On Fri, 11 Dec 2015 at 00:54:03 +, Ben Hutchings wrote:
> On Thu, 2015-12-10 at 12:15 +0100, Jonas Meurer wrote:
>> Hi there,
>>
>> On Thu, 10 Dec 2015 02:52:11 +0100 Guilhem Moulin
>> wrote:
>>> AFAIK there is no documentation for where users shou
From efcd427201f7c0b6835e8bdedc559bd5623bc87e Mon Sep 17 00:00:00 2001
From: Guilhem Moulin
Date: Sat, 12 Dec 2015 20:04:56 +0100
Subject: [PATCH] Add keyfile support for non-root devices.
---
debian/changelog | 3 +++
debian/initramfs/cryptroot-hook | 31 ---
debian/init
Hi John,
On Sun, 13 Dec 2015 at 18:27:33 +, John Talbut wrote:
> OK, so it seems that his may be a problem with cryptsetup. Is this a known
> problem? Is there a workaround?
AFAIK not.
> I have tried a boot with debug on. Trace attached.
Could you attach a text file instead, along with y
On Wed, 16 Dec 2015 at 23:37:31 -0500, Richard Hansen wrote:
> It should work on Debian, though I have not tested it.
The client part can't be shipped by cryptsetup; instead, it should have
its own ‘dropbear-initramfs-client’ package. But IMHO this is not
really necessary: as explained in dropbea
key="Please unlock disk $diskname"
- else
-cryptkeyscript="/lib/cryptsetup/askpass"
-cryptkey="Please unlock disk $diskname: "
- fi
+ cryptkeyscript=/lib/cryptsetup/askpass
+ cryptkey="Please unlock disk $diskname: "
fi
diff --git a/d
he keyfile in cryptroot-script,
> so the keyfile itself is not touched by us at all.
>
> Sure, it would be nice to warn the user if she stores the keyfile on an
> unencrypted root fs, but then this is just one more corner case where a
> user implements an uncommon custom setup in an unsecure
Sorry, typo :-P
--
Guilhem.
From 2d877465f22b608945e2544510f5ac4240508325 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin
Date: Sat, 12 Dec 2015 20:04:56 +0100
Subject: [PATCH] Add keyfile support for non-root devices.
---
debian/changelog | 3 +++
debian/initramfs/cryptroot
Grmbl, in fact I didn't test it properly: the resume device was mounted
by systemd not by the initramfs image. This seems to be due to the
current init which requires all node devices to be present before the
rootfs is being mounted, as found in initramfs-tools(8):
local-top OR nfs-top Af
Hi Jochen,
On Sat, 23 Aug 2014 at 17:31:06 +0200, Jochen Schmitt wrote:
> I would like to forward several patches which I have applied to the
> pgp-tools package in Fedora for upstream integration.
Thanks!
> diff -urNp --exclude-from=/home/mdomsch/excludes --minimal
> signing-party-1.1.orig/key
Hi Noël,
On Tue, 26 Aug 2014 at 18:43:51 +0200, Noël Köthe wrote:
> caff doens not convert the IDN domains to punycode:
Hmm, it's working fine here (signing-party 1.1.8-1):
:~$ locale
LANG=en_US.UTF-8
LANGUAGE=en
LC_CTYPE=en_US.utf8
LC_NUMERIC=C
LC_TIME=en_DK.utf8
LC_COLLATE=en_US.utf8
LC_MONETA
/series
have been applied as well.
http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2015q3/001777.html
However, this time I didn't pull in the changes (although Debian is now 3
releases behind…)
> On Fri, Jul 31, 2015 at 05:44:09AM +0200, Guilhem Moulin wrote:
>> Alright, this
Hi,
On Sat, 26 Mar 2016 at 16:06:29 +, Filippo Giunchedi wrote:
> When ran with set -x I noticed
> /usr/share/initramfs-tools/scripts/init-premount/dropbear sourcing
> /conf/initramfs.conf.
