Generic

Debian #484503 - tightvncserver: could not open default font 'fixed'. The bug was closed as WONTFIX, because: "A dependency [on xfonts-base] should NOT exist as you can use a font server as well." - of course! :-\
Debian #693907 - /etc/mysql/debian-start: obsoleted '--basedir' option
Debian #860533 - initramfs-tools: boot delayed by 30sec. due to /scripts/local-block loop. Can be fixed by removing /etc/initramfs-tools/conf.d/resume and running:^[1]

RESUME=none update-initramfs -u

Stretch

Upgrade from Jessie

Stretch has been frozen^[2] and the upgrade from Jessie seems to work. The following bugs were encountered so far:

Reinstalls

A few packages have been reinstalled so far:

sudo apt-get --reinstall install gdm3 gnome gnome-shell \
         xorg xserver-xorg xserver-xorg-core \
         consolekit libpam-ck-connector \
         bluez gnome-bluetooth pulseaudio-module-bluetooth bluez-obexd pulseaudio-module-bluetooth

Haveged

haveged won't start during bootup without this:

$ sudo systemctl edit haveged.service
[Unit]
After=systemd-tmpfiles-setup.service

Debian #858134 - haveged.service should depend on systemd-tmpfiles-setup.service

Gnome

The xorg server would not start and gdm3 would log (in /var/lib/gdm3/.local/share/xorg/Xorg.0.log):

[    17.537] (EE) systemd-logind: failed to get session: PID 2030 does not belong to any known session
[    17.551] (EE) xf86OpenConsole: Cannot open virtual console 1 (Permission denied)
[    17.551] (EE) Please also check the log file at "/var/lib/gdm3/.local/share/xorg/Xorg.0.log" for additional information.
[    17.551] (EE) 
[    17.551] (WW) xf86CloseConsole: KDSETMODE failed: Bad file descriptor
[    17.551] (WW) xf86CloseConsole: VT_GETMODE failed: Bad file descriptor
[    17.551] (EE) Server terminated with error (1). Closing log file.

It turns out that systemd doesn't support^[3] the hidepid option for /proc :-\

As a workaround, the xserver-xorg-legacy package can be installed and /etc/X11/Xwrapper.config adjusted:

allowed_users=anybody
needs_root_rights=yes

GTK

Reducing the size of GNOME 3.20's titlebars

Create ~/.config/gtk-3.0/gtk.css:

/* shrink headerbars */
headerbar {
        min-height: 0px;
        padding-left: 2px; /* same as childrens vertical margins for nicer proportions */
        padding-right: 2px;
}

headerbar entry,
headerbar spinbutton,
headerbar button,
headerbar separator {
        margin-top: 0px; /* same as headerbar side padding for nicer proportions */
        margin-bottom: 0px;
}

/* shrink ssd titlebars */
.default-decoration {
        min-height: 0; /* let the entry and button drive the titlebar size */
        padding: 0px
}

/* tweak these two props to reduce button size */
.default-decoration .titlebutton {
        min-height: 0px;
        min-width: 0px;
}

window.ssd headerbar.titlebar {
        padding-top: 1px;
        padding-bottom: 1px;
        min-height: 0;
}

window.ssd headerbar.titlebar button.titlebutton {
        padding-top: 1px;
        padding-bottom: 1px;
        min-height: 0;
}

Decrease the tabs bar height in gnome terminal

terminal-window notebook > header.top button {
        padding: 0 0 0 0;
        background-image: none;
        border: 0;
}
terminal-window notebook > header.top > tabs > tab {
        margin: 0 0 0 0;
        padding: 0 0 0 0;
}
terminal-window notebook > header.top > tabs > tab label {
        padding: 0 0 0 0;
        margin: 0 0 0 0;
}

Mozilla

Iceweasel has been renamed back to Firefox; Icedove has been renamed back to Thunderbird:

~~Debian #815006 - Renaming Iceweasel to Firefox~~ -- fixed in Feb 2016
~~Debian #816679 - icedove: Please rename icedove to thunderbird~~ -- fixed in Feb 2017

A current Firefox version can currently^[4] be obtained via the unstable repo:

$ grep ^deb /etc/apt/sources.list.d/mozilla.list 
deb http://http.debian.net/debian unstable main

With that, we now have:

$ dpkg -l | grep -E 'firefox|thunderbird'
ii  firefox                               52.0-1
ii  firefox-l10n-de                       52.0-1
ii  thunderbird                           1:45.8.0-1
ii  thunderbird-dbg                       1:45.8.0-1

