/srv/irclogs.ubuntu.com/2022/01/19/#ubuntu.txt

=== beaver is now known as beaver-idle
=== mIk3_09 is now known as mIk3_08
Sven_vB	hi :) does Ubuntu focal have drivers for RTL8152B network adapter? are they available on apt?	02:01
Sven_vB	also, how do I discover that? my search engine only finds tutorials for how to compile it. OTOH, Realtek network adapters usually work out of the box, which would explain why no-one blogs about them.	02:05
Sven_vB	(except for compile help)	02:05
=== mIk3_09 is now known as mIk3_08
JackFrost	The description of firmware-realtek includes * Realtek RTL8152/RTL8153 firmware (rtl_nic/rtl8153b-2.fw)	02:06
Sven_vB	that's really close	02:08
oerheks	fixed in the 5.9 kernel	02:09
oerheks	!hwe	02:09
ubottu	The Ubuntu LTS enablement stacks provide newer kernel and X support for existing LTS releases, see https://wiki.ubuntu.com/Kernel/LTSEnablementStack	02:09
oerheks	hwe give 5.11 ..	02:09
oerheks	https://itectec.com/ubuntu/ubuntu-cant-get-rtl8125b-working-on-20-04/	02:09
Sven_vB	does that mean the upcoming LTS will ship with the drivers?	02:10
oerheks	interesting how you would update..	02:10
oerheks	oh, sure	02:10
ravage	the current LTS ships with the drivers	02:10
oerheks	or install 21.10	02:10
Sven_vB	that sounds good. thanks JackFrost, oerheks and ravage. :)	02:11
ravage	20.04 HWE is 5.11 or with edge even 5.13	02:11
ravage	so it should just work	02:11
tomreyn	and apparently the firmware is only needed for half duplex	02:13
tomreyn	...seeing the commit message here https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/drivers/net/ethernet/realtek?id=0439297be95111cf9ef5ece2091af16d140ce2ef	02:13
ubottu	Commit 0439297 in kernel/git/next/linux-next.git "r8169: add support for RTL8125B"	02:13
jhutchins	tomreyn: So yet another mark against "wifi always needs non-free firmware".	02:15
tomreyn	jhutchins: i assume you're not quoting me?	02:18
oerheks	"always' is not true.	02:18
oerheks	RTL8125B is wired, 2,5 gbE	02:19
=== M4he is now known as mahe
jhutchins	I wonder if that's what the Intel firmware is for.	02:28
=== genii is now known as genii-core
=== nacj_2 is now known as Mibix
=== beaver\|idle is now known as beaver
luca2006	film	06:14
matsaman	yes	06:15
=== diskin_ is now known as diskin
* imman [ 0day (xc) Our ] OFFICIAL CHANNEL FOR DEAL 0DAY https://un.org https://tjc.org ... . https://ircnow.org channel #0dev and channel #0day		07:22
=== imman is now known as skraito
EugenMayer	Hello. Running 20, is it to be expected that checkarray triggers a rebuildArray/RebuildFinished event when it runs (regularly) just out of no reason (raid is just fine)?	07:36
pagios	talking about PXE boot, i understand that one image can be deployed to multiple PCs over the network, my question is how is that achieved when the clients are not in total sync ? One pC asks for the image now, another asks after 5 seconds, the server sends the data to client1, but client2 is lagging how is that solved?	08:01
iomari891	greetings, many of my launchpad repos read "Cannot initiate the connection to ppa.launchpad.net:80 (2001:67c:1560:8008::19). - connect (101: Network is unreachable) [IP: 91.189.95.85 80]". ARe there alternative repos for launchpad?	08:36
iomari891	correction: I can't connect to any launchpad repo.	08:49
=== Bilge- is now known as Bilge
mozambique	I have a raid controller can some one help me isntall it	10:30
mozambique	*install it	10:30
webchat10	hello. I have a catch 22 situation. I can't start apache2 because it is missing an SSL certificate from letsencrypt but I can't fix letsencrypt certificate because I don't have a live webserver	10:42
webchat10	any suggestions to point me in the right direction? Otherwise, I am thinking I might have to remove apache2 and reinstall...	10:47
webchat10	Jan 19 03:09:47 BELV-SERV4-NVR systemd[1]: Starting The Apache HTTP Server...	10:47
webchat10	Jan 19 03:09:48 BELV-SERV4-NVR apachectl[2173]: Action 'start' failed.	10:47
webchat10	Jan 19 03:09:48 BELV-SERV4-NVR apachectl[2173]: The Apache error log may have more information.	10:47
webchat10	Jan 19 03:09:48 BELV-SERV4-NVR systemd[1]: apache2.service: Control process exited, code=exited status=1	10:47
webchat10	Jan 19 03:09:48 BELV-SERV4-NVR systemd[1]: apache2.service: Failed with result 'exit-code'.	10:47
Maik	!paste \| webchat10	10:47
ubottu	webchat10: For posting multi-line texts into the channel, please use https://paste.ubuntu.com \| To post !screenshots use https://imgur.com/ !pastebinit to paste directly from command line \| Make sure you give us the URL for your paste - see also the channel topic.	10:47
webchat10	Jan 19 03:09:47 BELV-SERV4-NVR systemd[1]: Starting The Apache HTTP Server...	10:50
webchat10	Jan 19 03:09:48 BELV-SERV4-NVR apachectl[2173]: Action 'start' failed.	10:50
webchat10	Jan 19 03:09:48 BELV-SERV4-NVR apachectl[2173]: The Apache error log may have more information.	10:50
webchat10	Jan 19 03:09:48 BELV-SERV4-NVR systemd[1]: apache2.service: Control process exited, code=exited status=1	10:50
webchat10	Jan 19 03:09:48 BELV-SERV4-NVR systemd[1]: apache2.service: Failed with result 'exit-code'.	10:50
webchat10	Jan 19 03:09:48 BELV-SERV4-NVR systemd[1]: Failed to start The Apache HTTP Server.	10:50
Maik	sigh	10:50
Maik	webchat10: use https://paste.ubuntu.com	10:52