> This undoes the /proc/cmdline parsing done by /usr/share/initramfs-tools/init
> earlier though and set
Package: wnpp
Severity: wishlist
Owner: Guilhem Moulin
* Package name: lacme
Version : 0.1
Upstream Author : Guilhem Moulin
* URL : https://git.guilhem.org/lacme/about/
* License : GPL-3+
Programming Lang: Perl
Description : ACME client written with
Package: wnpp
Severity: wishlist
Owner: Guilhem Moulin
* Package name: lacme-accountd
Version : 0.1
Upstream Author : Guilhem Moulin
* URL : https://git.guilhem.org/lacme/about/
* License : GPL-3+
Programming Lang: Perl
Description : lacme account key
Package: sponsorship-requests
Severity: wishlist
Dear mentors,
I am looking for a sponsor for my package "lacme"
* Package name: lacme
Version : 0.1-1
Upstream Author : Guilhem Moulin
* URL : https://git.guilhem.org/lacme/about/
* License : GPL-3+
Hi Harlan,
On Wed, 15 Jun 2016 at 22:30:18 -0400, Harlan Lieberman-Berg wrote:
> I'm curious about how you would differentiate a package like this from
> the other ACME clients out there -- I know specifically letskencrypt
> seems to fall in the same kind of category (highly isolated
> components;
Hi Harlan,
On Wed, 15 Jun 2016 at 22:30:18 -0400, Harlan Lieberman-Berg wrote:
> Guilhem Moulin writes:
>> I am looking for a sponsor for my package "lacme"
>
> This looks like a well-Debianized package to me.
> […]
> I also want to make you aware of the Let's
On Mon, 27 Jun 2016 at 15:37:28 +, Clint Adams wrote:
> What could be easier is to --edit each key and see if it gives the
> gpg: moving a key signature to the correct place
> message but of course that's tedious too.
By the way, gpg <2.1.13 might fail to reorder the packets properly on
keys w
Hi Helmut,
On Tue, 28 Jul 2015 at 23:01:57 +0200, Helmut Grohne wrote:
> dropbear has two problems concerning cross compilation:
>
> * It runs a build arch strip which cannot handle the crossed binaries.
> Thus the build fails (see attached log).
> * It does not run dpkg-shlibdeps, thus Depends a
losely.
> On Sat, Jul 11, 2015 at 03:20:52PM +0200, Guilhem Moulin wrote:
>> Note that while the current maintainer (Gerrit, CC'ed) told me to go
>> ahead and proceed with a NMU, they are not able to sponsor me at the
>> moment. Furthermore I'm currently a DM and wou
Source: grub-legacy
Version: 0.97-67
Severity: normal
Tag: patch
Dear Maintainer,
It'd be convenient to place grub-install's temporary files in $TMPDIR
when set. Right now they are placed in /tmp, which on a typical install
is on the same partition as /; hence if for some reason / is mounted in
I did file a bug against gpg2 a couple of weeks ago (#751266). I'm
a bit reluctant to implement a dirty bugfix in caff, as one can fallback
to gpg in the meantime.
Cheers,
--
Guilhem.
signature.asc
Description: Digital signature
The MIME::Field::ParamVal module is provided by libmime-tools-perl, on
which caff depends.
$ dpkg -L libmime-tools-perl | grep ParamVal.pm
/usr/share/perl5/MIME/Field/ParamVal.pm
$ dpkg -l | grep libmime-tools-perl
ii libmime-tools-perl 5.505-1 all Perl5
An arguably simpler alternative to copying mountpoint(1) is to grep
through /proc/mounts.
--
Guilhem.
signature.asc
Description: Digital signature
On Fri, 29 May 2015 at 19:18:04 +0200, Guilhem Moulin wrote:
> An arguably simpler alternative to copying mountpoint(1) is to grep
> through /proc/mounts.
Forgot the patch, sorry.
--
Guilhem.
--- a/usr/share/initramfs-tools/scripts/init-premount/devpts
+++ b/usr/share/initramfs-tools/s
Hi,
> The problem is that, while klibc can bring up and down network
> interfaces, the interface configuration does not go away.
What doesn't go away exactly? (What do you mean by “interface
configuration”?) I wonder if ip(8) could help, by the way. It's
included in the initrd, can flush route
tags -1 patch
thanks
I believe the issue it that the init-premount script sets $IPOPTS while
‘configure_networking’ uses $IP to pick and configure interfaces.
