| systemdlete | You know those occasional, seemingly intermittent apt update errors I get re BADSIG. Well, I've tried the usual solution where you update the key from a keyserver. But that doesn't always work. This is from a post that began in 2010, and it appears to work: https://askubuntu.com/questions/1877/what-is-the-easiest-way-to-resolve-apt-get-badsig-gpg-errors?rq=1 | 03:15 |
|---|---|---|
| systemdlete | In particular, please see https://askubuntu.com/questions/1877/what-is-the-easiest-way-to-resolve-apt-get-badsig-gpg-errors?rq=1 | 03:16 |
| systemdlete | oh, nvm. that was the same link | 03:16 |
| systemdlete | anyway, do you see any potential problems doing this? I mean it does subvert the whole apt mechanism in a way. | 03:17 |
| systemdlete | So I had a problem just now with an MX Linux system, and tried this, and it worked. Maybe not surprising that it does work, but it leaves me to wonder why the normal protocol didn't. | 03:18 |
| systemdlete | Let me know if I may have breached the King's Peace. | 03:19 |
| rozenglass | systemdlete: which answer are we talking about, the one that cleans the package cache with "apt-get clean" then removes and recreates list files? | 06:12 |
| onefang | Does Devuan have a CD or DVD iso that I can use to install on a remote server that only has console access? They'll let me upload one and mount it, then boot from it. | 06:35 |
| onefang | Hmm, might have to be a refracta. | 06:36 |
| gnarface | the regular netinstall can be completed from ssh, but i'm not sure if there's a way to start it from ssh... maybe with preseeding? | 06:37 |
| onefang | I start with console access, then I install and configure ssh, expected. | 06:38 |
| gnarface | no, what i'm saying is the netinstall itself has ssh support, you just have to turn it on first | 06:38 |
| onefang | Ah, so I can skip the install step. B-) | 06:39 |
| gnarface | not sure if there's a way to start it that way automatically or not | 06:39 |
| gnarface | seems like there would be though | 06:39 |
| onefang | That's the point of console access. Get all of that working before sshing in and doing the rest. | 06:40 |
| gnarface | oh you mean it doesn't have network access? i'm confused... | 06:41 |
| gnarface | by "console" i thought you meant shell | 06:42 |
| gnarface | you mean it only has physical access, no remote? | 06:42 |
| onefang | Minimal live might just do what I want, it has refractainstaller. | 06:42 |
| gnarface | i think if you take the desktop or server isos along with the pool iso you can have almost everything without the network | 06:43 |
| gnarface | (from here: https://files.devuan.org/devuan_daedalus/installer-iso/) | 06:43 |
| onefang | It'll be sitting in a datacenter somewhere on the wrong side of the planet. "console" in this situation usually means "if someone plugged in a monitor, they would see things, starting from BIOS boot. Though sometimes all you get is text. | 06:43 |
| gnarface | maybe i'm wrong about that, not sure, but there was some way to get most of everything you'd want on a couple disks | 06:44 |
| onefang | But I don't plug in a monitor, I use their web front end to the text console. | 06:44 |
| gnarface | i see | 06:44 |
| rrq | isn't that good enough for the installers? | 06:45 |
| onefang | They'll let me use this to boot some install media. They do offer Debian, but they also offer "upload your own". | 06:45 |
| onefang | That's what I'm asking. B-) | 06:45 |
| rrq | that is good enough for the installers. | 06:45 |
| gnarface | the regular netinstall should function more or less the same as the debian netinstall | 06:46 |
| gnarface | same with the other ones in "installer-iso" | 06:46 |
| rrq | except that it only uses text mode console | 06:46 |
| onefang | Sooo, minimal live and use refractainstaller for the actual install, once I'm happy enough of things is working by running the live system. | 06:46 |
| rrq | just if it was unclear: all devuan daedalua installer-iso ISOs use text mode console only | 06:49 |
| onefang | Ah cool. | 06:49 |
| systemdlete | rozenglass: https://askubuntu.com/questions/1877/what-is-the-easiest-way-to-resolve-apt-get-badsig-gpg-errors?rq=1#answer-64544 | 06:51 |
| systemdlete | (sorry, I thought I had posted that correctly) | 06:51 |
| rozenglass | systemdlete: cleaning the previously downloaded packages and package lists, to download them fresh again, doesn't sound bad to me in anyway. Worst case, if there was a real attack or corruption at the mirror server level, then downloading them again would just give you the same error when validating them with a good key. But like you, it leaves me wondering how would the apt system get into a | 06:58 |
| rozenglass | situation where it might need something like this and is unable to solve it itself. | 06:58 |
| systemdlete | rozenglass, thank you for your feedback. With all the supply chain attacks lately, and ever more malware being spread (right out of github, for petes sake), it is good to know that at least one other soul sees a potential issue. | 07:36 |
