MESSAGE
| DATE | 2020-11-11 |
| FROM | Ruben Safir
|
| SUBJECT | Re: [Hangout - NYLXS] [artix-general] updates keep blowing away my
|
So much of this is fleshed out on the irc channel, althoug I am not
at a solution yet - but here is a record of the conversation which I
will post to the internet so that maybe it will be searchable in the
future.
There are a few package issues we discussed and discovered
* Now talking on #artix
* Topic for #artix is: Artix Linux - https://artixlinux.org --- We need
* more packagers:
* https://forum.artixlinux.org/index.php/topic,512.0.html
* Topic for #artix set by nous (Sat Apr 20 14:56:47 2019)
* Channel #artix url: http://artixlinux.org
Device Start End Sectors Size
Type
>> Free space 2048 4096 2049
1M
/dev/sda1 4097 618497 614401
300M EFI System
/dev/sda2 618498 1881523267 1880904770
896.9G Linux filesystem
/dev/sda3 1881523268 1953520064 71996797
34.3G Linux swap
Free space 1953521664 1953525134 3471
1.7M
the instructions say
NOTE: The BIOS boot partition is necessary on UEFI systems
with a GPT-partitioned disk. EFI system partition has to be created and
mounted at /mnt/boot and the suggested size is around 512 MiB.
* nycko (nycko123-at-gateway/vpn/protonvpn/nycko123) has joined
that completely fails though when you run grub-install on it
* sztelke (~KiwiIRC-at-unaffiliated/sztelke) has left
mrbrklyn, : you need - EFI partition 255-555mb , 8gb
Root, 8gb swap, 8gb home, left over data
if all fails use GPARTED usb stick to sort it all out
https://gparted.org/livecd.php
* nycko has quit (Quit: blip blop)
* nycko (~nycko123-at-unaffiliated/nycko123) has joined
* lleumaS (~lleumaS-at-213.177.218.168) has joined
hey guys, one simple question, switching actually from arch to
artix to let sysmd fly away, I need encryption on my laptop so, actually
I'm using sysmdboot and luks2, I heard of GRUB to not support
luks2,should I care about this on artix, need I to force luks1? thx
* linuxer__ has quit (Remote host closed the connection)
* linuxer_ has quit (Ping timeout: 272 seconds)
Gday I personally havent used LUK yet, I use EXT4,
appimage and use extranal drive thats been encytped with Veracrypt
along with keePassXC
* randombit has quit (Remote host closed the connection)
* randombit (~randombit-at-188-143-51-174.pool.digikabel.hu) has joined
* ShadowKyogre (7358dd25f8-at-unaffiliated/shadowkyogre) has joined
* ShadowKyogre (7358dd25f8-at-unaffiliated/shadowkyogre) has left
* lleumaS has quit (Quit: Lost terminal)
* peetaur (~peter-at-xplr-96-44-121-242.xplornet.com) has joined
* yustin has quit (Ping timeout: 265 seconds)
* burningserenity (~burningse-at-050-088-154-247.res.spectrum.com) has
* joined
what's so secret about one's kernel and initramfs that they need
to be on a luks partition?
mrbrklyn: just mount /dev/sda1 as /boot
they likely aren't secret, but what if someone modified them
to add some logging and whatnot? you'd rather it is corrupt than the
modifications run
but a signature is all you need
(is there such a thing as a signature for initramfs?)
* burningserenity has quit (Read error: Connection reset by peer)
sha256sum /boot/initramfs-linux.img > ~/initramfs-sig ? :-) where
your home is encrypted to taste
* burningserenity (~burningse-at-050-088-154-247.res.spectrum.com) has
* joined
Its amazing so many people are against, passwords,
encyption and piracy, yet these SAME PEOPLE - lock doors in vechiles,
lock doors at homes, keep private docments in folders/box's/storage
devices with lock and key, have key combination locks, yet some how
security should be wide open when something is DIGITAL, but double
standard for PHYISCAL items
* burningserenity has quit (Client Quit)
* aHick (~aHick-at-unaffiliated/ahick) has joined
if i'm worried about someone tampering with my initramfs offline,
i might as well think about my system's physical security.
* yustin (~yustin-at-unaffiliated/yustin) has joined
* multi8 has quit (Ping timeout: 260 seconds)
imagine you encrypt your rootfs and home, but not initramfs.
So an attacker comes and images your disk and puts a backdoor and logger
in your initramfs. Then later you log in, and they dl the logged pw
through the backdoor and use it with their copy of your fs.
