| Elw3 | So i installed with disc encryption, now i have to enter the password before and after grub, any way to get this down to one entering? | 11:40 |
|---|---|---|
| fsmithred | Elw3, you can set auto-login in /etc/inittab and your display manager config | 11:43 |
| Elw3 | I mean disk encryption, not login | 11:44 |
| Elw3 | With login i have even 3 passwords, but ohwell i aint there yet. | 11:44 |
| fsmithred | you have more than one encrypted partition without lvm? | 11:47 |
| fsmithred | oh, sorry, I'm not fully awake | 11:47 |
| fsmithred | I get it now - grub password, cryptsetup password... | 11:47 |
| fsmithred | Not sure, but maybe you can put a keyfile in the initramfs and also make an entry for it in the /etc/crypttab of the initramfs | 11:49 |
| Elw3 | well grub asks for the disk password, then it asks for the same password again, i dunno what it is that asks the second time, but THEN i get the login. | 11:49 |
| fsmithred | Yeah, I remember that. It's the reason I don't encrypt my /boot partition. | 11:51 |
| CueXXIII | grub is probably not passing the password down to linux. no idea how to do that, though | 11:51 |
| Elw3 | :/ so i hit a blind spot in configuration | 11:52 |
| rkta | keyfiles should work or using lvm, but that should have been done during install. | 11:52 |
| rkta | I know I used keyfiles before I switched to lvm. | 11:53 |
| Elw3 | Was the installer supposed to do this automatically? | 11:53 |
| fsmithred | https://wiki.archlinux.org/title/Dm-crypt/Encrypting_an_entire_system#Creating_the_keyfiles | 11:54 |
| rkta | No, it's all manual. | 11:54 |
| fsmithred | arch wiki knows all | 11:54 |
| Elw3 | bummer | 11:54 |
| Elw3 | So if i just encrypt the home, would that just work? | 11:54 |
| fsmithred | yeah or you could do what the Archies say to do. Read my link. | 11:55 |
| fsmithred | btw, something between full disk and just home is to encrypt the root (with home) and leave /boot unencrypted. | 11:56 |
| rkta | Or use lvm. Everything encrypted and only one passphrase prompt. | 11:56 |
| onefang | Archies? I wonder if there's a distro for Jugheads? B-) | 11:56 |
| fsmithred | usually /boot is unencrypted with lvm | 11:56 |
| fsmithred | lol | 11:56 |
| fsmithred | I want to install Betty. | 11:56 |
| rkta | my mount says something different though | 11:57 |
| rkta | /dev/mapper/boot_crypt on /boot type ext2 (rw,relatime) | 11:57 |
| fsmithred | does /etc/default/grub have a line for CRYPTODISK? | 11:58 |
| Elw3 | I dont see what there is to gain by splitting boot from root really | 11:58 |
| CueXXIII | i guess grub can't boot from a partition on an encrypted lvm device | 11:59 |
| fsmithred | splitting boot off makes it so you don't need to enter a password for grub | 11:59 |
| Elw3 | Yea but why would i not just leave the entire root unencrypted? | 11:59 |
| fsmithred | stuff in /var and /tmp might be private | 12:00 |
| fsmithred | maybe other stuff too. | 12:00 |
| Elw3 | Hm, sounds rare enough. | 12:02 |
| Elw3 | This is just so messy, theer is also this stupid efi partition and then adding boot, root and a home, and eventually a swap and there we have a full pokemon set of partitions. | 12:03 |
| fsmithred | another option for security is to put the /boot partition on a usb stick. Then you can't boot without that stick. | 12:03 |
| fsmithred | yeah, swap should be encrypted too. | 12:04 |
| Elw3 | Pretty sure people who steal my box wont bother checking if it boots or not. | 12:04 |
| fsmithred | Why not? You might have saved your banking login in the web browser. | 12:05 |
| fsmithred | The point of using lvm with encryption is that there's just one encrypted container with logical partitions inside it. | 12:06 |
| onefang | Install swapspace, then you wont need a swap partition. | 12:10 |
| Elw3 | Ill see later what i decide to end up with, just wanted to know if the installer should have taken care of it or if its normal | 12:10 |
| onefang | swapspace will automatically create and delete swapfiles as needed. | 12:11 |
| Elw3 | I meant in regards to crypt, i dont actually want to use swap | 12:12 |
| Elw3 | That actually is annoying, the installer had no checkbox to disable it. | 12:13 |
| onefang | Well if it's creating those swap files on an encrypted root... | 12:13 |
