Re: DD's, Debian Mentors needs you!
Hi, On Sun, 2024-07-07 at 07:41 +0800, xiao sheng wen(肖盛文) wrote: > Support this become a weekly thing or a monthly thing. > > Can mentors.debian.net sent package list to debian-devel automatically? It could. There is actually an issue for that[1], but no one has worked on it yet. Note that, there is also an api on mentors[2], that an external provider could use that to craft and send those weekly reports automatically. Best, [1]: https://salsa.debian.org/mentors.debian.net-team/debexpo/-/issues/42 [2]: https://mentors.debian.net/api/ -- Baptiste Beauplat signature.asc Description: This is a digitally signed message part
Bug#792380: ITP: chkboot -- a tool to help detect changes to an unencrypted /boot partition
Package: wnpp Followup-For: Bug #792380 Owner: Baptiste BEAUPLAT -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Control: retitle -1 ITP: chkboot -- a tool to help detect changes to an unencrypted /boot partition Control: owner -1 ! I intent to work on the package chkboot proposed in the RFP #792380. Can someone from Debian could create an empty repository at https://salsa.debian.org/debian/chkboot and put me (lyknode-guest) as the maintainer? Best regards, - -- Baptiste BEAUPLAT - lyknode -BEGIN PGP SIGNATURE- iIcEARYIAC8WIQQt4kiVMTxdp/CJ4U4XSUsQeV3XMwUCW9h9VREcbHlrbm9kZUBj aWxnLm9yZwAKCRAXSUsQeV3XM9sJAQDLRfQxDZtCpC1iXWy0nSlWYwt3jAqPKx54 6Z+HXi3T2wD/d3qZ2ycNjvfoCC06YbMeeoQuxSlO6Q1CCSq94CLsmQk= =lfLM -END PGP SIGNATURE-
Bug#993963: ITP: centreon-plugins -- Collection of nagios plugins to monitor OS, services and network devices
Package: wnpp Severity: wishlist Owner: Baptiste Beauplat X-Debbugs-Cc: debian-devel@lists.debian.org, pkg-nagios-de...@lists.alioth.debian.org * Package name: centreon-plugins Version : 0.0~20210520-1 Upstream Author : Centreon (https://www.centreon.com) * URL : https://github.com/centreon/centreon-plugins * License : Apache-2.0 Programming Lang: Perl Description : Collection of Nagios plugins to monitor OS, services and network devices Free and open source project to monitor systems. The project can be used with Centreon and all monitoring software compatible with Nagios plugins. The following can be monitored: * application: Apache, Asterisk, Elasticsearch, Github, Jenkins, Kafka, Nginx, Pfsense, Redis, Tomcat, Varnish... * cloud: AWS, Azure, Docker, Office365, Nutanix, Prometheus... * database: Firebird, Informix, MS SQL, MySQL, Oracle, Postgres, Cassandra * hardware: printers (rfc3805), UPS (Powerware, Mge, Standard), Sun Hardware, Cisco UCS, SensorIP, HP Proliant, HP Bladechassis, Dell Openmanage, Dell CMC, Raritan... * network: Aruba, Brocade, Bluecoat, Brocade, Checkpoint, Cisco AP/IronPort/ASA/Standard, Extreme, Fortigate, H3C, Hirschmann, HP Procurve, F5 BIG-IP, Juniper, PaloAlto, Redback, Riverbed, Ruggedcom, Stonesoft... * os: Linux (SNMP, NRPE), Freebsd (SNMP), AIX (SNMP), Solaris (SNMP)... * storage: EMC Clariion, Netapp, Nimble, HP MSA p2000, Dell EqualLogic, Qnap, Panzura, Synology... I intend to maintain this package as part of the Nagios team. -- Baptiste Beauplat - lyknode signature.asc Description: PGP signature
Gmail bounce unauthenticated @debian.org addresses
Hi all, We recently discovered that Gmail started to bounce email from mentors.debian.net with the following message: 550-5.7.26 This message does not have authentication information or fails to 550-5.7.26 pass authentication checks. To best protect our users from spam, the 550-5.7.26 message has been blocked. Please visit 550-5.7.26 https://support.google.com/mail/answer/81126#authentication for more 5 50 5.7.26 information. My debian address is also affected, and probably others that did not setup DKIM for their @debian.org address. As a reminder debian.org addresses does support DKIM. After configuration on your mail server, you can publish your DKIM public key to db.debian.org [1][2]. Best, [1]: https://lists.debian.org/debian-devel-announce/2020/04/msg4.html [2]: https://db.debian.org/doc-mail.html -- Baptiste Beauplat - lyknode
