IRC log for #devuan on 20201106

00:16.14*** join/#devuan arnoldoree (~arnoldore@113.210.102.105)
00:22.05*** join/#devuan cyteen (~cyteen@static-84-9-179-245.vodafonexdsl.co.uk)
00:25.22*** join/#devuan djph_ (~dpurgert@104-57-151-177.lightspeed.bcvloh.sbcglobal.net)
00:54.16*** join/#devuan arnoldoree (~arnoldore@113.210.102.105)
01:08.55suavedandyfsmithred: The installation went great.
01:09.22suavedandyThe only caveat is that your live image has OpenRC.
01:09.50suavedandyAnd for some reason OpenRC always complains that it can't stop anacron.
01:10.03suavedandyDon't know why.
01:14.01fsmithredwhat???
01:16.24fsmithredsuavedandy, you would only get openrc if you installed it or if you used the one openrc iso in my experimental folder
01:16.37fsmithredand you can't miss it - it has 'openrc' in the file name.
01:19.42specingIt's unstoppable mwahahaha!
01:20.11*** join/#devuan fluffywolf (~furrywolf@172.58.92.107)
01:21.00clortdevuan?
01:21.45clortopenrc?
01:22.17suavedandyYes.
01:22.23suavedandyDevuan OpenRC.
01:22.38clorti wonder what specing is referring to?
01:22.49suavedandyAh, never mind.
01:23.11suavedandyPerhaps the live image was with OpenRC.
01:23.26suavedandyI see good ol' SysVinit.
01:24.25*** join/#devuan psarria (~psarria@213.94.48.104)
01:24.57suavedandyNo more problems, I guess. The Internet is once again back to normal after some toggling of the airplane mode and restarting of wpa_supplicant.
01:25.09suavedandyWeird machinations, I know.
01:25.18suavedandyBut hey, it worked.
01:26.07suavedandyAh, the only issue I haven't looked into is Cyrillic font.
01:26.34suavedandyI'll look into it after I get some sleep.
01:26.51suavedandyI got surprisingly far this time around.
02:08.10*** join/#devuan sunshavi (~user@190.234.75.216)
02:32.57*** join/#devuan bleb_ (~cm@unaffiliated/bleb)
02:36.25*** join/#devuan debdog (~debdog@2a00:79c0:620:2500:7a24:afff:fe8a:d04d)
02:39.40*** join/#devuan Stealth (~stealth@sourcemage/archon/stealth)
02:50.48*** join/#devuan petzi (~petzi@p578b3438.dip0.t-ipconnect.de)
03:27.36*** join/#devuan kelsoo2 (~kelsoo@dragora/developer/kelsoo)
03:32.12*** join/#devuan systemdlete (~systemdle@c-73-235-92-238.hsd1.ca.comcast.net)
03:34.02systemdleteI'm trying to forward packets on refracta.  I'm guessing it is the same as on devuan.  I have set up 3 machines for this purpose.  I have A (source) machine, B (where firewall runs and where I want to set up forwarding), and C which is a target system.
03:34.56systemdleteOn A, I run ping C.  Using wireshark on C, I can see C is receiving pings and responding.  But neither A nor B see the ping responses.
03:35.53systemdleteI'm using gufw/ufw and I've set up forwarding per their instructions.  B is dual-homed of course, with an interface facing A, and an interface facing C.
03:36.30systemdleteDo I need NAT to do this?   I was hoping to use gufw (and ufw) to accomplish this.  Seems like this should be simple.
03:37.19clortcould you document how you do that if you get it working
03:37.24clortcause i fail at that now too
03:38.02systemdleteBtw, A is a devuan Ascii system, B is a refracta system, and C is a different Ascii system.
03:45.22Hurgotronsystemdlete: One would need IP addresses, networks and routing to analyze
03:48.15*** join/#devuan debdog (~debdog@194.140.113.70)
03:49.29systemdleteHurgotron:  Here is what I have configured:  A is 192.168.57.1, B is 192.168.57.2 (both on same leg) and B has 192.168.56.2, C has 192.168.56.18 (both on same leg)
03:50.08systemdleteI'll call them A-B network and B-C network, respectively.
03:50.32systemdleteA has default route to 192.168.56.2
03:50.45systemdleteB has default route to 192.168.56.1
03:50.54systemdleteC has default route to 192.168.56.1 also
03:51.52systemdleteHurgotron, for the moment, assume I am entering IP addresses only, no DNS etc
03:53.27Hurgotronboth /24 networks? A has default route to 192.168.57.2 and C to 192.168.56.2 ?
