[artix-general] updates keep blowing away my desktop

[Ruben Safir]

So much of this is fleshed out on the irc channel, althoug I am not 
at a solution yet - but here is a record of the conversation which I 
will post to the internet so that maybe it will be searchable in the
future.

There are a few package issues we discussed and discovered

* Now talking on #artix
* Topic for #artix is: Artix Linux - https://artixlinux.org --- We need
* more packagers:
* https://forum.artixlinux.org/index.php/topic,512.0.html
* Topic for #artix set by nous (Sat Apr 20 14:56:47 2019)
* Channel #artix url: http://artixlinux.org
<mrbrklyn>    Device              Start          End     Sectors    Size
Type
<mrbrklyn> >>  Free space           2048         4096        2049
1M                  
<mrbrklyn>     /dev/sda1            4097       618497      614401
300M EFI System
<mrbrklyn>     /dev/sda2          618498   1881523267  1880904770
896.9G Linux filesystem
<mrbrklyn>     /dev/sda3      1881523268   1953520064    71996797
34.3G Linux swap
<mrbrklyn>     Free space     1953521664   1953525134        3471
1.7M
<mrbrklyn> the instructions say 
<mrbrklyn> NOTE: The BIOS boot partition is necessary on UEFI systems
with a GPT-partitioned disk. EFI system partition has to be created and
mounted at /mnt/boot and the suggested size is around 512 MiB.
* nycko (nycko123 at gateway/vpn/protonvpn/nycko123) has joined
<mrbrklyn> that completely fails though when you run grub-install on it
* sztelke (~KiwiIRC at unaffiliated/sztelke) has left
<charliebrownau> mrbrklyn, : you need - EFI partition 255-555mb , 8gb
Root, 8gb swap, 8gb home, left over data
<charliebrownau> if all fails use GPARTED usb stick to sort it all out
<charliebrownau> https://gparted.org/livecd.php
* nycko has quit (Quit: blip blop)
* nycko (~nycko123 at unaffiliated/nycko123) has joined
* lleumaS (~lleumaS at 213.177.218.168) has joined
<lleumaS> hey guys, one simple question, switching actually from arch to
artix to let sysmd fly away, I need encryption on my laptop so, actually
I'm using sysmdboot and luks2, I heard of GRUB to not support
luks2,should I care about this on artix, need I to force luks1? thx
* linuxer__ has quit (Remote host closed the connection)
* linuxer_ has quit (Ping timeout: 272 seconds)
<charliebrownau> Gday I personally havent used LUK yet, I use EXT4,
appimage and use extranal drive thats been encytped with Veracrypt
<charliebrownau> along with keePassXC
* randombit has quit (Remote host closed the connection)
* randombit (~randombit at 188-143-51-174.pool.digikabel.hu) has joined
* ShadowKyogre (7358dd25f8 at unaffiliated/shadowkyogre) has joined
* ShadowKyogre (7358dd25f8 at unaffiliated/shadowkyogre) has left
* lleumaS has quit (Quit: Lost terminal)
* peetaur (~peter at xplr-96-44-121-242.xplornet.com) has joined
* yustin has quit (Ping timeout: 265 seconds)
* burningserenity (~burningse at 050-088-154-247.res.spectrum.com) has
* joined
<ovf> what's so secret about one's kernel and initramfs that they need
to be on a luks partition?
<ovf> mrbrklyn: just mount /dev/sda1 as /boot
<peetaur> they likely aren't secret, but what if someone modified them
to add some logging and whatnot? you'd rather it is corrupt than the
modifications run
<peetaur> but a signature is all you need
<peetaur> (is there such a thing as a signature for initramfs?)
* burningserenity has quit (Read error: Connection reset by peer)
<ovf>  sha256sum /boot/initramfs-linux.img > ~/initramfs-sig ? :-) where
your home is encrypted to taste
* burningserenity (~burningse at 050-088-154-247.res.spectrum.com) has
* joined
<charliebrownau> Its amazing so many people are against, passwords,
encyption and piracy, yet these SAME PEOPLE - lock doors in vechiles,
lock doors at homes, keep private docments in folders/box's/storage
devices with lock and key, have key combination locks, yet some how
security should be wide open when something is DIGITAL, but double
standard for PHYISCAL items
* burningserenity has quit (Client Quit)
* aHick (~aHick at unaffiliated/ahick) has joined
<ovf> if i'm worried about someone tampering with my initramfs offline,
i might as well think about my system's physical security.
* yustin (~yustin at unaffiliated/yustin) has joined
* multi8 has quit (Ping timeout: 260 seconds)
<peetaur> imagine you encrypt your rootfs and home, but not initramfs.
So an attacker comes and images your disk and puts a backdoor and logger
in your initramfs. Then later you log in, and they dl the logged pw
through the backdoor and use it with their copy of your fs.
<peetaur> (they don't need your password which might not be available at
the time of logging.....but to use the FS, the key is unencrypted in RAM
so they can also just grab that)
<peetaur> so if you care about that sort of security, then you should
care about preventing tampering with your initramfs, hardware, firmware,
etc. too
* burningserenity (~burningse at 050-088-154-247.res.spectrum.com) has
* joined
* Dudemanguy (~Dudemangu at mpv/developer/Dudemanguy) has joined
* d3m0nm4dn3ss (~u0_a338 at 2600:380:8d32:91c1:d0b:cde0:4598:d64) has
* joined
<d3m0nm4dn3ss> Hey guys! I just ran the fucktheskullofsystemd.sh script
by artixnous, and I have this issue when I turn on my netbook my
hostname is always archlinux, even though in /etc/hostname it is set as
Matthew-Netbook, and my /etc/hosts file is pretty much nothing
<d3m0nm4dn3ss> Can I get some help? I'm completely new to OpenRC
<aldum> see https://wiki.artixlinux.org/Main/Configuration
<aldum> OpenRC does it differently
<d3m0nm4dn3ss> okay
<d3m0nm4dn3ss> lol i just got artix's 404 page
<d3m0nm4dn3ss> Okay cool I just set the hostname acc. to this wiki page
* multi8 (~multi8 at 90-227-29-153-no173.tbcn.telia.com) has joined
<aldum> sorry about that, there's weird heisenbug with the wiki
<d3m0nm4dn3ss> Also, when openrc starts up it keeps trying to obtain an
ip from my ethernet adapter... i dont use ethernet. it's slowing my boot
how to fix that?
<mrbrklyn> ovf - I did mount /dev/sda1 as boot
* ztx has quit (Ping timeout: 265 seconds)
 charliebrownau!*@* added to ignore list.
 <mrbrklyn> grub-install then wouldn't work at all
 <mrbrklyn> with /boot/ as a partition and /boot/EFI
 * ShadowKyogre (7358dd25f8 at unaffiliated/shadowkyogre) has joined
 <peetaur> d3m0nm4dn3ss: you probably have something enabled that does
 that... like a dhcp client
 * ShadowKyogre (7358dd25f8 at unaffiliated/shadowkyogre) has left
 <aldum> check out /etc/init.d
 <aldum> or rc-status
 <aldum> if there's something like net.eth0 -> net.lo in init.d, that's
 what you want to turn off
 <d3m0nm4dn3ss> Oh okay cool
 * polocho (~polocho at 95.39.153.248) has joined
 <d3m0nm4dn3ss> I'm at dollar general right now i'll be back soon prollu
 * ShadowKyogre (7358dd25f8 at unaffiliated/shadowkyogre) has joined
 * linuxer_ (~linuxer_ at unaffiliated/linuxer/x-5503211) has joined
 * multi8 has quit (Ping timeout: 258 seconds)
 <ovf> mrbrklyn: sorry, i'm too frightened of grub2 to be of help with
 this. i think i'm in the majority that gave up and went with efistub
 (using your computer firmware as the bootloader)
 <mrbrklyn> ovf - I hear
 * ShadowKyogre (7358dd25f8 at unaffiliated/shadowkyogre) has left
 <peetaur> I can help with grub2 stuff ...but I don't see the question
 <peetaur> I even use grub2 for efi... I like having a fully featured
 grub menu and don't understand why nobody else does it that way :D
 <ovf> it's probably idiosyncratic but the way the whole config
 generation system works
 (https://wiki.archlinux.org/index.php/GRUB#Generate_the_main_configuration_file)
 fills me with existential dread, and i could never get anything working
 (e.g. even changing the default is some strange exercise). in
 comparison with efi i can directly inspect (with bcfg or efibootmgr)
 what gets loaded and with which options.
 <ovf> i agree that a smart interactive bootloader is nice to have, but
 not at that cost. :-)
 <ovf> (besides for efi targets like linux, efi shell is a pretty good
 interactive bootloader)
 <d3m0nm4dn3ss> Okay how do I turn it off
 <d3m0nm4dn3ss> net.eth0
 <peetaur> d3m0nm4dn3ss: use `rc-update del ...` or rm the symlinks in
 /etc/runlevels/
 <d3m0nm4dn3ss> Do I just rm it?
 <d3m0nm4dn3ss> oh k
 <peetaur> use the rc-update unless you're sure you know what you're
 doing .....maybe it has some shoot-self-in-foot protection
 <d3m0nm4dn3ss> service net.eth0 removed from reuntime default
 <peetaur> don't rm things in /etc/init.d/ ... let pacman handle that
 (by uninstalling packages for example)
 <d3m0nm4dn3ss> Yeah I did
 <d3m0nm4dn3ss> I'm not completely stupid lmao
 <peetaur> if you rm something from /etc/init.d/ you can install it
 again... pacman -Qo /path/to/file and then reinstall that package
 <SGOrava> many said that, many had sleepless night
 <d3m0nm4dn3ss> Oh okay, good to know
 <peetaur> not sure if symlink kinds of stuff is replaced though...some
 things are not "owned" but generated by package hooks
 <mrbrklyn> : Running post-transaction hooks...
 <mrbrklyn> (1/5) Creating temporary files...
 <mrbrklyn> Failed to open file
 "/sys/devices/system/cpu/microcode/reload": Read-only file system
 <mrbrklyn> error: command failed to execute correctly
 <mrbrklyn> this is an error in basestrap /mnt linux linux-firmware
 <ovf> sysfs should be mounted rw. what's the output of mount -t sysfs ?
 <mrbrklyn> artix:[artix]:/mnt/boot$ mount -t sysfs
 <mrbrklyn> sys on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
 <mrbrklyn> looks read and write to me
 <mrbrklyn> ls -al  /sys/devices/system/cpu/microcode/reload
 <mrbrklyn> this is fucked up
 <mrbrklyn> I am down over 15 hors now
 <mrbrklyn> I have 9 more of these artix systems
 <ovf> wait, are you doing that on an actual install or a liveusb?
 * ShadowKyogre (7358dd25f8 at unaffiliated/shadowkyogre) has joined
 * Megver83 (~Icedove at pc-88-170-100-190.cm.vtr.net) has joined
 <mrbrklyn> I have to boot from, a live stick
 <mrbrklyn> it doesn't boot from the /dev/sda
 <mrbrklyn> all I am trying to do it rewrite the boot records and the
 kernel so it will boot
 <ovf> that error comes from tmpfiles --create
 /usr/lib/tmpfiles.d/linux-firmware.conf. now i don't see the point of
 this, but on a normal artix system that works fine
 <mrbrklyn> there is like no tools to do this
 <mrbrklyn> this is my main workstation with all my COVID-19 Data on it
 my PhD work
 <ovf> do you have your /boot also mounted into /mnt/boot?
 <mrbrklyn> yes
 <mrbrklyn> it is just refusing to lay out the kernel correctly
 <mrbrklyn> artix:[artix]:~$ ls -al /mnt/boot/
 <mrbrklyn> total 8776
 <mrbrklyn> drwxr-xr-x  2 root root    4096 Jan  1  1970 .
 <mrbrklyn> drwxr-xr-x 17 root root    4096 Nov 11 07:20 ..
 <mrbrklyn> -rwxr-xr-x  1 root root 8973088 Nov 11 15:00 vmlinuz-linux
 <mrbrklyn> where did the initramfs disapear to or the memstat for that
 matter?
 <ovf> did you do what aldum suggested? artools-chroot /mnt mkinitcpio
 -p linux
 * ShadowKyogre (7358dd25f8 at unaffiliated/shadowkyogre) has left
 <ovf> if /mnt is (at some point) a working artix system, you probably
 should do basestrap if all you need is to reinstall the kernel.
 <ovf> *shouldn't do basestrap
 * ShadowKyogre (7358dd25f8 at unaffiliated/shadowkyogre) has joined
 <mrbrklyn> no - I didn't see that
 <peetaur> if target fs pacman works, artools-chroot and use its own
 pacman.... if not, that's when you use basestrap
 * d3m0nm4dn3ss has quit (Ping timeout: 246 seconds)
 <mrbrklyn> peetaur - I was thinking that!
 <peetaur> and you can even fix pacman without basestrap...like tar xf
 the pacman package (not proper) and then `pacman -S --replace ....
 pacman` to make it proper afterwards
 <mrbrklyn> peetaur - Lets NOT try to pull in pacman by a tarball at
 this point :)
 <peetaur> I'm not saying you should ...just saying *even* if you messed
 pacman up horribly, you still likely don't need basestrap
 <mrbrklyn> sh-5.0# pacman -S linux linux-firmware
 <mrbrklyn> it still can't read that dam tree
 <mrbrklyn> Failed to open file
 "/sys/devices/system/cpu/microcode/reload": Read-only file system
 <peetaur> I think it wants to write, not read
 <peetaur> lots of things in sysfs work like   echo 1 >
 "/sys/devices/system/cpu/microcode/reload"
 <mrbrklyn> sh-5.0# mount -t sysfs
 <mrbrklyn> sys on /sys type sysfs (ro,nosuid,nodev,noexec,relatime)
 <mrbrklyn> now THAT is a read only mount
 <ovf> yep: /usr/lib/artools/base/mount.sh:    chroot_mount sys
 "$mnt/sys" -t sysfs -o nosuid,noexec,nodev,ro &&
 <peetaur> it clearly says ro there..why is it ro?
 <ovf> questionable choice by artools-chroot
 <mrbrklyn> so should I ignor it?
 <peetaur> well you can probably      mount -o remount,rw /sys
 <mrbrklyn> or is that why I am not getting a linx kernel
 <mrbrklyn> AH - experts - thank you guys
 <mrbrklyn> when does it make the initramfs
 <mrbrklyn> isn't that a snap of the linux updates?
 <peetaur> you make it with eg.   mkinitcpio  -p linux   (where linux is
 a file like /etc/mkinitcpio.d/linux.preset)
 * CYBERDEViL (CYBERDEViL at gateway/vpn/mullvad/cyberdevil) has joined
 <mrbrklyn> maybe I should pacman mkinitcpio
 <peetaur> it probably auto builds initramfs any time you install a
 kernel package
 <mrbrklyn> it is not
 <mrbrklyn> and I bet that is the source of the all the troubles
 <peetaur> do you have presets?
 <mrbrklyn> how do I get pacman to redownload the kernel package
 * yustin has quit (Ping timeout: 264 seconds)
 <mrbrklyn> sh-5.0# ls /etc/mkinitcpio.d/      
 <mrbrklyn> linux-lts.preset  linux.preset
 <mrbrklyn> ah - those a ZERO size files
 <mrbrklyn> -rw-r--r--   1 root root     0 Nov 10 17:26 linux-lts.preset
 <mrbrklyn> -rw-r--r--   1 root root     0 Oct 18 20:24 linux.preset
 <peetaur> yeah 0 bytes is not quite enough
 <peetaur> to reinstall just  pacman -S linux
 <peetaur> to download again, rm it from /var/cache/pacman/pkg/
 <mrbrklyn> BING
 <mrbrklyn> BINGo
 <mrbrklyn> Although there SHOULD be a pacman command to redownload by
 force
 <mrbrklyn> sh-5.0# ls -al /var/cache/pacman/pkg/linux-
 <mrbrklyn> linux-5.6.12.artix1-1-x86_64.pkg.tar.zst
 <mrbrklyn> linux-5.6.14.artix1-1-x86_64.pkg.tar.zst
 <mrbrklyn> linux-5.6.4.artix1-1-x86_64.pkg.tar.xz
 <mrbrklyn> I am going to delete them all - why take up inodes
 <peetaur> you can remove all cache with   pacman -Scc
 <mrbrklyn> is that dangerous?
 <peetaur> or remove only not installed with    pacman -Sc     and
 annoyingly this will delete newer things not yet installed >:(
 <peetaur> only danger is you have to then dl things agin
 <ovf> you might also consider running pacman -Qkk >/dev/null if you
 suspect fs corruption
 <peetaur> like let's say you reboot and xorg broke and the easy fix is
 downgrade...well if you removed it, that means dl again; if your
 network is out for whatever reason (same problem with network instead
 of xorg?) then maybe now you can't fix it
 <mrbrklyn> it will know to automatically download?
 <peetaur> it will download anything not in cache
 <mrbrklyn> but only if I install
 <peetaur> you can use -S to install which auto downloads, or you can
 add  -w, --downloadonly
 <mrbrklyn> good lets clean out the cache, I have bandwidth and I am
 sitting on a mirror
 <peetaur> but not sure how to say forget cache for just that one
 package and dl again, except rm from /var/cache/pacman/pkg/
 <mrbrklyn> :)
 <mrbrklyn> not that is an official feature request
 <mrbrklyn> ls -al /etc/mkinitcpio.d/
 <mrbrklyn>  still has zero presets
 <mrbrklyn> after what looked like a good pacman -S linux linux-firmware
 <peetaur> rm those and install again..does it recreate them? and do you
 have free space? can you make a file there? (want me to pastebin the
 files?)
 <mrbrklyn> yeah - I am on that one minute
 <mrbrklyn> yeah that seemed to have worked
 <mrbrklyn> everything LOOKS perfect
 <mrbrklyn> ls -al /boot
 <mrbrklyn> total 40348
 <mrbrklyn> drwxr-xr-x  2 root root     4096 Dec 31  1969 .
 <mrbrklyn> drwxr-xr-x 17 root root     4096 Nov 11 02:20 ..
 <mrbrklyn> -rwxr-xr-x  1 root root 27087253 Nov 11 10:37
 initramfs-linux-fallback.img
 <mrbrklyn> -rwxr-xr-x  1 root root  5235159 Nov 11 10:37
 initramfs-linux.img
 <mrbrklyn> -rwxr-xr-x  1 root root  8973088 Nov 11 10:37 vmlinuz-linux
 <peetaur> uh oh...that's suspicious; it can't go from all wrong to all
 right so easily
 <mrbrklyn> Is there a record of this irc channel?
 <peetaur> but then again, it's possible without systemd
 <peetaur> dunno
 <mrbrklyn> there is too much juicy material in the thread to just
 disapear from the internet
 <mrbrklyn> well, we still hav eot  be concern for grub-install
 * polocho has quit (Remote host closed the connection)
 <mrbrklyn> or did it do that as part of the hooks?
 <peetaur> grub-install does very little... an ancient stage1 from 10
 years ago might even still work today and it might be completely
 unnecessary :)
 <peetaur> I think grub-install is only done on installing grub
 packages....and not needed for kernel changes
 <mrbrklyn> well I deleted much of the grub configuration
 <peetaur> you probably only need it on new installs or when you replace
 a disk (and in theory, when upgrading grub...but I doubt enough
 changed; like maybe if you have btrfs you need a newer one)
 <peetaur> grub-install is just the stage1, stage1.5 and not what's in
 /boot/
 <peetaur> update-grub is the /boot stuff which you should run
 <mrbrklyn> sh-5.0# ls -al /etc/grub.d/
 <mrbrklyn> total 80
 <mrbrklyn> drwxr-xr-x   2 root root  4096 Nov 11 04:47 .
 <mrbrklyn> drwxr-xr-x 118 root root 12288 Nov 11 10:37 ..
 <mrbrklyn> -rwxr-xr-x   1 root root  8871 Jul 30 15:43 00_header
 <mrbrklyn> -rwxr-xr-x   1 root root 11069 Jul 30 15:43 10_linux
 <peetaur> update-grub is possibly not necessary...but even a simple
 thing like some file having a new name can break it
 <mrbrklyn> that looks good
 <peetaur> you actually deleted the optional junk from there like
 *_custom?
 <mrbrklyn> no - I am just being nice to the old fashioned people who
 yell about flooding the IRC channel
 <mrbrklyn> sh-5.0# ls -al /etc/grub.d/
 <mrbrklyn> total 80
 <mrbrklyn> drwxr-xr-x   2 root root  4096 Nov 11 04:47 .
 <mrbrklyn> drwxr-xr-x 118 root root 12288 Nov 11 10:37 ..
 <mrbrklyn> -rwxr-xr-x   1 root root  8871 Jul 30 15:43 00_header
 <mrbrklyn> -rwxr-xr-x   1 root root 11069 Jul 30 15:43 10_linux
 <mrbrklyn> -rwxr-xr-x   1 root root 12051 Jul 30 15:43 20_linux_xen
 <mrbrklyn> -rwxr-xr-x   1 root root 11291 Jul 30 15:43 30_os-prober
 <mrbrklyn> -rwxr-xr-x   1 root root   214 Jul 30 15:43 40_custom
 <mrbrklyn> -rwxr-xr-x   1 root root   216 Jul 30 15:43 41_custom
 <mrbrklyn> -rw-r--r--   1 root root   483 Jul 30 15:43 README
 <mrbrklyn> :)
 <peetaur> uh oh..flood...better get the ops
 <mrbrklyn> That used to get you kicked out of a channel, still can in
 #perl
 <peetaur> yes well it still should if it's really a problem....but
 scroll up and you'll see it has been only me and you for a long time
 <mrbrklyn> and I appreciate it
 <mrbrklyn> there is no /etc/grub.conf
 <peetaur> the unwritten rule is something like max 3 lines else
 pastebin it
 <mrbrklyn> which I think, if memory serves me right, should be there
 <mrbrklyn> I hate pastebin
 <peetaur> so... if you update-grub, does your grub.cfg look good?
 <peetaur> until IRC gets a built in pastebin feature, we still need
 them....even if not the dreaded pastebin.com variety
 <mrbrklyn> I will tell you something peetaur, I used to put output on
 my weserver and they would refuse to read it unless it was in pastebin
 <mrbrklyn> this is linux we should all have out own webservers in 2020
 <mrbrklyn> :)
 <peetaur> they should use tor and use your webserver :D
 <mrbrklyn> yeah - maybe not tor specifically but something like it
 <mrbrklyn> a completely annomyzed internet 
 <mrbrklyn> ok back to work update-grub
 <mrbrklyn> l
 <mrbrklyn>  /usr/bin/grub-mkconfig: line 248: /boot/grub/grub.cfg.new:
 No such file or directory
 <mrbrklyn> which is correct in its complate
 <mrbrklyn> I removed all of /boot/grub 
 <peetaur> :D well as long as you expect it to fail that's sane
 <peetaur> so reinstall the grub packages then
 <mrbrklyn> i just did and it didn't put anything in /boot
 <peetaur> um....how weird
 <peetaur> $ pacman -Qo /boot/grub/i386-pc/gdb.mod
 <peetaur> error: No package owns /boot/grub/i386-pc/gdb.mod
 <mrbrklyn> grub-install --target=x86_64-efi --efi-directory=/boot
 --bootloader-id=grub
 <mrbrklyn> maybe
 <peetaur> hmm there's another path owned by the package
 /usr/lib/grub/i386-pc/gdb.mod
 <mrbrklyn> ah that worked
 <peetaur> ummmm oh. I would expect a hook to run that command... oh
 well
 <mrbrklyn> YEAH
 <mrbrklyn> again I agree
 <mrbrklyn> see they want you to get into the pacman religion, and OK -
 I am buying in
 <mrbrklyn> but there are gaps
 <mrbrklyn> it looks better
 <mrbrklyn> I need to get all this down


-- 
So many immigrant groups have swept through our town
that Brooklyn, like Atlantis, reaches mythological
proportions in the mind of the world - RI Safir 1998
http://www.mrbrklyn.com 

DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002
http://www.nylxs.com - Leadership Development in Free Software
http://www2.mrbrklyn.com/resources - Unpublished Archive 
http://www.coinhangout.com - coins!
http://www.brooklyn-living.com 

Being so tracked is for FARM ANIMALS and extermination camps, 
but incompatible with living as a free human being. -RI Safir 2013