webchat10	[Wed Jan 19 03:09:48.060678 2022] [ssl:emerg] [pid 2343:tid 139773782346688] AH02572: Failed to configure at least one certificate and key for www.example.com:443	10:52
webchat10	[Wed Jan 19 03:09:48.060976 2022] [ssl:emerg] [pid 2343:tid 139773782346688] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned	10:52
webchat10	[Wed Jan 19 03:09:48.060997 2022] [ssl:emerg] [pid 2343:tid 139773782346688] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/apache2/error.log for more information	10:52
webchat10	AH00016: Configuration Failed	10:52
Maik	dude	10:52
Maik	what we asked you to do?	10:52
Maik	webchat10: or are you just fooling around, flooding the channel...?	10:53
webchat10	no, first time trying this site to ask for some help since my website is donw	10:53
webchat10	down	10:54
Maik	i told you twice to use https://paste.ubuntu.com	10:54
webchat10	I tried copying some output to that paste.ubuntu.com and then I copied from there.	10:54
webchat10	Doesn't look right yet? you can't see my output?	10:54
Maik	you need to post the link....	10:54
webchat10	https://paste.ubuntu.com/p/VR57fspZ58/	10:55
webchat10	https://paste.ubuntu.com/p/zTBDkMB3R3/	10:57
webchat10	I changed my real domain and put example.com	10:58
webchat10	So, I'm asking how to remove references to my certificate and then i can try reissuing the certificate	10:58
Maik	that's all beyond my knowledge, wait for someone who knows how to assist you further	10:59
Maik	or ask in #linux maybe	10:59
webchat10	I messed up and only created my certificate via letsencrypt for i.e. example.com but not for www.example.com and I'm trying to fix it	10:59
djph	edit /etc/apache2/sites-available/yoursitename.conf (BACKUP FIRST!)	10:59
djph	oh	10:59
djph	oh	10:59
webchat10	I had used certbot	10:59
djph	in that case, just ask LE for the "www." as well	10:59
djph	um	10:59
djph	webchat10: certbot certonly -d comma,separated,domain,list --dry-run	11:04
djph	webchat10: note the "--dry-run" option -- that will let you verify the command will do what you expect. If all looks well, re-run the command without that option.	11:05
webchat10	right. but I already removed my certs so I have to start over with certbot	11:05
webchat10	so, the error relates to missing my certificates (not found)	11:05
djph	Either (1) remove the symlink in /etc/apache2/sites-enabled/site-https so that apache doesn't try to spin up that webserver	11:07
djph	or (2) comment out the entire host:443 configuration directive in the file (if one config file is handling both 80 and 443)	11:08
djph	then restart apache.	11:08
webchat10	I try that	11:09
webchat10	I tried commenting out the two seperate directive files for 80 and 443 and then i remembered I probably want to the directive file for 80 and I restored its backup (for the port 80 directive file). But not working. I tried restarting apache2 but still won't start. The log file says it is still missing certificate file *.pem	11:22
djph	why did you touch ANYTHING in the :80 directive file	11:23
=== user_ is now known as shantanuo
webchat10	its all ok, I restored it	11:23
djph	also, why is your :80 file referencing a cert at all?	11:23
webchat10	Its not	11:23
djph	how many sites are in sites-enabled?	11:24
djph	wait	11:24
djph	also	11:24
djph	EVERYTHING in /etc/apache2/sites-enabled is a SYMLINK back to /etc/apache2/sites-available, right?	11:24
webchat10	2 virtual hosts. my site I'm trying to restore and one called example.com to see if could get 2 different web sites to show on localhost	11:25
webchat10	not sure about that	11:26
djph	webchat10: okay, check that	11:26
webchat10	https://paste.ubuntu.com/p/W7gYWdsg4v/	11:29
webchat10	It appears it is symlinked	11:29
djph	indeed	11:31
djph	so then just remove the symlink 000-default-le-ssl.conf	11:31
webchat10	in enabled or available?	11:31
djph	the SYMLINK is in sites-enabled	11:32
djph	leave the file in sites-available alone	11:32
webchat10	do you know syntax to remove symlink?	11:32
djph	"rm"	11:33
djph	well, "sudo rm thefilename"	11:33
webchat10	ok. If I go to the ip address the site works but if I go to http://sitename.com it tries to go to https://sitename.com and won't work yet	11:40
webchat10	so there is some file telling it to force to the https version of the site.	11:41
webchat10	RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]	11:44
djph	yes, that configuration directive is in your default:80 file	11:44
webchat10	I'll try commenting out that?	11:44
djph	comment that out for the time being, then restart apache.	11:44
djph	although, as i recall, that doesn't actually mess with certbot	11:45
webchat10	yeah. commenting it out didn't work, the browser is still trying to redirect to https	11:48
djph	oh, it was a permanent redirect. The browser remembers. Use a different browser / forget the site from the one you're using	11:50
webchat10	I'll try	11:51
djph	note that "forgetting" a site will also tend to remove stored passwords, so be careful there ;)	11:52
webchat10	another browser works fine for port 80 so I can now try to fix the certificate	11:53
webchat10	I think you so much. I'll advise if certbot gives me issue	11:53
webchat10	I can see how to do the sitename.com and www.sitename.com I think with certbot, I just missed it the first time	11:54
