From je-vv at e.email Mon Jul 6 07:28:11 2020 From: je-vv at e.email (Javier) Date: Sun, 5 Jul 2020 23:28:11 -0600 Subject: [artix-general] [s6] system not decrypting/mounting (lvm on luks) a non root volume at boot In-Reply-To: <31f7849a-4e6d-7d4b-83d9-775d98459aff@artixlinux.org> References: <82e095d1-1178-7629-c249-b7b8a496c34c@artixlinux.org> <9a6d50d4-dfba-4f98-363a-0d2fe8ce009b@e.email> <548aba2a-613d-803f-7416-c395bd77f355@artixlinux.org> <72590f59-438a-f6ff-2dba-88a8e3c421be@e.email> <31f7849a-4e6d-7d4b-83d9-775d98459aff@artixlinux.org> Message-ID: On 5/12/20 8:29 PM, Dudemanguy via artix-general wrote: > On 5/12/20 8:06 PM, Javier via artix-general wrote: >> But just in case, that made no effect...? Same situation of not getting prompted at boot... > > I need to get back on this one. Such a puzzling issue. I'll try to find some time later this week and setup a luks test case for this. Hi, sorry to bother, are there news about this? -- Javier -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 228 bytes Desc: OpenPGP digital signature URL: From kdkasad at gmail.com Mon Jul 6 00:35:46 2020 From: kdkasad at gmail.com (Kian Kasad) Date: Sun, 5 Jul 2020 15:35:46 -0700 Subject: [artix-general] how to create distcc-runit package Message-ID: <20200705223546.uiczg3m74ih7f4ts@polarbear> I've created a runit service script for distcc. I'd like to make it into a distcc-runit package, but I don't know how. I asked on the IRC channel, and I was told to post here. I've attached a tarball of the files. It can be extracted/installed by running the following command as root: tar xpvJf distcc-runit.tar.xz -C / -------------- next part -------------- A non-text attachment was scrubbed... Name: distcc-runit.tar.xz Type: application/octet-stream Size: 276 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: From ruben at mrbrklyn.com Tue Jul 7 04:28:38 2020 From: ruben at mrbrklyn.com (Ruben Safir) Date: Mon, 6 Jul 2020 22:28:38 -0400 Subject: [artix-general] access to network drive - denies to root? Message-ID: <1ca5e60b-10fb-e3cc-3cce-368a06a5f1ae@mrbrklyn.com> I have a drive mounted through sshfs [ruben at flatbush 101___06]$ mount|grep sshfs ruben at home2:/usr/local/apache2/htdocs/ on /home/ruben/mnt4 type fuse.sshfs (rw,nosuid,nodev,relatime,user_id=1000,group_id=1000) I can not access it with sudo which is bizzarre and unexpected [ruben at flatbush 101___06]$ sudo ls -al /home/ruben/mnt4/brooklyn/mv/ ls: cannot access '/home/ruben/mnt4/brooklyn/mv/': Permission denied [ruben at flatbush 101___06]$ ls -al /home/ruben/mnt4/brooklyn/mv/ total 74965180 drwxr-xr-x 1 ruben daemon 16384 Jul 6 22:25 . drwxr-xr-x 1 ruben 111 4096 Jul 4 10:52 .. -rw-r--r-- 1 ruben 111 83996672 May 18 2008 0.607_Star_Trek_TNG_-_6x07_-_Rascals.avi -rw-r--r-- 1 ruben 111 54562564 Jun 28 2008 06_-_SNL_-_Quentin_Tarantino_s_Welcome_Back_Kotter.mpeg .... why is this? -- So many immigrant groups have swept through our town that Brooklyn, like Atlantis, reaches mythological proportions in the mind of the world - RI Safir 1998 http://www.mrbrklyn.com DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002 http://www.nylxs.com - Leadership Development in Free Software http://www.brooklyn-living.com Being so tracked is for FARM ANIMALS and extermination camps, but incompatible with living as a free human being. -RI Safir 2013 From cromer at artixlinux.org Tue Jul 7 04:53:01 2020 From: cromer at artixlinux.org (Chris Cromer) Date: Mon, 6 Jul 2020 22:53:01 -0400 Subject: [artix-general] access to network drive - denies to root? In-Reply-To: <1ca5e60b-10fb-e3cc-3cce-368a06a5f1ae@mrbrklyn.com> References: <1ca5e60b-10fb-e3cc-3cce-368a06a5f1ae@mrbrklyn.com> Message-ID: <8c4693fd-a9af-75f4-03c0-49b0de37ab1b@artixlinux.org> https://unix.stackexchange.com/questions/59685/sshfs-mount-sudo-gets-permission-denied On 7/6/20 10:28 PM, Ruben Safir via artix-general wrote: > I have a drive mounted through sshfs > > [ruben at flatbush 101___06]$ mount|grep sshfs > ruben at home2:/usr/local/apache2/htdocs/ on /home/ruben/mnt4 type > fuse.sshfs (rw,nosuid,nodev,relatime,user_id=1000,group_id=1000) > > I