| fsmithred | to disable what? | 12:14 |
| fsmithred | Did you install from the live-iso? | 12:14 |
| onefang | And if you don't actually need swap, then swapspace is still good. A backup plan. | 12:14 |
| Elw3 | yep | 12:15 |
| Elw3 | Ive installed from one usb to the other. | 12:15 |
| Elw3 | Swapping via usb will just stall your system. | 12:15 |
| fsmithred | if you choose to encrypt the root partition, normally you would make a separate /boot partition which would not be encrypted. | 12:15 |
| fsmithred | If you don't separate /boot then you get full disk encryption. | 12:16 |
| fsmithred | and the live installer doesn't do lvm, so if you make a separate /home partiton and encrypted it, you'd have to enter the password one more time or else make a keyfile for /home | 12:16 |
| mason | If LVM exists, swap as a volume > swap as a file, IMHO. | 17:30 |
| CueXXIII | also i don't know if you can resume from a swap file without issues | 17:36 |
| CueXXIII | because the filesystem it is located on is probably in an unclean state | 17:37 |
| rwp | Fully encrypted systems usually use LVM2 with one unencrypted /boot partition and the rest in an encrypted LVM PV. The system boots from the unencrypted /boot, prompts for a passphrase for the encrypted PV, then uses an LVM LV for swap and for root and everything is normal at that point. | 17:38 |
| rwp | LVM is what provides for exactly one LUKS prompt for the encrypted PV but then allows multiple partitions out for root and for swap using LVs. | 17:39 |
| rwp | Especially on a mobile device one almost always wants to hibernate the system powered off at some point. Swap facilitates this hibernation. | 17:40 |
| mason | rwp: Easy enough to get just one LUKS prompt for a variety of devices. | 17:40 |
| mason | keyscript=decrypt_keyctl provides the magic | 17:40 |
| mason | fwiw | 17:40 |
| rwp | I am unfamiliar with the strategy and technique you just mention. | 17:41 |
| mason | rwp: man 5 crypttab and search for "keyscript" - there are a couple useful mentions, and then a section labelled "keyscript=<path>" | 17:41 |
| rwp | Will do! Thanks. | 17:42 |
| mason | I love it. Makes booting with four LUKS devices (no LVM) quite a bit less painful. | 17:42 |
| mason | (No LVM because it's all ZFS.) | 17:42 |
| rwp | Well ZFS is the superior way for certain. It's just not shipped by default in Debian/Devuan. | 17:43 |
| rwp | I also think people generally misunderstand that having a little swap space available does NOT mean that their system will be thrashing swap all of the time. People seem to think that but that's false. | 17:46 |
| rwp | But not having swap space means that the Out Of Memory Killer is invoked. And I really, really hate the OOM Killer. Avoiding the OOM Killer is worth dedicating an insignificant amount of disk to swap. | 17:46 |
| CueXXIII | but i do notice that linux tends to use a bit of swap, especially during high io-loads, and those pages stay swapped | 17:47 |
| CueXXIII | so they are really used rarely | 17:47 |
| mason | rwp: https://bpa.st/PQVQ | 17:49 |
| mason | for kicks | 17:49 |
| CueXXIII | hm, archlinux wiki suggests a plain keyfile without keyutils package: https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#With_a_keyfile_embedded_in_the_initramfs | 17:52 |
| mason | CueXXIII: Note their warning. | 18:26 |
| mason | CueXXIII: The keys we provide to LUKS are not the keys that are used for encryption. They simply unlock those keys, which are embedded in the actual storage. | 18:26 |
| mason | I feel safer having something I must provide manually. | 18:27 |
| CueXXIII | mason: sure, the same with passwords | 19:01 |
| mason | Yeah, that's what I mean - passphrases. | 19:02 |
| CueXXIII | you can have both in luks, you can have up to 4 either passphrases or keyfiles that can unlock the volume key | 19:06 |
| CueXXIII | (in any combination) | 19:06 |
| mason | LUKS2 it goes up to like 20 | 19:07 |
| mason | But I think you only ever need one of them. | 19:08 |
| golinux | Paranoid much? | 19:19 |
| fsmithred | you might want to give different people access to the same encrypted volume and be able to easily disable access to only their key (file or passphrase) | 19:21 |
| fsmithred | one | 19:21 |
| mason | That's what we do here. My kids' computers have an unlock they know, but I also have a default I use everywhere here., | 19:22 |