webchat10	https://paste.ubuntu.com/p/dwczKYSGRh/	12:03
webchat10	I know this isn't letsencrypt support but, I'm getting closer, just not quite right yet	12:03
nyuszika7h	how do I fix a cancelled snap refresh?	12:04
nyuszika7h	❯ snap refresh telegram-desktop --edge	12:04
nyuszika7h	error: cannot refresh "telegram-desktop": refreshing disabled snap "telegram-desktop" not supported	12:04
nyuszika7h	❯ snap enable telegram-desktop	12:04
nyuszika7h	error: snap "telegram-desktop" has "refresh-snap" change in progress	12:04
nyuszika7h	nvm, `snap abort --last=refresh` fixed it	12:06
djph	webchat10: See the logfile /var/log/letsencrypt/letsencrypt.log	12:10
webchat10	There is a bunch of information in theletsencrypt log about snap and the python script	12:14
djph	and I would imagine also the error it encountered	12:16
webchat10	it just says stopiteration, an internal error occured	12:16
djph	... this is why I use 'certonly' ...	12:17
djph	actually, try that	12:17
djph	certbot certonly -d yourdomain.tld,www.yourdomain.tld --dry-run	12:17
djph	obviously, replace "yourdomain.tld" with the actual domain.	12:18
webchat10	right. Ok.	12:18
webchat10	so dry run to see if it will work, and then if it is succesfull, try again without dry run?	12:18
djph	yes	12:18
djph	basically "certonly" tells certbot that you only want it to get you the certificate(s) and that you will do the work yourself to link them in the relevant application(s)	12:19
webchat10	dry run says successful	12:22
djph	OK, so then run it without "dry run" (and PAY ATTENTION to the filenames / paths)	12:24
djph	er without "--dry-run"	12:24
webchat10	it just says no resert required. I did not choose to create new certs	12:28
webchat10	renewal not required	12:29
BluesKaj	Hiyas all	12:29
webchat10	I also restored my backup 443 directive file	12:30
djph	then certbot successfully created / downloaded your certs before. Did it give you the Certificate Path?	12:30
webchat10	should I try creating new certs	12:30
webchat10	it didn't ask	12:30
djph	it doesn't _ask_ ; it _tells_ you	12:30
webchat10	yes, it says where the certs were saved	12:30
djph	okay, so edit your /etc/apache2/sites-available/domain-443 file, and make sure the apache directive for the certificate and key file is correct	12:31
webchat10	ok	12:32
djph	heyo BluesKaj	12:33
BluesKaj	hey djph	12:33
djph	webchat10: IIRC, it'll be SSLCertificateFile /etc/letsencrypt/live/[site]/fullchain.pem and SSLCertificateKeyFile /etc/letsencrypt/live/[site]/privkey.pem	12:34
webchat10	those pem file names should be listed in /etc/apache2/sites-available/000-default-le-ssl.conf?	12:35
djph	whatever file controls your HTTPS site	12:35
webchat10	right that is the file name that controls 443 directive	12:36
djph	if it's "000-default-le-ssl.conf", then yes.	12:36
=== fredix_ is now known as fredi
=== fredi is now known as fredix__
webchat10	I added those lines and now it works! thianks so much for your help	12:45
=== \|avril is now known as avril
=== JeremyD is now known as SleePy
=== mauved_ is now known as mauved
=== LjL^ is now known as LjL
=== five643333 is now known as five64333
=== chrfle_ is now known as chrfle
=== SirScott8 is now known as SirScott
=== Amaranth5 is now known as Amaranth
=== jgee9 is now known as jgee
=== y0sh- is now known as y0sh_
=== Olfodr_ is now known as Olfodr
=== dstein64- is now known as dstein64
=== russjr089 is now known as russjr08
=== Speed2u_ is now known as Speed2u
=== greyblue9_ is now known as greyblue9
=== terrorjack0 is now known as terrorjack
=== Fossil_ is now known as Fossil
=== Voeid4 is now known as Voeid
=== relipse_ is now known as relipse
=== Irrelevant2 is now known as Irrelevant
=== Raqbit3 is now known as Raqbit
=== Jubes7 is now known as Jubes
=== madhens_ is now known as madhens
=== loonybin is now known as lagbox
=== fredix__ is now known as fredix
=== Kamilion\|ZNC is now known as Kamilion
=== ubot3 is now known as ubottu
badp	dearest creatures in creation, I have a question for your attention: does Ubuntu 21.10 use systemd-resolved, and/or will Ubuntu 22.04?	12:51
badp	(I'm currently using 20.04)	12:52
djph	badp: I'm pretty sure -resolved has been used since like 18.04	12:52
=== Pokey is now known as [Pokey]
=== [Pokey] is now known as Pokey
=== Pokey is now known as _Pokey_
=== _Pokey_ is now known as __Pokey__
=== __Pokey__ is now known as [Pokey]
=== kostkon_ is now known as kostkon
webchat10	My web site came up but it didn't show as secure. I had deleted the symbolic link previously. I re-added it here:	13:03
webchat10	sudo ln -s /etc/apache2/sites-available/000-default-le-ssl.conf /etc/apache2/sites-enabled/000-default-le-ssl.conf	13:03
webchat10	sudo service apache2 restart. now it shows with the padlock	13:03
tomreyn	iomari891: if the launchpad issue still affects you, and you think it's not your end but the server side, check the /topic in #launchpad for how to report such issues.	13:24
djph	webchat10: then you're good. if you want, re-edit the default.conf so that it sends the https redirect	13:30
tomreyn	webchat10: there are the a2ensite and a2dissite commands for managing the symlinks in sites-enabled. and similarily a2enmod + a2dismod for modules.	13:36
