[00:03] Does Ubuntu 22.04 not have ssh key support enabled by default? [00:03] does the ssh-server not have key auth enabled by default? [00:03] can you rephrase your question? [00:04] thru my key into authorized_keys and it loosk like it's not using it. [00:04] it's enabled by default. check user, file permissions etc [00:05] Also this is in the sshd_config #PubkeyAuthentication yes [00:05] commendted out [00:05] DarkenedGentlema: is it perchance an old ssh-rsa key? those are disabled by default now https://discourse.ubuntu.com/t/jammy-jellyfish-release-notes/24668 [00:05] ya, it's a older key, ssh-rsa [00:06] DarkenedGentlema, commented out but enabled by default [00:06] yes, but it shows you the default [00:08] DarkenedGentlema: aha, nice; you can either configure the system to accept old keys again or generate a shiny new key [00:08] So is it just not supporting rsa keys anymore, or does it have to do with the key length? [00:09] I'd rather now have to update hundreds of servers with a new key, anyway to "upgrade" my old key so that it works on old and new? [00:11] ssh-keygen still looks to default to an rsa key. I'm a bit confused here as to what's going on. Is it just key length? [00:11] you can stuff a Host ... HostkeyAlgorithms +ssh-rsa PubkeyAcceptedAlgorithms +ssh-rsa match block into your client configuratoin to allow you to connect to servers that are too old [00:13] Must be key length because the rsa key i just generated worked fine. [00:15] it might be, I thought it was the specific hash choice, heh [00:17] sarnold: release notes say that rsa is disabled :/ [00:19] ahh reading the release notes of openssh, it talks about sha-1 being disabled [00:19] > The available RSA signature variants are “ssh-rsa” (SHA1 signatures, not recommended), “rsa-sha2-256”, and “rsa-sha2-512” (the default). [00:20] https://man.openbsd.org/ssh-keygen [00:22] tomreyn, https://i.ibb.co/3SFhfBf/image.png [00:24] linext: namei -l /home/jesse/Downloads/kisslicer_linux64_1.6.3_release/KISSlicer might explain something [00:25] https://i.ibb.co/bbffsng/image.png [00:27] linext: note the permissions on /home/jessie would prevent a process executing as www-data from getting to the file [00:28] can i grant access to www-data? [00:28] chown ? [00:30] you can either chmod the directory to allow the world read and execute access; you can use setfacl to add read and execute permissions specifically for www-data (or whatever process is executing); there's other choices but these are least likely to be disruptive [00:35] hmmmm... === gr33n7001 is now known as gr33n7007h [00:36] i still get permission denied [00:37] if you execute KISSlicer in the shell by hand, does it execute fine? [00:37] yep, the command runs as my user [00:39] does php on linux come with exec() and proc_open() turn on by default? [00:39] this is the command [00:39] https://ibb.co/p1d8XK3 [00:39] here's the code: https://ibb.co/vCNqHkq [00:40] man these are fuzzy, I hope your view is way less fuzzy :) [00:40] click the image to zoom in [00:41] so, ahhh enable a bunch of JS and the it'll load a better version, thanks [00:41] https://i.ibb.co/SDkyPBy/image.png [00:41] MUCH BETTER [00:41] I am running into a really strange issue on Ubuntu 20.04 I have a local repo I use with trusted=yes set yet when I run apt it errors "The following signatures couldn't be verified" but it should not be doing this step I have verified this repo doesn't exist any where else it's only in a single place and does have the trusted option set. I try the [00:41] debug options i.e. Debug::Acquire::gpgv=true and Debug::pkgAcquire::Auth but I am not seeing any useful information. Anyone ever run into this issue before? [00:42] so, I think there's a few possibilities -- first, that -o /home/jesse/.../3003.gcode sure looks like an output file. that means the /home/jesse/.../ directory needs to allow this user to WRITE to the directory [00:42] or, better yet, store the output someplace that it can write to already [00:43] like /var/www/html/ [00:44] the other thing that I wonder about -- the arguments to commands almost always need to be separated a bit more than these -- the '-o' should be a different array entry than the filename. quoted names usually screw up things to. maybe all that implode business means it's just building a string to hand to bash.. the 2>&1 sure suggests that's what's going on [00:44] the php code is solid [00:44] i'm already running it in Windows [00:44] arraybolt3[m]: man, sbuild-qemu doesn't work with ubuntu :/ [00:45] i'm trying to diagnose a bug in KISSlicer to tell if it's OS specific [00:45] murmel: Bummer. [00:46] arraybolt3[m]: still not sure why, as it can't find ifupdown (which is in universe, and I enabled this) [00:46] Sadly I only use just plain sbuild, so sbuild-qemu is foreign territory to me. [00:46] (And I use sbuild on Ubuntu, so sbuild on Debian is also foreign to me :( ) [00:47] arraybolt3[m]: yeah, almost thinking about switching to ubuntu as the host