| golinux | This week's pad is here: https://pad.dyne.org/code/#/1/edit/r19TrndN3oNTrG6UIoe5cw/52IJ2Hd-Pjl9uiyvQRPDCxT2/ | 10:10 |
|---|---|---|
| LeePen | Hi. | 12:27 |
| LeePen | What's the process for closing bugs? | 12:28 |
| LeePen | I really mean who is responsible for it? Shall I close #275 after the new policykit-1 is in ceres/beowulf? | 13:01 |
| fsmithred | usually the maintainer but not necessarily | 13:14 |
| KatolaZ | LeePen: email NNN-done@bugs.devuan.org | 13:24 |
| KatolaZ | where NNN is the bug-number | 13:25 |
| KatolaZ | include an explanation in the body | 13:25 |
| KatolaZ | and you are done | 13:25 |
| fsmithred | NNN-done or NNN-close? | 13:25 |
| KatolaZ | it's the same | 13:25 |
| KatolaZ | (or it should) | 13:25 |
| KatolaZ | I use NNN-done, normally | 13:25 |
| fsmithred | ok, I use NNN-close (not lateley) | 13:25 |
| KatolaZ | it's the same | 13:26 |
| fsmithred | so i guess they both do work | 13:26 |
| KatolaZ | they are treated the same | 13:26 |
| KatolaZ | IIRC | 13:26 |
| fsmithred | I just upgraded a refracta ascii to beowulf, and it went very smoothly | 13:26 |
| fsmithred | except synaptic package manager lets user install software. | 13:27 |
| LeePen | fsmithred: Maintainer: Devuan Dev Team <devuan-dev@lists.dyne.org> | 13:27 |
| LeePen | so it looks like it is us! ;) | 13:27 |
| LeePen | KatolaZ: thanks. Yes, I just wanted to be sure I wasn't treading on toes by doing it. | 13:28 |
| fsmithred | yeah, you want to off-shore that job to someone else? | 13:28 |
| fsmithred | any ideas on how to force synaptic to require a password? | 13:30 |
| KatolaZ | LeePen: quite the opposite | 13:30 |
| fsmithred | seriously, guys, I could use some help diagnosing this. It's been going on for at least a couple of years - either synaptic won't start or anybody can start it and install software. | 13:36 |
| fsmithred | same for gparted | 13:36 |
| LeePen | fsmithred: I don't use either. Is it related to sudo? I know on my n900 the order of entries in sudoers is critical. | 13:39 |
| fsmithred | maybe - I have a file in sudoers.d that allows user to shutdown/reboot without password | 13:41 |
| fsmithred | I'll delete it and try again | 13:41 |
| fsmithred | ot | 13:41 |
| fsmithred | it's related to pkexec | 13:41 |
| fsmithred | auth.log shows that pkexec opens synaptic as root for user (1000) | 13:41 |
| LeePen | OK, not sudo related then. | 13:42 |
| LeePen | I suppose you must have a polkit rule that is allowing that somewhere? | 13:42 |
| LeePen | Have you got packagekit installed? | 13:45 |
| fsmithred | I don't think I changed any rules - no polkit related config files were changed according to my upgrade | 13:46 |
| fsmithred | no packagekit | 13:46 |
| KatolaZ | fsmithred: I guess that rule has been in polkit forever | 13:49 |
| KatolaZ | (forever == at least since ascii beta) | 13:49 |
| fsmithred | which rule? | 13:49 |
| KatolaZ | a rule to fix synaptic with pkexec | 13:50 |
| KatolaZ | I don't have any polkit installed anywhere, so I can't really check | 13:51 |
| KatolaZ | I remember we fiddled with this before ascii beta | 13:51 |
| fsmithred | ok, I think I know what you're talking about | 13:51 |
| fsmithred | yeah, I even fiddled with it in jessie at one point | 13:51 |
| KatolaZ | 'cause synaptic wouldn't start in any live media and/or installation | 13:51 |
| fsmithred | yeah, it starts fine in live | 13:51 |
| KatolaZ | so we included a polkit rule for that | 13:51 |