badp	djph: you're right, I had misdiagnosed things. 20.04 does ship with resolved, it's just misbehaving for me	13:37
badp	for context, I'm the victim of Enterprise Grade Closed Source VPN Software™, wherein version 5.2 and 5.3 of global protect® take completely different routes in setting DNS things with... version 5.2 modifies resolv.conf directly (which is dirty but works well enough), whereas version 5.3 configures systemd-resolved (which is probably more elegant but only works for a few minutes before breaking). Hopefully resolved is better behaved in 22	13:38
badp	.04	13:38
badp	or Those Responsible will fix their Enterprise Grade Closed Source VPN Software™ :/	13:39
tomreyn	can't you just use openconnect?	13:40
badp	apparently there's a way to do that and still go through Okta®, yes, but I've already burned on this topic about 200% of the spoons I had budgeted :)	13:43
badp	thanks for the help~	13:44
djph	badp: wouldn't know. I don't use either :)	13:44
badp	wouldn't wish it on you either	13:44
=== yano1 is now known as yano
=== Kow_ is now known as Kow
=== onepict is now known as tisiphone
Sven_vB	hi :) I'm using Ubuntu focal with NetworkManager for wifi. I want it to reconnect to the wifi whenever the access point's MAC disappears from the ARP list (arp -n). is there an easier way than writing my own bash script to periodically $(arp -n \| grep …)?	15:14
Sven_vB	well yes, use the return value of grep -q … :D but really I meant just "than my own script".	15:17
djph	Sven_vB: as in NM loses the connection and doesn't automatically reconnect?	15:20
leftyfb	Sven_vB: why are you specifically mentioning "whenever the access point's MAC disappears from the ARP list"? Sure that happens when an AP is offline for some amount of time, but why exactly have you dug that deep?	15:31
Sven_vB	djph, according to NM the connection is still up. it seems dead though, yes.	16:14
Sven_vB	leftyfb, the AP's MAC was easy to find in iwconfig output, so arp -n was my first idea to check if it's online	16:16
leftyfb	Sven_vB: I don't understand using the client's arp table to determine if an AP is up. Doesn't the AP software/controller for this sort of thing? Or just a ping?	16:18
Sven_vB	originally my plan was to look up the IP in arp -n and then ping the AP, but it turns out that it vanishes from the list soon enough so pinging wasn't even necessary.	16:18
Sven_vB	my assumption is that the AP is always up, so if it becomes invisible, it's a local problem. only one of 8 Ubuntu focal machines is affected.	16:19
leftyfb	Sven_vB: I can't think of any case where a single AP would "become invisible" to 1 client and not others. Not unless it was done on purpose	16:20
Sven_vB	since "nmcli connection up id $wifiname" solves the problem, I assume it's a software problem.	16:21
leftyfb	I doubt it	16:21
leftyfb	just masks the problem	16:21
Sven_vB	probably some weird driver glitch for that one antenna chipset	16:22
djph	leftyfb: see it all the time when my mom takes her tablet outside :D	16:22
leftyfb	djph: yeah, that's a loss of signal and expected	16:22
Sven_vB	my attempts to fix the underlying problem have exhausted my spare time, so for now I'm ok with just reconnecting quickly enough	16:22
djph	leftyfb: yeah, you tell your luddite mom that and see what happens :D	16:23
Sven_vB	oh, I see now your doubt was referring to "solve"	16:24
Sven_vB	agreed then.	16:25
=== Leoneof\|2 is now known as Leoneof
jsbach	hi, just wondering. what is the best way to stream internet radio on ubuntu? especially tune-in radio	16:29
Sven_vB	jsbach, send or receive?	16:29
jsbach	Sven_vB, just receive as an audio player	16:30
Sven_vB	I like qmmp for that	16:30
jsbach	want to be able to login to tunein-radio.com for example	16:31
jsbach	Sven_vB, thanks. is that not the new xmms?	16:31
Sven_vB	I think it is	16:31
jsbach	ok	16:32
Sven_vB	if they use HTTP Basic Auth via HTTPS, you can probably just insert "user:pass@" in front of the hostname	16:32
jsbach	ah! ok! gotta google it. no time now. thought, ubuntu has already ported in some project which has a comfortable gui for that.	16:33
pirateman[m]	https://matrix.to/#/#thefreedomcellnetwork:halogen.city	16:33
jsbach	anyways nevermind	16:33
Sven_vB	jsbach, there may be more specialized projects indeed	16:33
=== ArcherGodson is now known as ArcherGosdon
octav1a	jsbach uses ubuntu, my life is complete	16:41
octav1a	Anyway I've got a question, I have a small compute cluster on a university network with five ubuntu 20.04 machines. They are all just dhcp. for a few years DNS seemed to work, you can ping the hostname of any of them and it resolves correctly. Yesterday I needed to do some maintenance on two of the five. The procedure was identical, they both came back up however, for one of them, the dns server seems to still have the old address cached, so using the	16:45
octav1a	hostname times out. But the other came up perfectly. I've tried running $ systemd-resolve --flush-caches on both the server itself as well as other machines on the network that try to connect, and I've of course waited overnight. Why is the dns server still giving incorrect address?	16:45
jsbach	octav1a, even i have to do some compromises	16:46
octav1a	lol	16:46
octav1a	I'm glad Brandenburg 5 wasn't one of them.	16:46