--
Guilhem.
--- a/usr/share/initramfs-tools/scripts/init-premount/dropbear
+++ b/usr/share/initramfs-tools/scripts/init-premount/dropbear
On Fri, 29 May 2015 at 23:35:26 -0500, Karl O. Pinc wrote:
> Or maybe adding a flush after the ipconfig brings the
> interface down.
>
> Hopefully this would remove the old "boot-temporary" ip
> netmask, routes, etc. and leave the interface "clean"
> and ready to get it's normal configuration.
>
Dear mentors,
I am still in need for a sponsor for my package dropbear, so please
allow me to bump the thread :-)
https://bugs.debian.org/790125
Note that while the current maintainer (Gerrit, CC'ed) told me to go
ahead and proceed with a NMU, they are not able to sponsor me at the
moment.
Hi Vincent, Gerrit,
On Tue, 14 Jul 2015 at 18:42:53 -0700, Vincent Cheng wrote:
> NMUs are intended to be minimally intrusive and be targeted to fix
> specific bugs (and usually RC/important ones); that means that in
> general, you should avoid things like new upstream releases and
> extensive pac
Hi,
On Mon, 20 Jul 2015 at 13:55:35 +0200, Maria Valentina Marin wrote:
> While working on the “reproducible builds” effort [1], we have noticed
> that dropbear could not be built reproducibly.
There is an ongoing effort to refactor and split the dropbear package in
order to isolate the binary, s
Package: mysql-server
Version: 5.5.42-1
Severity: normal
Dear Maintainer,
When checking for insecure root accounts, ‘debian-start.inc.sh’ merely
lists root accounts with an empty password:
SELECT COUNT(*) FROM mysql.user WHERE user='root' and password='';
However, such an account can be per
Package: src:linux
Version: 4.0.2-1
Severity: important
Dear Maintainer,
I have the following — probably not so common — configuration:
- libreboot BIOS (a deblobed coreboot) with a GRUB2 payload
- root is BTRFS, with rootflags=subvol=@
Since I don't want to flash a new payload onto the
On Fri, 15 May 2015 at 03:57:35 +0100, Ben Hutchings wrote:
> GRUB knows how to do this properly, so you're just making things
> difficult for yourself.
Since there is always a risk of bricking the board when flashing the
BIOS chip, I don't want to add a hook add flash it whenever I upgrade
the ke
On Fri, 15 May 2015 at 13:47:59 +0100, Ben Hutchings wrote:
> On Fri, 2015-05-15 at 05:24 +0200, Guilhem Moulin wrote:
>> On Fri, 15 May 2015 at 03:57:35 +0100, Ben Hutchings wrote:
>>> GRUB knows how to do this properly, so you're just making things
>>> difficult
On Sun, 31 May 2015 at 21:30:25 -0500, Karl O. Pinc wrote:
> On Mon, 1 Jun 2015 03:30:36 +0200 Guilhem Moulin wrote:
>> I'll see if the linux-initramfs-tool would be willing to accept an
>> ‘unconfigure_networking’ function using ip(1).
>
> I haven't looked a
Control: severity -1 wishlist
Control: retitle -1 Please support GnuPG 2.1
Hi Brian,
On Tue, 02 Dec 2014 at 17:23:21 -0500, Brian Minton wrote:
> If I have the gpg config entry set to gpg2 (with or without the path)
> version 2.1, I get the following message:
(I'm assuming you're talking about c
Control: tags -1 + pending
Hi Nelson,
On Sat, 29 Nov 2014 at 13:17:35 -0200, Nelson A. de Oliveira wrote:
> caff has a hardcoded e-mail subject.
> It would be good if we could also customize it (in .caffrc)
Done in r739:
https://anonscm.debian.org/viewvc/pgp-tools?view=revision&revision=739
The
On Tue, 02 Dec 2014 at 17:23:21 -0500, Brian Minton wrote:
> If I have the gpg config entry set to gpg2 (with or without the path)
> version 2.1, I get the following message:
>
> gpg: skipped "0424DC19B678A1A9": No secret key
>
> 0424DC19B678A1A9 is my key, the private key of which is usable by g
On Tue, 02 Dec 2014 at 19:20:22 -0500, Brian Minton wrote:
> Update: That did not in fact fix the problem. I had removed the gpg2 line
> from the config file. When I put it back in, it still gives the message.