can not access it with sudo which is bizzarre and unexpected > > [ruben at flatbush 101___06]$ sudo ls -al /home/ruben/mnt4/brooklyn/mv/ > ls: cannot access '/home/ruben/mnt4/brooklyn/mv/': Permission denied > [ruben at flatbush 101___06]$ ls -al /home/ruben/mnt4/brooklyn/mv/ > total 74965180 > drwxr-xr-x 1 ruben daemon 16384 Jul 6 22:25 . > drwxr-xr-x 1 ruben 111 4096 Jul 4 10:52 .. > -rw-r--r-- 1 ruben 111 83996672 May 18 2008 > 0.607_Star_Trek_TNG_-_6x07_-_Rascals.avi > -rw-r--r-- 1 ruben 111 54562564 Jun 28 2008 > 06_-_SNL_-_Quentin_Tarantino_s_Welcome_Back_Kotter.mpeg > .... > > > > why is this? > -- Chris Cromer Artix Developer -------------- next part -------------- A non-text attachment was scrubbed... Name: 0xFA91071797BEEEC2.asc Type: application/pgp-keys Size: 38962 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: From ruben at mrbrklyn.com Tue Jul 7 17:07:00 2020 From: ruben at mrbrklyn.com (Ruben Safir) Date: Tue, 7 Jul 2020 11:07:00 -0400 Subject: [artix-general] access to network drive - denies to root? In-Reply-To: <8c4693fd-a9af-75f4-03c0-49b0de37ab1b@artixlinux.org> References: <1ca5e60b-10fb-e3cc-3cce-368a06a5f1ae@mrbrklyn.com> <8c4693fd-a9af-75f4-03c0-49b0de37ab1b@artixlinux.org> Message-ID: <20200707150659.GB13356@www2.mrbrklyn.com> On Mon, Jul 06, 2020 at 10:53:01PM -0400, Artix wrote: > https://unix.stackexchange.com/questions/59685/sshfs-mount-sudo-gets-permission-denied > > On 7/6/20 10:28 PM, Ruben Safir via artix-general wrote: > > I have a drive mounted through sshfs > > > > [ruben at flatbush 101___06]$ mount|grep sshfs > > ruben at home2:/usr/local/apache2/htdocs/ on /home/ruben/mnt4 type > > fuse.sshfs (rw,nosuid,nodev,relatime,user_id=1000,group_id=1000) > > > > I can not access it with sudo which is bizzarre and unexpected > > > > [ruben at flatbush 101___06]$ sudo ls -al /home/ruben/mnt4/brooklyn/mv/ > > ls: cannot access '/home/ruben/mnt4/brooklyn/mv/': Permission denied > > [ruben at flatbush 101___06]$ ls -al /home/ruben/mnt4/brooklyn/mv/ > > total 74965180 > > drwxr-xr-x 1 ruben daemon 16384 Jul 6 22:25 . > > drwxr-xr-x 1 ruben 111 4096 Jul 4 10:52 .. > > -rw-r--r-- 1 ruben 111 83996672 May 18 2008 > > 0.607_Star_Trek_TNG_-_6x07_-_Rascals.avi > > -rw-r--r-- 1 ruben 111 54562564 Jun 28 2008 > > 06_-_SNL_-_Quentin_Tarantino_s_Welcome_Back_Kotter.mpeg > > .... > > > > > > > > why is this? > > But how does it do that? You would think this breaks the basic secuirty model. How can a mount be created that root has no access to? > > -- > Chris Cromer > Artix Developer [-- Error: unable to create PGP subprocess! --] > -- > artix-general mailing list > artix-general at artixlinux.org > https://lists.artixlinux.org/listinfo/artix-general -- So many immigrant groups have swept through our town that Brooklyn, like Atlantis, reaches mythological proportions in the mind of the world - RI Safir 1998 http://www.mrbrklyn.com DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002 http://www.nylxs.com - Leadership Development in Free Software http://www2.mrbrklyn.com/resources - Unpublished Archive http://www.coinhangout.com - coins! http://www.brooklyn-living.com Being so tracked is for FARM ANIMALS and extermination camps, but incompatible with living as a free human being. -RI Safir 2013 From cromer at artixlinux.org Tue Jul 7 17:29:04 2020 From: cromer at artixlinux.org (Chris Cromer) Date: Tue, 7 Jul 2020 11:29:04 -0400 Subject: [artix-general] access to network drive - denies to root? In-Reply-To: <20200707150659.GB13356@www2.mrbrklyn.com> References: <1ca5e60b-10fb-e3cc-3cce-368a06a5f1ae@mrbrklyn.com> <8c4693fd-a9af-75f4-03c0-49b0de37ab1b@artixlinux.org> <20200707150659.GB13356@www2.mrbrklyn.com> Message-ID: <36c3b58d-7bb5-cbf9-5c3e-f4516f4d00d7@artixlinux.org> This behavior is correct. Local root and remote root are 2 different accounts(even though both are called "root"). Obviously remote "root" should be able to access everything on the remote. And local root should be able to access everything on local. But local "root" should not be able to have "root" privileges on a remote server... Even