| KatolaZ | it must have been ascii beta | 13:51 |
| KatolaZ | IIRC | 13:51 |
| fsmithred | sudo nopasswd in live session | 13:51 |
| KatolaZ | so around one year ago, more or less | 13:52 |
| fsmithred | I just tried removing sudo but it's the same | 13:52 |
| KatolaZ | it's not in sudo | 13:54 |
| KatolaZ | IIRC it's a polkit rule | 13:54 |
| fsmithred | maybe /usr/share/polkit-1/actions/com.ubuntu.synaptic\ | 13:58 |
| fsmithred | not quite, but close | 13:58 |
| fsmithred | it only works like that for uid 1000. Second user does not get to run synaptic. | 14:03 |
| fsmithred | if second user tries 'pkexec /usr/sbin/synaptic' he gets asked for root password. Entering root password gives an error "No session for cookie" | 14:04 |
| LeePen | fsmithred: I am just installing synaptic in a VM to see if I can reproduce this rather than scattering untried suggestions. | 14:17 |
| fsmithred | LeePen, thanks | 14:19 |
| LeePen | fsmithred: is uid 1000 in the sudo group? | 14:45 |
| fsmithred | no | 14:47 |
| LeePen | What AdminIdentities do you have set in /etc/polkit-1/ or /var/lib/polkit-1 | 14:50 |
| fsmithred | will check in a minute - rebooting | 14:53 |
| fsmithred | oh, no I'm not. | 14:53 |
| fsmithred | This? 10-vendor.d 20-org.d 30-site.d 50-local.d 90-mandatory.d | 14:55 |
| LeePen | But no files in the directories with AdminIdentities configured? | 15:00 |
| LeePen | You should have /etc/polkit-1/localauthority.conf.d/51-debian-sudo.conf at least. | 15:00 |
| LeePen | 15:00 | |
| fsmithred | yeah, 51 names sudo group, and 50-localauthority names user as admin | 15:03 |
| fsmithred | also found /var/lib/polkit... 10-live-user or something like that | 15:04 |
| fsmithred | live-cd user (a leftover) | 15:04 |
| LeePen | default 50-localauthority says AdminIdentities=unix-user:0 | 15:06 |
| LeePen | Do either 10-live-user or live-cd-user have AdminIdentities configuration? | 15:08 |
| fsmithred | yeah, hang on. rebooting again | 15:08 |
| fsmithred | 50-localauthority.conf is same as yours | 15:10 |
| fsmithred | if I move /var/lib/polkit-1/localauthority/10-vendor.d/10-live-cd.pkla then synaptic no longer starts from the menu | 15:11 |
| fsmithred | and running pkexec /usr/sbin/synaptic asks for root pass and then rejects it | 15:12 |
| LeePen | What is configured in 10-live-cd-pkla? | 15:12 |
| fsmithred | Identity=unix-user:user | 15:12 |
| fsmithred | Action=* | 15:12 |
| fsmithred | ResultAny=no | 15:12 |
| fsmithred | ResultInactive=no | 15:12 |
| fsmithred | ResultActive=yes | 15:12 |
| fsmithred | # Policy to allow the livecd user to bypass policykit | 15:13 |
| LeePen | OK. That is why the user doesn't get a password prompt for running synaptic | 15:14 |
| fsmithred | that file probably should get removed on installation of the system to hard drive | 15:16 |
| fsmithred | but then synaptic does not start at all | 15:16 |
| LeePen | Maybe. It does on my install I have just done. You seem to have polkit remnants that shouldn't be there. | 15:17 |
| LeePen | What package is it from? | 15:18 |
| fsmithred | in /usr/share/polkit-1/actions/com.ubuntu.pkexec.synaptic.policy it says 'auth_admin' | 15:18 |
| fsmithred | good question | 15:18 |
| fsmithred | dpkg -S should tell me? | 15:19 |
| LeePen | Yes | 15:19 |
| fsmithred | dpkg-query: no path found matching pattern /var/lib/polkit-1/localauthority/10-vendor.d/10-live-cd.pkla | 15:19 |
| LeePen | Maybe it is part of the live CD then. Is that where this system came from? | 15:20 |
| fsmithred | it's in /lib/live/config/1080-policykit | 15:20 |
| fsmithred | that script adds stuff to /etc/PolicyKit/PolicyKit.conf | 15:23 |
| fsmithred | See the manual page PolicyKit.conf(5) for file format | 15:24 |
| LeePen | I don't have any experience of live-cd. But at least that explains why there is no polkit prompt to synaptic. | 15:28 |
| fsmithred | https://termbin.com/aplg /etc/PolicyKit/PolicyKit.conf | 15:29 |
| LeePen | On my install, I have neither /etc/PolicyKit/PolicyKit.conf not 10-live-cd.pkla | 15:31 |
| fsmithred | cool. I'm moving both of those. | 15:31 |
| LeePen | If you move them both out of the way does synaptic run? | 15:31 |
| fsmithred | testing that... | 15:31 |
| LeePen | Or the 10-live-user | 15:33 |
| fsmithred | moving just 10-live-user or moving both has same effect: synaptic won't run from menu and 'pkexec /usr/sbin/synaptic' asks for root password and then rejects it | 15:34 |
| LeePen | Did you kill polkitd after mmoving /etc/PolicyKit/PolicyKit.conf? | 15:36 |
| fsmithred | https://termbin.com/s4k4 | 15:37 |
| fsmithred | I rebooted after moving them | 15:37 |
| fsmithred | bb in 15-20 min | 15:43 |
| LeePen | Try installing policykit-1-gnome and then | 15:44 |
| LeePen | logging in and out again. | 15:44 |
| LeePen | There is an upstream bug https://gitlab.freedesktop.org/polkit/polkit/issues/17 and I think pkttyagent is broken | 15:51 |
| fsmithred | FIXED!!! | 16:07 |
| fsmithred | I did a few things | 16:07 |
| fsmithred | I moved those two files, removed gksu, did an autoremove which took out gconf2 and a few others, added policykit-1-gnome, moved ~/.su-to-rootrc (another live file) | 16:09 |
| KatolaZ | but wasn't gksu dead and buried? | 16:10 |
| LeePen | Excellent | 16:10 |
| fsmithred | gksu did not get removed in the upgrade to beowulf | 16:11 |
| fsmithred | maybe because I didn't remove ascii lines in sources.list | 16:12 |
| KatolaZ | fsmithred: I didn't know it was an upgraded box | 16:15 |
| KatolaZ | in this case, old stuff will never be uninstalled | 16:15 |
| KatolaZ | there would be no way of knowing which package was in the previous repo, and is not any more now, and which package was manually installed from third party sources | 16:16 |
| fsmithred | I'm now on pure beowulf - commented out the ascii lines, update/upgrade | 16:18 |
| KatolaZ | fsmithred: if you updated from *something*, dpkg won't remove any package that is not available in beowulf but is installed in your box | 16:19 |
| fsmithred | the only things that might be from third-party source would be refracta tools | 16:44 |
| furrymcgee | I see jitsi instance on dyne.org. how do you install jitsi in devuan? jitsi-videobridge has unmet dependencies ... | 16:45 |
| obeardly | furrymcgee: Do you mean jitsi server? | 17:52 |
| obeardly | The jitsi-videobridge is just a piece of it. | 17:55 |
| furrymcgee | jitsi install fails because of jitsi-videobridge dependency | 18:32 |
| plasma41 | From today's meet: https://www.youtube.com/watch?v=O6l8KcF8vLs "Keyboard Lag Sucks" rant | 22:15 |
| * rrq not watching videos, but I do remember the transition from 300 to 9600 baud; bliss! :) | 23:06 | |
| golinux | That vid was fo full of promotions I could barely find the topic. It was useless imo | 23:17 |
Generated by irclog2html.py 2.17.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!