip route".
Kind regards
Philipp Kern
On 04/20/2017 08:34 PM, Marga Manterola wrote:
>> After a lot of debugging with Philipp Kern, we were able to find out
> that dmsetup was hanging on a udev cookie semaphore. The udev outside
> of the chroot is compiled udev_sync, and it doesn't have dmsetup rules,
> so it
al0
repository (which accepts an arbitrary URL).
Kind regards
Philipp Kern
erms of wrapping on the terminal. We could also ponder
adding CONFIG_LESS=y in some minimal build flavor.)
Kind regards
Philipp Kern
signature.asc
Description: OpenPGP digital signature
s entirely for wheezy.
Unfortunately for this and s390-netdevice there's no upstream to work with.
> Thank you for considering!
>
>
> [1] http://www.kernel.org/pub/linux/utils/kernel/hotplug/libudev/
This link is broken.
> [2] http://www.kernel.org/pub/linux/utils/ke
an't really judge whether this could be annoying in d-i,
> it seems to me that's just fixing a move which hadn't happened with the
> net.ifnames transition, for specific hardware?
FWIW, I have tested this on an installation and haven't seen any problems.
Kind regards
Philipp Kern
signature.asc
Description: OpenPGP digital signature
I wasn't sure how to tell if reportbug already attached information. At
least d-i's syslog is attached to this mail.
syslog.gz
Description: application/gzip
Package: installation-reports
Severity: normal
-- Package-specific info:
Boot method: IPL from CMS
Image version: https://d-i.debian.org/daily-images/s390x/daily/ 2017-04-08 00:01
Date:
Machine: IBM 2964 (z13)
Partitions:
Base System Installation Checklist:
[O] = OK, [E] = Error (please elab
On 04/02/2017 09:03 PM, Cyril Brulebois wrote:
> Philipp Kern (2017-04-02):
>> What do you want to see where? Another hunk to [1]? That doesn't seem to
>> feature crypto at all yet. installer/doc/devel/partman-auto-recipe.txt
>> doesn't mention it either.
>&g
don't mind adding a hunk like this:
# When disk encryption is enabled, skip wiping the partitions
# beforehand.
#d-i partman-auto-crypto/erase_disks boolean false
Do you think there should be more, like an example recipe?
Kind regards
Philipp Kern
[1] https://www.debian.org/releases/stretch/exam
be willing to help develop a
patch and/or help test one.
Well, if you have ideas that work within the current framework, we can
see about that. Thanks for the offer. :)
Kind regards
Philipp Kern
ads to the main archive. We'd need to trigger builds
whenever testing changes and then auto-upload a corresponding build.
It's both a technical and political problem to make that happen.
Kind regards
Philipp Kern
signature.asc
Description: OpenPGP digital signature
;forcd1" specifically? I'm not sure what the netinst list is
but forcd1's header tells me it's specifically not for
netinst/businesscard. I fear we also need it there given the fix will be
in bootstrap-base. Does that mean that we actually need to propagate
dependencies there somehow?
Kind regards
Philipp Kern
signature.asc
Description: OpenPGP digital signature
ling
debootstrap to pull them in upon initial installation, assuming the
media has it, seems feasible to me.
Kind regards
Philipp Kern
On 01/29/2017 11:15 PM, Philipp Kern wrote:
> On 01/16/2017 01:18 AM, Josh Triplett wrote:
>> netcfg supports preseeding the domain via netcfg/get_domain, but
>> providing an empty values results in the installer still prompting.
>> Please consider providing a way to preseed
ompt for one.
Unfortunately I can't reproduce this. Could you provide a syslog of an
installation where that's happening? And probably
/var/lib/cdebconf/questions.dat as well.
Kind regards and thanks
Philipp Kern
signature.asc
Description: OpenPGP digital signature
es not introduce a translatable string, so I'd be hopeful
that we could still merge this for stretch. I tested the possible paths
through this in qemu and the patch only triggers if the option is
explicitly set to false.
Kind regards
Philipp Kern
diff --git a/autopartition-crypto b/au
ing grep?) if the
file is armored or not? I think `apt-key add' just dealt with whatever
it got and put the key into the keyring using gpg's --import function.
So it's a little unfortunate that we'd now need to know the format of
what we need to put into the fragment directory.
Kind regards
Philipp Kern
signature.asc
Description: OpenPGP digital signature
ode is triggered by passing "rescue/enable=true" on the kernel
command-line. d-i ships with boot menu items that do this.
Kind regards
Philipp Kern
[0] https://anonscm.debian.org/cgit/d-i/rescue.git/tree/
signature.asc
Description: OpenPGP digital signature
On 12/30/2016 12:19 AM, Philipp Kern wrote:
> it needs to, yes. Otherwise you end up with the interface being
> unmanaged from n-m, despite the n-m snippet having been written. I
> suppose what we could do is just empty it out. At least trying that out
> was successful for me. I als
1 - 100 of 470 matches
Mail list logo