though you mounted it locally, it is still a remote server. Your root is not the root of that remote server. On 7/7/20 11:07 AM, Ruben Safir wrote: > On Mon, Jul 06, 2020 at 10:53:01PM -0400, Artix wrote: >> https://unix.stackexchange.com/questions/59685/sshfs-mount-sudo-gets-permission-denied >> >> On 7/6/20 10:28 PM, Ruben Safir via artix-general wrote: >>> I have a drive mounted through sshfs >>> >>> [ruben at flatbush 101___06]$ mount|grep sshfs >>> ruben at home2:/usr/local/apache2/htdocs/ on /home/ruben/mnt4 type >>> fuse.sshfs (rw,nosuid,nodev,relatime,user_id=1000,group_id=1000) >>> >>> I can not access it with sudo which is bizzarre and unexpected >>> >>> [ruben at flatbush 101___06]$ sudo ls -al /home/ruben/mnt4/brooklyn/mv/ >>> ls: cannot access '/home/ruben/mnt4/brooklyn/mv/': Permission denied >>> [ruben at flatbush 101___06]$ ls -al /home/ruben/mnt4/brooklyn/mv/ >>> total 74965180 >>> drwxr-xr-x 1 ruben daemon 16384 Jul 6 22:25 . >>> drwxr-xr-x 1 ruben 111 4096 Jul 4 10:52 .. >>> -rw-r--r-- 1 ruben 111 83996672 May 18 2008 >>> 0.607_Star_Trek_TNG_-_6x07_-_Rascals.avi >>> -rw-r--r-- 1 ruben 111 54562564 Jun 28 2008 >>> 06_-_SNL_-_Quentin_Tarantino_s_Welcome_Back_Kotter.mpeg >>> .... >>> >>> >>> >>> why is this? >>> > > > But how does it do that? You would think this breaks the basic secuirty > model. How can a mount be created that root has no access to? > >> >> -- >> Chris Cromer >> Artix Developer > > [-- Error: unable to create PGP subprocess! --] > > > > > >> -- >> artix-general mailing list >> artix-general at artixlinux.org >> https://lists.artixlinux.org/listinfo/artix-general > > -- Chris Cromer Artix Developer -------------- next part -------------- A non-text attachment was scrubbed... Name: 0xFA91071797BEEEC2.asc Type: application/pgp-keys Size: 38962 bytes Desc: not available URL: From ruben at mrbrklyn.com Tue Jul 7 18:57:36 2020 From: ruben at mrbrklyn.com (Ruben Safir) Date: Tue, 7 Jul 2020 12:57:36 -0400 Subject: [artix-general] access to network drive - denies to root? In-Reply-To: <36c3b58d-7bb5-cbf9-5c3e-f4516f4d00d7@artixlinux.org> References: <1ca5e60b-10fb-e3cc-3cce-368a06a5f1ae@mrbrklyn.com> <8c4693fd-a9af-75f4-03c0-49b0de37ab1b@artixlinux.org> <20200707150659.GB13356@www2.mrbrklyn.com> <36c3b58d-7bb5-cbf9-5c3e-f4516f4d00d7@artixlinux.org> Message-ID: <20200707165736.GA14380@www2.mrbrklyn.com> On Tue, Jul 07, 2020 at 11:29:04AM -0400, Artix wrote: > This behavior is correct. > Local root and remote root are 2 different accounts(even though both are > called "root"). Obviously remote "root" should be able to access > everything on the remote. And local root should be able to access > everything on local. But local "root" should not be able to have "root" > privileges on a remote server... > > Even though you mounted it locally, it is still a remote server. Your > root is not the root of that remote server. > Interesting So NTFS and SAMBA also work like that? > On 7/7/20 11:07 AM, Ruben Safir wrote: > > On Mon, Jul 06, 2020 at 10:53:01PM -0400, Artix wrote: > >> https://unix.stackexchange.com/questions/59685/sshfs-mount-sudo-gets-permission-denied > >> > >> On 7/6/20 10:28 PM, Ruben Safir via artix-general wrote: > >>> I have a drive mounted through sshfs > >>> > >>> [ruben at flatbush 101___06]$ mount|grep sshfs > >>> ruben at home2:/usr/local/apache2/htdocs/ on /home/ruben/mnt4 type > >>> fuse.sshfs (rw,nosuid,nodev,relatime,user_id=1000,group_id=1000) > >>> > >>> I can not access it with sudo which is bizzarre and unexpected > >>> > >>> [ruben at flatbush 101___06]$ sudo ls -al /home/ruben/mnt4/brooklyn/mv/ > >>> ls: cannot access '/home/ruben/mnt4/brooklyn/mv/': Permission denied > >>> [ruben at flatbush 101___06]$ ls -al /home/ruben/mnt4/brooklyn/mv/ > >>> total 74965180 > >>> drwxr-xr-x 1 ruben daemon 16384 Jul 6 22:25 . > >>> drwxr-xr-x 1 ruben 111 4096 Jul 4 10:52 .. > >>> -rw-r--r-- 1 ruben 111 83996672 May 18 2008 > >>> 0.607_Star_Trek_TNG_-_6x07_-_Rascals.avi > >>> -rw-r--r-- 1 ruben 111 54562564 Jun 28 2008 > >>> 06_-_SNL_-_Quentin_Tarantino_s_Welcome_Back_Kotter.mpeg > >>> .... > >>> > >>> > >>> > >>> why