| Hurgotron | does there happen to be some Linux project for ***reliable*** printing? No cups, foomatic, bonjour, Avahi, zeroconf, whatever drek. I want to configure a printer, if necessary by chiseling the configuration in rock, but it ***needs*** to still work when I reboot the computer or the printer. The printer of my 83 yo mom and 78 yo neighbor basically never works, no matter how often I configure it, and it drives me nuts. | 21:03 |
| mason | Hurgotron: Noting how it fails in each case might be good. Printers are funny things nowadays, and while you might be able to set up a simple lpd, using it for more than monospaced text might be tricky without CUPS. | 21:10 |
| mason | Probably better to debug what's going wrong. | 21:10 |
| mason | And picking free-software-friendly printers can help. | 21:10 |
| fluffywolf | is the printer causing problems a hp, by any chance? | 21:16 |
| fluffywolf | cups 3 is supposed to be very, very different... I think it'll be a lot worse, but it might work better in some situations, dunno. | 21:18 |
| Hurgotron | One of them is connected via USB (Epson? don't remember), the one connected via WLAN is HP indeed. | 21:32 |
| plasma41 | Hurgotron: Do the printers in question speak either of the PCL or PostScript languages? | 21:37 |
| Hurgotron | Probably not. multifunction devices, scanner/printer | 21:38 |
| Hurgotron | With the USB printer the issue is basically that it is not there anymore the next time you try to print. The job just sits there because the printer is not available, or something. Delete printer, configure again, works. Until next time. | 21:38 |
| plasma41 | If neither of those page description languages are supported and if you want a simple printing setup, then you not going to have a fun time. | 21:39 |
| Hurgotron | Is it really too much to ask that some USB POS can still be found the next time you power on stuff? Works with my mouse. | 21:40 |
| plasma41 | For the HP connected via the network, assuming it supports JetDirect network printing, you should be able to netcat a print job to it on port 9100. | 21:43 |
| plasma41 | Given that HP created PCL, I'd be surprised if the HP printer doesn't support it. | 21:45 |
| Hurgotron | plasma41: Well if your print dialog thinks your printer is not there, what do you do? | 21:55 |
| onefang | Hurgotron: Get a pen is what you do. | 22:10 |
| Hurgotron | ? | 22:25 |
| djph | onefang: heh | 22:26 |
| Elw3 | So what is the usual process here when one needs programs which are not in the repo? I mean with the lack of ppas and such, do i have to make it myself or are there packagers taking suggestions? | 22:47 |
| rkta | ./configure && make && make install | 22:51 |
| Elw3 | I wish, but i am a bit lost with some depends here. | 22:53 |
| djph | rkta: debuild ? :D | 22:54 |
| djph | Elw3: does the project's github not detail the dependencies? | 22:55 |
| rkta | djph: Debuild: Build web apps lightning fast with AI-powered code generation - This? :D | 22:56 |
| djph | rkta: uh... no. This https://wiki.debian.org/Packaging/Intro?action=show&redirect=IntroDebianPackaging | 22:57 |
| djph | huh, weird on the showredirect there; meh whatever | 22:57 |
| fsmithred | what package is it? | 22:58 |
| Elw3 | Its moksha, an enlightenment fork. | 22:58 |
| fsmithred | sounds familiar | 22:59 |
| Elw3 | First glance several build depends are not there, but i havnt actually tried building it yet. | 23:00 |
| Elw3 | Another thing i basically miss every time on any distro is deadbeef. The best of music players. | 23:01 |
| fsmithred | In general it's best to go with the debian packaging instructions. Then the package manager knows it's there. | 23:02 |
| Elw3 | But i gather that should be doable to install | 23:02 |
| fsmithred | you can install deadbeef on devuan. I use it on some builds. | 23:02 |
| Elw3 | But it aint in the repo | 23:02 |
| fsmithred | nope | 23:02 |
| fsmithred | I don't recall where I got the .deb package. | 23:02 |
| Elw3 | I mean isnst that a clear oversight to not have it? | 23:03 |
| fsmithred | I have no idea why they removed it from debian. | 23:03 |
| fsmithred | I got it from sourceforge. | 23:04 |
| Elw3 | not only there, its in no other repo at all. | 23:04 |
| fsmithred | If you do some research you could probably find a note as to why it got removed. | 23:04 |
| onefang | I'm still wondering why Debian purged jpeg2000 support. That's basically the only texture format supported by OpenSim. SO now I have millions of textures I can't view. | 23:05 |
| Elw3 | I would not know where to search for such notes. | 23:05 |
| fsmithred | mailing lists, maybe the changelog for the package. | 23:05 |
| fsmithred | maybe nobody was maintaining it in debian | 23:06 |
| Elw3 | *shrug* | 23:07 |
| onefang | You can use PPA's in Devuan. People will tell you that it might break your system, but if you know what you are doing, it's fine. I have no problem with half a dozen PPAs. Including deb-multimedia, which DOES include deadbeef. | 23:08 |
| Elw3 | Good to know, but i already tried using a ppa for moksha yesterday and the amount of missing stuff was really something. | 23:11 |
| Elw3 | I practically would need to load the ubuntu repo for it to work, i wonder if the system will survive that. | 23:12 |
| onefang | Ah, that'll be one of those "some PPAs can break your system". | 23:13 |
| Elw3 | Now i itch to try it, but at some point it prolly tries to pull in systemd and the whole thing gets kaboom. | 23:14 |
| onefang | Up until shortly after Samsung basically bought Enlightenment window manager, I was a developer for it. At the time Enlightenment had systemd included, but was optional. I got a thrill the other day seeing a huge Tizen based TV in a shop, knowing it runs software I wrote. lol | 23:16 |
| onefang | I gave up on Enlightenment long ago. | 23:16 |
| Elw3 | From a codepoint or from usage? | 23:17 |
| onefang | From the horrid things that started happening after Samsung took over. | 23:17 |
| Elw3 | :P | 23:18 |
| Elw3 | E 0.1699999999 is best E, right? | 23:18 |
| Elw3 | I was pretty shocked yesterday seeing its now 450mb, thats over 10 times of what it used to be, and i dont get why | 23:19 |
| Elw3 | Usage wise nobody can use it since repos always update to the latest versions and this always lack any modules or themes making this ugly and unusable. | 23:22 |
| Elw3 | This is why i need moksha, it actually has themes and the one module i want. | 23:22 |
| Elw3 | While real E just breaks everything like clockwork. | 23:23 |
| onefang | The biggest thing is that Samsung had some skunkworks group adding 3D rendering support, the code was turning up in Enlightenment. GREAT I thought, this'll be wonderful for my OpenSIm virtual world / metaverse stuff. I even had a basic viewer half written using it. But the skunkworks group wouldn't talk to anyone, so I couldn't help out. And then it vanished. | 23:23 |
| onefang | Moksha forked before Samsung. | 23:23 |
| Elw3 | I think its after. | 23:23 |
| Elw3 | Its a shame really, it can be so powerful. | 23:26 |
| Elw3 | even this 10 times sized bloated version is still faster than xfce. | 23:27 |
| onefang | I switched to Awesome, and I'm still looking for a decent C based 3D rendering system. | 23:29 |
| Elw3 | Ive had the exact same desktop without changes since 15 years, aint open for changes. | 23:32 |
| onefang | Fair enough. | 23:33 |
| Elw3 | Say if something works on debian, how high are the changes it works here? Cause seems there is a debian repo for moksha | 23:36 |
| golinux | https://pkginfo.devuan.org/cgi-bin/policy-query.html?c=package&q=moksha*&x=submit | 23:45 |
| Elw3 | What are you trying to say here? | 23:46 |
| golinux | That there are moksha-related files available in Devuan for the listed releases | 23:47 |
| Elw3 | moksha is a common word in some language, its likely unrelated. | 23:48 |
| golinux | I am not seeing any moksha on the banned packages list. | 23:48 |
| * golinux retreats . . . | 23:49 | |
| Elw3 | I actually got confused trying to install chromium-browser yesterday because other distros have the package named like that and _chromium_ is a game. Now here we have it reversed. | 23:52 |
| golinux | This may help clear things up for you https://git.devuan.org/devuan/amprolla3 | 23:53 |
| golinux | It is how our repos are created;. | 23:53 |
| golinux | Explained with images here: https://dev1galaxy.org/viewtopic.php?id=3192 | 23:54 |
Generated by irclog2html.py 2.17.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!