(they don't need your password which might not be available at
the time of logging.....but to use the FS, the key is unencrypted in RAM
so they can also just grab that)
so if you care about that sort of security, then you should
care about preventing tampering with your initramfs, hardware, firmware,
etc. too
* burningserenity (~burningse-at-050-088-154-247.res.spectrum.com) has
* joined
* Dudemanguy (~Dudemangu-at-mpv/developer/Dudemanguy) has joined
* d3m0nm4dn3ss (~u0_a338-at-2600:380:8d32:91c1:d0b:cde0:4598:d64) has
* joined
Hey guys! I just ran the fucktheskullofsystemd.sh script
by artixnous, and I have this issue when I turn on my netbook my
hostname is always archlinux, even though in /etc/hostname it is set as
Matthew-Netbook, and my /etc/hosts file is pretty much nothing
Can I get some help? I'm completely new to OpenRC
see https://wiki.artixlinux.org/Main/Configuration
OpenRC does it differently
okay
lol i just got artix's 404 page
Okay cool I just set the hostname acc. to this wiki page
* multi8 (~multi8-at-90-227-29-153-no173.tbcn.telia.com) has joined
sorry about that, there's weird heisenbug with the wiki
Also, when openrc starts up it keeps trying to obtain an
ip from my ethernet adapter... i dont use ethernet. it's slowing my boot
how to fix that?
ovf - I did mount /dev/sda1 as boot
* ztx has quit (Ping timeout: 265 seconds)
charliebrownau!*-at-* added to ignore list.
grub-install then wouldn't work at all
with /boot/ as a partition and /boot/EFI
* ShadowKyogre (7358dd25f8-at-unaffiliated/shadowkyogre) has joined
d3m0nm4dn3ss: you probably have something enabled that does
that... like a dhcp client
* ShadowKyogre (7358dd25f8-at-unaffiliated/shadowkyogre) has left
check out /etc/init.d
or rc-status
if there's something like net.eth0 -> net.lo in init.d, that's
what you want to turn off
Oh okay cool
* polocho (~polocho-at-95.39.153.248) has joined
I'm at dollar general right now i'll be back soon prollu
* ShadowKyogre (7358dd25f8-at-unaffiliated/shadowkyogre) has joined
* linuxer_ (~linuxer_-at-unaffiliated/linuxer/x-5503211) has joined
* multi8 has quit (Ping timeout: 258 seconds)
mrbrklyn: sorry, i'm too frightened of grub2 to be of help with
this. i think i'm in the majority that gave up and went with efistub
(using your computer firmware as the bootloader)
ovf - I hear
* ShadowKyogre (7358dd25f8-at-unaffiliated/shadowkyogre) has left
I can help with grub2 stuff ...but I don't see the question
I even use grub2 for efi... I like having a fully featured
grub menu and don't understand why nobody else does it that way :D
it's probably idiosyncratic but the way the whole config
generation system works
(https://wiki.archlinux.org/index.php/GRUB#Generate_the_main_configuration_file)
fills me with existential dread, and i could never get anything working
(e.g. even changing the default is some strange exercise). in
comparison with efi i can directly inspect (with bcfg or efibootmgr)
what gets loaded and with which options.
i agree that a smart interactive bootloader is nice to have, but
not at that cost. :-)
(besides for efi targets like linux, efi shell is a pretty good
interactive bootloader)
Okay how do I turn it off
net.eth0
d3m0nm4dn3ss: use `rc-update del ...` or rm the symlinks in
/etc/runlevels/
Do I just rm it?
oh k
use the rc-update unless you're sure you know what you're
doing .....maybe it has some shoot-self-in-foot protection
service net.eth0 removed from reuntime default
don't rm things in /etc/init.d/ ... let pacman handle that
(by uninstalling packages for example)
Yeah I did
I'm not completely stupid lmao
if you rm something from /etc/init.d/ you can install it
again... pacman -Qo /path/to/file and then reinstall that package
many said that, many had sleepless night
Oh okay, good to know
not sure if symlink kinds of stuff is replaced though...some
things are not "owned" but generated by package hooks
: Running post-transaction hooks...
(1/5) Creating temporary files...
Failed to open file
"/sys/devices/system/cpu/microcode/reload": Read-only file system
error: command failed to execute correctly
this is an error in basestrap /mnt linux linux-firmware
sysfs should be mounted rw. what's the output of mount -t sysfs ?
artix:[artix]:/mnt/boot$ mount -t sysfs
sys on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
looks read and write to me
ls -al /sys/devices/system/cpu/microcode/reload
this is fucked up
I am down over 15 hors now
I have 9 more of these artix systems
wait, are you doing that on an actual install or a liveusb?