I just pushed a fix (r741) for the branches 1.4 and 2.0 of GnuPG. The
2.1 branch has
Control: tags -1 + pending
Hi Peter,
On Thu, 11 Dec 2014 at 19:28:29 +0100, Peter Lebbing wrote:
> I noticed that the quiet zone is only about 2 modules, and that's
> assuming you cut it exactly at the lines. My phone had no problem
> scanning the picture even on a starkly contrasting background,
Hi Ewen,
Your report says you have signing-party 1.1.4-1, but your patch seems to
be against a more recent version :-P But anyway I agree that the
standard output shouldn't be thrown away like that. That said the
absence of GPG_TTY in the environment doesn't seem to bother my gpg(1);
doesn't the
Control: retitle -1 caff: The absence of GPG_TTY causes silent caff failures in
OSX
Control: tag -1 + pending
On Wed, 21 Jan 2015 at 11:12:44 +1300, Ewen McNeill wrote:
> - MacPorts (OS X) (gpg 1.4.18): works _without_ sderr redirected, fails with
> stderr redirected (no output, exit code 1), unl
On Wed, 21 Jan 2015 at 15:52:45 +1300, Ewen McNeill wrote:
> if (defined($ENV{MACHTYPE}) &&
>$ENV{MACHTYPE} =~ /apple/ && ! defined($ENV{'GPG_TTY'})) {
> warn "warning: Certain gpg actions may fail if GPG_TTY is not set, ",
> "causing silent caff failures.\n";
> }
>
> But maybe
I'm a bit reluctant to make caff non-interactive by default, and would
rather let users specify the MUA and their options themselves, rather
than hardcoding a bunch of supported MUAs in caff. My 'mail-cmd'
proposal above seems to achieve the same thing (let users interact with
their MUA to add per
This is due to GnuPG 2.1 ignoring --secret-keyring:
--secret-keyring file
This is an obsolete option and ignored. All secret keys are
stored in the private-keys-v1.d directory below the GnuPG home
directory.
But caff has its own GnuPG home (~/.caff/gnupghome by defaul
Following http://lists.gnupg.org/pipermail/gnupg-devel/2015-January/029301.html
caff's $CONFIG{'secret-keyring'} has been deprecated, and the symlinks
are automatically created when the secret keyrings are not present.
--
Guilhem.
signature.asc
Description: Digital signature
In fact I changed that (r773) to symlink the agent's socket(s) instead;
it's much cleaner as it doesn't spawn multiple agent in
~/.caff/gnupghome and the temporary directories. However caff won't
work with gpg <= 2.1.2, due to gpg not flushing its standard output
before the status prompts during t
Package: dput
Version: 0.9.6.4
Severity: normal
Dear Maintainer,
dput uses a hardcoded ‘/usr/bin/gpg’ when checking signatures. This no
longer works if the user uses GnuPG 2.1 (currently available in
experimental) has migrated her keyring to the keybox format, since this
format is not readable b
Control: tags -1 pending
Hi Tomasz,
On Sun, 23 Aug 2015 at 12:47:01 +0200, Tomasz Buchert wrote:
> my gpg key is paticular: it has an uid that has been revoked and then
> subsequently recreated. As a result, it does not show up in the output of
> gpglist.
>
> I've created a patch that fixes that
Hi,
On Tue, 01 Sep 2015 at 22:16:33 +0200, Eduard Bloch wrote:
> Basically all keys are ignored. Why? No idea, I added an X to the file,
> assuming that this should be enough. Manpage doesn't provide much more
> information for this kind of usage. Sample attached.
The Debconf ksp organisers didn'
Hi,
On Tue, 01 Sep 2015 at 22:11:23 +0200, Eduard Bloch wrote:
> And for some reason, gpg-agent is no longer working, I guess it's
> caused by gpg2 installation?
It has nothing to do with signing-party anyway.