is this? > >>> > > > > > > But how does it do that? You would think this breaks the basic secuirty > > model. How can a mount be created that root has no access to? > > > >> > >> -- > >> Chris Cromer > >> Artix Developer > > > > [-- Error: unable to create PGP subprocess! --] > > > > > > > > > > > >> -- > >> artix-general mailing list > >> artix-general at artixlinux.org > >> https://lists.artixlinux.org/listinfo/artix-general > > > > > > -- > Chris Cromer > Artix Developer [-- Error: unable to create PGP subprocess! --] > -- > artix-general mailing list > artix-general at artixlinux.org > https://lists.artixlinux.org/listinfo/artix-general -- So many immigrant groups have swept through our town that Brooklyn, like Atlantis, reaches mythological proportions in the mind of the world - RI Safir 1998 http://www.mrbrklyn.com DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002 http://www.nylxs.com - Leadership Development in Free Software http://www2.mrbrklyn.com/resources - Unpublished Archive http://www.coinhangout.com - coins! http://www.brooklyn-living.com Being so tracked is for FARM ANIMALS and extermination camps, but incompatible with living as a free human being. -RI Safir 2013 From dudemanguy at artixlinux.org Wed Jul 8 02:08:39 2020 From: dudemanguy at artixlinux.org (Dudemanguy) Date: Tue, 7 Jul 2020 19:08:39 -0500 Subject: [artix-general] how to create distcc-runit package In-Reply-To: <20200705223546.uiczg3m74ih7f4ts@polarbear> References: <20200705223546.uiczg3m74ih7f4ts@polarbear> Message-ID: <4abb1791-13c6-2cee-426e-f5fa8cec1d77@artixlinux.org> Well a PKGBUILD would be nicer, but I can get konimex to look at this when he has some time. Thanks! On 7/5/20 5:35 PM, Kian Kasad via artix-general wrote: > I've created a runit service script for distcc. I'd like to make it into > a distcc-runit package, but I don't know how. I asked on the IRC > channel, and I was told to post here. I've attached a tarball of the > files. It can be extracted/installed by running the following command as > root: > > tar xpvJf distcc-runit.tar.xz -C / > > From dudemanguy at artixlinux.org Wed Jul 8 02:09:41 2020 From: dudemanguy at artixlinux.org (Dudemanguy) Date: Tue, 7 Jul 2020 19:09:41 -0500 Subject: [artix-general] [s6] system not decrypting/mounting (lvm on luks) a non root volume at boot In-Reply-To: References: <82e095d1-1178-7629-c249-b7b8a496c34c@artixlinux.org> <9a6d50d4-dfba-4f98-363a-0d2fe8ce009b@e.email> <548aba2a-613d-803f-7416-c395bd77f355@artixlinux.org> <72590f59-438a-f6ff-2dba-88a8e3c421be@e.email> <31f7849a-4e6d-7d4b-83d9-775d98459aff@artixlinux.org> Message-ID: Sorry, this got lost in the backlog somewhere. I'll get to actually testing this out this one out later this week. On 7/6/20 12:28 AM, Javier via artix-general wrote: > On 5/12/20 8:29 PM, Dudemanguy via artix-general wrote: >> On 5/12/20 8:06 PM, Javier via artix-general wrote: >>> But just in case, that made no effect...? Same situation of not getting prompted at boot... >> >> I need to get back on this one. Such a puzzling issue. I'll try to find some time later this week and setup a luks test case for this. > > Hi, sorry to bother, are there news about this? > > From je-vv at e.email Fri Jul 10 02:52:49 2020 From: je-vv at e.email (Javier) Date: Thu, 9 Jul 2020 18:52:49 -0600 Subject: [artix-general] [artix-linux][lsb-release] lsb-release from artix showing up arch-release not available? Message-ID: <4582583b-ecc6-1e4d-c3ca-0655d8650d4c@e.email> From Today's upgrade on this box: ( 73/119) upgrading lsb-release [############################################################] 100% sed: can't read /etc/arch-release: No such file or directory Besides: % pacman -Ss lsb-release galaxy/lsb-release 1.4-16 [installed] LSB version query program community/lsb-release 1.4-16 [installed] LSB version query program I guess I'm getting the "galaxy" repo one, being the 1st one. It's weird it's showing /etc/arch-release is not available on an artix box... Thanks ! -- Javier -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 228 bytes Desc: OpenPGP digital signature URL: From paologiacomel19 at gmail.com Sat Jul 11 00:19:01 2020 From: paologiacomel19 at gmail.com (Paolo Giacomel) Date: Sat, 11 Jul 2020 00:19:01 +0200 Subject: [artix-general] Software proposal for the cli Message-ID: Dear Artix Team, It has been a few months since I started to use Artix. My install is as follows Artix Base install with dwm and st. I am very pleased of how good your os works. :) please, I would like to submit a request: May you include the following programs for the terminal in the repositories? 