Rescue Toaster posted:Should the installation images for modern distros support secure boot? I know lots of distros can do various secure boot configurations and there's instructions once you're up and running and need to update a kernel and so forth. I believe Microsoft is the only official CA for secure boot (though you can add your own CA's yourself). They have certain requirements before they hand out keys to distro makers which, while not super onerous, many just don't bother with. Some folks also just have an issue with Microsoft holding the keys to whether you're allowed to install any other OS's on your hardware so refuse to use it on principal.
|
|
# ? Dec 4, 2023 23:35 |
|
|
# ? Jun 8, 2024 09:26 |
|
Rescue Toaster posted:Should the installation images for modern distros support secure boot? I know lots of distros can do various secure boot configurations and there's instructions once you're up and running and need to update a kernel and so forth. The good distributions do.
|
# ? Dec 4, 2023 23:50 |
|
Rocko Bonaparte posted:I have a goofy problem where I get a "target is busy" option when umounting a filesystem I was manipulating as a chroot. The file system is just a file itself. I have to set up some binds for stuff like /dev and /dev/pts, but I only fail when unmounting the actual filesystem. If I umount again afterwards, it works fine. It doesn't happen every time. I am guessing something is still flushing/committing/whatever when I try to umount it, but I had exited the chroot well before that. My guess is what you guessed. Try running `sync` first.
|
# ? Dec 5, 2023 00:22 |
|
Syncing doesn't make a difference, unmounting does it implicitly.
|
# ? Dec 5, 2023 00:39 |
|
Rescue Toaster posted:Should the installation images for modern distros support secure boot? I know lots of distros can do various secure boot configurations and there's instructions once you're up and running and need to update a kernel and so forth. They do (the big ones anyway). They just sign their stuff with a MS-signed certificate. But if you need to compile your own kernel module (nvidia for example) then it can get more complicated (need to add your own cert to the bios, sign the drat thing with it or with a cert signed with it, etc.). I personally never bothered, disable the thing and move on with life.
|
# ? Dec 5, 2023 00:42 |
|
pseudorandom name posted:Syncing doesn't make a difference, unmounting does it implicitly. even so every proper linux admin has to run sync at LEAST three times before unmounting anything
|
# ? Dec 5, 2023 00:44 |
|
xzzy posted:even so every proper linux admin has to run sync at LEAST three times before unmounting anything Sync is for when umount complains, you're reasonably sure there's nothing actively writing to the USB disk anymore, and you want to be a little bit more proper than just yanking it.
|
# ? Dec 5, 2023 01:21 |
|
Volguus posted:They do (the big ones anyway). They just sign their stuff with a MS-signed certificate. But if you need to compile your own kernel module (nvidia for example) then it can get more complicated (need to add your own cert to the bios, sign the drat thing with it or with a cert signed with it, etc.). I personally never bothered, disable the thing and move on with life. I just use the "Other OS" secure boot option thing.
|
# ? Dec 5, 2023 01:35 |
Sorry if this isn't the right place to ask it but it is kinda Linux related. I have an Ubuntu VM running thru Virtual Box that I want to install on a dedicated machine as the native OS. How can I go about doing this?
|
|
# ? Dec 5, 2023 02:50 |
|
Popete posted:Sorry if this isn't the right place to ask it but it is kinda Linux related. I have an Ubuntu VM running thru Virtual Box that I want to install on a dedicated machine as the native OS. How can I go about doing this? It's probably easier to just install it on the new computer and then copy the contents of your home directory by scp or whatever if that's all you need and there isn't a ton of stuff
|
# ? Dec 5, 2023 03:51 |
I do want to copy the entire filesystem actually. That makes sense, I will give that a try. Thanks!
|
|
# ? Dec 5, 2023 04:32 |
|
Sounds like I need to write SYNC in all-caps to really make it understand.
|
# ? Dec 5, 2023 06:19 |
|
Rocko Bonaparte posted:Sounds like I need to write SYNC in all-caps to really make it understand.
