Debian/Bugs
Generic
- Debian #484503 - tightvncserver: could not open default font 'fixed'. The bug was closed as WONTFIX, because: "A dependency [on xfonts-base] should NOT exist as you can use a font server as well." - of course! :-\
- Debian #693907 - /etc/mysql/debian-start: obsoleted '--basedir' option
- Debian #860533 - initramfs-tools: boot delayed by 30sec. due to /scripts/local-block loop. Can be fixed by removing
/etc/initramfs-tools/conf.d/resume
and running:[1]
RESUME=none update-initramfs -u
Stretch
Upgrade from Jessie
Stretch has been frozen[2] and the upgrade from Jessie seems to work. The following bugs were encountered so far:
Reinstalls
A few packages have been reinstalled so far:
sudo apt-get --reinstall install gdm3 gnome gnome-shell \ xorg xserver-xorg xserver-xorg-core \ consolekit libpam-ck-connector \ bluez gnome-bluetooth pulseaudio-module-bluetooth bluez-obexd pulseaudio-module-bluetooth
Haveged
haveged won't start during bootup without this:
$ sudo systemctl edit haveged.service [Unit] After=systemd-tmpfiles-setup.service
- Debian #858134 - haveged.service should depend on systemd-tmpfiles-setup.service
Gnome
The xorg server would not start and gdm3 would log (in /var/lib/gdm3/.local/share/xorg/Xorg.0.log):
[ 17.537] (EE) systemd-logind: failed to get session: PID 2030 does not belong to any known session [ 17.551] (EE) xf86OpenConsole: Cannot open virtual console 1 (Permission denied) [ 17.551] (EE) Please also check the log file at "/var/lib/gdm3/.local/share/xorg/Xorg.0.log" for additional information. [ 17.551] (EE) [ 17.551] (WW) xf86CloseConsole: KDSETMODE failed: Bad file descriptor [ 17.551] (WW) xf86CloseConsole: VT_GETMODE failed: Bad file descriptor [ 17.551] (EE) Server terminated with error (1). Closing log file.
It turns out that systemd doesn't support[3] the hidepid option for /proc :-\
As a workaround, the xserver-xorg-legacy package can be installed and /etc/X11/Xwrapper.config adjusted:
allowed_users=anybody needs_root_rights=yes
GTK
Create ~/.config/gtk-3.0/gtk.css:
/* shrink headerbars */ headerbar { min-height: 0px; padding-left: 2px; /* same as childrens vertical margins for nicer proportions */ padding-right: 2px; } headerbar entry, headerbar spinbutton, headerbar button, headerbar separator { margin-top: 0px; /* same as headerbar side padding for nicer proportions */ margin-bottom: 0px; } /* shrink ssd titlebars */ .default-decoration { min-height: 0; /* let the entry and button drive the titlebar size */ padding: 0px } /* tweak these two props to reduce button size */ .default-decoration .titlebutton { min-height: 0px; min-width: 0px; } window.ssd headerbar.titlebar { padding-top: 1px; padding-bottom: 1px; min-height: 0; } window.ssd headerbar.titlebar button.titlebutton { padding-top: 1px; padding-bottom: 1px; min-height: 0; }
terminal-window notebook > header.top button { padding: 0 0 0 0; background-image: none; border: 0; } terminal-window notebook > header.top > tabs > tab { margin: 0 0 0 0; padding: 0 0 0 0; } terminal-window notebook > header.top > tabs > tab label { padding: 0 0 0 0; margin: 0 0 0 0; }
Mozilla
Iceweasel has been renamed back to Firefox; Icedove has been renamed back to Thunderbird:
Debian #815006 - Renaming Iceweasel to Firefox-- fixed in Feb 2016Debian #816679 - icedove: Please rename icedove to thunderbird-- fixed in Feb 2017
A current Firefox version can currently[4] be obtained via the unstable repo:
$ grep ^deb /etc/apt/sources.list.d/mozilla.list deb http://http.debian.net/debian unstable main
With that, we now have:
$ dpkg -l | grep -E 'firefox|thunderbird' ii firefox 52.0-1 ii firefox-l10n-de 52.0-1 ii thunderbird 1:45.8.0-1 ii thunderbird-dbg 1:45.8.0-1
Configuration files can be found in /etc/firefox/ and /etc/thunderbird/pref/
pulseaudio
Every time a Pidgin audio notification was raised, the volume was increased back to 100%. This could be solved by adjusting pulse-daemon.conf(5) and restarting pulseaudio
$ grep flat /etc/pulse/daemon.conf flat-volumes = no $ pulseaudio -k
- Notification increases volume to 100%
- Pidgin notification sounds set output volume to 100% on Fedora 22
mcelog
- 16 bytes ignored; consider an update
- mcelog: warning: record length longer than expected. Consider update.
