[04:01] <P1ro> Hi, i cant login from terminal/local keyboard, only tru ssh, and cant do sudo su ill get ( su: cannot open session: Cannot make/remove an entry for the specified session ) BUT sudo -u root /bin/bash does work ok, or any other sudo commando directly, what could be the issue with users ?
[04:04] <MTecknology> look at auth.log and syslog
[04:04] <sarnold> oh hey MTecknology :)
[04:05] <sarnold> poke around in /etc/pam.d/ and see if any of those configs look funny vs the others
[04:05] <MTecknology> sarnold: I'll give you $5k to fix my crap
[04:05] <MTecknology> also, hi :)
[04:05] <sarnold> MTecknology: lol :D
[04:06] <MTecknology> this looks like a helpful link -> https://serverfault.com/questions/90400/how-to-check-for-modified-config-files-on-a-debian-system
[04:16] <MTecknology> sarnold: I'm serious about that $5k ... I need a generic way to create an ubuntu installer (iso & ipxe) and I'm kinda desperate to not leave too much brain matter behind on this wall
[04:35] <sarnold> MTecknology: oh man :/ config files on debian and derivatives are sadness :(
[04:36] <sarnold> MTecknology: the "conf files" thing from dpkg is so brutal about how upgrades are handled a ton of packages go out of their way to manage config files in other ways.. none of these are complete solutions, just suggestions towards things that help
[04:38] <MTecknology> As soon as I get a brand new kernel panic on mac+vbox7 figured out, I should be moving on to making my installation support automatic tests for both debian 11 and debian 12, and my goal is to extend that to ubuntu
[04:39] <MTecknology> the actual configuration part is handled by salt after the installation
[04:39] <MTecknology> (still my teckhost thing)
[04:40] <MTecknology> https://github.com/MTecknology/teckhost (latest commit is still failing to build/test)
[04:42] <MTecknology> maxcpus=0 seems like it might have helped, but I haven't been able to run any test long enough. That might require over 2x the amount of time to test
[04:44] <sarnold> MTecknology: hmm, I keep hearing that there's a decent tool for making customized ubuntu images but I can't find the thing. I'm finding some repos with garbage docs and some repos with *very* garbage docs ..
[04:44] <MTecknology> 1) make debian12 work 2) add support for multiple distros/releases 3) make sure debian11 still works 4) figure out how to make ubuntu work at all 5) work that into the test stack
[04:44] <P1ro> ohhh, thanks, well i have not auth or syslog under /var/log/...
[04:44] <P1ro> the modd files on debian its a realy good link
[04:44] <sarnold> P1ro: very weird. what else is wrong with this system??
[04:44] <MTecknology> P1ro: dmesg
[04:45] <MTecknology> sounds like you should be investigating this from a live image
[04:45] <P1ro> well i can log from ssh, root with sudo -u root /bin/bash
[04:45] <MTecknology> sarnold: If you find it and it actually works, I'll donate $50 to the project and $200 to your favorite charity (and buy you a venbeer)
[04:47] <sarnold> MTecknology: mason's put a fair amount of effort into getting installers for debian and ubuntu, it's possible he's got something that might work for you -- but he might also have diametrically opposed ideas about what would work, too
[04:47] <P1ro> sarnold: that could be a good tool, normally i have to install on a small usb, then create img from usb
[04:47] <sarnold> P1ro: yeah, a lot of people want something like it :)
[04:48] <P1ro> and well i was messing with limits.conf (max open files memory) some stuff, where i can found the default system files ?
[04:48] <sarnold> P1ro: the usual stock-answer of "use a cloud-image and supply a cloud-init control file" often isn't very satisfying
[04:48] <MTecknology> my current iso builder for debian -> https://github.com/MTecknology/teckhost/blob/master/iso/build_iso
[04:49] <P1ro> sarnold: gentoo got one, dont know why there is none for debian, ubuntu, etc.
[04:50] <MTecknology> cloud-init is a massive mess of haphazard junk tossed into a bucket and given a .deb as a pretty bow ...