Sven_vB	octav1a, hostname as in DHCP assignes fixed IPs by MAC, or do you mean avahi/mDNS hostnames?	16:47
djph	octav1a: weird that the host didn't just get the same IP address back.	16:47
Sven_vB	octav1a, how does the DNS server know about DHCP changes?	16:47
octav1a	Sven_vB: network admin is not completely my area of expertise, so I'm open to getting a better idea of what's actually going on. I assumed that by giving a hostname to the machines during the setup process, this name was transmitted to the network sometime after it was first connected. Therefore I'm assuming there should be some similar mechanism to update the address.	16:50
octav1a	I'm not sure how the IPs are distributed but obviously it's not static to MAC long term.	16:50
octav1a	(which I would assume for any CHDP really)	16:51
octav1a	DHCP*	16:51
octav1a	maybe this is more networking but I'm thinking there should be a suite of tools in ubuntu that would help to manage or configure these things at a high level.	16:52
Sven_vB	in your scenario it would seem useful to assign static IPs. that way you can give longer validity periods for the DNS entries.	16:54
Sven_vB	you'll need some way to notify the DNS about IP changes. if you use dynamic IPs, a good way would be to make the DHCP server notify your DNS.	16:55
octav1a	Are these things all controlled by the administrators of the DHCP and/or DNS server administrators? There would not be a way to 'push' the changes from the client machines? I don't manage those parts of the network.	16:57
jhutchin1	What is running your DNS server? Your DHCP server? Do they talk with each other?	16:57
=== jhutchin1 is now known as jhutchins
mncheckm	where is the focal server guide source? I can't find it in https://launchpad.net/serverguide only focal	16:58
mncheckm	I mean only bionic and xenial	16:58
ogra	mncheckm, probably a question for #ubuntu-server ...	16:58
mncheckm	ogra, for me that channel is empty since some time	16:59
mncheckm	ogra, never mind, it was a typo	16:59
ogra	232 people there 🙂	16:59
Maik	https://ubuntu.com/server/docs	16:59
ogra	Maik, the source of it 😉	17:00
Maik	oops, my bad	17:01
oerheks	https://code.launchpad.net/serverguide	17:01
ogra	https://discourse.ubuntu.com/t/ubuntu-server-guide/12504 actually	17:02
ogra	IIRC all official docs moved to discourse as input/source	17:02
=== icedtea is now known as BobTheTomato
=== ledeni_ is now known as ledeni
jhutchins	ogra: Perhaps there are some old links that we could clean up.	17:34
ogra	jhutchins, for sure	17:36
jason1237	hello	17:41
jason1237	have you managed to port PKGSRC to Ubuntu? I asked about 2 years ago. is it done already?	17:42
ogra	whom did you ask ?	17:43
jhutchins	jason1237: Why do you want it?	17:43
ogra	perhaps he/she is still around to answer 🙂 )	17:43
leftyfb	isn't that like asking about porting yum?	17:44
jhutchins	Isn't pkgsrc a package management system? It would seem more likely for individual packages to be ported.	17:44
jhutchins	leftyfb: Yeah.	17:44
ogra	one could create a snap of it 😛	17:44
jhutchins	leftyfb: Then again, Yellowdog Update Manager...	17:44
jason1237	jhutchins: to make a package from source automatically, using user account.	17:45
leftyfb	jason1237: I see zero reason for any linux distro to port pkgsrc to linux	17:45
jason1237	jhutchins: pkgsrc is beautiful, innovative tool. it would be time to port it, after so many years.	17:45
jhutchins	jason1237: There are several ways to do that in native Ubuntu.	17:45
jason1237	why root account?	17:45
jason1237	jhutchins: i believe that native ubuntu, can do that.	17:46
jason1237	jhutchins: pkgsrc : cd www/firefox-esr ; make <-- ubuntu certainly do that.	17:47
leftyfb	jason1237: yes, you can compile applications on ubuntu	17:47
webchat23	I found this jason1237 https://www.reddit.com/r/bashonubuntuonwindows/comments/eui9od/unprotip_using_netbsds_pkgsrc_within_ubuntu_lts/	17:48
jason1237	you need too and libs manually, in ubuntu.	17:48
jason1237	here it works in a single command and well: "make"	17:48
oerheks	Is that an issue? getting libs ?	17:48
jason1237	oh god	17:49
jason1237	i loose my time.	17:49
leftyfb	I feel like we disappointed them :)	17:49
leftyfb	now I'm not going to be able to sleep tonight	17:49
oerheks	I am so sorry, leftyfb	17:49
Kobaz	how would i go about making ssh logins go faster? 'markm {~} kobaz$ time ssh root@vbox-markm-64 ls' ---> real 0m0.265s 'markm {~} kobaz$ time ssh root@ch-dh.client ls' ---> real 0m5.803s	18:12
Kobaz	I was thinking it could be dns lookups... but i have my ip in /etc/hosts on the ch-dh box	18:12
Kobaz	vbox-markm-64 is debian/buster and ch-dh is ubuntu/bionic which is much-much slower	18:13
Kobaz	also... UseDNS no on ubuntu/bionic, doesn't make ssh any faster	18:14
Sven_vB	what's the latest leafpad that was shipped as a deb package, and which Ubuntu had it?	18:14
Kobaz	https://dpaste.com/2YYMEZN7L does this have anything to do with sshd slowdowns? livepatch?	18:15
Sven_vB	from the man page search I found that bionic had leafpad 0.8.18.something, ... and then I found that it's a link to the package. nice.	18:16
tomreyn	Kobaz: use "time nc -z IP PORT" to measure the time spent on setting up the tcp connection	18:17
Kobaz	tomreyn: 0.03 seconds	18:17
tomreyn	for both?	18:17
Kobaz	vbox-markm-64 is .006	18:18