03:53.58systemdlete^^
03:54.05systemdlete(and yes /24)
03:54.18Hurgotronah sorry too slow today
03:54.22systemdletenw
03:54.25systemdletethanks for helping
03:55.08systemdleteI guess you can say that network A-B is 192.168.57.0/24 and B-C is 192.168.56.0/24
03:55.19Hurgotronright
03:55.26HurgotronBut where is 192.168.56.1?
03:55.54HurgotronYou just mention that as a route target and not as a host address.
03:55.59systemdleteThat's another router that takes packets to the Internet, but no need to worry about that now.  I'd be happy to hit 192.168.56.18 at this point!
03:56.19systemdleteHurgotron, I skpped some info
03:56.40systemdleteAll 3 systems hvae router entries for their own interfaces.  I thought that was obvious, sorry.
03:58.41systemdleteAlso, C does not need to hit A.  Just A getting out to C (and the Internet, later on, once this is figured out)
03:59.11systemdleteA and C are single-homed systems, just for clarity.
03:59.18HurgotronHmm, not sure what you mean, anyway. C needs to have a route to 192.168.57.0/24 with gateway 192.168.56.1 if you want to ping between a and C
04:00.16systemdleteThat's what I was afraid of.   Would NAT or masquerading solve this for me?
04:00.43systemdleteI think ufw can do NAT, but gufw does not have a way to do this directly.
04:00.43HurgotronYes, should work
04:01.37systemdleteWhat does this exact same scenario look like in IPv6?  Does IPv6 have NAT, or does its design obviate the need for NAT?
04:01.56systemdleteI vaguely recall reading about this years ago, but I forgot what it said now.
04:02.15systemdlete(I'm not serious about v6 atm, just curious)
04:03.03HurgotronShould not need nat, but needs more subnetting. Nice is the autoconfiguration with router advertisements.
04:03.41systemdleteHurgotron:  Thank you for confirming my suspicions.  I have something to work with now.   Greatly appreciated.
04:04.44Hurgotronanytime.
04:22.01*** join/#devuan nyov (~nyov@unaffiliated/nyov)
04:37.35clort'lets improve iptables, they said'
04:57.37*** join/#devuan ar3itrary (~hacker@v22016101923038440.bestsrv.de)
05:09.40*** join/#devuan kreyren (~kreyren@fsf/member/kreyren)
05:21.24*** join/#devuan kelsoo3 (~kelsoo@dragora/developer/kelsoo)
05:32.51*** join/#devuan DocScrutinizer05 (~saturn@openmoko/engineers/joerg)
06:10.49*** join/#devuan arnoldoree (~arnoldore@113.210.113.16)
06:19.33*** join/#devuan GNUmoon (~GNUmoon@gateway/tor-sasl/gnumoon)
06:32.18*** join/#devuan Unit193 (ukikie@freenode/staff/ubuntu.member.unit193)
07:06.15*** join/#devuan shibboleth (~shibbolet@gateway/tor-sasl/shibboleth)
07:21.32*** join/#devuan Acacia (~Acacia@unaffiliated/acacia)
07:32.38*** join/#devuan shibboleth (~shibbolet@gateway/tor-sasl/shibboleth)
07:33.18*** join/#devuan Joril (~joril@host-217-194-188-145.sbs.redder.net)
07:55.59*** join/#devuan rsx (~rsx@ppp-188-174-136-68.dynamic.mnet-online.de)
08:25.04*** join/#devuan xinomilo (~xinomilo@gateway/tor-sasl/xinomilo)
08:42.56*** join/#devuan alv (~alv@mob-5-90-138-19.net.vodafone.it)
08:45.37*** join/#devuan Pali (~pali@Maemo/community/contributor/Pali)
09:05.20r3bootyep, and instead of importing pf, they wrote nftables .. such a missed chance
09:06.12r3bootsystemdlete: not only does ipv6 do nat, it is being used to implement CGN, which means the end of e2e connectivity on the internet
09:17.21*** join/#devuan arnoldoree (~arnoldore@113.210.92.246)
09:18.31*** join/#devuan xrogaan (~xrogaan@unaffiliated/xrogaan)
09:39.18DPAI'm no expert in IPv6, I still haven't even gotten around to setting it up at home. But as far as I know, IPv6 doesn't require that ISPs use NAT.
09:39.18DPAWasn't it was even intended that every internet user would get a prefix with an entire block of addresses originally, to make it possible for
09:39.18DPAevery device in a local network to be globally addressable and reachable?
09:42.11sixwheeledbeastit wouldn't be required but they do, I assume was the point?