> The solution is removing .caff/gnupghome and let it replace it. This is
> either a b
Hi Vasudev,
On Tue, 10 Nov 2015 at 21:20:32 +0530, Vasudev Kamath wrote:
> Since Android upstream stopped shipping Droid fonts and its been
> declared that Noto fonts will be superseding the Droid¹² we in
> "Debian Fonts Task Force" team decided to drop fonts-droid package.
>
> One of your packag
ebian/pool/main/d/dropbear/dropbear_2015.70-1.dsc
More information about dropbear can be obtained from
http://matt.ucc.asn.au/dropbear/ .
Changes since the last upload:
[ Matt Johnston ]
* New upstream release.
[ Guilhem Moulin ]
* dropbear-initramfs:
+ Take dropbear option
patch to remove dropbear-specific configuration from
d/README.Debian, remove d/README.remote all together, and point to
dropbear-initramfs instead.
--
Guilhem.
From 5acc4c2b5ba1b34c2ffe755d08358f11d34fd8a6 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin
Date: Mon, 12 Oct 2015 21:13:31 +0200
Subject
Control: tags -1 + moreinfo unreproducible
Any news on that, e-mmanuel? It would be great if we could avoid the
autoremoval from testing ;-)
On Mon, 19 Oct 2015 at 21:15:00 +0200, e-mmanuel wrote:
> the problem occurs on my other server.
> Both are clean (production servers).
FWIW, it's not bec
Control: severity -1 important
Control: retitle -1 dropbear-initramfs: the console shouldn't hang while the
network is being configured
Control: tags -1 + pending
Hi Vincent,
Fixed, see
https://anonscm.debian.org/cgit/collab-maint/dropbear.git/commit/?id=5e982128fd95a6e90aa360317d88340179960
Hmm actually I should also make sure to kill the forked process and its
children in the local-bottom script. Otherwise the configure_networking
loop might survive the pivot_root, and mess around with the new
fs/sysfs (for instance ipconfig is not in the new $PATH).
--
Guilhem.
signature.asc
De
On Thu, 03 Dec 2015 at 10:54:05 +0100, Vincent Lefevre wrote:
> Indeed, with ip=off added from the GRUB startup screen, the
> DHCP client is not started.
By the way, as of 2015.70-1 this is is documented under
/usr/share/doc/dropbear-initramfs/README.initramfs
> And this doesn't seem to be do
On Thu, 03 Dec 2015 at 14:00:00 +0100, Vincent Lefevre wrote:
>> I didn't either, as I couldn't solve the halting problem I just poked
>> around to see why the network configuration seemed to loop :-P Anyway
>> that file is shipped by the initramfs-tools package, so if you want that
>> behavior to
On Sat, 26 Sep 2015 at 17:50:19 +0200, Vincent Bernat wrote:
>> Awesome, thanks! The below packages have been working fine on a
>> production Jessie server. (It's a bit painful to migrate from Wheezy,
>> but it'll be just as painful to migrate to Strech anyway.)
>>
>> dget -x
>> http://mentors.
On Mon, 28 Sep 2015 at 11:37:39 +0200, Paul Wise wrote:
> On Fri, Sep 25, 2015 at 9:26 PM, Guilhem Moulin wrote:
>> not a reason for rejection
>
> Not being willing to sponsor the package isn't a rejection, just an
> indicator that I don't have time for a proper
Control: retitle -1 RFS: netmask/2.4.2-1 [ITA] - helps determine network masks
On Mon, 28 Sep 2015 at 11:37:39 +0200, Paul Wise wrote:
> Part of the package maintainer's job is to forward patches, bug
> reports and feedback upstream, so thanks for doing that :)
Moreover upstream has been super re
On Tue, 29 Sep 2015 at 11:21:29 +0200, Paul Wise wrote:
> For the uscan OpenPGP support to work, upstream needs to release
> tarballs (using make distcheck), upload detached OpenPGP signatures
> and debian/watch needs to contain an pgpsigurlmangle= option. The
> github releases feature can be used
Hej Gianfranco!
On Fri, 25 Sep 2015 at 20:25:08 +0200, Guilhem Moulin wrote:
> You'll find the new upload at
>
> dget -x
> http://mentors.debian.net/debian/pool/main/d/dropbear/dropbear_2015.68-1.dsc
Did you have time to look at the new upload yet? (Since you didn't tak
no}’ environment
variable and the following two-liner as unlock script:
#!/bin/sh
PLYMOUTH=no exec /scripts/local-top/cryptroot
Cheers,
--
Guilhem.