1. Wordgrinder ncurses http://cowlark.com/wordgrinder/ and straw-viewer (which is a new fork of youtube-viewer, since the latter does not work anymore, due to youtube changing something on the api. I am not a programmer, so I do not know what went on). https://github.com/trizen/straw-viewer Please, if you have time let me know if it is possible. I thank you very much and wish you a nice weekend. Stay safe during these difficult pandemic times. Best regards Paolo P.S. Thank you for creating Artix Linux. -------------- next part -------------- An HTML attachment was scrubbed... URL: From cromer at artixlinux.org Sat Jul 11 22:43:34 2020 From: cromer at artixlinux.org (Chris Cromer) Date: Sat, 11 Jul 2020 16:43:34 -0400 Subject: [artix-general] Software proposal for the cli In-Reply-To: References: Message-ID: Both of those softwares can be found in the AUR. On 7/10/20 6:19 PM, Paolo Giacomel via artix-general wrote: > Dear Artix Team, > > It has been a few months since I started to use Artix. My install is as > follows > > Artix Base install with dwm and st. I am very pleased of how good your > os works. :) > > please, I would like to submit a request: > > May you include the following programs for the terminal in the repositories? > > 1. Wordgrinder ncurses > > http://cowlark.com/wordgrinder/ > > and straw-viewer (which is a new fork of youtube-viewer, since the > latter does not work anymore, due to youtube changing something on the > api. I am not a programmer, so I do not know what went on). > > https://github.com/trizen/straw-viewer > > Please, if you have time let?me know if it is possible. > > I thank you very much and wish you a nice weekend. > > Stay safe during these difficult pandemic times. > > Best regards > > Paolo > > P.S. Thank you for creating Artix Linux. > -- Chris Cromer Artix Developer -------------- next part -------------- A non-text attachment was scrubbed... Name: 0xFA91071797BEEEC2.asc Type: application/pgp-keys Size: 38962 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: From kdkasad at gmail.com Sun Jul 12 07:44:53 2020 From: kdkasad at gmail.com (Kian Kasad) Date: Sat, 11 Jul 2020 22:44:53 -0700 Subject: [artix-general] how to create distcc-runit package In-Reply-To: <4abb1791-13c6-2cee-426e-f5fa8cec1d77@artixlinux.org> References: <20200705223546.uiczg3m74ih7f4ts@polarbear> <4abb1791-13c6-2cee-426e-f5fa8cec1d77@artixlinux.org> Message-ID: <20200712054453.7d6zdr43vfk5q6p5@polarbear> Here's a tarball containing the PKGBUILD and the required script. I don't know why I didn't do this in the first place. I noticed that the URL for the distcc-openrc package points to the package's git repo. Since this package doesn't have one (yet), I made the URL point to the distcc project page. This might want to be changed. Sorry for the long delay, I had some problems with my email client. On 20/07/07 07:08PM, Dudemanguy via artix-general wrote: > Well a PKGBUILD would be nicer, but I can get konimex to look at this when > he has some time. Thanks! > > On 7/5/20 5:35 PM, Kian Kasad via artix-general wrote: > > I've created a runit service script for distcc. I'd like to make it into > > a distcc-runit package, but I don't know how. I asked on the IRC > > channel, and I was told to post here. I've attached a tarball of the > > files. It can be extracted/installed by running the following command as > > root: > > > > tar xpvJf distcc-runit.tar.xz -C / > > > > > -- > artix-general mailing list > artix-general at artixlinux.org > https://lists.artixlinux.org/listinfo/artix-general -------------- next part -------------- A