| systemdlete | *in some cases, github is being used to launch malware. | 07:36 |
| rwp | I don't like the "mv lists lists.old" part. That's unnecessary. It's redundant with the "apt-get clean" which they then run subsequently. | 08:34 |
| rwp | Just run "apt-get clean" and it will have the same effect. | 08:35 |
| systemdlete | ok, thanks. I will update my notes... | 08:35 |
| rwp | I am not sure that will solve your BADSIG errors though. It simply cleans out the local cache of downloaded files and therefore if those files are needed they will be downloaded again. | 08:35 |
| systemdlete | It worked though. | 08:36 |
| systemdlete | (In the most recent incident.) | 08:36 |
| systemdlete | And I even disabled the apt-cacher-ng biz. It made no difference, no matter what I did, until I found this little gem. | 08:36 |
| rwp | It would be okay to remove /var/lib/apt/lists/* the files there. | 08:37 |
| rwp | But I would just remove the files and not the directories. The directories are owned specially. | 08:38 |
| rwp | "find /var/lib/apt/lists/ -type f -delete" would delete just the files. Then "apt-get update" to bring in fresh copies of them. Try that next time. | 08:38 |
| rwp | However that still feels like a proxy problem. I might switch to use pkgmaster.devuan.org as a temporary test as that will avoid any mirror problems. | 08:39 |
| rwp | But that is the master copy of things and loading on it is desired to be avoided. That's why there are mirrors. But... If I were debugging things I would do it. | 08:40 |
| rwp | And then I would walk through all of the mirrors and find a close fast one and use it. | 08:40 |
| systemdlete | rwp, all of the files in /var/lib/apt/ and down are owned by root:root | 08:40 |
| systemdlete | when you say "proxy" do you mean the mirrors? | 08:41 |
| systemdlete | bc I am not using any proxy | 08:41 |
| onefang | Another thing apt-panopticon is good for, comparing package mirrors. | 08:41 |
| systemdlete | weirdest thing was... and this happens fairly consistently, too... is that this one system had a problem, but not any others. | 08:42 |
| systemdlete | (all the others are using the cacher, btw, and I had not disabled it on those) | 08:43 |
| onefang | Keeping the load off pkgmaster is the reason I moved it to the end of the list. Figured people might be more likely to pick something closer the top. | 08:43 |
| rwp | drwx------ 2 _apt root 6 Aug 16 12:30 /var/lib/apt/lists/partial | 08:43 |
| rwp | drwxr-xr-x 2 _apt root 6 Sep 24 2023 /var/lib/apt/lists/auxfiles | 08:43 |
| rwp | Those two directories are owned by the _apt non-root user and should be maintained. | 08:43 |
| systemdlete | rwp, mine show they are owned by root | 08:43 |
| rwp | That seems like a problem. | 08:43 |
| systemdlete | and this is on a system I did NOT muck with | 08:44 |
| systemdlete | not sure how they would have been modified. I don't normally mess around down there in /var | 08:44 |
| systemdlete | my report is on a completely different system. I guess I can check around all of my systems... | 08:45 |
| systemdlete | no, rwp, you are right. My bad, sorry. Too fast examining all of this. | 08:46 |
| systemdlete | those two ARE owned by _apt | 08:46 |
| systemdlete | uhm... this might be interesting. After rebuilding the lists/* subdirs, they are owned by _apt! | 08:48 |
| systemdlete | so, maybe the process restores matters to how they are supposed to be? | 08:48 |
| onefang | Does seem very .. _apt. I'll get my coat. | 08:48 |
| systemdlete | :p | 08:48 |
| rwp | Probably does restore things. Because the download process is running as the _apt user. As another layer of protection. | 08:49 |
| rwp | A layer that I think is unlikely to actually be useful given how that part works, it's the client pulling the data. But whatever. | 08:49 |
| rwp | As far as mirrors go... Run "host deb.devuan.org" (or dig deb.devuan.org a +short) and see the long list of Round Robin addresses. Each of those are unique systems. | 08:49 |
| rwp | I would work through them by picking one from the list and using it instead of deb.devuan.org and seeing if that works. But it's tricky. Have to put it in /etc/hosts like "147.78.194.22 deb.devuan.org" so that http virtual hosts works. | 08:49 |
| systemdlete | (oy godzzzzz) | 08:50 |
| rwp | Or use the IPv6 address with "2a01:4f8:140:1102:2b76:955d:b48f:bdf3 deb.devuan.org" and so on. | 08:50 |
| systemdlete | all my ipv6 is disabled around here | 08:50 |
| rwp | The idea is to pick a single system instead of the Round Robin and it will almost certainly also work. | 08:50 |
| rwp | I don't have a working IPv6 here either. I keep hoping that will change some day. | 08:51 |
| systemdlete | (ipv6 is a future project... if I live that long) | 08:51 |
| onefang | Walking the package mirror list is exactly what apt-panopticon does. Think I've mentioned this before. lol | 08:52 |
| onefang | It adds those not in the DNS-RR. | 08:52 |
| systemdlete | how often do you find deviants, onefang? | 08:53 |
| systemdlete | what are the punishments for violators? | 08:53 |