Kobaz	it's local on the lan... where ch-dh is on a vpn, with 30ms ping	18:18
tomreyn	so the network does not seem to pose an issue in both cases. now try the same for both using hostnames rather than ip addresses	18:18
Kobaz	correct	18:19
Kobaz	tomreyn: that's using hostnames actually	18:19
Kobaz	both hostnames are in local dns zones. so it's doing lookups as well, included in the time	18:19
tomreyn	okay, not what i sggested but thios means its neither the network nor the name resolution - on a quick glance	18:19
Kobaz	correct	18:19
tomreyn	so do the ssh connection on localhost on both systems	18:20
Kobaz	i knew it wasn't a network issue	18:20
tomreyn	we did not, though	18:20
Kobaz	yeah, that's fine	18:20
tomreyn	what does "yeah, that's fine" respond to?	18:21
Kobaz	localhost ssh is slow, yeah	18:21
Sven_vB	... and then I found I don't even need to know which Ubuntu shipped it, and can instead just browse http://archive.ubuntu.com/ubuntu/pool/universe/l/leafpad/ .	18:21
Kobaz	that's fine: that you didn't know, and needed to find out	18:21
tomreyn	it's nice when you share relevant info, but it's also good that we established that.	18:22
tomreyn	so ssh localhost is slow somehwere. where?	18:22
Kobaz	if I were to hazard a guess, it's this snap.canonical-livepatch that kicks off when you ssh	18:22
Sven_vB	well I guess I need to still guess a version for the signature checks though.	18:22
Kobaz	tomreyn: on the ch-dh box	18:22
Kobaz	so, login prompt comes up quick, and then when you authenticate, then there's a delay	18:23
Kobaz	always wondered what caused that	18:23
tomreyn	Kobaz: shoould i then ask whether it is also slow on the other system or will you check on your own?	18:23
Kobaz	tomreyn: it's not.. vbox-markm-64 box is completely 'normal'	18:23
Kobaz	so basically i'm comparing another box with a pretty typical ssh setup on debian, to a typical out-of-the-box setup for ssh on ubuntu, and ubuntu is considerably slower for authenticating ssh	18:24
tomreyn	Kobaz: so compare authentication mechanisms used on both system, sshd (server) and ssh (client) configurations, and sshd versions.	18:24
Kobaz	both are using local pam with local user acounts	18:24
Kobaz	just wondering if there's like 'normal fixes' for that type of thing	18:25
Kobaz	like if you	18:25
Kobaz	if you're doing a lot of local ssh without reverse dns, then setting UseDNS no. is a big speedup... that sort of thing	18:26
Kobaz	tomreyn: so basically i guess i'll strace sshd for profiling and see what's taking so long	18:26
=== atol is now known as atol71
=== atol71 is now known as atol
tomreyn	Kobaz: you can do this, or you can compare configurations, or you can ssh -vvv	18:27
Kobaz	yeah	18:27
tomreyn	Sven_vB: you can check which ubuntu release provides a package, and version of that, on https://packages.ubuntu.com	18:29
Sven_vB	tomreyn, thanks!	18:29
=== unixlab is now known as nicoz-
tomreyn	Sven_vB: note this site is community maintained and not guaranteed to always have the very latest info - though it usually does.	18:30
tomreyn	so you method of accessing archive mirrors directly is more reliable, but also more cumbersome	18:31
Sven_vB	yeah, currently trying to figure out how I can get apt to check the signature from http://archive.ubuntu.com/ubuntu/pool/universe/l/leafpad/leafpad_0.8.18.1-5.dsc	18:32
Kobaz	tomreyn: if I were to hazard a guess, it's related to this: Started snap.canonical-livepatch.canonical-livepatch.1128b499-1b1c-4efa-9ed6-65c3ef4e42f1.scope	18:34
* Sven_vB found debsig-verify		18:34
Kobaz	which goes to syslog any time an ssh session is opened	18:34
ogra	Kobaz, do you have livepatch running without valid token ?	18:37
tomreyn	Kobaz: i can't comment on that. if that's an option (production system?) you could try rebooting and see whether it makes a difference.	18:37
=== Tristam_ is now known as Tristam
Kobaz	I inherited this box... not sure how to check for a valid token	18:42
Sven_vB	dscverify for said leafpad dsc reports "gpg: Signature made Tue Mar 15 18:34:58 2016 CET using RSA key ID 04EBE9EF" "gpg: Can't check signature: public key not found", odd, shouldn't it be signed with the Ubuntu Archive key?	18:42
mtellez	Hi, I'm using a dvorak keyboard layout. At instalation I select the closest match for my keyboard, which is Spanish Latam Dvorak, but this isn't quite right, so I set my layout manually with: setxkbmap -model pc68 -layout us -variant dvorak-alt-intl It works but at random times it is reverted. How can I made this permanent?	18:43
Sven_vB	mtellez, xkb changes seem to be reverted lots of times, especially when input devices are connected or disconnected. I'd try /etc/defaults/keyboard	18:46
Sven_vB	without the s	18:46
mtellez	Sven_vB: thanks for the quick response. I'm gonna try this.	18:49
Firefishe	I'm runnin 20.04 LTS on a M$ Surface Book 3. I'm running kernel 5.14.16-surface. I want to know how to utilize the "dtx" system to detach the tablet from the keyboard.	18:56
tomreyn	Firefishe: you're not using an ubuntu kernel -> you're not running ubuntu.	19:04
tomreyn	you could try installing a supported ubuntu version incl. kernel on this device (i do not know whether this can work), and get support here, or you could try asking in #linux	19:05