non-text attachment was scrubbed... Name: distcc-runit.tar.xz Type: application/octet-stream Size: 596 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 228 bytes Desc: not available URL: From dudemanguy at artixlinux.org Tue Jul 14 00:20:10 2020 From: dudemanguy at artixlinux.org (Dudemanguy) Date: Mon, 13 Jul 2020 17:20:10 -0500 Subject: [artix-general] [s6] system not decrypting/mounting (lvm on luks) a non root volume at boot In-Reply-To: References: <82e095d1-1178-7629-c249-b7b8a496c34c@artixlinux.org> <9a6d50d4-dfba-4f98-363a-0d2fe8ce009b@e.email> <548aba2a-613d-803f-7416-c395bd77f355@artixlinux.org> <72590f59-438a-f6ff-2dba-88a8e3c421be@e.email> <31f7849a-4e6d-7d4b-83d9-775d98459aff@artixlinux.org> Message-ID: On 7/7/20 7:09 PM, Dudemanguy via artix-general wrote: > Sorry, this got lost in the backlog somewhere. I'll get to actually testing this out this one out later this week. Okay, I finally believe I've gotten to the bottom of this. The short answer is that I don't think this is possible with the current way s6 is setup on Artix, but at the very least it's not an issue with the script. During the boot process, the cryptsetup script gets executed, reads the /etc/crypttab with all the right arguments and everything but there's an error message that's sent to shell. Specifically, "Nothing to read on input". The reason I don't believe this can work as-is is because the early getty service that s6-linux-init starts is designed to capture any output from the started services and print them on /dev/console. This will interrupt any wait on input and thus cause the cryptsetup to fail. I haven't tested this, but there are theoretically two potential fixes to this. One would be simply to disable printing on /dev/console. I'm not totally sure anything from the cryptsetup would even print on the early getty in the first place but it is a separate bash/shell call and not a complete execline script so it might work. I don't want to do this though because I've found error output on tty1 to be very useful in debugging and I don't think the tradeoff is worth it. The other possibility would be to move the early getty to some other tty (say tty2) and print the cryptsetup stuff on a different tty (like tty1). This would be strange though because a user would have to manually switch to the other tty (you would still boot on whatever the early getty is defined as) and also said getty services would have to start before cryptsetup to work. I also don't think this hypothetical is worth it. I know you probably already know this (and maybe already do this), but why not just generate a keyfile instead and add it to the luks device? That can be read on boot just fine and as long as it's in a secure location, it's a better solution than a passphrase anyway. If someone has access to your root, you're already compromised after all. Sidenote: I did find a slight error when closing devices on s6. They weren't being unmounted, so at least that should be fixed now. From je-vv at e.email Tue Jul 14 23:06:07 2020 From: je-vv at e.email (Javier) Date: Tue, 14 Jul 2020 15:06:07 -0600 Subject: [artix-general] [s6] system not decrypting/mounting (lvm on luks) a non root volume at boot In-Reply-To: References: <82e095d1-1178-7629-c249-b7b8a496c34c@artixlinux.org> <9a6d50d4-dfba-4f98-363a-0d2fe8ce009b@e.email> <548aba2a-613d-803f-7416-c395bd77f355@artixlinux.org> <72590f59-438a-f6ff-2dba-88a8e3c421be@e.email> <31f7849a-4e6d-7d4b-83d9-775d98459aff@artixlinux.org> Message-ID: <325253bb-168d-769d-de2a-72808e241a95@e.email> > On 7/13/20 4:20 PM, Dudemanguy via artix-general wrote: > > Okay, I finally believe I've gotten to the bottom of this. The short answer is that I don't think this is possible with the current way s6 is setup on Artix, but at the very least it's not an issue with the script. During the boot process, the cryptsetup script gets executed, reads the /etc/crypttab with all the right arguments and everything but there's an error message that's sent to shell. Specifically, "Nothing to read on input". The reason I don't believe this can work as-is is because the