Re: Gmail bounce unauthenticated @debian.org addresses
Hi Stephan, On 3/4/22 13:27, Stephan Lachnit wrote: > On Fri, Mar 4, 2022 at 12:47 PM Baptiste Beauplat wrote: >> >> My debian address is also affected, and probably others that did not >> setup DKIM for their @debian.org address. >> >> As a reminder debian.org addresses does support DKIM. After >> configuration on your mail server, you can publish your DKIM public key >> to db.debian.org [1][2]. > > Can you point to some quick guide on how to do this for gmail? The > support page seems kinda confusing to me. Looking at your email headers, I would guess that gmail is already doing it. X-Google-DKIM-Signature: v=1; a=rsa-sha256... There is somewhat some irony in Gmail blocking email without a DKIM signature while they are using a non-standard header that other provider/tools might miss. Just a thought. -- Baptiste Beauplat - lyknode
Re: Gmail bounce unauthenticated @debian.org addresses
Hi Bastian, On 3/4/22 14:40, Bastian Blank wrote: > On Fri, Mar 04, 2022 at 12:38:02PM +0100, Baptiste Beauplat wrote: >> We recently discovered that Gmail started to bounce email from >> mentors.debian.net with the following message: > > Can you please share the complete headers of the bounced message? Aka > the thing in the message/rfc822 part of the DSN message. Right now we > don't know what they see from your explanation. I'm attached the bounce. Am I mistaken in thinking that's only a case of simply rejecting unsigned DKIM email? -- Baptiste Beauplat - lyknodeFrom MAILER-DAEMON Fri Mar 4 03:14:04 2022 Return-Path: <> X-Original-To: expo+bou...@mentors.debian.net Delivered-To: expo+bou...@mentors.debian.net Received: by wv-debian-mentors1.wavecloud.de (Postfix) id A6A758B5E2; Fri, 4 Mar 2022 03:14:04 + (UTC) Date: Fri, 4 Mar 2022 03:14:04 + (UTC) From: mailer-dae...@mentors.debian.net (Mail Delivery System) Subject: Undelivered Mail Returned to Sender To: expo+bou...@mentors.debian.net Auto-Submitted: auto-replied MIME-Version: 1.0 Content-Type: multipart/report; report-type=delivery-status; boundary="55D16823EC.1646363644/wv-debian-mentors1.wavecloud.de" Content-Transfer-Encoding: 8bit Message-Id: <20220304031404.a6a758b...@wv-debian-mentors1.wavecloud.de> This is a MIME-encapsulated message. --55D16823EC.1646363644/wv-debian-mentors1.wavecloud.de Content-Description: Notification Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit This is the mail system at host wv-debian-mentors1.wavecloud.de. I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below. For further assistance, please send mail to postmaster. If you do so, please include this problem report. You can delete your own text from the attached returned message. The mail system <**@gmail.com>: host gmail-smtp-in.l.google.com[172.253.120.26] said: 550-5.7.26 This message does not have authentication information or fails to 550-5.7.26 pass authentication checks. To best protect our users from spam, the 550-5.7.26 message has been blocked. Please visit 550-5.7.26 https://support.google.com/mail/answer/81126#authentication for more 550 5.7.26 information. ay16-20020a5d6f1000b001efd7e8dbb9si2037544wrb.218 - gsmtp (in reply to end of DATA command) --55D16823EC.1646363644/wv-debian-mentors1.wavecloud.de Content-Description: Delivery report Content-Type: message/delivery-status Reporting-MTA: dns; wv-debian-mentors1.wavecloud.de X-Postfix-Queue-ID: 55D16823EC X-Postfix-Sender: rfc822; expo+bou...