#!/bin/sh
# Remotely unlock encrypted volumes.
#
# Copyright © 2015 Guilhem Moulin
#
# This program is free software: you can redistribute
Hi,
On Thu, 01 Oct 2015 at 17:53:21 +0100, Gianfranco Costamagna wrote:
> Hi, I could own the bug no problem, just I would like to avoid
> stealing the package to Helmut!
Fair enough :-)
> - dpkg shows that a default configuration file has changed, asking me how to
> proceed
This is because /
Control: found -1 1.1.2+dfsg.1-4
Hi Joachim,
On Fri, 02 Oct 2015 at 10:18:14 +0200, Joachim Breitner wrote:
> The upgrade did not go fully smooth, I got
>
> Vorbereitung zum Entpacken von .../roundcube_1.1.2+dfsg.1-4~bpo8+1_all.deb ...
> dpkg-maintscript-helper: error: directory '/usr/share/doc/
Hi,
On Fri, 02 Oct 2015 at 14:47:21 +, Gianfranco Costamagna wrote:
> cat of what? I'm not sure this is correct... can you please clarify?
cat of the ‘showpubkey’ function's standard input :-) ‘showpubkey’ is
used as follows:
dropbearkey … | showpubkey "$keyfile"
dropbearkey(1) prints th
Hi!
On Fri, 02 Oct 2015 at 15:49:18 +, Gianfranco Costamagna wrote:
> no problem, just ping me whenever your package becomes ready again.
So with Guillem Jover's help on #debian-dpkg I managed to solve the
problem of the configuration file in dropbear 2014.65-1's /usr. (Using
dpkg-maintscrip
Hi,
On Sat, 03 Oct 2015 at 19:00:16 +0200, Vincent Bernat wrote:
> For some reason, roundcube-core in wheezy contains
> /usr/share/doc/roundcube/main.inc.php.dist. I don't know how to fix that
> correctly. Maybe by making roundcube conflicts with roundcube-core < 1.
Indeed, adding “Breaks: roundc
Package: piuparts
Version: 0.66
Severity: wishlist
Dear Maintainer,
`piuparts --schroot=unstable-amd64-sbuild […] dropbear_2015.68-1_amd64.changes`
fails because the .deb files are not properly ordered when given to `dpkg -i`.
Indeed, piuparts runs
dpkg -i tmp/dropbear-bin_2015.68-1_amd64.de
On Tue, 01 Sep 2015 at 22:43:19 +0200, Guilhem Moulin wrote:
> Could you also try to create a fresh caff keyring with gnupg 1.4 and
> later try to run caff with 2.1? Something like that:
>
> mv ~/.caff/gnupghome ~/.caff/gnupghome1
> # set ‘$CONFIG{'gpg'} = '
Hi,
On Wed, 02 Sep 2015 at 22:20:03 +0200, Eduard Bloch wrote:
> * Guilhem Moulin [Tue, Sep 01 2015, 10:43:19PM]:
>> On Tue, 01 Sep 2015 at 22:11:23 +0200, Eduard Bloch wrote:
> But I saw no trustdb check when caff is working...
caff doesn't create a trust database because it do
Control: tag -1 moreinfo unreproducible
On Wed, 02 Sep 2015 at 22:20:03 +0200, Eduard Bloch wrote:
> $ gpg2 --homedir ~/.caff/gnupghome.alt --list-key
> 7C3AB9CFD230BD30DD009C591E7091B1F14A64A2
> gpg: checking the trustdb
> gpg: keydb_get_keyblock failed: Legacy key
> gpg: keydb_get_keyblock fail
On Thu, 03 Sep 2015 at 19:14:59 +0200, Eduard Bloch wrote:
> * Guilhem Moulin [Thu, Sep 03 2015, 11:46:42AM]:
>> Also, do you have any v3 keys in your keyring? What's the output of
>>
>> gpg --homedir ~/.caff/gnupghome.alt --with-fingerprint --with-fingerprint
&g
Two more things: do you have v3 private material as well? You can count
them with
gpg --with-fingerprint --with-fingerprint --with-colons --list-secret-keys |
grep -icE '^fpr:([^:]*:){8}[0-9A-F]{32}(:.*)?$'
Are the key(s) specified in your ~/.caffrc (‘keyid’, ‘also-encrypt-to’,
‘local-user’)
Control: merge -1 632656
On Thu, 03 Sep 2015 at 22:16:36 +0200, nopanicplease wrote:
> The script /usr/share/scripts/init-premount/devpts returns an error
> 'mountpoint: not found' during system start. /bin/mountpoint is not
> available in initrd.img.