$ sudo /usr/sbin/mcelog && /usr/sbin/mcelog --version mcelog: warning: 16 bytes ignored in each record mcelog: consider an update mcelog unknown $ dpkg -s mcelog | grep Vers Version: 147+dfsg-1
A newer version seems to fix that:
$ sudo /usr/local/src/mcelog-git/mcelog && /usr/local/src/mcelog-git/mcelog --version mcelog v148
NRPE
SSL support has been disabled by default[5] in nrpe:
> Disable SSL support by default, requires configuration. > It also doesn't work well with old check_nrpe versions.
Before all check_nrpe clients can be upgraded, we'll use -n for now:
$ /usr/lib/naemon/plugins/check_nrpe --help | grep -- \ -n -n = Do no use SSL
check_lm_sensors
The check_lm_sensors syntax has changed...?
TBD
Appstream
New messages appeared during apt-get update
:
Get:27 http://cdn-fastly.deb.debian.org/debian stretch/main amd64 DEP-11 Metadata [3,079 kB] Get:28 http://cdn-fastly.deb.debian.org/debian stretch/main DEP-11 64x64 Icons [6,844 kB]
These DEP-11 files are somehow connected to AppStream, but can be disabled:
sudo mv /etc/apt/apt.conf.d/50appstream{,.disabled}
Uninstalling appstream may not be an option, as this may uninstall Gnome too.
Grsecurity
Each PHP call produces a flood of Grsecurity messages, paxd «denied RWX mmap» to php:
grsec: From 127.0.0.6: denied RWX mmap of <anonymous mapping> by /usr/bin/php7.0[php:29077] uid/euid:33/33 gid/egid:33/33, \ parent /bin/dash[sh:29076] uid/euid:33/33 gid/egid:33/33
These can be disable by setting kernel.grsecurity.rwxmap_logging=0
. If kernel.grsecurity.grsec_lock
is enabled, a reboot is needed to disable RWXMAP logging.
Hardening
The hardening-wrapper package is gone: Debian #836756 - lintian: please drop the build dependency on hardening-wrapper
Chromium
Apparently the Google Chrome browser now comes with extensions disabled by default.[6]. This can be fixed by adding to /etc/chromium.d/default-flags:
# Enable extensions (bug #852398)
export CHROMIUM_FLAGS="$CHROMIUM_FLAGS --enable-remote-extensions"
Jessie
- Debian #731887 - systemd: Lid close on laptop doesn't suspend
- Debian #726763 - gnome-settings-daemon: no suspend on close lid, action not configurable, key missing
- Debian #653073 - why root filesystem reported as /dev/disk/by-uuid/ long name starting today? - fixed in coreutils-8.20-1
- Debian #748867 - Missing API keys, some features of chromium are disabled
- Debian #689942 - initramfs-tools: mkinitramfs reports a problem about /dev/disk/by-uuid ("/dev/disk/by-uuid: Is a directory")
- ? - syslog-ng reloading fails:
$ service syslog-ng reload Reload system logging: syslog-ng failed! => start-stop-daemon --stop --signal 1 --exec /usr/sbin/syslog-ng --pidfile /var/run/syslg-ng.pid => cat /var/run/syslg-ng.pid => cat: /var/run/syslg-ng.pid: No such file or directory
- Debian #815006 - Renaming Iceweasel to Firefox -- fixed in Feb/2016
- Debian #816679 - icedove: Please rename icedove to thunderbird
Upgrade from Wheezy
snmpd
/proc/partitions was set 0400:
Apr 26 15:47:26 alice snmpd[3032]: /proc/partitions: Permission denied
Fixed by:
chgrp snmp /proc/partitions chmod 0440 /proc/partitions
But then:
Apr 26 15:48:05 alice snmpd[3081]: diskio.c: cannot find statistics in /proc/partitions
Turns out we have to adjust permissions for /proc/diskstats too:
chgrp snmp /proc/diskstats /proc/partitions chmod 0440 /proc/diskstats /proc/partitions
And there were other messages too:
Apr 26 15:45:52 alice snmpd[3011]: /etc/snmp/snmpd.conf: line 145: Warning: Unknown token: defaultMonitors. Apr 26 15:45:52 alice snmpd[3011]: /etc/snmp/snmpd.conf: line 147: Warning: Unknown token: linkUpDownNotifications. Apr 26 15:45:52 alice snmpd[3011]: error on subcontainer 'ia_addr' insert (-1)
So, the first two messages are probably just invalid configuration snippets. The last one seems to be an older issue:
- Debian #559109 - snmpd: Lots of errors in syslog : error on subcontainer 'ia_addr' insert (-1)}}
- Lots of "error on subcontainer ‘ia_addr’ insert (-1)" reports in /var/log/syslog
And can be "fixed" by hiding the warning:
< SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -g snmp -I -smux,mteTrigger,mteTriggerConf -p /run/snmpd.pid' > SNMPDOPTS='-LS6d -Lf /dev/null -u snmp -g snmp -I -smux,mteTrigger,mteTriggerConf -p /run/snmpd.pid'
Bogus filesystems
systemctl stop proc-sys-fs-binfmt_misc.mount proc-sys-fs-binfmt_misc.automount dev-hugepages.mount dev-mqueue.mount sys-fs-fuse-connections.mount sys-kernel-config.mount sys-kernel-debug.mount systemctl disable proc-sys-fs-binfmt_misc.mount proc-sys-fs-binfmt_misc.automount dev-hugepages.mount dev-mqueue.mount sys-fs-fuse-connections.mount sys-kernel-config.mount sys-kernel-debug.mount
...which still leaves:
securityfs on /sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime)
Boot warnings
# journalctl -b -p warning | grep -vE 'snmpd|sshd|nrpe' [...] Apr 26 16:48:24 alice kernel: Built 1 zonelists in Zone order, mobility grouping on. Total pages: 326144 Apr 26 16:48:24 alice kernel: Misrouted IRQ fixup and polling support enabled Apr 26 16:48:24 alice kernel: This may significantly impact system performance Apr 26 16:48:24 alice kernel: device-tree: Duplicate name in PowerPC,G4@0, renamed to "l2-cache#1" Apr 26 16:48:24 alice kernel: device-tree: Duplicate name in node@0023a409ee10b7a6, renamed to "sbp-2@c000#1" Apr 26 16:48:24 alice kernel: pci 0001:10:18.0: Can't enable PCI device, BIOS handoff failed. Apr 26 16:48:24 alice kernel: pci 0001:10:19.0: Can't enable PCI device, BIOS handoff failed. Apr 26 16:48:24 alice kernel: Thermal assist unit not available Debian #764298 - "Failed to start Login Service." after upgrade to 215-5+b1 Apr 26 16:48:24 alice systemd[1]: Cannot add dependency job for unit dbus.socket, ignoring: Unit dbus.socket failed to load: No such file or directory. Apr 26 16:48:24 alice systemd[1]: Cannot add dependency job for unit display-manager.service, ignoring: Unit display-manager.service failed to load: No such file or directory. Apr 26 16:48:27 alice kernel: nouveau 0000:00:10.0: Invalid ROM contents Apr 26 16:48:27 alice kernel: nouveau W[ PTIMER][0000:00:10.0] unknown input clock freq Apr 26 16:48:29 alice kernel: sd 2:0:0:0: [sdb] Assuming drive cache: write through Apr 26 16:48:29 alice kernel: sd 3:0:0:1: [sdc] Assuming drive cache: write through Apr 26 16:48:30 alice kernel: b43-phy0 warning: 5 GHz band is unsupported on this PHYApr 26 16:48:33 alice systemd-cryptsetup[714]: Key file /dev/urandom is world-readable. This is not a good idea!