jhutchins	Firefishe: You can also try #linux-surface - it's unfortunate that Ubuntu on Surface is not supported here.	19:11
tomreyn	Ubuntu on * is supported here, but it consists of specific kernel and userland, not something someone else put together and calls "Ubuntu".	19:12
Firefishe	jhutchins: Umm... Thank you. That's where I should be.	19:17
tomreyn	!livepatch \| Kobaz	19:27
ubottu	Kobaz: Canonical Livepatch is a service offered by Canonical for 64 bit 14.04 and higher installs that modifies the currently running kernel for updates without the need to restart. More information can be found at https://ubottu.com/y/livepatch and https://www.ubuntu.com/server/livepatch	19:27
=== sarnold_ is now known as sarnold
rautor	I'm on 20.4.3 LTS, I want to automatically upgrade and reboot my OS (even kernel) so I can leave it unattended. I've tried set this up as follows - https://paste.ubuntu.com/p/w4QpjWpfx8/ but when I logged in it says `2 updates can be applied immediately. To see these additional updates run: apt list --upgradable`. So I think it might not be	19:44
rautor	working. Am I missing something?	19:44
tomreyn	rautor: i think you'd usually just install the "unattended-upgrades" package	19:45
tomreyn	!info unattended-upgrades focal	19:46
ubottu	unattended-upgrades (2.3ubuntu0.1, focal): automatic installation of security upgrades. In component main, is optional. Built by unattended-upgrades. Size 48 kB / 440 kB	19:46
rautor	tomreyn: sorry that isn't in the paste, i have done that as part of this setup (the paste, i think, shows me configuring it)	19:46
rautor	I'm following this guide: https://help.ubuntu.com/community/AutomaticSecurityUpdates	19:47
tomreyn	rautor: by default, it installs security updates automatically. you can reconfigure it to install all available updates	19:47
tomreyn	normally its configuration file should be /etc/apt/apt.conf.d/50-unattended-upgrades.conf (from memory)	19:48
tomreyn	and in there, you can uncomment additional apt sources from which updates should be installed automatically	19:51
rautor	tomreyn: ah, i thought i'd done that but perhaps not then! https://help.ubuntu.com/community/AutomaticSecurityUpdates <- with reference to this, is it `Unattended-Upgrade::Allowed-Origins` I want to change?	19:51
tomreyn	yes	19:51
rautor	tomreyn: thank you! that did the job!	20:19
agopo	I want to apt remove --purge all php* packages to prepare a clean install of php 8.0 . Only a few php-related packages are meant to stay. But sudo apt remove --purge php-* offers me libapache2-mod-php* libapache2-mod-php7.4* libapache2-mod-php8.0* phpmyadmin* pkg-php-tools* as well. I must be understanding the wildcard wrong. Can anyone help?	20:31
sarnold	agopo: probably libapache2-mod-php and libapache2-mod-php7.4 etc all Depend: upon some of the packages that you're removing	20:34
sarnold	agopo: that's probably best, different tools require different php versions	20:34
djph	agopo: most likely the libapache- packages rely... ^^ yeah, that	20:34
sarnold	agopo: so you should just remove all those other packages and provide them yourself, just like you're about to do with php	20:34
agopo	sarnold, djph But if I --purge phpmyadmin, won't my installation get destroyed, because it's removing config files as well?	20:38
oerheks	reinstall php 8 pulls them back in, no?	20:38
sarnold	agopo: you could save them aside, or use apt remove without the --purge..	20:38
agopo	I'll backup /etc/phpmyadmin	20:39
=== not_phunyguy is now known as phunyguy
ubercube	I've now done a bit more reading about Secure Boot and come to the conclusion that it's worth at least experimenting with, but not in its default configuration. https://safeboot.dev/ seems to have the most comprehensive writeup on the subject I've found yet, though I'm going to have to do some of my own research on the AMD PSP side of things. Has	21:27
ubercube	anyone here tried what safeboot.dev is suggesting? I'm particularly happy that they take the re-signing steps seriously and store keys in hardware. I have no illusions, even with SIP enabled, that this will be as good as a pixel phone or an iOS device's secure boot chain (and those took many years and many bugs to get close to good). But I do think	21:27
ubercube	pushing these limits seems interesting and may have value for some threat models.	21:27
octnun	Hey all. All good?	21:29
jhutchins	ubercube: Do you understand what the original reason for developing secure boot was?	21:29
ubercube	I think that the nuance might depend on who you ask, but the general idea of controlling what runs on a given piece of hardware would be my answer. What that means to various parties certainly differs wildly. (Queue repeats of the TCG discussions form early on)	21:31
sarnold	ubercube: hopefully helpful to you https://wiki.ubuntu.com/UEFI/SecureBoot/Signing https://wiki.ubuntu.com/UEFI/SecureBoot/DKMS https://wiki.ubuntu.com/UEFI/SecureBoot	21:31
jhutchins	ubercube: It wasn't for the user to control.	21:33
Maik	octnun: if you don't have a ubuntu support question, offtopic chatter is in #ubuntu-offtopic ;)	21:33
ubercube	sarnold: thanks. I read all those yesterday before I decided that going shim-less is the way to go in order to avoid arbitrary things being booted.	21:34