In fact mounting /dev/pts is no longer needed
Hi Manuel,
Right now each tool in signing-party uses the GNUPGBIN environment
variable (or “gpg” if it is not set) as path to the gpg binary.
However, while signing-party is ready for the soon-to-be GnuPG
transition (users can already export GNUPGBIN=gpg2 in their
~/.bash_profile), it won't work o
Hi,
On Fri, 09 Oct 2015 at 17:19:24 +, Gianfranco Costamagna wrote:
> how do you feel about merging the two above Ubuntu deltas in the Debian
> packaging?
Thanks for pointing that out. I didn't check the Ubuntu uploads, actually.
> https://launchpad.net/ubuntu/+source/dropbear/2014.65-1ubu
dropbear maintainers to update the documentation.
Cheers,
--
Guilhem.
[0] https://bugs.debian.org/790125
From bcd0590f3a0b097602bda4ce76550cee77131aaf Mon Sep 17 00:00:00 2001
From: Guilhem Moulin
Date: Sat, 10 Oct 2015 21:38:25 +0200
Subject: [PATCH] Update remote unlocking via SSH due
Control: block -1 by 782024
On Sat, 10 Oct 2015 at 21:42:27 +0200, Guilhem Moulin wrote:
> Hence /usr/share/doc/cryptsetup/README.Debian.gz section 8, as well as
> /usr/share/doc/cryptsetup/README.remote.gz, have to be updated to point
> to the new package name (dropbear-initramfs) and t
passphrase against each existing keyslot can take a while. Patch
attached.
Cheers,
--
Guilhem.
From eb24bcc9cec437d99f97b8403591d710e0a727ab Mon Sep 17 00:00:00 2001
From: Guilhem Moulin
Date: Sun, 11 Oct 2015 00:50:35 +0200
Subject: [PATCH] Make the cryptroot initramfs script & hoo
On Sat, 10 Oct 2015 at 21:42:27 +0200, Guilhem Moulin wrote:
> However, perhaps the material found in
> /usr/share/doc/cryptsetup/README.remote.gz
> should be shipped by dropbear-initramfs instead? The only purpose of
> that package is to install drobpear to the initrd, which migh
On Thu, 01 Oct 2015 at 12:24:58 +0200, Guilhem Moulin wrote:
> since I like Matthias' solution better
On second thought I take that back on second thought. Aside from a typo
in my previous patch, init scripts such as /scripts/local-top/cryptroot
are intended to run sequentially, and run
Hi,
On Fri, 16 Oct 2015 at 16:01:21 +0200, e-mmanuel wrote:
> During upgrade of roundcube (from 1.1.2+dfsg.1-4 to 1.1.2+dfsg.1-5),
> aptitude reports errors and upgrade stops.
Hmm odd. The 1.1.2+dfsg.1-4 → 1.1.2+dfsg.1-5 upgrade works just file in a
clean(+dialog) sid chroot:
~# echo 'deb http:
Control: tags -1 patch
Control: retitle -1 Stalled SSH connections after existing initrd due to
remaining dropbear children processes
To terminate all existing SSH sessions, it's somewhat cleaner to kill
all children before exiting the server.
Cheers,
--
Guilhem.
--- dropbear/dropbear 2015-06-0
On Mon, 01 Jun 2015 at 07:53:28 -0500, Karl O. Pinc wrote:
> On Mon, 1 Jun 2015 13:46:26 +0200 Guilhem Moulin wrote:
>> On Sun, 31 May 2015 at 21:30:25 -0500, Karl O. Pinc wrote:
>>> On Mon, 1 Jun 2015 03:30:36 +0200 Guilhem Moulin
>>> wrote:
>
>> I'd
‘configure_networking’ was moved to the background in commit a3b7a7d6.