@mentors.debian.net Arrival-Date: Fri, 4 Mar 2022 03:14:03 + (UTC) Final-Recipient: rfc822; **@gmail.com Original-Recipient: rfc822;**@gmail.com Action: failed Status: 5.7.26 Remote-MTA: dns; gmail-smtp-in.l.google.com Diagnostic-Code: smtp; 550-5.7.26 This message does not have authentication information or fails to 550-5.7.26 pass authentication checks. To best protect our users from spam, the 550-5.7.26 message has been blocked. Please visit 550-5.7.26 https://support.google.com/mail/answer/81126#authentication for more 550 5.7.26 information. ay16-20020a5d6f1000b001efd7e8dbb9si2037544wrb.218 - gsmtp --55D16823EC.1646363644/wv-debian-mentors1.wavecloud.de Content-Description: Undelivered Message Content-Type: message/rfc822 Content-Transfer-Encoding: 8bit Return-Path: Received: from mentors.debian.net (localhost [127.0.0.1]) by wv-debian-mentors1.wavecloud.de (Postfix) with ESMTP id 55D16823EC for <**@gmail.com>; Fri, 4 Mar 2022 03:14:03 + (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: Next step: Confirm your email address From: mentors.debian.net To: **@gmail.com Date: Fri, 04 Mar 2022 03:14:03 - Message-ID: <164636364329.4074035.11224505717463252...@mentors.debian.net> Hello, Please activate your account by visiting the following address in your web-browser: https://mentors.debian.net/accounts/reset/[REDACTED] If you didn't create an account on mentors.debian.net, you can safely ignore this email. Thanks, -- mentors.debian.net --55D16823EC.1646363644/wv-debian-mentors1.wavecloud.de--
Re: Gmail bounce unauthenticated @debian.org addresses
On 3/4/22 15:27, Bastian Blank wrote: > I don't see anything about debian.org in those headers? Do you? Ah, I see the confusion. Gmail reject ALL unauthenticated email, this isn't specific to @debian.org addresses but it does, at least, affect mine. We detected the issue on mentors (the bounce I forwarded in my previous email). Later on I tried with my @d.o address and I had the exact same issue (now attaching the bounce for the @d.o address). Just to be clear, I'm not asking for support. I merely relaying the info because I think other might be affected and how to solve this :) -- Baptiste Beauplat - lyknodeReturn-Path: <> Delivered-To: lykn...@cilg.org Received: from lyra.cilg.org by lyra.cilg.org with LMTP id 5n80LizvIWKVYwAAVdkSaA (envelope-from <>) for ; Fri, 04 Mar 2022 10:51:24 + Received: from mailly.debian.org ([2001:41b8:202:deb:6564:a62:52c3:4b72]) by lyra.cilg.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) id 1nQ5Wt-0006d0-Ll for lykn...@cilg.org; Fri, 04 Mar 2022 10:51:24 + Received: from lyra.cilg.org ([2001:bc8:21a6:100::1]:55848) by mailly.debian.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) id 1nQ5Wt-Zm-BX for lykn...@cilg.org; Fri, 04 Mar 2022 10:51:23 + Received: from Debian-exim by lyra.cilg.org with local (Exim 4.92) id 1nQ5Ws-0006ct-8a for lykn...@debian.org; Fri, 04 Mar 2022 10:51:22 + X-Failed-Recipients: ***@gmail.com Auto-Submitted: auto-replied From: Mail Delivery System To: lykn...@debian.org Content-Type: multipart/report; report-type=delivery-status; boundary=1646391082-eximdsn-556502559 MIME-Version: 1.0 Subject: Mail delivery failed: returning message to sender Message-Id: Date: Fri, 04 Mar 2022 10:51:22 + Received-SPF: pass client-ip=2001:41b8:202:deb:6564:a62:52c3:4b72; helo=mailly.debian.org X-Spam-Score: -5.0 --1646391082-eximdsn-556502559 Content-type: text/plain; charset=us-ascii This message was created automatically by mail delivery software. A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed: ***@gmail.com host gmail-smtp-in.l.google.com [2a00:1450:400c:c07::1b] SMTP error from remote mail server after pipelined end of data: 550-5.7.26 This message does not have authentication information or fails to 550-5.7.26 pass authentication checks. To best protect our users from spam, the 550-5.7.26 message has been blocked. Please visit 550-5.7.26 https://support.google.com/mail/answer/81126#authentication for more 550 5.7.26 information. t9-20020a5d42c900b001e098215265si2648983wrr.24 - gsmtp --1646391082-eximdsn-556502559 Content-type: message/delivery-status Reporting-MTA: dns; lyra.cilg.org Action: failed Final-Recipient: rfc822;***@gmail.com Status: 5.0.0 Remote-MTA: dns; gmail-smtp-in.l.google.com Diagnostic-Code: smtp; 550-5.7.26 This message does not have authentication information or fails to 550-5.7.26 pass authentication checks. To best protect our users from spam, the 550-5.7.26 message has been blocked. Please visit 550-5.7.26 https://support.google.com/mail/answer/81126#authentication for more 550 5.7.26 information. t9-20020a5d42c900b001e098215265si2648983wrr.24 - gsmtp --1646391082-eximdsn-556502559 Content-type: message/rfc822 Return-path: Received: from by lyra.cilg.org with esmtpsa (TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.92) (envelope-from ) id 1nQ5Wr-0006cm-Oe for ***@gmail.com; Fri, 04 Mar 2022 10:51:21 + Message-ID: <098dc2a7-2602-2a06-3789-6baa285b4...@debian.org> Date: Fri, 4 Mar 2022 11:51:21 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.6.0 Subject: Re: Mail stuff broken in mentors? Content-Language: en-US-large To: <***@gmail.com> References: <20220304095426.sza7lbfnjgn7twqp@debian> From: Baptiste Beauplat In-Reply-To: <20220304095426.sza7lbfnjgn7twqp@debian> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Hello, Please activate your account by visiting the following address in your web-browser: https://mentors.debian.net/accounts/reset/[REDACTED] If you didn't create an account on mentors.debian.net, you can safely ignore this email. Thanks, -- Baptiste Beauplat - lyknode --1646391082-eximdsn-556502559--
Re: Gmail bounce unauthenticated @debian.org addresses
On 3/4/22 15:41, LeJacq, Jean Pierre wrote: > Google uses a number of criteria when blocking. A missing DKIM is just one. > See the referenced document: > > https://support.google.com/mail/answer/81126 > > One of the problems here is that mentors.debian.net does not have the > standard > email security DNS records - SPF, DKIM, DMARC, MTA-TLS, DANE. This doesn't > automatically cause Google to classify as spam but we really should have > these > in place to protect email. > > As an example, we may be spoofing mentors.debian.net with wv-debian- > mentors1.wavecloud.de (not 100% clear with the headers provided). SPF could > handle this. Indeed we are looking into it for mentors. However for SPF, if I'm not mistaken, this is not possible for @debian.org addresses since Debian does not offers an MSA and therefor not a single (or enumerable list of) exit point. -- Baptiste Beauplat - lyknode
Re: Gmail bounce unauthenticated @debian.org addresses
On 3/4/22 18:29, Marco d'Itri wrote: On Mar 04, Baptiste Beauplat wrote: Looking at your email headers, I would guess that gmail is already doing it. X-Google-DKIM-Signature: v=1; a=rsa-sha256... There is somewhat some irony in Gmail blocking email without a DKIM signature while they are using a non-standard header that other provider/tools might miss. Just a thought. > No irony, you are just missing the point. gmail uses this X header for internal purposes, and there is no DKIM signature because the message has a @debian.org 822.from address hence gmail obviously lacks a valid key for it. Thanks for pointing this out Marco. I did check a mail coming from @gmail.com and indeed the correct header was used. Stephan, sorry then. I don't use gmail and I won't be able to point you to the correct how-to :/ -- Baptiste BEAUPLAT - lyknode
Packaging text licenses