09:42.13r3bootit's not required, but it is possible
09:43.44r3bootAlso, re: ipv6, the article 'network service models' in this edition of IPJ explains the financial dynamics nicely: https://ipj.dreamhosters.com/wp-content/uploads/issues/2013/ipj16-2.pdf
09:46.35*** join/#devuan cocoadaemon (~foo@30.27.119.80.rev.sfr.net)
10:07.30*** join/#devuan Uberius (~uberius@gateway/tor-sasl/uberius)
10:24.20*** join/#devuan bpmedley (~bpm@2601:246:8101:4eb0:10b0:cd4d:6a7:3d51)
10:40.53*** join/#devuan djph (~dpurgert@devuan/community/dpurgert)
10:54.45*** join/#devuan link2xt (~link2xt@83.149.193.141)
10:55.54systemdletesadly, I am getting this error when I add the lines for NAT:  problem running ufw-init bad argument *nat
10:56.46systemdleteI ran the requirements script for ufw and it passed, no errors.  So it seems like I should have everything I need to do NAT
10:58.15systemdleteSeems like I need to add NAT table, but instructions did not indicate that specifically;  https://gist.github.com/kimus/9315140
10:58.33systemdleteMaybe these instructions are out of date for newer releases of ufw
11:01.08systemdletenvm.  I think I missed a step...
11:01.26systemdleteyep.  Forgot to set the default policy instruction...
11:31.51*** join/#devuan kreyren (~kreyren@fsf/member/kreyren)
11:42.19*** join/#devuan bsd4me (~me@95-105-74-65.gci.net)
12:23.31*** join/#devuan gnarface (~gnarface@108-227-52-42.lightspeed.irvnca.sbcglobal.net)
12:38.00*** join/#devuan systemdlete (~systemdle@c-73-235-92-238.hsd1.ca.comcast.net)
13:09.32*** join/#devuan systemdlete (~systemdle@c-73-235-92-238.hsd1.ca.comcast.net)
13:54.24*** join/#devuan systemdlete2 (~systemdle@c-73-235-92-238.hsd1.ca.comcast.net)
13:59.52*** join/#devuan n4dir (~n4dir@i59F77C6D.versanet.de)
14:13.11*** join/#devuan cromnion (~cromnion@88.202.178.103)
14:19.06*** join/#devuan luna_is_here_ (~quassel@port-92-200-182-126.dynamic.as20676.net)
15:04.34*** join/#devuan targz (~Thunderbi@unaffiliated/targz)
15:16.53*** join/#devuan cocoadaemon (~foo@36.161.2.109.rev.sfr.net)
15:41.42*** join/#devuan morruth (~quassel@85.132.76.25)
15:46.27*** join/#devuan IoFran (~Thunderbi@189.237.107.41)
15:50.02*** join/#devuan cd (~cd@unaffiliated/cd)
15:58.31RyushinI think I remember reading there was a systemd unit to sysvinit script convertor somewhere.  The only one I found online is 8 years old and is not working properly.  Anyone know of a new one?
16:01.05*** join/#devuan fluffywolf (~furrywolf@172.58.95.77)
16:03.29fsmithredRyushin, check upstream sysvinit packages. I think it's in there.
16:03.43RyushinAfter a few hours I couldn't find it, now I just did searching through the mailing archives: http://www.trek.eu.org/devel/sysd2v/
16:04.07Ryushinfsmithred: You're right.  It's in the new sysvinit source I guess.
16:05.02fsmithredMaybe this? sysvinit-utils: /lib/init/init-d-script
16:06.42RyushinFrom the email: Trek sent over a Bash shell script which accepts a systemd unit file as its sole parameter. It then digests the unit file and prints out an equivalent shell script and some debugging information. The shell script is called sysd2v.sh and is now included in the SysV init source code, under the "contrib" directory.
16:06.49RyushinGoing to try it out now.
16:08.35fsmithredapt-file can't find it in ceres
16:08.50fsmithredgotta go. bbl.
16:12.18Ryushinfsmithred:  Thanks have a great day.
16:14.32RyushinHere we go: http://git.savannah.nongnu.org/cgit/sysvinit.git/tree/contrib/sysd2v.sh
16:17.43*** join/#devuan luna_is_here (~quassel@port-92-200-204-79.dynamic.as20676.net)
16:23.19*** join/#devuan GNUmoon (~GNUmoon@gateway/tor-sasl/gnumoon)
16:25.46Ryushinfsmithred:  I'm impressed!!  Script worked wonderfully converting the three Greenbone Security Scanner systemd unit files.
16:26.03RyushinThat is several hours worth of work saved.