* ShadowKyogre (7358dd25f8-at-unaffiliated/shadowkyogre) has joined
* Megver83 (~Icedove-at-pc-88-170-100-190.cm.vtr.net) has joined
I have to boot from, a live stick
it doesn't boot from the /dev/sda
all I am trying to do it rewrite the boot records and the
kernel so it will boot
that error comes from tmpfiles --create
/usr/lib/tmpfiles.d/linux-firmware.conf. now i don't see the point of
this, but on a normal artix system that works fine
there is like no tools to do this
this is my main workstation with all my COVID-19 Data on it
my PhD work
do you have your /boot also mounted into /mnt/boot?
yes
it is just refusing to lay out the kernel correctly
artix:[artix]:~$ ls -al /mnt/boot/
total 8776
drwxr-xr-x 2 root root 4096 Jan 1 1970 .
drwxr-xr-x 17 root root 4096 Nov 11 07:20 ..
-rwxr-xr-x 1 root root 8973088 Nov 11 15:00 vmlinuz-linux
where did the initramfs disapear to or the memstat for that
matter?
did you do what aldum suggested? artools-chroot /mnt mkinitcpio
-p linux
* ShadowKyogre (7358dd25f8-at-unaffiliated/shadowkyogre) has left
if /mnt is (at some point) a working artix system, you probably
should do basestrap if all you need is to reinstall the kernel.
*shouldn't do basestrap
* ShadowKyogre (7358dd25f8-at-unaffiliated/shadowkyogre) has joined
no - I didn't see that
if target fs pacman works, artools-chroot and use its own
pacman.... if not, that's when you use basestrap
* d3m0nm4dn3ss has quit (Ping timeout: 246 seconds)
peetaur - I was thinking that!
and you can even fix pacman without basestrap...like tar xf
the pacman package (not proper) and then `pacman -S --replace ....
pacman` to make it proper afterwards
peetaur - Lets NOT try to pull in pacman by a tarball at
this point :)
I'm not saying you should ...just saying *even* if you messed
pacman up horribly, you still likely don't need basestrap
sh-5.0# pacman -S linux linux-firmware
it still can't read that dam tree
Failed to open file
"/sys/devices/system/cpu/microcode/reload": Read-only file system
I think it wants to write, not read
lots of things in sysfs work like echo 1 >
"/sys/devices/system/cpu/microcode/reload"
sh-5.0# mount -t sysfs
sys on /sys type sysfs (ro,nosuid,nodev,noexec,relatime)
now THAT is a read only mount
yep: /usr/lib/artools/base/mount.sh: chroot_mount sys
"$mnt/sys" -t sysfs -o nosuid,noexec,nodev,ro &&
it clearly says ro there..why is it ro?
questionable choice by artools-chroot
so should I ignor it?
well you can probably mount -o remount,rw /sys
or is that why I am not getting a linx kernel
AH - experts - thank you guys
when does it make the initramfs
isn't that a snap of the linux updates?
you make it with eg. mkinitcpio -p linux (where linux is
a file like /etc/mkinitcpio.d/linux.preset)
* CYBERDEViL (CYBERDEViL-at-gateway/vpn/mullvad/cyberdevil) has joined
maybe I should pacman mkinitcpio
it probably auto builds initramfs any time you install a
kernel package
it is not
and I bet that is the source of the all the troubles
do you have presets?
how do I get pacman to redownload the kernel package
* yustin has quit (Ping timeout: 264 seconds)
sh-5.0# ls /etc/mkinitcpio.d/
linux-lts.preset linux.preset
ah - those a ZERO size files
-rw-r--r-- 1 root root 0 Nov 10 17:26 linux-lts.preset
-rw-r--r-- 1 root root 0 Oct 18 20:24 linux.preset
yeah 0 bytes is not quite enough
to reinstall just pacman -S linux
to download again, rm it from /var/cache/pacman/pkg/
BING
BINGo
Although there SHOULD be a pacman command to redownload by
force
sh-5.0# ls -al /var/cache/pacman/pkg/linux-
linux-5.6.12.artix1-1-x86_64.pkg.tar.zst
linux-5.6.14.artix1-1-x86_64.pkg.tar.zst
linux-5.6.4.artix1-1-x86_64.pkg.tar.xz
I am going to delete them all - why take up inodes
you can remove all cache with pacman -Scc
is that dangerous?
or remove only not installed with pacman -Sc and
annoyingly this will delete newer things not yet installed >:(
only danger is you have to then dl things agin
you might also consider running pacman -Qkk >/dev/null if you
suspect fs corruption
like let's say you reboot and xorg broke and the easy fix is
downgrade...well if you removed it, that means dl again; if your
network is out for whatever reason (same problem with network instead
of xorg?) then maybe now you can't fix it
it will know to automatically download?
it will download anything not in cache
but only if I install
you can use -S to install which auto downloads, or you can
add -w, --downloadonly
good lets clean out the cache, I have bandwidth and I am
sitting on a mirror
but not sure how to say forget cache for just that one
package and dl again, except rm from /var/cache/pacman/pkg/
:)
not that is an official feature request
ls -al /etc/mkinitcpio.d/
still has zero presets
after what looked like a good pacman -S linux linux-firmware
rm those and install again..does it recreate them? and do you
have free space? can you make a file there? (want me to pastebin the
files?)
yeah - I am on that one minute
yeah that seemed to have worked
everything LOOKS perfect
ls -al /boot
total 40348
drwxr-xr-x 2 root root 4096 Dec 31 1969 .
drwxr-xr-x 17 root root 4096 Nov 11 02:20 ..