According to debian/changelog it was meant to be a fix for #514213 and
#524728. I'd say the proper fix would be to follow Simon McVittie's
suggestion [0] and split the dropbear package as follows:
* dropbear-bin (executable,
On Fri, 29 May 2015 at 19:47:43 +0200, Guilhem Moulin wrote:
> I believe the issue it that the init-premount script sets $IPOPTS while
> ‘configure_networking’ uses $IP to pick and configure interfaces.
Forget about that. IP is assigned properly by the ‘init’ script, and
IPOPTS isn&
In fact /dev/pts is mounted in the ‘init’ initramfs script since commit
261811b5 [0], so we could simply remove ‘scripts/init-premount/devpts’.
--
Guilhem.
[0]
https://anonscm.debian.org/cgit/kernel/initramfs-tools.git/commit/init?id=261811b5d0524c7fe579bf4ca22915c2dc4b636f
signature.asc
Desc
Control: tags -1 patch
Here is a patch setting the homedir to $(mktemp -d /root-XX).
--
Guilhem.
--- /home/guilhem/initramfs-tools/hooks/dropbear 2014-08-12 00:15:40.0 +0200
+++ /usr/share/initramfs-tools/hooks/dropbear 2015-06-16 23:11:27.060710678 +0200
@@ -31,8 +31,9 @@
for so
Package: irssi-plugin-otr
Version: 1.0.0-1+b2
Severity: normal
Dear Maintainer,
‘src/otr-formats.c’ defines a couple of irssi templates to be configured
with ‘/format otr ’. The list of templates and their current
values is listed by the ‘/format otr’ command:
[Statusbar]
stb_plaintext
is command:
dget -x
http://mentors.debian.net/debian/pool/main/n/netmask/netmask_2.4.3-1.dsc
Changes since the last upload:
[ Robert Stone ]
* New upstream release. (Closes: #802884.)
[ Guilhem Moulin ]
* debian/patches:
+ Make the build reproducible: setting --version twice no lon
w upstream release. (Closes: #775222.)
[ Guilhem Moulin ]
* debian/source/format: 3.0 (quilt)
* debian/compat: 9
* debian/control: bump Standards-Version to 3.9.6 (no changes necessary).
* debian/copyright: add machine-readable file.
* Split up package in dropbear-bin (binaries), dropbear
Hi there,
FYI, the soon to be 1.1.11 release of signing-party includes a new
script ‘gpg-key2latex’, which hopefully will solve the following
limitations inherent to the PS format:
- Support for Unicode in User ID (xelatex might be required for CJK
characters, though).
- Support for UAT
##
# argument handling
###
diff -Nru signing-party-1.1.10/debian/changelog
signing-party-1.1.10/debian/changelog
--- signing-party-1.1.10/debian/changelog 2014-10-11 23:09:24.0
+0200
+++ signing-party-1.1.10/debian/changelog 2014-11-07 22:17:51.00
Control: retitle -1 unblock: signing-party/1.1.10-2
unblock signing-party/1.1.10-2
On Fri, 07 Nov 2014 at 23:26:24 +0100, Niels Thykier wrote:
> On 2014-11-07 22:36, Guilhem Moulin wrote:
>> I would like to upload the attached changes: a regression bug has been
>> introduced i
02:02:16.0
+0100
@@ -1,3 +1,13 @@
+signing-party (1.1.10-3) unstable; urgency=medium
+
+ [ Guilhem Moulin ]
+ * caff:
++ Fix RCF 2822 violation: Never localize the "Date" header, regarless of
+ the LC_ALL, LC_TIME and LANG in use. Regression introduced in r698.
+
Oh by the way, please note that the email address I use for packaging,
namely guil...@guilhem.org, is not that of the primary UID of my OpenPGP
key 7420 DF86 BCE1 5A45 8DCE 9976 3927 8DA8 109E 6244.
Thanks!
--
Guilhem.
signature.asc
Description: Digital signature
101 - 200 of 1122 matches
Mail list logo