| onefang | Shit happens. Usually I try to get them to fix it if it isn't fixed soonish. | 08:54 |
| onefang | There's two I'm likely to just remove from the list soon. Done that before. | 08:54 |
| systemdlete | yeah, but roughly speaking... how often do you have to take action w/r/t some mirror or another? | 08:55 |
| systemdlete | (trying to figure out if I sense any correlation to the problem incidents I've run into) | 08:55 |
| onefang | Not that often really. Most issues tend to be temporary, and get fixed anyway before I get around to it. | 08:56 |
| rwp | I think you should switch to testing using pkgmaster directly as then I think you won't have a problem. Because pkgmaster is by definition always the up to date reference copy. | 08:57 |
| onefang | That's why apt-panopticon has weekly stats. | 08:57 |
| systemdlete | (hmmm, never thought of looking at those, but ok) | 08:57 |
| onefang | Testing with pkgmaster sounds good to me. | 08:57 |
| systemdlete | so let's say I run into an apt update problem, switch the repo in sources to pkgmaster, and it magically works | 08:58 |
| systemdlete | then what? | 08:58 |
| systemdlete | report problem to you? | 08:58 |
| systemdlete | get their license plate numbers, etc? | 08:58 |
| onefang | If you can find the IP of the ... yep license plate numbers. | 08:59 |
| systemdlete | aren't there like couple dozen mirrors? | 08:59 |
| rwp | I would think that at that moment apt-panopticon is probably logging at least one error with at least one mirror already. | 08:59 |
| systemdlete | so maybe I should just look at pan-opticon first before switching to pkgmaster? | 09:00 |
| systemdlete | sounds like it already knows about a problem | 09:00 |
| systemdlete | but my brains have already turned into apple sauce | 09:00 |
| onefang | Ah I see dist-mirror.fem.tu-ilmenau.de seems to be degrading slowly. It's not in the DNS-RR though. | 09:00 |
| onefang | Speaking of brains turning into sauce, weekend here, I'd much prefer that right now than working on mirror problems. B-) | 09:01 |
| systemdlete | I'd vote for that | 09:02 |
| rwp | Looking at apt-panopticon is good for understanding the state of things. But looking there won't get you an error free update and upgrade. | 09:02 |
| rwp | Since you are having repeating problems the most easy thing would be switching to pkgmaster and seeing if all of your problems go away. | 09:02 |
| onefang | Agreed. | 09:03 |
| systemdlete | and become a pariah, always hitting the master | 09:03 |
| onefang | But switch back after, this is only for testing. | 09:03 |
| systemdlete | oh, ok | 09:03 |
| onefang | BTW, we don't have any deviants, we have devuants. B-) | 09:04 |
| systemdlete | very clever | 09:04 |
| systemdlete | I see what you did there | 09:04 |
| richard` | Since upgrading to Excalibur it is impossible to to configure or delete python3 | 13:24 |
| richard` | python3 -V shows Python 3.12.5 | 13:30 |
| richard` | sudo apt remove --purge python | 13:31 |
| richard` | python3 -V Python 3.12.5 | 13:31 |
| richard` | sudo apt install python3 | 13:34 |
| richard` | Exception: cannot get content of solaar | 13:34 |
| richard` | error running python rtupdate hook solaar | 13:34 |
| richard` | dpkg: error processing package python3 (--configure): | 13:34 |
| richard` | installed python3 package post-installation script subprocess returned error exit status 4 | 13:34 |
| richard` | dpkg: error processing package emacs-gtk (--configure): | 13:34 |
| richard` | package is in a very bad inconsistent state; you should | 13:35 |
| richard` | reinstall it before attempting configuration | 13:35 |
| richard` | Setting up sane-utils (1.3.0-1) ... | 13:35 |
| richard` | usermod: no changes██████████████████████████▉ | 13:35 |
| richard` | Solaar is not installed and emacs-gtk is inconsistent but can't be reinstalled or removed. There are a lot of other things dependent on python3 which will I assume sort out when I can fix whatever it is that is broken in python. I think the problem is inconsisten python version numbers python -V shows Python 3.12.5 but apt download python3 downloads python3_3.12.4-1_amd64.deb | 13:39 |
| richard` | At least I managed to get python completely removed I think. Now I only have to sort out emacs-gtk which is broken, can't be configured with apt --fix-broken install or with dpkg-reconfigure and can't be removed or reinstalled due to errors in the package pre-removal script. | 14:58 |
| freaxeh | does Devuan support a Silicon Image SIL 3114 host controller chip out of the box? | 15:23 |
| fsmithred | freaxeh, that would be something to do with what's in the kernel? All our kernels are made by debian. Same with the firmware. | 15:29 |
| freaxeh | ty | 15:33 |
| freaxeh | try it and find out basically | 15:33 |
| buZz | freaxeh: does linux support it? | 15:38 |
| buZz | oh lol, a sata2 controller | 15:38 |
| buZz | yeah retro hardware in general is very well supported by linux | 15:38 |
| freaxeh | ty | 15:41 |
Generated by irclog2html.py 2.17.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!