ubercube	jhutchins: hence queue repeats of TCG discussions:) or the walled garden discussions about apple. But in this case, I do seem to have some control and would like to use it :)	21:35
ubercube	I'll leave aside the debate about the secret hardware/software in the PSP for now.	21:35
sarnold	ubercube: I've never looked at replacing the keys in my own bios, but I thought that the shim would just use that same trust store	21:36
sarnold	ubercube: do you know off-hand if I'm wrong here?	21:37
matsaman	octnun: okay, ye?	21:37
ubercube	sarnold: as I understand it, the microsoft shim is only needed if you use the default keys. no microsoft shim is needed if you use your own keys. it's all spelled out in quite some depth at https://safeboot.dev/ in a way that's more comprehensive than anywhere else I've found. Doesn't look like it's for the faint of heart, though.	21:38
sarnold	ubercube: heh yeah.. certainly I tend to lose focus every time I look into secureboot anything	21:39
ubercube	sarnold: if you /just/ want secureboot, that seems to be fairly easy depending on your mainboard. If you want it to be less wide open, you need to do much more.	21:41
agopo	sarnold, djph Returning with news concerning the php update. The cleanup was successful, only php8.0 is installed. Ampache music server, Wordpress and Nextcloud are working, too. Phpmyadmin doesn't, but I'll fix that tomorrow	21:41
agopo	Thanks for your help	21:41
sarnold	agopo: woot :)	21:42
sarnold	ubercube: heh, well, "standard secureboot" is dead simple, it's basically the default behaviour.. no big deal, there. it's the "I want to require the system to boot only things I sign" that I get fuzzy on the details. thanks for the link.	21:42
dakotakae	Hey all, I need some help. I'm getting an error trying to do an apt full-upgrade right now. It's complaining that my boot disk is full. I removed old kernels using autoremove, but the complaint remains.	21:43
dakotakae	My boot disk was sized when I installed Ubuntu, I just used the automatic settings for a full-disk installation on my 256GB nvme drive.	21:43
dakotakae	How can I clear up enough space to finish up this update?	21:44
ubercube	sarnold: yeah that's far less straightforward, but the above seems to be steps in the right direction.	21:44
jhutchins	Partitioning makes sure that the space you need will be on the wrong partition.	21:44
octnun	I have an MSI laptop where I have an HDMI output. The monitor I have connected takes a while for the image to appear and sometimes it has no signal. Drivers are well installed. Can anyone give me a tip on this subject?	21:44
jhutchins	dakotakae: A full install takes less than 40G.	21:45
jhutchins	dakotakae: So you should be ok, the question is what's taking up the space on your /boot partition.	21:45
jhutchins	dakotakae: something like ls -lh /boot	21:46
dakotakae	https://pastebin.com/vKFcnb2F	21:47
sarnold	dakotakae: if you've just started deleting files in /boot that will complicate uninstalling the packages	21:47
sarnold	dakotakae: the best way to free up space in /boot is to truncate the files with bash's > redirections -- sudo -s , then > System.map-5.10.0-1057-oem	21:47
sarnold	dakotakae: and > vmlinuz-5.10.0-1057-oem and > so on, for a specific old kernel that you will remove soon	21:48
dakotakae	yeah, no, I know not to touch boot directly :p	21:48
dakotakae	I removed old kernels the proper way.	21:48
dakotakae	Got it, truncating those two files helped. Thanks!	21:50
tomreyn	octnun: unless there are messages on this printed to dmesg -w (keep that running while conecting the external monitor) i'd guess on a firmware / hardware issue (try a bios upgrade?)	21:50
dakotakae	I just don't see why the boot partition is so small by default.	21:50
octnun	<tomreyn> ok, going to try your tips. thanks	21:55
=== px_ is now known as px
robertparkerx	I've got a virtualhost setup for a directory but for some reason its showing default apache2 page	22:01
tomreyn	robertparkerx: apache httpd virtualhosts work based on hostnames or ip address/port combinations, not directories.	22:15
jhutchins	robertparkerx: What do the logs say?	22:16
=== veemo is now known as ballfricker96
=== ballfricker96 is now known as orbdoer98
=== orbdoer98 is now known as veemo
webchat83	Hi! What is the link to live cd .iso nly for i386?	22:57
leftyfb	webchat83: there isn't one for the latest version of ubuntu	22:57
webchat83	For the last ver?	22:57
leftyfb	webchat83: https://ubuntu.com/blog/statement-on-32-bit-i386-packages-for-ubuntu-19-10-and-20-04-lts	22:57
webchat83	What is the link for the old downloads?	23:00
webchat83	I meant old versions?	23:02
oerheks	xubuntu lubuntu and mate 18.04 i386 are EOL	23:03
tomreyn	webchat83: only the ubuntu releases listed in the channel topic are supported here, and none of them is both providing i386 installers and still getting security updates	23:03
webchat83	Thanks for the help!	23:03
=== guntbert_ is now known as guntbert
Kangarooo	1958046	23:58
Kangarooo	bug 1958046	23:58
ubottu	Bug 1958046 in apport (Ubuntu) "Cant get bug report again, if i didnt send it in 1st 2 times that i came up. Could come back all the time so latest bug reports can be easy sent." [Undecided, New] https://launchpad.net/bugs/1958046	23:58

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!