Hi all, Yesterday, I was looking for the CC-BY license text to start a new project. I had to dig up to CreativeCommons's github repository to find the text version. (I didn't want to copy/paste the HTML version on their website). My question to you is: "Would it be interesting for others if I were to create a package with missing text version of licenses?" Currently, in debian, we have the /usr/share/common-licenses/ that includes a couple of one, but is missing CC- and MIT for instance. I would find it useful to just cp the file to new projects. @debian-legal: How text license are qualified regarding their licenses? Can 'legal text' can be considered as public domain and packaged with whatever license (MIT/GPL) ? Best, -- Baptiste BEAUPLAT - lyknode signature.asc Description: OpenPGP digital signature
Re: Packaging text licenses
On 12/14/19 12:27 PM, Andrius Merkys wrote: > It's https://creativecommons.org/licenses/by/4.0/legalcode.txt. One just > has to add .txt suffix to legal code link URL. Ah thanks Andrius, I was completely oblivious to that. -- Baptiste BEAUPLAT - lyknode signature.asc Description: OpenPGP digital signature
Re: Packaging text licenses
On 12/14/19 1:03 PM, Jonas Smedegaard wrote: > A rich collection of Free license fulltexts is relevant, not only for > our users to pick from (even on a lonely island) and copy into new > development project, but also as reference e.g. for testing license > checkers. > > What is _not_ helpful in my opinion, however, is yet another manually > curated selection of random license texts. What I see generally useful > is to package this: https://github.com/spdx/license-list-XML That looks like a great list to package. I'll need input on the repository license status from the legal team as it could be ambiguous from what I read in issues: [Add top level license to license list code and files][1] and [Clarify under which license the license list itself is licensed][2]. > If you are interested in license checkers, then please consider joining > others with same interest at the irc channel #licenses on OFTC.net. > > Related is also https://wiki.debian.org/CopyrightReviewTools Thanks for the pointers. Although my particular use case stops to new projects, it could certainly be expended to benefit license checkers. [1]: https://github.com/spdx/license-list-XML/issues/683 [2]: https://github.com/spdx/license-list-XML/issues/648 -- Baptiste BEAUPLAT - lyknode signature.asc Description: OpenPGP digital signature
Re: Packaging text licenses
On 12/14/19 2:01 PM, Baptiste BEAUPLAT wrote: > On 12/14/19 1:03 PM, Jonas Smedegaard wrote: >> A rich collection of Free license fulltexts is relevant, not only for >> our users to pick from (even on a lonely island) and copy into new >> development project, but also as reference e.g. for testing license >> checkers. >> >> What is _not_ helpful in my opinion, however, is yet another manually >> curated selection of random license texts. What I see generally useful >> is to package this: https://github.com/spdx/license-list-XML I had another look around the repository. The tool used to "compile" those XML files into text, html, json and so on is written in java with a lot of dependencies that are not present in Debian yet. I am not willing to introducing dozens of new packages just to produce a text result of those sources files. I'm wondering if packaging the "data" repository[1] would be acceptable? On one hand it is generated, but one the other, it is still plain text files. [1]: https://github.com/spdx/license-list-data -- Baptiste BEAUPLAT - lyknode signature.asc Description: OpenPGP digital signature
Re: Pimp your shell - Debian developer tips?
Hi Otto,
On 5/27/20 9:06 PM, Otto Kekäläinen wrote:
> Do we have Debian devs here who have pimped their shell heavily with custom
> prompts, colors, command line fonts, shell window title hacks, perhaps
> using zsh etc? Have you written blogs about you experiences, can you share
> some good reads (with screenshots) of what you have done?
I'd like to share my solution to using my zsh environment/customization
while switching to root but without polluting root's configuration (or
any other user for that matter).