OS, but I quite don't like it that I am being forced basically [00:47] murmel: Then don't do that. Install Lubuntu in a virt-manager VM and everything should just work. [00:47] linext: why involve php in this? You could just run that command on the shell, if that's all you need. [00:47] would rather go ubuntu-server, will still think about it [00:48] murmel: Once you're running sbuild within the VM, you can use the Ubuntu version of sbuild while still having Debian on your hardware. [00:48] kushal_kumaran, it's a web app [00:48] the version 2 of 3dpartprice.com [00:48] calculates time and material for printing STL files [00:50] hmm, why does systemctl start-service mirror-rsync.service *hang* my shell when I run it? I thought the point of a service manager was to go off and do something useful rather than hang the shell. my service file: https://termbin.com/ehsg [00:51] linext: thanks for the info. So are you specifically trying to debug the behavior when run through web? If so, then create a directory that is readable and writable by the www-data user and point your file paths to that directory. Also if you can, do show the error logs from the web server. [00:51] sarnold: For me, systemctl can always hang my shell, sometimes for a while. Maybe there's a systemctl switch to do it asynchronously or something. [00:51] * arraybolt3[m] looks [00:52] sarnold: https://askubuntu.com/questions/1004853/systemd-is-hanging-when-i-start-or-restart-a-service [00:53] sarnold: Use Type=simple rather than Type=OneShot. [00:55] arraybolt3[m]: hmm now I wonder why I went with oneshot in the first place [00:55] linext: I just looked back through your previous messages. Try switching to the www-data user in a shell and trying your command. You might need to set a shell for that user [00:55] arraybolt3[m]: this isn't a persistent process, it should just execute for half an hour or something, then go away again for a few hours [00:56] sarnold: Then it will probably freeze your shell for half an hour. :) [00:56] sarnold: wouldn't a timer be more reasonable? [00:56] sarnold: If it's something that executes every few hours, perhaps you should shell script it with a timer like murmel suggests? [00:56] murmel: You beat me to it! [00:57] ha :) finally my newly acquired mechanical keyboard pays off === squareci1cle is now known as squarecircle [00:57] arraybolt3[m], murmel, here's the timer that fires it https://termbin.com/ehe5 [00:58] sarnold: Also using Type=simple will leave the service dead when it finishes, so if you're ok with that I don't see why Type=simple would be bad. [00:58] sarnold: Also why use systemd at all? Wouldn't a cron job be more suited for this? [00:59] arraybolt3[m]: yes, a cronjob would have saved me about two hours of getting this thing set up :) [00:59] arraybolt3[m]: but it's been working more or less for a few years, and saving all the logs in the journal, which is pretty handy [00:59] arraybolt3[m]: doesn't really matter :) and honestly I would rather have everything managed by systemd [00:59] I think I'd rather it be managed by systemd, I just wish systemd weren't such crap [00:59] Eh, valid point. [00:59] sarnold: --no-block [01:00] kushal_kumaran: hey! I bet that'd do the trick [01:00] Oh. Welp, that should do it. [01:01] kushal_kumaran: funny, I can't recall ever seeing that before, but there it is. once again: dear system, why is this seemingly-sane thing not the default and such a loooooong name? :) === Polo is now known as GDF [01:01] if this rsync ever finishes.. [01:01] hm, I still believe that OneShot should be the correct Type [01:01] sarnold: This sounds like a job for crontab. [01:02] murmel: Yeah, you're not wrong, but when the thing lasts that long... [01:02] sure [01:02] sarnold: how big is the mirror? at least for 22 [01:02] 22.04 [01:02] OK, so asking a systemd question will also cause an explosion of opinions. /me adds that to the list of One Hundred and One Ways to Explode an Ubuntu IRC Channel [01:03] arraybolt3[m]: lol [01:03] sarnold: It just so happens I have a job running every 4 hours, crontab entry like: 0 */4 * * * /path/to/the/script It works fine. [01:04] sarnold: Rather than a mystery spacing of 4 hours and unspecified time of run, I know exactly when it launches based on time of day. [01:04] sarnold: the more I read, simple _is_ the correct [01:05] I quite like that post https://trstringer.com/simple-vs-oneshot-systemd-service/ [01:05] murmel: I rsync the whole thing, not just one release; I'm apparently around 2TB at the moment: [01:05] $ zfs list srv/mirror/ubuntu [01:05] NAME USED AVAIL REFER MOUNTPOINT [01:05] srv/mirror/ubuntu 2.01T 5.66T 1.63T /srv/mirror/ubuntu [01:05] Using crontab for long jobs is doable. Read the man page for flock though, and consider using it. The chronic utility is also useful, and you might want to investigate an external dead man switch type monitoring solution [01:05] sarnold: Yikes, are you running a whole Ubuntu mirror? [01:06] kushal_kumaran: yeah, the whole need to use run_one or run-one or whatever, and deal with appending the output, and preventing cron from *actually* sending email, etc, was enough for me to think that I ought to try systemd timers [01:06] arraybolt3[m]: yeah [01:07] sarnold: welp, somebody really wants _all_ the debs [01:07] sarnold: Cron won't send emails if you just dump stdout and stderr to /dev/null or to a log file. [01:07] sarnold: Cool. Does that actually help the Ubuntu project? I thought about doing that at one point. [01:08] murmel: heh, I've even asked the archive admins if it'd be possible to get a single "combined view", with ports.ubuntu.com and archive.ubuntu.com on *one* filesystem -- like it is on the internal archive -- but sadly the only thing publically exposed is split in two :( [01:08] arraybolt3[m]: it does, as long as it's public [01:08] :/ === M4he is now known as mahe [01:08] arraybolt3[m]: I run full archive searches on mine, unpack all the sources to have all the source files in plocate, etc. it's a bit odd :) [01:08] sarnold: that's weird. why wouldn't they combine it :/ [01:09] murmel: because it's work to make it happen and I'm currently the only one nutter enough to want it :) [01:09] sarnold: saying nothing against it. would love to have a mirror always with me [01:09] they've offered to punch me a hole through the firewall before but I don't want the VPN on that machine [01:11] arraybolt3[m]: maybe i should add, that it also helps when not public, as you would run a mirror when you have multiple systems -> less traffic for the project [01:12] most people would probably be better served with a squid-deb-proxy on their network [01:12] murmel: Makes sense. I guess it depends on how many systems you're running - when the total bandwidth of a single upgrade operation approaches the size of just pulling the whole archive, it's time to think about running a personal mirror. [01:13] arraybolt3[m]: for example [01:14] How much traffic would the rsync be transmitting every 4 hours just to check for updates on all 2TB of that? [01:14] InPhase: afaik not that much, as it's checking hashes [01:14] Must be a lot of files though. [01:15] definitely [01:15] here's a run from a few days ago https://termbin.com/1b7m [01:15] If I learned it was 20GB, I wouldn't be too shocked. :) [01:15] In default configuration, rsync only compares file sizes and mtime AFAIK. [01:16] * arraybolt3[m] realizes I way overestimated when it would be time to set up a personal mirror - if you're running enough computers to download nearly 2 TB in a single update you're already WAY past the point of needing your own mirror [01:16] I always like the bytes/sec :S [01:18] sarnold: Is that a full run there, showing about 1.5GB of traffic to do the check across 13 minutes? [01:19] sarnold: Oh, I guess more than checking. It shows changes there. So the checking was some amount less. [01:20] InPhase: yeah, that's both phases of a two-phase copy https://termbin.com/p8ht [01:20] my machine has been off for the weekend (it's too stupid hot here these days) and it ran for 28m42s before giving me the prompt back :) [01:20] InPhase: you see with the second run is only a few hundred megs [01:21] arraybolt3[m]: Well bandwidth is still cheap compared to disks, so it takes a lot of such updates before the mirror system pays for itself. [01:22] murmel: Am I supposed to believe that 6 second interval is a full check? [01:22] Is the mirroring software using a special rsync setup that pre-stores the info on the files or something that the rsync would need to know? [01:23] InPhase: Yeah but using bandwidth is still sapping money away from Canonical and their helpers, so using tons of bandwidth would be detrimental to the Ubuntu project. Reducing bandwidth = reducing cost = keep the project alive! And so much the better if you donate bandwidth, which is what I wanted to do. [01:23] InPhase: idk the second run is almost 4 mins [01:23] murmel: Oh, 2 minutes 8 seconds. Eyes and math failed me both at the same time. :) [01:26] arraybolt3[m]: Agreed on those points. Different group calculation there, but important. === amurray_ is now known as amurray === calwig_ is now known as calwig [02:10] in netplan's routes, can i specify a dev rather than IP? === kevr_ is now known as kevr [02:20] !netplan [02:20] Netplan is a network configuration abstraction renderer which uses YAML descriptions of a network to work with either a NetworkManager or Systemd-networkd "renderer". More information at https://netplan.io/ [02:21] DarkenedGentlema: Maybe work directly with the filters/tables? === thegodsq- is now known as ident_ === ident_ is now known as thegodsquirrel === Turgenevskaya is now known as TortillaSandwich === xMopxx is now known as xMopx [04:56] If you have a btrfs @ and @home/subvolume, and if you need to reinstall, and then how does it know to only install over @ and leave @home alone? [05:18] Morning all; which package displays this dialog on apt