16:27.51*** join/#devuan gast0n (~g4570n@unaffiliated/g4570n)
16:29.53*** join/#devuan Besnik_b (~Besnik@2a02:587:de0b:8d00:5bbb:4c52:53d5:4c60)
16:31.39*** join/#devuan HumanG33k (~HumanG33k@2a01:e0a:5b9:7840:6600:6aff:fe5f:9d6)
16:41.28*** join/#devuan gnu_srs1 (~srs@devuan/developer/srs)
16:44.11*** join/#devuan petzi (~petzi@p578b3438.dip0.t-ipconnect.de)
16:45.52*** join/#devuan shibboleth (~shibbolet@gateway/tor-sasl/shibboleth)
16:58.55*** join/#devuan Dav281 (~Dav281@host213-120-32-12.range213-120.btcentralplus.com)
17:12.44*** join/#devuan conifer (~conifer@gateway/tor-sasl/conifer)
17:15.28*** join/#devuan st3ma (~st3ma@88.133.163.96)
17:16.52*** join/#devuan morruth (~quassel@77.244.124.45)
17:53.26Wonkadoes anyone have any idea why g++-10, gcc-10, cpp-10 grow several hundred megabytes each from 10.2.0-15 to 10.2.0-16?
17:54.55crashoverrideram is cheap.
17:55.42Wonkanot for a 2011 macbook pro
17:57.56crashoverrideyeah well, that's what happens when you value form over function :)
17:58.40Wonkaback then, I valued it functioning longer than plastic cased devices. And I was right, it still runs.
17:59.17Wonkaall previous notebooks only survived about three years
18:01.02*** join/#devuan Akuli (~akuli@213.216.213.243)
18:01.45xinomilothinkpad from 2011, still runs fine
18:02.33Wonkathe ThinkPad R60 back then only did 3 years... but I was constantly lugging them devices around.
18:12.01*** join/#devuan luna_is_here (~quassel@port-92-200-224-66.dynamic.as20676.net)
18:19.16*** join/#devuan suavedandy (uid468325@gateway/web/irccloud.com/x-grkkiiebqyltmtyp)
18:20.02*** join/#devuan Uberius (~uberius@gateway/tor-sasl/uberius)
18:38.22*** join/#devuan ferdy- (~ferdy@funtoo/contrib/ferdy-)
19:25.44*** join/#devuan alv (~alv@mob-5-90-138-19.net.vodafone.it)
19:38.04*** join/#devuan n4dir (~n4dir@i59F77C6D.versanet.de)
19:47.41*** join/#devuan gnarface (~gnarface@108-227-52-42.lightspeed.irvnca.sbcglobal.net)
20:18.36*** join/#devuan bsd4me (~me@95-105-74-65.gci.net)
20:31.32*** join/#devuan IoFran2 (~Thunderbi@189.237.107.41)
20:52.24*** join/#devuan cocoadaemon (~foo@30.27.119.80.rev.sfr.net)
21:00.15*** join/#devuan epony (epony@unaffiliated/epony)
21:01.44*** join/#devuan clort (clort@gateway/shell/ircnow/x-sgxtthpqmlqqqbrf)
21:15.29coniferhi, iirc in the past when i connected a luks+lvm encrypted drive by usb i could mount the partitions when i entered the password, but now in beowulf this does not happen
21:17.01coniferi can see the unlocked luks volume in gnome disks with the lvm inside
21:17.37coniferbut it does not recognize the partitions in the lvm
21:18.32fsmithreddo you see any of it in /dev/mapper?
21:18.33coniferhow can i access these partitions?
21:19.44fsmithredcryptsetup luksOpen /dev/<encrypted partition> <some name>
21:20.04fsmithredvgchange -ay <volume-group>
21:20.18coniferthe luks is in /dev/mapper
21:20.37fsmithredmount /dev/mapper/<vg-lv>
21:20.57fsmithredso start with vgchange
21:21.17fsmithredyou can use vgdisplay to see what's going on
21:24.59coniferwhen i point cryptsetup luksOpen to the luks-[id] i see in /dev/mapper it says it doesn't exist or access denied
21:26.10fsmithredit's already open
21:26.15fsmithredstart with vgchange
21:26.50fsmithreddid you already give the passphrase for it?
21:27.01fsmithredor is there a keyfile?
21:27.27coniferi entered my password and it looks open in gnome disks
21:27.37fsmithredok, so it is open
21:27.46fsmithredyou need to activate the lvm
21:28.25fsmithredvgdisplay to find the names
21:28.57fsmithredvgchange -ay <volume-group>
21:29.13coniferwhat do i need for vgdisplay to work? is liblinux-lvm-perl enough?