[04:51] <sarnold> P1ro: if you've got your apt sources configured with deb-src lines, you could apt-get source libpam-modules   to download the sources for the package that owns that file .. or you could use dpkg's --force-confnew flag .. that's pretty inconvenient, I'm not sure how to do that one
[04:51] <MTecknology> I'm pretty sure I even saw it describe itself that way
[04:51] <sarnold> MTecknology: lol, sounds right :)
[04:56] <sarnold> MTecknology: OH! I think this was the thing I was thinking of https://github.com/ubuntu-bartenders/ubuntu-old-fashioned?tab=readme-ov-file -- but there's way more references to cloud providers in here than I thought
[05:02] <MTecknology> I don't think I understand the documentation for this. Is this capable of building an installer, or is it meant for making cloud-based images targeted for specific platforms?
[05:09] <sarnold> I *think* it's intended to build an installed image, not an installer .. :(
[05:10] <MTecknology> ah, I need an installer
[05:11] <MTecknology> but certainly has a similar spirit :)
[05:24] <sarnold> MTecknology: I'm off for the night, good to see you again :)
[06:02] <rbox> nb 2516m4hg3bbbbbb983+
[06:16] <MTecknology> should I take the hint and give up for the night?
[08:18] <radiant241> I'm on Windows10 + Xubuntu +NixOS (last one is on a separate disk). I want to try fixing my windows with Dism commands and such. It may cause problems to my boot order. Meaning I may lose access to any of these OSes or all of them.I have USB disks. What should I burn to my USB disks so I can recover my NixOS or Ubuntu OSes should any problems
[08:18] <radiant241> occur?
[08:18] <radiant241> are systemresque and sparkylinux enough for this?
[08:21] <MTecknology> "burn to usb" ??
[08:21] <MTecknology> might wanna look into something like ventoy
[08:24] <radiant241> MTecknology yeah but I'm wondering if I actually need a ubuntu live image to fix ubuntu or can I use those two distros to fix grub or systemd-boot or stuff
[08:24] <radiant241> Also how to know about my boot order? whether I use GRUB or anything else?
[08:24] <MTecknology> ah, gotcha finnix is a good one to add
[10:16] <ecm> Слава Україні!
[11:10] <thisisjaymehta> You know we dont study Russian in school. It would help if you write in English.
[11:18] <thisisjaymehta> I need help with setting a command to autorun at startup.
[11:19] <thisisjaymehta> This is the command: pacmd load-module module-alsa-sink device=hw:Audio,1 control='PCM',1
[11:20] <thisisjaymehta> I added it in crontab with @reboot, but it doesn't work
[12:01] <zamba> is 1:7.6p1-4ubuntu0.7 considered safe for CVE-2023-38408?
[12:01] -ubottu:#ubuntu- The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009. <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38408>
[12:01] <zamba> it seems like versions before this is vulnerable: 1:7.6p1-4ubuntu0.7+esm1)available with ubuntu pro or ubuntu pro (infra-only
[12:02] <zamba> but i don't have +esm1. do i need ubuntu pro to get the security patch? what's the deal?
[13:19] <BluesKaj> Hi all
[13:28] <tuxinator> hi
[13:29] <tuxinator> no matter what i do, my apparmor always complains this when starting/restarting cups-browsed even if i add a profile and change it to complain mode https://pastebin.com/2uCVzwag
[15:02] <willcl-ark> I'm having issues using `perf` on 23.10.. many error messages of the form "addr2line /root/.debug/.build-id/fb/<id>/elf: could not read first record". Just wondering if there are any known issues with this in kernel 6.5.0-17 ?
[15:04] <leftyfb> willcl-ark: apt-cache policy iperf | nc termbin.com 9999
[15:15] <willcl-ark> leftyfb: https://termbin.com/b87y
[15:16] <leftyfb> willcl-ark: how did you install iperf?