upgrades? I'd like to remove it: [05:18] > Newer kernel available The currently running kernel version is 5.4.0-122-generic which is not the expected kernel version 5.15.0-43-generic. Restarting the system to load the new kernel will not be handled automatically, so you should consider rebooting. [05:24] I think it's an apt hook that got installed when I installed something related to ubuntu-advantage, esm etc, but when I removed these, it wasn't removed... === SwedMike is now known as SwedeMike [05:29] Comparing /etc with another server that doesn't show that dialog, I see no related differences... === origintopleft` is now known as origintopleft [06:47] if it's terminal dialog boxes, it's likely whiptail [06:50] Mh, nevermind, I didn't read the problem thoroughly [06:51] It's indeed whiptail but I didn't manage to find out what triggers it in one server (making apt full-upgrade annoying) and not on all the other servers [07:05] i got a question about asterisk and odoo voip connection [07:05] https://serverfault.com/questions/1107543/my-asterisk-server-cant-read-extensions-conf === jelly-home is now known as jelly === pah is now known as pa === Guest4572 is now known as POLO === diskin is now known as Guest7326 === diskin_ is now known as diskin [07:52] Hi, I'm getting the following message: "Unattended upgrade result: Lock could not be acquired" [07:53] Now I see that /var/lib/dpkg/lock exists, but read that the lock file is there to stay permanently. So now I'm kinda lost on where to look on getting this fixed [07:53] Can anyone point me in the right direction? === elias_a_ is now known as elias_a [08:03] Ecko: Is your root partition out of space? [08:03] No, 40% used [08:04] alkisg: Σας εύχομαι καλή μέρα! [08:05] Καλημέρα elias_a :) [08:05] Ecko: Are you using GUI or CLI? [08:06] cli [08:07] Ecko: Could there be another update process that is locking the file? Perhaps a GUI window lurking among the dozens of other windows? :) [08:11] Not sure. Atleast no GUI, since it's a server. Already checked logfiles to see which processes are running, but can't quite find it yet [08:13] Ok. I'm not that fluent with all the possible processes that might lock the file. Let's wait for answers from other users. [08:14] sure, thanks for the help so far :) [08:22] NP :) [08:41] is there a page that shows if/which version of mesa the next HWE stack (20.04.5) will contain? and also, I saw mentions of an "early preview" for those hwe releases. how can I opt in to those? [08:42] Hello everyone, [08:42] I would like to fix issue with my ubuntu using kerberos (client). [08:42] "klist: Credentials cache keyring persistant not found" [08:42] Can someone help me please? [08:42] I have to do kinit everytime. [08:42] Thanks === keypushe- is now known as keypusher [09:17] spyware OS [09:17] they all are [09:18] "they"? [09:19] all oses [09:19] what os do you use pony === gr33n7001 is now known as gr33n7007h [10:12] he uses pwnyos but its a secret [11:10] Hi, on Ubuntu 20.04.4 LTS with one of last upgrade I'm not able to disable touchpad anymore using xinput. [11:11] http://paste.scsys.co.uk/483 [11:12] I've tested using id 9 and someother without success [11:14] Please have you hint to achieve to disable touchpad. It's a mess typing on keyboard while the pointer moves the cursor of text. === average-guy is now known as YourNick2 === YourNick2 is now known as rfinley === rfinley is now known as average-guy [12:33] Hi all === wyre_ is now known as wyre === Gambino is now known as Polo [13:25] pony i didnt see ur reply if you sent it [13:25] what os do you use [13:25] templeos? === silentfury9 is now known as silentfury === leftyfb_ is now known as leftyfb [13:28] seecrets: can we help you with something? [13:29] yes, tell me what ubuntu is doing contacting snapcraft during installation [13:29] and why does it have to check for connectivity so frequently [13:30] same thing it does checking the ubuntu deb repositories [13:31] seecrets: you do know that ubuntu desktop uses snaps by default for some applications now right? [13:31] yes [13:32] then what is your concern? [13:32] ubuntu provides spyware applications by default [13:33] seecrets: false. Feel free to go to #ubuntu-offtopic to rant though. This is a support channel [13:33] so a browser that provides google as the default search engine isnt spyware [13:33] https://imgur.com/a/YDi3xUT [13:33] mind debunking this too [13:34] so from what i can tell [13:35] im telling someone everytime i install ubuntu [13:35] oh lord, another troll looking for an argument...sigh [13:35] and im telling someone everytime im using my ubuntu machine [13:35] for the duration im using it [13:35] im not trolling [13:35] seecrets: this isn't the place for your rants. Again, this is a support channel. Go to #ubuntu-offtopic [13:36] okay === JoelJoel is now known as Joel [14:45] I'm in Ubuntu, is there a way I can save an internet URL, to a desktop alias? [14:50] Pruners: There is [14:50] Pruners: https://www.google.com/search?q=ubuntu+url+launcher&oq=ubuntu+url+launcher === Starmina8790 is now known as Starmina879 === Starmina8791 is now known as Starmina879 [15:45] Hello! I'm installing ubuntu desktop 22.04 and I'm puzzled by the dropdown menu "device for boot loader installation" [15:45] arkanoid: pick your hard drive [15:46] Context: UEFI system, EFI partition already exists as sdb1, I've created a partire for /boot in sdb2 [15:46] arkanoid: The program your computer loads when it first boots up is the bootloader. The bootloader is what then starts Ubuntu. That bootloader has to be located somewhere, that option tells the Ubuntu installer where you want to put the bootloader. It should be put on whatever drive you want the system to boot from. [15:46] With that context, the bootloader should go in /dev/sdb1 I believe. [15:47] arkanoid: is there a reason why you're manually creating partitions, especially boot? [15:48] leftyfb: yes, I'm doing some quite convoluted operation (after backup of course). I start from a dual boot windows + ubuntu, I want to remove windows and get ubuntu + ubuntu, but new ubuntu has LUKS working. I will remove old ubuntu after moving everything [15:49] So I am replacing windows partitions at the beginning of sdb with /boot and encrypted device as / [15:50] arkanoid: Your system does use EFI, right? [15:51] (Asking because I know Ubuntu will create an EFI partition even on a BIOS system, and so whether your system is EFI or BIOS will influence where you probably want to put the bootloader.) [15:51] Current situation is: sdb1 EFI, sdb2 /boot (new ubuntu), sdb3 / (encrypted new ubuntu), sdb4 / (old ubuntu without separate boot partition) [15:52] System is UEFI, yes. I've started the installer from UEFI and uefivars is mounted in installer [15:52] arkanoid: OK, then the bootloader goes on /dev/sdb1. [15:52] is there a way to disable the firefox snap update warning? says 13 days left to close it. problem is i close it, do a refresh, and then the next day there's another update. so this popup has become a part of my life every 5 minutes. [15:53] i think i've closed that popup a thousand times [15:53] imbezol: it's a known bug they are working on [15:53] arraybolt3[m]: what sdb2 /boot used for, then? [15:53] super super annoying. i hope they fix it soon. === Guest6481 is now known as gr33n7007h [15:58] arkanoid: OK, so the bootloader has two parts. [15:58] arkanoid: There's an "early bootloader" that goes in the EFI partition. [15:58] arkanoid: Then there's the "rest of the bootloader" that goes in /boot and has things like extra modules for certain uses, along with the configuration file for GRUB. [15:58] arkanoid: Also the /boot partition holds the kernel and initramfs. [15:59] arkanoid: The early bootloader goes wherever you select as the boot loader installation device. [15:59] arkanoid: So you want GRUB to go in the EFI partition, /dev/sdb1. The system will autopopulate /dev/sdb2 with all the necessary extras (the rest of the bootloader) as well as other files critical to the boot process. [16:01] https://opensource.com/article/17/2/linux-boot-and-startup [16:02] (A similar process is used on BIOS systems, but the early bootloader and rest of the bootloader are somewhat different, though the same concepts still exist.) [16:02] arraybolt3[m]: thanks, it makes sense now. I have question then. What is generally called "stage 2 bootloader" is what runs from EFI partition or what runs from /boot? [16:05] arkanoid: That's one of the stages for Grub (or possibly other bootloaders). [16:08] https://www.linuxquestions.org/questions/linux-newbie-8/what-is-grub-loading-stage2-745986/ [16:09] arkanoid: A /boot partition is a mistake that will sooner or later run out of space and not allow you to upgrade your kernel. [16:09] There is no reason /boot should be a separate partition. [16:10] On archaic multi-user systems, /boot was mounted separately and unmounted at runtime so that malicious usrers could not tamper with the boot files. [16:10] jhutchins: I've been reading that separate /boot is required for booting when root is behind LUKS [16:11] https://www.techeblog.com/5mb-hard-drive-being-loaded-onto-a-plane-in-1956-and-35-more-cool-historical-photos/ [16:12] arkanoid: There is a way to have /boot encrypted, I don't mess with such things. [16:12] arkanoid: It does provide additional entertainment when things go wrong. [16:12] I have (not yet) secure boot enabled (this will be my final target). So the boot process is currently efi in sdb1 > grub in sdb2 > boots only with decryption password (this is working now) [16:15] arkanoid: The purpose of "Secure Boot" is to prevent you from booting Linux install media and installing Linux. [16:16] jhutchins: yeah, no. Please. I know what root of trust is [16:17] I can understand how firmware flashers deliver tpm with pre-flashed ms$ keys, but this doesn't mean what you say [16:17] lets try to stay on topic here [16:17] jhutchins: also, my (very old) previous ubuntu installation with no separate boot partition has a /boot folder of 286MB [16:18] arkanoid: Keep in mind that is very very small for modern-day Ubuntu systems. 