21:29.40fsmithredI don't know. I assume that you get whatever you need with lvm2
21:29.54fsmithredyou need to be root
21:30.04coniferoops, tried to run it from non-root term
21:33.43conifervgchange worked and now i can access it through gui
21:33.50coniferthanks a lot! :)
21:39.03suavedandyfsmithred: So I was using these instructions on how to prevent entering an encryption key twice.
21:39.05suavedandyhttps://is.gd/HkC7jH
21:39.30*** join/#devuan clort (clort@gateway/shell/ircnow/x-ntqewhghjdxuwthe)
21:39.35suavedandyThe problem arises with the second step.
21:39.37*** join/#devuan sauron- (~foo@unaffiliated/sauron-)
21:39.37*** join/#devuan chomwitt (~chomwitt@2a02:587:dc27:8c00:9d78:8894:8f6f:9e9d)
21:40.04suavedandyThere is no /etc/mkinitcpio.conf
21:41.56suavedandyAnd so I don't really know what to do.
21:44.44clortwe have no package providing mkinitcpio.conf
21:47.12suavedandyAlright, I'll try another method.
21:51.30suavedandyfsmithred: I like how you made fstab clean.
21:51.41suavedandyLooks very compact.
21:53.06suavedandy( umask 0077 && dd if=/dev/urandom bs=1 count=64 of=/etc/keys/root.key conv=excl,fsync )
21:53.28suavedandyDo brackets actually do anything here?
22:10.46fsmithredsuavedandy, where are you looking?
22:11.14suavedandyhttps://cryptsetup-team.pages.debian.net/cryptsetup/encrypted-boot.html
22:14.31fsmithredok, I took a quick look, and it makes no sense to me
22:15.01fsmithredlooks like the keyfile goes into the initramfs, which I assume is in /boot which is encrypted. How do you get in?
22:15.20fsmithredor does it just boot automatically with the key for anyone who powers it up?
22:16.46*** join/#devuan alv (~alv@mob-5-90-138-19.net.vodafone.it)
22:19.38suavedandyFollowing the instructions.
22:19.51suavedandyEverything seems to be working well so far.
22:20.05suavedandyUnlike my previous try with these instructions.
22:20.13suavedandyBetter not screw up again.
22:20.17*** join/#devuan sauron- (~foo@unaffiliated/sauron-)
22:20.30fsmithredmaybe grub takes the password and then the initramfs uses the keyfile
22:24.04*** join/#devuan finsternis (~Y@23.226.237.192)
22:24.24*** join/#devuan kreyren (~kreyren@fsf/member/kreyren)
22:25.29*** join/#devuan qaluh_ (~Asp@p200300e6172adc0002241dfffe205ebb.dip0.t-ipconnect.de)
22:27.09suavedandyI just realized that when I tested micro I pressed Alt+Right.
22:27.18suavedandyAnd that opens the next TTY.
22:27.39suavedandyIt's not micro being glitchy. It's me being an imbecile.
22:45.35suavedandyfsmithred: Yay! It worked!
22:46.03suavedandyMinus one problem.
22:46.07fsmithredwhat's that?
22:50.05*** join/#devuan unixman (~aunixman@209.165.134.7)
22:50.05*** join/#devuan unixman (~aunixman@unaffiliated/eracc)
22:51.06*** join/#devuan jotaxpe (~jotaxpe@103.125.235.21)
22:53.05suavedandyfsmithred: With the guide I followed there is no more asking for the encryption password twice.
22:53.21suavedandyI only need to enter the password once.
22:53.29fsmithredyeah, makes sense.
22:54.28suavedandyYou set up the encrypted boot installation right but the password still needs to be entered at the initramfs stage.
22:55.14suavedandyI think adding the fourth script from the guide to the installer would be a good idea.
22:55.22fsmithred<PROTECTED>
22:55.40suavedandyThere's also a section on booting optimization.
22:57.13suavedandyThe last part of the third section, to be precise.
23:09.47suavedandyfsmithred: 50000 iterations seem to be just fine.
23:10.50suavedandyNot too fast to be easily broken but not too slow to drive you into insanity over whether you've inputted the password or not.
23:13.21suavedandyhttps://cryptsetup-team.pages.debian.net/cryptsetup/encrypted-boot.html
23:13.51suavedandySection 3 part 2: boot time optimization
23:14.25suavedandySection 4: avoiding entering the password twice
23:26.03fsmithredbookmarked, thanks
23:40.17suavedandyfsmithred: You're welcome.
23:48.32suavedandyI've also configured fstrim cronjob.
23:48.54suavedandyThat's all for today. I can sleep piecefully at once.

Generated by irclog2html.pl Modified by Tim Riker to work with infobot.