[15:16] <willcl-ark> sorry, it's perf i'm struggling with, not iperf
[15:17] <willcl-ark> from binutils
[15:17] <leftyfb> ah, it's from linux-tools-common
[15:18] <oerheks> !info perf-tools-unstable
[15:30] <ogra_> ravage, uh, what evil did you do to get stgraber so upset ?
[15:31]  * ogra_ would have asked in #ubuntu-discuss, but ravage isnt there ... 
[15:34] <ravage> heh
[15:34] <ravage> i started an nginx proxy for about an hour
[15:34] <ravage> seems to be evil
[15:34] <ravage> wanted to understand how they block lxd out. was a success 🙂
[15:35] <ogra_> obviously evil enough to have him post on your membership application
[15:35] <ravage> yep i saw it. let him post whatever he likes
[15:35] <ravage> the post does not say anything really
[15:35] <ogra_> it says you are an abusive person ...
[15:36] <ravage> i find his post kind of toxic. not sure who the bad person is here
[15:36] <ravage> but hey
[15:36] <ravage> "i do not know you at all... but"
[15:37] <leftyfb> It sounds to me like ravage was just testing workarounds for community-hostile actions by an open source project
[15:37] <ogra_> yeah ... i know stephane pretty well and am rather shocked by him in recent times
[15:38] <ravage> it really was just because i was curious what that all is about
[15:38] <ravage> and i needed to spawn a debian container for a test 🙂
[15:38] <ravage> let me join discuss with my bridge
[16:04] <mcc> Hello, I am attempting to run a closed-source program on amd64. It depends on libc++, and it is failing with the run-time link error `undefined symbol: _ZNSt3__123__libcpp_debug_functionE` . I have tried installing both the libc++1.16 and libc++1.17 packages, both exhibit the error. I suspect they expect some specific version or distribution of libc++ but have struggled getting the vendor to explain the exact environment they expect.
[16:05] <mcc> Is there any coherent way of figuring out what the different way between the linked libc++ and my local libc++ could be, given that mangled symbol name?
[16:10] <mcc> hmm, ok. digging around in release notes it appears I need libc++1.14 :(
[16:11] <ogra_> mcc, you could use pbjdump or some such to find the libc version the binary actually wants ... if it matches any LTS version of ubuntu you could try to package it as a snap as "just installing" a different libc (or libstdc++) will likely cause problems if not put away inside some containerization
[16:11] <ogra_> s/pbjdump/objdump/
[16:11] <mcc> ok. i was about to ask if i was gonna need docker or something but snap is an interesting idea
[16:12] <mcc> i tested by installing libc++1.14 and it worked, but libc++1.15 doesn't
[16:12] <mcc> your point about not screwing up the rest of my system is taken D: in this case tho i didn't even have libc++ installed until i installed this app
[16:14] <ogra_> docker might work too ... i personally just find snaps easier to create 🙂
[16:14] <mcc> that makes sense. i don't know how to use either :O but i've already got snapd on this machine but not docker so snapd would be more natural.
[16:17] <mcc> Wait, this is weird. This is really weird.
[16:17] <mcc> https://reviews.llvm.org/D127360
[16:18] <mcc> "This commit removed symbols implementing debug mode in the non-debug configuration of the library. Using the debug mode now requires a differently-configured version of libc++."
[16:19] <mcc> That's… I think from the libc++ 15 release notes, but I can't find the true release notes page
[16:19] <mcc> https://libcxx.llvm.org/ReleaseNotes/18.html
[16:19] <mcc> This site has release notes for 18 and 19 but not earlier versions…
[16:20] <mcc> "By default, the legacy debug mode symbols are not provided with the library anymore. If you are a vendor and need to re-enable them, please use the LIBCXX_ENABLE_BACKWARDS_COMPATIBILITY_DEBUG_MODE_SYMBOLS CMake flag, and contact the libc++ developers as this will be removed in LLVM 16. Furthermore, please note that LIBCXX_ENABLE_DEBUG_MODE_SUPPORT is not honored anymore." well I guess that's besides the point.
[19:55] <esc4rg0t__> Is there any fix for "Warning firmware error detected FWSM:..." on Ubuntu Server LTS regarding ixgbe driver?...