|
# ? Dec 5, 2023 07:48 |
|
Popete posted:I do want to copy the entire filesystem actually. That makes sense, I will give that a try. Thanks! The brutal approach is to boot the target machine from a live USB stick; attach the VM drive to a new VM, and then use nc to just dump the entire drive byte for byte over the network. If you install pv, you'll even get a progress bar - something like this: code:
To expand, nc is "netcat" - it's a simple way to send bytes over the network. nc -l 1234 listens for connections on port 1234 and outputs everything it receives; nc <ip> <port> connects and sends everything piped into it. pv is basically cat with a progress bar - you can also use cat, ofc. With that done, you'll probably have to find out how to expand the file system to fill the target disk; it'll most likely be bigger than your VM disk. The details depends on the file system you're using. Computer viking fucked around with this message at 16:40 on Dec 5, 2023 |
# ? Dec 5, 2023 16:35 |
|
Rescue Toaster posted:Should the installation images for modern distros support secure boot? Rescue Toaster posted:But that does sort of defeat the purpose. Everything else is outside the intended application scope, to the point where nobody QAs the "rolling your own keys" part. Nitrousoxide posted:They have certain requirements before they hand out keys to distro makers which, while not super onerous, many just don't bother with. Nitrousoxide posted:Some folks also just have an issue with Microsoft holding the keys to whether you're allowed to install any other OS's on your hardware so refuse to use it on principal. If you want to sign your own kernel and enroll your own keys in your UEFI that's, great. But I don't particularly trust Microsoft's keys at this point since they've signed a bunch of crap over the years. Also if you leave secure boot on and run Linux there's a good chance your machine won't boot at some point in 2026 when Microsoft's certificates expire but, since you're running Linux, you'll be excluded from whatever automatic update mechanism they employ in Windows.
|
# ? Dec 5, 2023 17:17 |
|
Computer viking posted:The brutal approach is to boot the target machine from a live USB stick; attach the VM drive to a new VM, and then use nc to just dump the entire drive byte for byte over the network. If you install pv, you'll even get a progress bar - something like this: Computer Viking makes this sound like a big kludge, and I guess it is. But I'm here to tell you I use this technique all the damned time. We should make this an interview question, honestly. Watching people dream up ways to do this seems useful.
|
# ? Dec 5, 2023 18:02 |
|
cruft posted:Computer Viking makes this sound like a big kludge, and I guess it is. But I'm here to tell you I use this technique all the damned time. I'm sure you could do something with one of the imaging tools (e.g. clonezilla), maybe even converting the VM disk directly to something they can use as their input first. But that requires a lot more tools I haven't used recently and long explanations, so nc onto a raw drive it is.
|
# ? Dec 5, 2023 18:07 |
ExcessBLarg! posted:Not really. The purpose of secure boot is to deter boot-time rootkits on Windows since their installation would be obvious on the 99% of machines that ship with Windows and secure boot. It's also useful for an IT department to ensure that only distro's validated by them are installed on their hardware. As long as they add themselves as a CA in the UEFI then they can ensure a malicious actor can't try to slip in a compromised OS.
|
|
# ? Dec 5, 2023 18:27 |
Computer viking posted:I'm sure you could do something with one of the imaging tools (e.g. clonezilla), maybe even converting the VM disk directly to something they can use as their input first. But that requires a lot more tools I haven't used recently and long explanations, so nc onto a raw drive it is. This is more in line with what I was originally thinking, there must be some tool to take a VM image and create a USB install from it but I guess it also just makes sense to directly dd the image over to the target hard drive so I'm gonna give that a shot first.
|
|
# ? Dec 5, 2023 18:30 |
|
Nitrousoxide posted:It's also useful for an IT department to ensure that only distro's validated by them are installed on their hardware. As long as they add themselves as a CA in the UEFI then they can ensure a malicious actor can't try to slip in a compromised OS.
|
# ? Dec 5, 2023 18:55 |
|
Popete posted:This is more in line with what I was originally thinking, there must be some tool to take a VM image and create a USB install from it but I guess it also just makes sense to directly dd the image over to the target hard drive so I'm gonna give that a shot first. So, yeah, you could use CloneZilla if you want to set up a server and install image and learn a bunch of crap. But Unix makes everything a file* so there's nothing to be gained by making this more difficult than it needs to be. * Well, that was the original intent. Then things like Berkeley Sockets and X11 happened.