4 GB would be a safer /boot size IMO. [16:19] arkanoid: Yes, the boot folder is part of a standard Linux system. [16:19] I'm still in time for re-installing ubuntu with larger /boot partition or without it, but I want encrypted root and smooth daily sail like I've been experiencing so far without luks [16:19] (I saw someone in here with a /boot that was about that small. It was... not fun.) [16:19] It's convenient to have all of the required boot files in the same place, rather than breaking them out by version like the libraries and drivers. [16:20] There are a few distributions that do that, a seperate file tree for each kernel and a symlink in / that points to that tree. [16:21] That symlink also exists on some more standard systems for compatibility. [16:21] Rhel uses separate /boot [16:21] arkanoid: If you mean a separate partition, that's optional there as well. [16:23] jhutchins: by default, you have separate boot partition [16:24] I'd like to get some confirmation about: is it really a risk having separate boot partition of 512MB size? Is it really a risk having boot embedded in root while keeping root encrypted with luks? [16:25] arkanoid: I would keep /boot separate since it's what Ubuntu does by default. [16:25] arkanoid: I would give at least 1GB to the /boot partition so that you have breathing room if things go haywire, maybe even 2 GB. [16:26] arraybolt3[m]: official docs says 256 - 1GB, I went 512, but I will reinstall now https://help.ubuntu.com/community/DiskSpace [16:26] arkanoid: It is not a risk to have boot embedded in root while root is encrypted, but it does require that things be configured in just the right way. Ubuntu doesn't do it that way by default, though Lubuntu and Ubuntu Studio do. So it's possible, but I don't know how to do that. [16:26] (On stock Ubuntu I mean.) [16:27] Also, the docs are generally a good source of info, but they're also miserably outdated in some instances, and I wouldn't be surprised if this is one of those instances. [16:28] Yeah, I'm seeing a mention of Ubuntu 10.04 (?!) in that Wiki article. I should edit that to reflect modern versions of Ubuntu. [16:29] arraybolt3[m]: I don't want to step too far away from defaults. Separate unencrypted boot seems not an higher risk for me. I mean, I would need an evil maid that tampers the boot/kernel. I just want to stay safe if laptop got lost/stolen [16:32] ubuntu core uses unencrypted boot while calling it Full Disk Encryption with chain of trust base don TPM2.0 enabled https://ubuntu.com/core/docs/uc20/full-disk-encryption [16:33] In spite of good intentions, the kernel and boot files do keep growing. [16:33] arkanoid: ubuntu core != ubuntu desktop/server. Feel free to discuss Ubuntu core in #snappy [16:33] It's been a long time since you could boot a system off of one floppy. [16:34] jhutchins: my other ubuntu installation went from 16.04 to 22.04 with daily usage, and /boot is 286MB [16:34] arkanoid: lets stay on topic with support questions you need help with [16:34] arkanoid: Then you should be fine with a separate unencrypted boot. [16:35] leftyfb: sure, but it's still an indicator that while encrypted /boot is possible, is not done even when secure boot is enabled by default [16:35] leftyfb: The question is how much space is adequate for /boot. [16:35] Were you to ever find your laptop again, you'd probably want to wipe and reinstall, restoring your data from a backup, but just LUKS'ing root and leaving boot unencrypted will work fine from a data security standpoint. [16:36] jhutchins: apparently in their case, they believe 286MB is adequate and don't seem interested in anyone elses opinion [16:36] leftyfb: They're just making a point trying to reason about wwhat is and isn't secure. [16:36] leftyfb: They said they were going to reinstall to make a bigger boot partition. [16:37] arraybolt3[m]: if the discussion were to continue to it's conclusion, throwing the PC into a fire is the most secure [16:38] I'm not saying it's adeguate, I actually said the opposite: I will reinstall now and use 2GB for /boot. What I just wanted to point out, is that a very old and frequently updated ubuntu installation still has a clean /boot folder of 286MB, and also the official docs says 256Mb to 1GB of size recommended. [16:38] leftyfb: I do a lot of security stuff and I can understand his concerns (since I've had those same concerns). And I'm still using a PC. [16:39] Actual use of the computer is discouraged as a security risk. [16:39] arkanoid: True. And it will stay that way if everything goes perfectly well (though it will grow a bit and then shrink again). But when something unexpected happens and kernels start piling up... (I've had that happen to me a few times.) So that's why you want a good buffer of breathing room. [16:40] jhutchins: C'mon. I