[20:25] <topcat001> willcl-ark: Are you trying to record DWARF call stacks?
[20:26] <ashafq> I think Ubuntu erased my UEFI boot. Is there a way to get it back?
[20:31] <mdw> ashafq: as another OS boot entry?
[20:32] <mdw> *as in
[20:32] <oerheks> !uefi
[20:32] <oerheks> how do you tell ubuntu wiped uefi ?
[20:33] <mdw> I presume they are talking about a boot entry being missing, likely needs to readd it with efibootmgr
[20:45] <Luminel> Hey!
[20:45] <Luminel> ubuntu users don't use IRC anymore?
[20:45] <arraybolt3> yeah we do
[20:46] <arraybolt3> we're getting Matrix added on as a new primary chat platform for support and whatnot, but IRC will remain supported for the foreseeable future
[20:48] <ashafq> mdw: I think somehow the encryption key got wiped from TPM and the PC no longer recognize /dev/nvme*,
[20:49] <ashafq> I can't even mount it with a recovery disk
[20:49] <ashafq> Unless I am missing something.
[20:49] <ashafq> lspci shows the device, but not lsblk.
[20:53] <ashafq> There are no "official support" for this, is there? I would love to pay someone just to fix it as I don't have the time to fix it.
[20:58] <sarnold> MTecknology: I heard back that https://github.com/canonical/ubuntu-image is the 'current official' tool for building images
[20:59] <oerheks> >> https://snapcraft.io/ubuntu-image
[21:04] <MTecknology> snap exclusive, eh? that's cute
[21:06] <oerheks> no, one could build it easily
[21:14] <MTecknology> My chuckle is toward the distribution method, not the project itself. It's a golang project, so plenty of other distribution methods are trivial ... they just want to push their pet project
[21:15] <oerheks> ...
[21:18] <MTecknology> This is interesting
[21:19] <MTecknology> sarnold: I'm also looking at live-build; it looks like it could be a "generic" approach that uses debootstrap and works for debian and ubuntu.
[22:33] <seer__> what are the "downsides" to enabling ubuntu pro?  (And my opensource system is pushing me to a $ubscription $ervice!!  ??)
[22:34] <seer__> What are the downsides of not installing ubuntu pro?
[22:34] <jeremy31> seer__: Isn't Ubuntu Pro free?
[22:34] <arraybolt3> it is
[22:34] <ravage> You don't get the Updates 
[22:34] <ravage> That's the downside 
[22:34] <arraybolt3> of not enabling it
[22:35] <jeremy31> Might be a topic better off in #ubuntu-discuss
[22:35] <arraybolt3> I'm not aware of any downsides with enabling it, unless your OEM explicitly doesn't support it
[22:35] <cbreak> I don't see any point in using ubuntu pro
[22:35] <ravage> Then don't 
[22:35] <cbreak> indeed.
[22:36] <leftyfb> cbreak: seer__: https://discourse.ubuntu.com/t/ubuntu-pro-faq/34042
[22:38] <seer__> I found this vague article (it seems particular but it isnt) https://www.linuxandubuntu.com/home/ubuntu-pro-vs-ubuntu
[22:39] <seer__> thanks leftyfb
[22:40] <leftyfb> seer__: that article is half-truths
[22:40] <leftyfb> the one you posted
[22:45] <MTecknology> It looks like the most useful bit of info is underneath "What if I don’t want to opt-in to Ubuntu Pro? [...]"  It sounds like "ubuntu pro" is ~"Universe security updates are covered by a dedicated team"
[22:47] <leftyfb> MTecknology: if you don't want to enable pro, your system functions exactly the way it has up till now, with some nagging when you run updated in the CLI and now GUI, though I think there's workarounds to disable that
[22:47] <leftyfb> Pro is Canonical updating packages from the universe repo which historically were only updated by community maintainers
[22:48] <leftyfb> for the most part
[22:48] <leftyfb> the other features are kernel livepatching and additional security not typically implemented by individuals
[22:53] <seer__> goed zo