|
# ? Dec 5, 2023 19:34 |
|
Popete posted:Sorry if this isn't the right place to ask it but it is kinda Linux related. I have an Ubuntu VM running thru Virtual Box that I want to install on a dedicated machine as the native OS. How can I go about doing this? code:
code:
code:
ExcessBLarg! fucked around with this message at 20:14 on Dec 5, 2023 |
# ? Dec 5, 2023 20:11 |
|
I'm having an iSCSI problem on my Arch installation- I can connect and login to the iSCSI device just fine, but it doesn't show up anywhere in the filesystem with fdisk , lsblk, or in /dev/disk/by-path however, I can see the device details with $ iscsiadm -m session -P 3 also, the iscsi service fails with this ○ iscsi.service - Login and scanning of iSCSI devices Loaded: loaded (/usr/lib/systemd/system/iscsi.service; enabled; preset: disabled) Active: inactive (dead) Docs: man:iscsiadm(8) man:iscsid(8) Dec 06 09:58:58 hyperion systemd[1]: Dependency failed for Login and scanning of iSCSI devices. Dec 06 09:58:58 hyperion systemd[1]: iscsi.service: Job iscsi.service/start failed with result 'dependency'. I don't know what 'dependency' refers to. this also appears in the journal- systemd[1]: One time configuration for iscsi.service was skipped because of an unmet condition check (ConditionPathExists=!/etc/iscsi/initiatorname.iscsi). that file does exist. I've even tried recreating it with iscsi-gen-initiatorname but that journal entry persists this was working fine until about a week ago when I reinstalled Arch. I don't remember doing anything to get it working other than installing open-iscsi e: multipathd is running fine isaboo fucked around with this message at 16:16 on Dec 6, 2023 |
# ? Dec 6, 2023 16:10 |
|
Welp, nevermind. It started working after a reboot, though that didn't help last night.
|
# ? Dec 6, 2023 16:31 |
|
Re: Secure Boot: LogoFAIL just hit and basically all UEFI machines are now vulnerable to a Secure Boot bypass. Good times.
|
# ? Dec 6, 2023 17:13 |
|
Man docking station stuff still seems like an absolute train wreck in linux. A) Power management settings can't seem to differentiate between on a standalone USB-C power pack or on the dock, so if you want the laptop to only stay on when the lid is closed if it's on the dock, not just on the power adapter, doesn't seem to be a way to do that. B) Window management stuff is an absolute shitshow. Every single version of every distro and window manager handles it differently (or not at all). Right now on mint-mate there's seemingly no way to disable the built-in screen at all when docked, even if the lid is closed. It's possible to create some command line udev scripts maybe? But if it ever gets out of sync or boots up in the wrong mode, you might be stuck with no display unless you were to... I don't know, have a process running continually monitoring for the presence of the USB-C dock device? In fact I think the *easiest* thing might be to write from scratch my own daemon in python or something to continually monitor for the presence of the dock and run xrandr commands from a shell when necessary, and that's frankly loving pathetic.
|
# ? Dec 7, 2023 01:44 |
|
you could probably use udev triggers to set things up, but you’d need to be careful about things like undocking while suspended if udev doesn’t synthesize the right events
|
# ? Dec 7, 2023 02:09 |
|
Subjunctive posted:you could probably use udev triggers to set things up, but you’d need to be careful about things like undocking while suspended if udev doesn’t synthesize the right events Yeah that's the exact kind of situation I'm worried about. You could try to catch all the insert/remove of the dock, power actions, lid open/close, sleep/suspend/startup etc... and still end up missing something. That's why I almost feel like it needs continuous monitoring (Every 3-5 seconds or something). The other side of it is it's for my wife so it really needs to just work. She's been totally happy with linux but she's not going to put up with "Oh just put some shell scripts on your desktop to fix the broken poo poo and run them manually." which doesn't even work if the desktop isn't showing on the right screen. First time I tried the dock it happily detected the second monitor, but then when I locked the screen it only showed the login prompt on the laptop monitor even though it was sitting there with the lid closed. Rescue Toaster fucked around with this message at 02:22 on Dec 7, 2023 |
# ? Dec 7, 2023 02:20 |
|
just use arandr with hotkeys
|
# ? Dec 7, 2023 02:31 |
|
I have been tasked with coming up with a strategy to back up ~ 44 tb from one server to another (on the same intranet).
we also want to prune the files kept on the server by access timestamp so we no longer have to keep 44 TiB in the directory. this might be a little separate from backing up, cause we don't want to remove these files from the backups, unless there is an append-only solution? also, for pruning little-used files, is there a way to keep around a "ghost" of the file (kind of like in the Dropbox selective sync ui) in the source filesystem that indicates it was there but is now backed up? the backup will be backed up regularly offsite by the admin of the windows server, so i am off the hook there. i need to find some software and write some scripts to get this going. i've used rsync, borg, and timeshift before, but never on such a scale. thank you for any pointers/symlinks/junctions. i've cross posted this in intersecting topics so forgive me if you've seen this post before and never wanted to see it again.
|
# ? Dec 9, 2023 21:59 |
|
Rescue Toaster posted:Yeah that's the exact kind of situation I'm worried about. You could try to catch all the insert/remove of the dock, power actions, lid open/close, sleep/suspend/startup etc... and still end up missing something. That's why I almost feel like it needs continuous monitoring (Every 3-5 seconds or something). The more I think about it the more confident I am that udev will still send the right results at least for USB stuff, but I haven’t tested it.
|
# ? Dec 9, 2023 22:02 |
|
Take a look at rclone. It's very similar to rsync, but has some features that you may find useful (filtering by date is built-in, for example, and it backs up symlinks as text files). And when down the line the backup destination inevitably becomes some S3 cold storage bucket, you'll only have minimal changes to apply. For the 'ghost files', it shouldn't be too complicated to solve that with a script. Set rclone or whatever other tool you choose to log all its actions in a structured format, find every instance of a file being deleted from the source, then create an empty filename.BACKEDUP placeholder. Exclude all 0-sized .BACKEDUP files from the main job. NihilCredo fucked around with this message at 22:34 on Dec 9, 2023 |
# ? Dec 9, 2023 22:32 |
Time to patch.
|
|
# ? Dec 10, 2023 19:09 |
|
Posted this in the NAS thread, but wondering if this thread has opinions: I'm on Fedora and I know I'm going to want to reinstall the OS every few years. I have four 8tb platter drives and my plan right now is to build a RAID10 with md. I'm pausing to check though, because when I move to the next Fedora I want to be absolutely sure that I can rebuild the array afterwards. Is there anything I should know before I start?
|
# ? Dec 12, 2023 03:53 |
|
Use LVM instead of MD and you can just import the volume group.
|
# ? Dec 12, 2023 04:22 |
|
I'm 100% sure my information is outdated and maybe imaginary, but I thought lvm raid used mdadm, but had worse repair and recovery? I've recovered and reassembled non-raid LVMs maybe a dozen times and its pretty easy, but I thought maybe it was just as simple using md?
|
# ? Dec 12, 2023 04:27 |
|
I'd do RAID6 instead of RAID10.
|
# ? Dec 12, 2023 09:34 |
|
Wibla posted:I'd do RAID6 instead of RAID10. Wouldn't RAID6 be a bit taxing on the CPU though? I only had it on a 3ware card a long time ago, but then it was all done in the chipset.
|
# ? Dec 12, 2023 19:59 |
|
I mean people have been doing software RAID5/6 and ZFS raid for decades. I know I had a RAID5 mdadm setup running on a freaking celeron in ~2007 or so. Spinning disks are maybe like 2-3x as fast as they were then, while CPUs and memory are astronomically more powerful. I don't think it'll be an issue. Unless you're using SSDs in your raid I guess.
|
# ? Dec 12, 2023 20:42 |
|
|
# ? Jun 8, 2024 09:26 |
|
Rescue Toaster posted:I mean people have been doing software RAID5/6 and ZFS raid for decades. I know I had a RAID5 mdadm setup running on a freaking celeron in ~2007 or so. Spinning disks are maybe like 2-3x as fast as they were then, while CPUs and memory are astronomically more powerful. I don't think it'll be an issue. Oh, then don't mind me. Carry on.
|
# ? Dec 12, 2023 21:59 |