Configuration files can be found in /etc/firefox/ and /etc/thunderbird/pref/

pulseaudio

Every time a Pidgin audio notification was raised, the volume was increased back to 100%. This could be solved by adjusting pulse-daemon.conf(5) and restarting pulseaudio

$ grep flat /etc/pulse/daemon.conf
flat-volumes = no

$ pulseaudio -k

mcelog

$ sudo /usr/sbin/mcelog && /usr/sbin/mcelog --version
mcelog: warning: 16 bytes ignored in each record
mcelog: consider an update
mcelog unknown

$ dpkg -s mcelog | grep Vers
Version: 147+dfsg-1

A newer version seems to fix that:

$ sudo /usr/local/src/mcelog-git/mcelog && /usr/local/src/mcelog-git/mcelog --version
mcelog v148

NRPE

SSL support has been disabled by default^[5] in nrpe:

> Disable SSL support by default, requires configuration.
> It also doesn't work well with old check_nrpe versions.

Before all check_nrpe clients can be upgraded, we'll use -n for now:

$ /usr/lib/naemon/plugins/check_nrpe --help | grep -- \ -n
-n         = Do no use SSL

`check_lm_sensors`

The check_lm_sensors syntax has changed...?

TBD

Appstream

New messages appeared during apt-get update:

Get:27 http://cdn-fastly.deb.debian.org/debian stretch/main amd64 DEP-11 Metadata [3,079 kB]
Get:28 http://cdn-fastly.deb.debian.org/debian stretch/main DEP-11 64x64 Icons [6,844 kB]

These DEP-11 files are somehow connected to AppStream, but can be disabled:

sudo mv /etc/apt/apt.conf.d/50appstream{,.disabled}

Uninstalling appstream may not be an option, as this may uninstall Gnome too.

Grsecurity

Each PHP call produces a flood of Grsecurity messages, paxd «denied RWX mmap» to php:

grsec: From 127.0.0.6: denied RWX mmap of <anonymous mapping> by /usr/bin/php7.0[php:29077] uid/euid:33/33 gid/egid:33/33, \
  parent /bin/dash[sh:29076] uid/euid:33/33 gid/egid:33/33

These can be disable by setting kernel.grsecurity.rwxmap_logging=0. If kernel.grsecurity.grsec_lock is enabled, a reboot is needed to disable RWXMAP logging.

Hardening

The hardening-wrapper package is gone: Debian #836756 - lintian: please drop the build dependency on hardening-wrapper

Chromium

Apparently the Google Chrome browser now comes with extensions disabled by default.^[6]. This can be fixed by adding to /etc/chromium.d/default-flags:

# Enable extensions (bug #852398)
export CHROMIUM_FLAGS="$CHROMIUM_FLAGS --enable-remote-extensions"

Jessie

Debian #731887 - systemd: Lid close on laptop doesn't suspend
Debian #726763 - gnome-settings-daemon: no suspend on close lid, action not configurable, key missing
Debian #653073 - why root filesystem reported as /dev/disk/by-uuid/ long name starting today? - fixed in coreutils-8.20-1
Debian #748867 - Missing API keys, some features of chromium are disabled
Debian #689942 - initramfs-tools: mkinitramfs reports a problem about /dev/disk/by-uuid ("/dev/disk/by-uuid: Is a directory")
? - syslog-ng reloading fails:

 $ service syslog-ng reload
 Reload system logging: syslog-ng failed!
 => start-stop-daemon --stop --signal 1 --exec /usr/sbin/syslog-ng --pidfile /var/run/syslg-ng.pid 
 => cat /var/run/syslg-ng.pid 
 => cat: /var/run/syslg-ng.pid: No such file or directory

Debian #815006 - Renaming Iceweasel to Firefox -- fixed in Feb/2016
Debian #816679 - icedove: Please rename icedove to thunderbird
- See also: #1518: Software packaged in Fedora should not be allowed to implement DRM schemes that cannot be disabled

Upgrade from Wheezy

snmpd

/proc/partitions was set 0400:

Apr 26 15:47:26 alice snmpd[3032]: /proc/partitions: Permission denied

Fixed by:

chgrp snmp /proc/partitions
chmod 0440 /proc/partitions

But then:

Apr 26 15:48:05 alice snmpd[3081]: diskio.c: cannot find statistics in /proc/partitions