early getty service that s6-linux-init starts is designed to capture any output from the started services and print them on /dev/console. This will interrupt any wait on input and thus cause the cryptsetup to fail. > > I haven't tested this, but there are theoretically two potential fixes to this. One would be simply to disable printing on /dev/console. I'm not totally sure anything from the cryptsetup would even print on the early getty in the first place but it is a separate bash/shell call and not a complete execline script so it might work. I don't want to do this though because I've found error output on tty1 to be very useful in debugging and I don't think the tradeoff is worth it. > > The other possibility would be to move the early getty to some other tty (say tty2) and print the cryptsetup stuff on a different tty (like tty1). This would be strange though because a user would have to manually switch to the other tty (you would still boot on whatever the early getty is defined as) and also said getty services would have to start before cryptsetup to work. I also don't think this hypothetical is worth it. > > I know you probably already know this (and maybe already do this), but why not just generate a keyfile instead and add it to the luks device? That can be read on boot just fine and as long as it's in a secure location, it's a better solution than a passphrase anyway. If someone has access to your root, you're already compromised after all. > > Sidenote: I did find a slight error when closing devices on s6. They weren't being unmounted, so at least that should be fixed now. Hi Dudemanguy, thanks a lot for the update. I've never tried decrypting luks with keyfiles. I'll have to explore it, since for some daemons (I haven't launched them since I migrated the boxes to s6), I really need all disks/partitions (even external disks) up and running after boot. Perhaps the keyfile is even a more secure model, I don't know. But so far, any key I host on the boxes is encrypted with some sort of passphrase (like the gpg and ssh ones). I originally was concerned (when I 1st encrypted the disks) I'd have to keep a non encrypted key somewhere, in order to decrypt the disk. Then I realized with grub one could encrypt boot with the key, and somehow, have a way for grub to decrypt boot... I never got the time to experiment with that, :), but it seems it's time to... I do keep boot as a separate partition from the root one and the uefi one. Another thing for me to investigate is, how to generate a key for an already encrypted partition with password, since that might pose another challenge. At any rate, thanks a lot for the research and trials. I had hope I didn't have to got the hard way just yet, but it'll be interesting for sure... Thanks again ! -- Javier -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 228 bytes Desc: OpenPGP digital signature URL: From dudemanguy at artixlinux.org Wed Jul 15 00:45:22 2020 From: dudemanguy at artixlinux.org (Dudemanguy) Date: Tue, 14 Jul 2020 17:45:22 -0500 Subject: [artix-general] [s6] system not decrypting/mounting (lvm on luks) a non root volume at boot In-Reply-To: <325253bb-168d-769d-de2a-72808e241a95@e.email> References: <82e095d1-1178-7629-c249-b7b8a496c34c@artixlinux.org> <9a6d50d4-dfba-4f98-363a-0d2fe8ce009b@e.email> <548aba2a-613d-803f-7416-c395bd77f355@artixlinux.org> <72590f59-438a-f6ff-2dba-88a8e3c421be@e.email> <31f7849a-4e6d-7d4b-83d9-775d98459aff@artixlinux.org> <325253bb-168d-769d-de2a-72808e241a95@e.email> Message-ID: <0484e105-db87-b39b-0c01-6641fc14e39d@artixlinux.org> I'm not sure what your exact setup is, but one thing you could do is (assuming the boot partition is unencrypted which it sounds like it is) create a keyfile for the encrypted root and then bake it into the initramfs. You can does this with mkinitcpio by using the FILES option in the conf file and then make a new initramfs. This way, the root is unencrypted when the initramfs loads and before the init actually starts. So your root would be totally protected if someone tried to access it with a live iso/usb. An attacker