=> Fixed upstream[7]
Apr 26 17:09:27 alice kernel: nr_pdflush_threads exported in /proc is scheduled for removal Apr 26 17:09:27 alice kernel: sysctl: The scan_unevictable_pages sysctl/node-interface has been disabled for lack of a legitimate use case. If you have one, please send an email to linux-mm@kvack.org.
$ systemctl --all | grep dead | grep not ● var-lock.mount not-found inactive dead var-lock.mount ● var-run.mount not-found inactive dead var-run.mount ● auditd.service not-found inactive dead auditd.service ● console-screen.service not-found inactive dead console-screen.service ● cups.service not-found inactive dead cups.service ● display-manager.service not-found inactive dead display-manager.service ● keymap.service not-found inactive dead keymap.service ● plymouth-quit-wait.service not-found inactive dead plymouth-quit-wait.service ● plymouth-start.service not-found inactive dead plymouth-start.service ● slapd.service not-found inactive dead slapd.service ● systemd-sysusers.service not-found inactive dead systemd-sysusers.service ● systemd-udev-hwdb-update.service not-found inactive dead systemd-udev-hwdb-update.service ● systemd-vconsole-setup.service not-found inactive dead systemd-vconsole-setup.service ● dbus.socket not-found inactive dead dbus.socket
syslog-ng
For some reason, syslog-ng would not be able to start via SystemD, even though the configuration was valid:
$ syslog-ng -f /etc/syslog-ng/syslog-ng.conf -s; echo $? 0 $ systemctl start syslog-ng Job for syslog-ng.service failed. See 'systemctl status syslog-ng.service' and 'journalctl -xn' for details.
The only clue was to be found in the journal:
$ journalctl -u syslog-ng
[...]
systemd[1]: Starting System Logger Daemon...
systemd[1]: syslog-ng.service: main process exited, code=exited, status=2/INVALIDARGUMENT
systemd[1]: Failed to start System Logger Daemon.
systemd[1]: Unit syslog-ng.service entered failed state.
systemd[1]: syslog-ng.service holdoff time over, scheduling restart.
As explained in RH#770810[8]:
> People with custom syslog-ng configurations will most likely face upgrade problems due to the > unix socket type mismatch between systemd and syslog-ng old configuration file: > > * systemd creates /dev/log as unix-dgram > * syslog-ng < 3.2.5 expected /dev/log to be unix-stream (configuration file) > > If you use 'unix-stream ("/dev/log")' in one of your log messages sources, you will need to manually > change it to 'unix-dgram ("/dev/log")'.
Changing to unix-dgram[9][10] did indeed solve this problem.
- syslog-ng service not starting with systemd but command works fine
- Systemd and syslog-ng interaction problems: system freezes / syslog-ng fails to start
- Debian #769499 - syslog-ng-core fails to enable systemd service unit
systemd
To get rid of systemd entirely, see Debian/systemd
Wheezy
- Debian #689942 - initramfs-tools: mkinitramfs reports a problem about /dev/disk/by-uuid. Workaround: ln -s /dev/sdaX /dev/root
Gnome Calendar
- How to set Monday as the first day of the week in GNOME Calendar applet? (2010-10-11)
- Start the week on Monday in the Clock applet in Ubuntu (2010-06-06)
- Monday as first day in Gnome-Shell (instead of Sunday) (2012-10-08)
Squeeze
- Debian #580491 - chkrootkit: 1)with nfs mounted the silent don't work 2)can't exclude legacy sniffer (dhcpd, snort, ntop etc)
References
- ↑ Allow disabling resume from disk at build time by setting RESUME=none
- ↑ Bits from the Release Team: stretch is frozen
- ↑ Xorg PID does not belong to any known session
- ↑ mozilla.debian.net
- ↑ nagios-nrpe/changelog-3.0.1-3
- ↑ Debian #852398 - chromium: option --enable-remote-extensions does work: extensions cannot be enabled nor be installed
- ↑ cryptsetup: Do not warn If the key is /dev/*random
- ↑ syslog-ng problem with start by systemd
- ↑ Collecting messages from UNIX domain sockets
- ↑ reliability question (unix-dgram vs unix-stream)