Turns out we have to adjust permissions for /proc/diskstats too:

chgrp snmp /proc/diskstats /proc/partitions
chmod 0440 /proc/diskstats /proc/partitions

And there were other messages too:

Apr 26 15:45:52 alice snmpd[3011]: /etc/snmp/snmpd.conf: line 145: Warning: Unknown token: defaultMonitors.
Apr 26 15:45:52 alice snmpd[3011]: /etc/snmp/snmpd.conf: line 147: Warning: Unknown token: linkUpDownNotifications.
Apr 26 15:45:52 alice snmpd[3011]: error on subcontainer 'ia_addr' insert (-1)

So, the first two messages are probably just invalid configuration snippets. The last one seems to be an older issue:

Debian #559109 - snmpd: Lots of errors in syslog : error on subcontainer 'ia_addr' insert (-1)}}
Lots of "error on subcontainer ‘ia_addr’ insert (-1)" reports in /var/log/syslog

And can be "fixed" by hiding the warning:

< SNMPDOPTS='-Lsd  -Lf /dev/null -u snmp -g snmp -I -smux,mteTrigger,mteTriggerConf -p /run/snmpd.pid'
> SNMPDOPTS='-LS6d -Lf /dev/null -u snmp -g snmp -I -smux,mteTrigger,mteTriggerConf -p /run/snmpd.pid'

Bogus filesystems

systemctl stop proc-sys-fs-binfmt_misc.mount proc-sys-fs-binfmt_misc.automount dev-hugepages.mount dev-mqueue.mount sys-fs-fuse-connections.mount sys-kernel-config.mount sys-kernel-debug.mount

systemctl disable proc-sys-fs-binfmt_misc.mount proc-sys-fs-binfmt_misc.automount dev-hugepages.mount dev-mqueue.mount sys-fs-fuse-connections.mount sys-kernel-config.mount sys-kernel-debug.mount

...which still leaves:

securityfs on /sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime)

Boot warnings

# journalctl -b -p warning | grep -vE 'snmpd|sshd|nrpe'
[...]
Apr 26 16:48:24 alice kernel: Built 1 zonelists in Zone order, mobility grouping on.  Total pages: 326144
Apr 26 16:48:24 alice kernel: Misrouted IRQ fixup and polling support enabled
Apr 26 16:48:24 alice kernel: This may significantly impact system performance

Apr 26 16:48:24 alice kernel: device-tree: Duplicate name in PowerPC,G4@0, renamed to "l2-cache#1"
Apr 26 16:48:24 alice kernel: device-tree: Duplicate name in node@0023a409ee10b7a6, renamed to "sbp-2@c000#1"
Apr 26 16:48:24 alice kernel: pci 0001:10:18.0: Can't enable PCI device, BIOS handoff failed.
Apr 26 16:48:24 alice kernel: pci 0001:10:19.0: Can't enable PCI device, BIOS handoff failed.
Apr 26 16:48:24 alice kernel: Thermal assist unit not available

Debian #764298 - "Failed to start Login Service." after upgrade to 215-5+b1
Apr 26 16:48:24 alice systemd[1]: Cannot add dependency job for unit dbus.socket, ignoring: Unit dbus.socket failed to load: No such file or directory.
Apr 26 16:48:24 alice systemd[1]: Cannot add dependency job for unit display-manager.service, ignoring: Unit display-manager.service failed to load: No such file or directory.

Apr 26 16:48:27 alice kernel: nouveau 0000:00:10.0: Invalid ROM contents
Apr 26 16:48:27 alice kernel: nouveau W[  PTIMER][0000:00:10.0] unknown input clock freq

Apr 26 16:48:29 alice kernel: sd 2:0:0:0: [sdb] Assuming drive cache: write through
Apr 26 16:48:29 alice kernel: sd 3:0:0:1: [sdc] Assuming drive cache: write through

Apr 26 16:48:30 alice kernel: b43-phy0 warning: 5 GHz band is unsupported on this PHY

Apr 26 16:48:33 alice systemd-cryptsetup[714]: Key file /dev/urandom is world-readable. This is not a good idea!

=> Fixed upstream^[7]

Apr 26 17:09:27 alice kernel: nr_pdflush_threads exported in /proc is scheduled for removal
Apr 26 17:09:27 alice kernel: sysctl: The scan_unevictable_pages sysctl/node-interface has been disabled for lack of a legitimate use case.  If you have one, please send an email to linux-mm@kvack.org.

$ systemctl --all | grep dead | grep not
● var-lock.mount                not-found inactive dead      var-lock.mount
● var-run.mount                 not-found inactive dead      var-run.mount
● auditd.service                not-found inactive dead      auditd.service
● console-screen.service        not-found inactive dead      console-screen.service
● cups.service                  not-found inactive dead      cups.service
● display-manager.service       not-found inactive dead      display-manager.service
● keymap.service                not-found inactive dead      keymap.service
● plymouth-quit-wait.service    not-found inactive dead      plymouth-quit-wait.service
● plymouth-start.service        not-found inactive dead      plymouth-start.service
● slapd.service                 not-found inactive dead      slapd.service
● systemd-sysusers.service      not-found inactive dead      systemd-sysusers.service
● systemd-udev-hwdb-update.service   not-found inactive dead      systemd-udev-hwdb-update.service
● systemd-vconsole-setup.service     not-found inactive dead      systemd-vconsole-setup.service
● dbus.socket                   not-found inactive dead      dbus.socket

syslog-ng

For some reason, syslog-ng would not be able to start via SystemD, even though the configuration was valid:

$ syslog-ng -f /etc/syslog-ng/syslog-ng.conf -s; echo $?
0

$ systemctl start syslog-ng
Job for syslog-ng.service failed. See 'systemctl status syslog-ng.service' and 'journalctl -xn' for details.

The only clue was to be found in the journal:

$ journalctl -u syslog-ng
[...]
systemd[1]: Starting System Logger Daemon...
systemd[1]: syslog-ng.service: main process exited, code=exited, status=2/INVALIDARGUMENT
systemd[1]: Failed to start System Logger Daemon.
systemd[1]: Unit syslog-ng.service entered failed state.
systemd[1]: syslog-ng.service holdoff time over, scheduling restart.

As explained in RH#770810^[8]:

> People with custom syslog-ng configurations will most likely face upgrade  problems due to the
> unix socket type mismatch between systemd and syslog-ng old configuration file:
>
> * systemd creates /dev/log as unix-dgram
> * syslog-ng < 3.2.5 expected /dev/log to be unix-stream (configuration file)
>
> If you use 'unix-stream ("/dev/log")' in one of your log messages sources, you will need to manually
> change it to 'unix-dgram ("/dev/log")'.

Changing to unix-dgram^[9]^[10] did indeed solve this problem.

Debian #769499 - syslog-ng-core fails to enable systemd service unit

systemd

To get rid of systemd entirely, see Debian/systemd

Wheezy

Debian #689942 - initramfs-tools: mkinitramfs reports a problem about /dev/disk/by-uuid. Workaround: ln -s /dev/sdaX /dev/root

Gnome Calendar

How to set Monday as the first day of the week in GNOME Calendar applet? (2010-10-11)
Start the week on Monday in the Clock applet in Ubuntu (2010-06-06)
Monday as first day in Gnome-Shell (instead of Sunday) (2012-10-08)

Squeeze

Debian #580491 - chkrootkit: 1)with nfs mounted the silent don't work 2)can't exclude legacy sniffer (dhcpd, snort, ntop etc)

References

↑ Allow disabling resume from disk at build time by setting RESUME=none
↑ Bits from the Release Team: stretch is frozen
↑ Xorg PID does not belong to any known session
↑ mozilla.debian.net
↑ nagios-nrpe/changelog-3.0.1-3
↑ Debian #852398 - chromium: option --enable-remote-extensions does work: extensions cannot be enabled nor be installed
↑ cryptsetup: Do not warn If the key is /dev/*random
↑ syslog-ng problem with start by systemd
↑ Collecting messages from UNIX domain sockets
↑ reliability question (unix-dgram vs unix-stream)

[1] Allow disabling resume from disk at build time by setting RESUME=none

[2] Bits from the Release Team: stretch is frozen

[3] Xorg PID does not belong to any known session

[4] zilla.debian.net

[5] s-nrpe/changelog-3.0.1-3

[6] Debian #852398 - chromium: option --enable-remote-extensions does work: extensions cannot be enabled nor be installed

[7] ryptsetup: Do not warn If the key is /dev/*random

[8] syslog-ng problem with start by systemd

[9] Collecting messages from UNIX domain sockets

[10] reliability question (unix-dgram vs unix-stream)

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

Debian/Bugs

Contents