-rwxr-xr-x 1 root root 27087253 Nov 11 10:37
initramfs-linux-fallback.img
-rwxr-xr-x 1 root root 5235159 Nov 11 10:37
initramfs-linux.img
-rwxr-xr-x 1 root root 8973088 Nov 11 10:37 vmlinuz-linux
uh oh...that's suspicious; it can't go from all wrong to all
right so easily
Is there a record of this irc channel?
but then again, it's possible without systemd
dunno
there is too much juicy material in the thread to just
disapear from the internet
well, we still hav eot be concern for grub-install
* polocho has quit (Remote host closed the connection)
or did it do that as part of the hooks?
grub-install does very little... an ancient stage1 from 10
years ago might even still work today and it might be completely
unnecessary :)
I think grub-install is only done on installing grub
packages....and not needed for kernel changes
well I deleted much of the grub configuration
you probably only need it on new installs or when you replace
a disk (and in theory, when upgrading grub...but I doubt enough
changed; like maybe if you have btrfs you need a newer one)
grub-install is just the stage1, stage1.5 and not what's in
/boot/
update-grub is the /boot stuff which you should run
sh-5.0# ls -al /etc/grub.d/
total 80
drwxr-xr-x 2 root root 4096 Nov 11 04:47 .
drwxr-xr-x 118 root root 12288 Nov 11 10:37 ..
-rwxr-xr-x 1 root root 8871 Jul 30 15:43 00_header
-rwxr-xr-x 1 root root 11069 Jul 30 15:43 10_linux
update-grub is possibly not necessary...but even a simple
thing like some file having a new name can break it
that looks good
you actually deleted the optional junk from there like
*_custom?
no - I am just being nice to the old fashioned people who
yell about flooding the IRC channel
sh-5.0# ls -al /etc/grub.d/
total 80
drwxr-xr-x 2 root root 4096 Nov 11 04:47 .
drwxr-xr-x 118 root root 12288 Nov 11 10:37 ..
-rwxr-xr-x 1 root root 8871 Jul 30 15:43 00_header
-rwxr-xr-x 1 root root 11069 Jul 30 15:43 10_linux
-rwxr-xr-x 1 root root 12051 Jul 30 15:43 20_linux_xen
-rwxr-xr-x 1 root root 11291 Jul 30 15:43 30_os-prober
-rwxr-xr-x 1 root root 214 Jul 30 15:43 40_custom
-rwxr-xr-x 1 root root 216 Jul 30 15:43 41_custom
-rw-r--r-- 1 root root 483 Jul 30 15:43 README
:)
uh oh..flood...better get the ops
That used to get you kicked out of a channel, still can in
#perl
yes well it still should if it's really a problem....but
scroll up and you'll see it has been only me and you for a long time
and I appreciate it
there is no /etc/grub.conf
the unwritten rule is something like max 3 lines else
pastebin it
which I think, if memory serves me right, should be there
I hate pastebin
so... if you update-grub, does your grub.cfg look good?
until IRC gets a built in pastebin feature, we still need
them....even if not the dreaded pastebin.com variety
I will tell you something peetaur, I used to put output on
my weserver and they would refuse to read it unless it was in pastebin
this is linux we should all have out own webservers in 2020
:)
they should use tor and use your webserver :D
yeah - maybe not tor specifically but something like it
a completely annomyzed internet
ok back to work update-grub
l
/usr/bin/grub-mkconfig: line 248: /boot/grub/grub.cfg.new:
No such file or directory
which is correct in its complate
I removed all of /boot/grub
:D well as long as you expect it to fail that's sane
so reinstall the grub packages then
i just did and it didn't put anything in /boot
um....how weird
$ pacman -Qo /boot/grub/i386-pc/gdb.mod
error: No package owns /boot/grub/i386-pc/gdb.mod
grub-install --target=x86_64-efi --efi-directory=/boot
--bootloader-id=grub
maybe
hmm there's another path owned by the package
/usr/lib/grub/i386-pc/gdb.mod
ah that worked
ummmm oh. I would expect a hook to run that command... oh | |