get where he's coming from. I don't know what he said that has you and leftyfb doing this to him, but please stop. It's not appreciated, especially as someone who's in the same boat. [16:40] arraybolt3[m]: thanks. I'm now curious when the piling up happens. Never happened in my experience. What takes update to save copies and copies of kernel versions / initrd images? [16:40] arkanoid: It's an old joke. [16:41] arkanoid: With the realease of 22.04 we've seen people here run into space limits with /boot partitions, so it's a valid issue. [16:41] arkanoid: If something occurs that makes a kernel marked as manually installed, it will then stay there and not get autoremoved. That will cause there to be at least one extra kernel laying around. [16:42] ... plus config and initrd. [16:43] Does Ubuntu do the root symlink to the boot files? [16:43] k, reinstalling with 2GB now. If everything goes well like previous go, I will end up with two ubuntu installs like now. The only "obscure point" here to me yet is how grub "detects" other OSs [16:44] arkanoid: There's a special config file that gets built by grub-mkconfig that tells GRUB where the other operating systems are and how to boot them. [16:44] That tool will automatically run during install time. [16:44] (However do note that only one OS will be detected in Ubuntu 22.04 since os-prober was disabled, there's a way to re-enable that if that's undesirable, but in your instance it sounds like it's just fine.) [16:45] the tools is detecting deleted windows as still present then. I guess because there are some leftovers in EFI (sdb1) partition? [16:45] arkanoid: Quite possibly. If you're OK with potentially rendering all operating systems except the one you're installing now unbootable, you could (maybe even should) wipe the EFI partition and make a new one. [16:46] arraybolt3[m]: no, I'm interested in having old ubuntu still working as before. This until I end my experiments with luks/secure boot on new installation [16:47] arkanoid: OK. Actually, in that instance, what I'd do is go ahead and wipe the EFI partition, and then we'll just re-enable os-prober to pick up the original installation. [16:47] (I'll link to the instructions on re-enabling os-prober.) [16:48] https://askubuntu.com/questions/1410398/just-installed-ubuntu-22-04-on-a-dual-boot-setup-now-my-other-os-isnt-showing [16:49] arraybolt3[m]: I'm puzzled. If os-prober is disabled in 22.04, why I have grub showing 3 OSs (deleted windows, old ubuntu, new ubuntu with encrypted root) after the operation of deleting windows partitions to install new ubuntu? [16:49] arkanoid: Are you using Ubuntu 20.04? [16:50] no, 22.04 [16:50] both old ubuntu installation and new ubuntu installation are ubuntu 22.04 [16:50] Hmm... then you might be looking at your UEFI boot menu and not GRUB. Does the bootloader say "GNU GRUB" up at the top? [16:51] well, let me reboot to double check, but yeah I am quite sure. 1 minute [16:52] Maybe it's still picking up stuff from the EFI partition but not mounting things from other partitions then. I dunno. [16:52] I confirm GNU GRUB at boot with 3 OS options [16:53] Well whatever it is doing, it is making things work out of the box. Let's see what happens now that I'm going to reinstall new ubuntu ... [16:54] What should happen in EFI if I have more than one ubuntu installation on same system? Should I have one or two grub entries there? [16:55] I currently have EFI folder with Boot, Microsoft and ubuntu subfolders [16:59] The EFI/ubuntu/grub.cfg points to blkid of sdb2, so /boot of new ubuntu. [16:59] It means that os probe is working somehow on 22.04 as it detected all 3 OSs on installation [17:00] Let me double check in /boot/grub.cfg of newly installed Ubuntu if it matches the boot entries [17:02] Yep, I confirm /boot/grub/grub.cfg of newly installed Ubuntu contains entries for previously installed OSs, so probing is working [17:04] * ogra notes that there is no unencrypted /boot in Ubuntu Core systems that use secureboot with full disk encryption ... (and there is no way to have either/or, they only go together) [17:10] anyone using ubuntu on the HDMI TV sticks like the 1 from aliexpress, they say its ubuntu compatible, but it runs windows natively, just to hear how it runs, they have 2 and 4GB version. [17:11] sort of like the arm android tv sticks but its x86-64. [17:11] size of a usb stick. [17:11] arg_: https://ubuntu.com/certified [17:11] arg_: for anything else, you would just have to try it [17:16] leftyfb: yeah they are not branded things tho, i'm gonna hack 1 out to bring back a ubuntu phone competitor to the pine64. With a tiny hdmi touchscreen lol ;] [17:16] arkanoid: Hmm, not sure why it's picking them up then. I don't know if it's to be expected or not. [17:16] arg_: good luck [17:18] i have rsyslog listening on a socket. how do i send test entries to that socket? [17:19] forgotmynick: try logger [17:21] sarnold: i love you [17:22] forgotmynick: <3 :D [17:27] arraybolt3[m]: I can confirm after reinstalling ubuntu plus deleting old EFI partition and recreating from scratch that the installer creates a grub config that permits loading old ubuntu install and all "advanced" sub options [17:28] Hmm. Maybe they changed something... though I'm not sure how that would make sense. Well, woot! Glad it's working, now I have one more thing confusing the sap out of my brain! 🤪 [17:44] Hi [17:44] What is ~/.xtoolkit used by? [17:47] If i had to guess, i'd say the X Toolkit [17:47] I do not see that file mentioned anywhere having to do with ubuntu [17:48] the only thing I can find is a 3rd party tool not included in ubuntu called incubator-weex-cli [17:50] maybe week-tookit npm package [17:50] I thought that too, but it seems to have some node packages in there... [17:50] sorry, weex-toolkit [17:50] Isn't X toolkit just x libs and stuff? What what that have to do with node/npm [17:51] right, it's probably related to some npm package you installed [17:51] Unless it's like that intel cross platform mobnile app dev toolkit I might have instaleld once [17:51] \o/ [17:51] ah right, Hash has me on ignore so didn't see any of this [18:01] leftyfb: lol that's got to save a huge amount of time :) [18:28] Is there a way in preseed to change the partman options to modify XFS filesystem format options? (ie. turn off reflinks, or other custom oddities) [18:45] skullone_: i don't know your answer, if the question refers to ubuntu desktop (it seems to). i also don't know your answer if the question would also extend to ubuntu server (which can be converted into a desktop installation), but assume you may have more options with subiquity + autoinstall (via curtin) [19:40] BluesKaj: Hi ! [19:40] Beherit: 👋 [19:41] hi array! [19:41] first signs of life! hah! [19:41] Beherit: Anything we can help you with? [19:41] been years since i actually used the MIRC , just logged in as an opportunity when i was sorting out thunderbird. [19:42] no arraybolt, thanks. just saying hi. [19:42] Nice. If you ever run into anything that goes wrong with your Ubuntu system, feel free to ask for help here. Also, if you're interested in general conversation, we have #ubuntu-offtopic:libera.chat. [19:43] ah Thank you!! === blackest_mamba_ is now known as blackest_mamba [20:08] arraybolt3[m]: may I pm you? [20:08] murmel: Yeah, sure. Matrix preferred, IRC will work too but I might be slow. === scoobydoob is now known as scoobydoo [20:57] is there a reason why ubuntu removes the rootless install script from docker.io? [20:57] can't find anything about it [20:58] why is ctrl alt backspace not killing Xorg in Ubuntu? [21:00] de-facto: pretty sure that was removed years ago [21:01] why would one remove such a useful thing? [21:01] gnome shell freezes from time to time, so it would be useful to be able to kill it [21:02] de-facto: you should be focusing more on the freezes and less the workaround [21:02] yeah it's definitely not normal that gnome freezes [21:03] it never was stable for me, so i got used to it freezing from time to time [21:04] same with pulseaudio, it just corrupts from time to time, so killing it solves the issue with both [21:05] was Ctrl Alt Backspace completely removed or just diabled? [21:06] de-facto: a quick google search shows it was "disabled" 13 years ago https://www.linuxjournal.com/content/tech-tip-restore-ctrl-alt-backspace-ubuntu [21:07] yeah [21:07] ctrl-alt-backspace to "zap" X hasn't been a thing for years [21:08] de-facto: are you running Ubuntu 20.04 or 22.04 and gnome is still freezing for you? [21:08] 22.04 [21:09] de-facto: is gnome freezing up on you? [21:09] yeah its freezing from time to time [21:09] de-facto: is this a fresh install of ubuntu or have you been upgrading since 2009? [21:10] fresh [21:10] de-facto: ok, maybe file a bug or ask someone here for help troubleshooting the issue [21:10] i just assumed that gnome shell is not really stable yet [21:10] yeah i just want ctrl alt backspace [21:10] i dont want to dig into Xorg, thats too crazy [21:11] they disabled it because users could "accidentally trigger it" lol [21:11] aha, hmm [21:11] de-facto: you'll probably need to dig into "Xorg" (not the default unless you have Nvidia) in order to write the code back in to give you your workaround for a problem you aren't interested in getting resolved [21:12] btw, gnome shell was released 11 years ago [21:13] yeah still not stable for me, sorry, but its how it is [21:16] de-facto: your issues could be related to bad memory, cpu, gpu, overheating, wrong drivers installed, faulty software installed or lack of resources. Since you don't know or are interested in resolving the issue, it's not yet valid to say gnome shell isn't stable [21:20] all problems observed could be caused by such generic implied causes, to me gnome shell freezes from time to time, so thats an observation, hence it is not stable for me, what is the cause? i do not know, but i want to be able to kill it when it freezes [21:20]