I have a function to call a sudo that runs a zsh shell (ignoring root
login shell) configured to use my config files instead of root:
s () {
sudo -u "${1:-root}" -H "ZDOTDIR=${HOME}" -s /bin/zsh
}
Additionally to that, I have a section in my .zshrc that detect being
called as another user and setup aliases for my most used commands to be
called with rc files from my user:
# We got call as another user, let's setup our env
if [ -n "${ZDOTDIR}" ]; then
alias vim="vim -u ${ZDOTDIR}/.vimrc"
alias vimdiff="vimdiff -u ${ZDOTDIR}/.vimrc"
alias git="HOME=${ZDOTDIR} git"
alias htop="HTOPRC=${ZDOTDIR}/.config/htop/htoprc htop"
alias t="tmux a || tmux -f <(cat ${ZDOTDIR}/.tmux.conf; echo set -g
default-shell /bin/zsh)"
if [ -f "${ZDOTDIR}/.ssh/config" ]; then
alias ssh="ssh -F ${ZDOTDIR}/.ssh/config"
alias rsync="rsync -e \"ssh -F ${ZDOTDIR}/.ssh/config\""
fi
export SSH_AUTH_SOCK="$(grep -z SSH_AUTH_SOCK /proc/$(ps -p ${PPID}
--format=ppid --no-headers)/environ -a 2> /dev/null| cut -d = -f 2)"
export EDITOR="vim -u ${ZDOTDIR}/.vimrc"
[ -f "${ZDOTDIR}/.identity" ] && source "${ZDOTDIR}/.identity"
export GNUPGHOME="${ZDOTDIR}/.gnupg"
fi
In practice, I can `s` or `s postgres` to switch to root or postgres
user continuing to use my config, without polluting user's config.
Obviously, unix permisson apply and restrict what you can read/do when
switching to another user beside root.
--
Baptiste BEAUPLAT - lyknode
signature.asc
Description: OpenPGP digital signature
Bug#971378: ITP: mgitstatus -- Show uncommited, untracked and unpushed changes in multiple Git repositories
Package: wnpp X-Debbugs-Cc: debian-devel@lists.debian.org Owner: Baptiste Beauplat Severity: wishlist * Package name: mgitstatus Version : 2.0 Upstream Author : Ferry Boender * URL : https://github.com/fboender/multi-git-status * License : MIT Programming Lang: Shell Description : Show uncommited, untracked and unpushed changes in multiple Git repositories mgitstatus is a tool that loop over mutiple Git repositories reporting, for each one, the uncommited, untracked and unpushed changes. The output is nicely formatted using colors to quickly detect which repositories need action. When working over several project, mgitstatus is quite helpful to track unfinished work, not in sync with your remotes. Optionally, it can also check if the repository needs a pull by fetching remote branches. -- Baptiste BEAUPLAT - lyknode signature.asc Description: OpenPGP digital signature
Bug#909968: ITP: vitetris -- Virtual terminal *tris clone
Package: wnpp Severity: wishlist Owner: lykn...@cilg.org -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 * Package name: vitetris Version : 0.57.2 Upstream Author : Victor Geraldsson * URL : http://www.victornils.net/tetris/ * License : BSD-2-Clause Programming Lang: C Description : Virtual terminal *tris clone Viteris is a tetris clone with multiplayer, netplay and joystick support. This is a terminal based, standalone game with no dependencies. Note that this would be my first attempt at creating a Debian package. I choose this one because it's a nice game and it's a very simple program to begin with. I will need a sponsor to upload this package. Regards, - -- Baptiste BEAUPLAT - lyknode -BEGIN PGP SIGNATURE- iHUEARYIAB0WIQQt4kiVMTxdp/CJ4U4XSUsQeV3XMwUCW7Ek6QAKCRAXSUsQeV3X M+3OAP4jqQ1rrkV9G3dlJ0l94K3YvwfnWRlmsY4HuwtAM2EiygEAy8Q2zmDfNiOV OMWbhDgIQx1l6BodydAjAx3acaT+qAA= =mZ4l -END PGP SIGNATURE-