with physical access could, of course, turn on the computer but they would just get to your login screen where presumably they couldn't do anything and not have any file access. With that setup, you could create more keyfiles for your other encrypted partitons and store them in the root. There, you could set them in /etc/crypttab and those would unlock on boot and then mount if defined in /etc/fstab. On 7/14/20 4:06 PM, Javier via artix-general wrote: > Hi Dudemanguy, thanks a lot for the update. > > I've never tried decrypting luks with keyfiles. I'll have to explore it, since for some daemons (I haven't launched them since I migrated the boxes to s6), I really need all disks/partitions (even external disks) up and running after boot. > > Perhaps the keyfile is even a more secure model, I don't know. But so far, any key I host on the boxes is encrypted with some sort of passphrase (like the gpg and ssh ones). I originally was concerned (when I 1st encrypted the disks) I'd have to keep a non encrypted key somewhere, in order to decrypt the disk. Then I realized with grub one could encrypt boot with the key, and somehow, have a way for grub to decrypt boot... I never got the time to experiment with that, :), but it seems it's time to... I do keep boot as a separate partition from the root one and the uefi one. > > Another thing for me to investigate is, how to generate a key for an already encrypted partition with password, since that might pose another challenge. > > At any rate, thanks a lot for the research and trials. I had hope I didn't have to got the hard way just yet, but it'll be interesting for sure... > > Thanks again ! From jerome at javaxpert.com Tue Jul 28 10:46:19 2020 From: jerome at javaxpert.com (jerome moliere) Date: Tue, 28 Jul 2020 10:46:19 +0200 Subject: [artix-general] Newcomer - a couple of questions Message-ID: Hi, this distro sounds really exciting after a long time with debian.... I am tired of systemd tricks and artix seems the right choice.... However I am missing a couple of softwares, can you point to a way to install them: - brave browser (Availlable in Arch) - I missed a couple of tools used to develop on small ARM MCUs, MCUXpresso IDE 9available in Arch AUR) - wps linux office suite Is there a way to install them inside Artix ? Is there a slimming guide on Artix/Arch ? On my previous install with my System 76 Lemur Pro, system starts with 400Mb... Are the system76 tools available , I did not check when the distro was installed (there is a manjaro now but it is bloated and some softwares do not work (Hp-LIP cannot recognize my scanner working perfectly with Artix) Thanks for your help Regards -------------- next part -------------- An HTML attachment was scrubbed... URL: From nous at artixlinux.org Tue Jul 28 11:06:51 2020 From: nous at artixlinux.org (Christos Nouskas) Date: Tue, 28 Jul 2020 12:06:51 +0300 Subject: [artix-general] Newcomer - a couple of questions In-Reply-To: References: Message-ID: <20200728120651.325e4707@hyperion.xyzzy.xyz> On Tue, 28 Jul 2020 10:46:19 +0200 jerome moliere via artix-general wrote: > Hi, > this distro sounds really exciting after a long time with debian.... > I am tired of systemd tricks and artix seems the right choice.... > However I am missing a couple of softwares, can you point to a way to > install them: > - brave browser (Availlable in Arch) > - I missed a couple of tools used to develop on small ARM MCUs, MCUXpresso > IDE 9available in Arch AUR) > - wps linux office suite > > Is there a way to install them inside Artix ? You can install everything from Arch. WPS office and brave browser can be got from either the AUR or some unofficial user repositories. > Is there a slimming guide on Artix/Arch ? > On my previous install with my System 76 Lemur Pro, system starts with > 400Mb... A fresh Artix LXDE installation with s6 boots at 181MB... https://i.imgur.com/t9tT84j.png > Are the system76 tools available Also from the AUR, as usual. -- https://systemd-free.artixlinux.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 488 bytes Desc: OpenPGP digital signature URL: