Steve McIntyre: Mini-Debconf in Cambridge, October 10-13 2024
![](http://planet.debian.org/heads/sledge2.png)
![Group photo](https://photos.einval.com/albums/2024_miniconf/aan.sized.jpg)
![Cakes](https://photos.einval.com/albums/2024_miniconf/aak.sized.jpg)
![minicamp](https://photos.einval.com/albums/2024_miniconf/aaa.sized.jpg)
![Secure Boot talk](https://photos.einval.com/albums/2024_miniconf/aaj.sized.jpg)
![Video team in action](https://photos.einval.com/albums/2024_miniconf/aam.sized.jpg)
Plug in a USB stick - use dmesg or your favourite method to see how it is identified.
Make a couple of mount points under /mnt - /mnt/data and /mnt/cdrom
1. Grab a USB stick, Partition using MBR. Make a single VFAT
partition, type 0xEF (i.e. EFI System Partition)
For a USB stick (identified as sdX) below:
$ sudo parted --script /dev/sdX mklabel msdos $ sudo parted --script /dev/sdX mkpart primary fat32 0% 100% $ sudo mkfs.vfat /dev/sdX1
$ sudo mount /dev/sdX1 /mnt/data/
Download an arm64 netinst.iso
https://cdimage.debian.org/debian-cd/current/arm64/iso-cd/debian-12.2.0-arm64-netinst.iso
2. Copy the complete contents of partition *1* from a Debian arm64
installer image into the filesystem (partition 1 is the installer
stuff itself) on the USB stick, in /
$ sudo kpartx -v -a debian-12.2.0-arm64-netinst.iso # Mount the first partition on the ISO and copy its contents to the stick $ sudo mount /dev/mapper/loop0p1 /mnt/cdrom/ $ sudo rsync -av /mnt/cdrom/ /mnt/data/ $ sudo umount /mnt/cdrom
3. Copy the complete contents of partition *2* from that Debian arm64
installer image into that filesystem (partition 2 is the ESP) on
the USB stick, in /
# Same story with the second partition on the ISO
$ sudo mount /dev/mapper/loop0p2 /mnt/cdrom/
$ sudo rsync -av /mnt/cdrom/ /mnt/data/ $ sudo umount /mnt/cdrom
$ sudo kpartx -d debian-testing-amd64-netinst.iso $ sudo umount /mnt/data
4. Grab the rpi edk2 build from https://github.com/pftf/RPi4/releases
(I used 1.35) and extract it. I copied the files there into *2*
places for now on the USB stick:
/ (so the Pi will boot using it)
/rpi4 (so we can find the files again later)
5. Add the preseed.cfg file (attached) into *both* of the two initrd
files on the USB stick
- /install.a64/initrd.gz and
- /install.a64/gtk/initrd.gz
cpio is an awful tool to use :-(. In each case:
$ cp /path/to/initrd.gz .
$ gunzip initrd.gz
$ echo preseed.cfg cpio -H newc -o -A -F initrd
$ gzip -9v initrd
$ cp initrd.gz /path/to/initrd.gz
If you look at the preseed file, it will do a few things:
- Use an early_command to unmount /media (to work around Debian bug
#1051964)
- Register a late_command call for /cdrom/finish-rpi (the next
file - see below) to run at the end of the installation.
- Force grub installation also to the EFI removable media path,
needed as the rpi doesn't store EFI boot variables.
- Stop the installer asking for firmware from removable media (as
the rpi4 will ask for broadcom bluetooth fw that we can't
ship. Can be ignored safely.)
6. Copy the finish-rpi script (attached) into / on the USB stick. It
will be run at the end of the installation, triggered via the
preseed. It does a couple of things:
- Copy the edk2 firmware files into the ESP on the system that's
just been installer
- Remove shim-signed from the installed systems, as there's a bug
that causes it to fail on rpi4. I need to dig into this to see
what the issue is.
That's it! Run the installer as normal, all should Just Work (TM).
BlueTooth didn't quite work : raspberrypi-firmware didn't install until adding a symlink for boot/efi to /boot/firmware
20231127 - This may not be necessary because raspberrypi-firmware path has been fixed
sdX
in the example.
$ sudo parted --script /dev/sdX mklabel msdos $ sudo parted --script /dev/sdX mkpart primary fat32 0% 100% $ sudo mkfs.vfat /dev/sdX1 $ sudo mount /dev/sdX1 /mnt/data/
debian-testing-amd64-netinst.iso
here.
$ sudo kpartx -v -a debian-testing-amd64-netinst.iso # Mount the first partition on the ISO and copy its contents to the stick $ sudo mount /dev/mapper/loop0p1 /mnt/cdrom/ $ sudo rsync -av /mnt/cdrom/ /mnt/data/ $ sudo umount /mnt/cdrom # Same story with the second partition on the ISO $ sudo mount /dev/mapper/loop0p2 /mnt/cdrom/ $ sudo rsync -av /mnt/cdrom/ /mnt/data/ $ sudo umount /mnt/cdrom $ sudo kpartx -d debian-testing-amd64-netinst.iso $ sudo umount /mnt/data
/EFI/boot/bootx64.efi
,
while GRUB is at /EFI/boot/grubx64.efi
. This means that if you want to test a
different shim / GRUB version, you just replace the relevant files. That s it.
Take for example /usr/lib/grub/x86_64-efi/monolithic/grubx64.efi
from the
package grub-efi-amd64-bin
, or the signed version from
grub-efi-amd64-signed
and copy them under /EFI/boot/grubx64.efi
. Or perhaps
you want to try out systemd-boot? Then take
/usr/lib/systemd/boot/efi/systemd-bootx64.efi
from the package
systemd-boot-efi
, copy it to /EFI/boot/bootx64.efi
and you re good to go.
Figuring out the right systemd-boot configuration needed to start the Installer
is left as an exercise.
/boot/grub/grub.cfg
you can pass arbitrary arguments to the kernel
and the Installer itself. See the official
Installation Guide for a comprehensive list of boot parameters.
preseed/file=/cdrom/preseed.cfg
and create a /preseed.cfg
file on the USB
stick. As a little example:
d-i time/zone select Europe/Rome d-i passwd/root-password this-is-the-root-password d-i passwd/root-password-again this-is-the-root-password d-i passwd/user-fullname string Emanuele Rocca d-i passwd/username string ema d-i passwd/user-password password lol-haha-uh d-i passwd/user-password-again password lol-haha-uh d-i apt-setup/no_mirror boolean true d-i popularity-contest/participate boolean true tasksel tasksel/first multiselect standard
early_command
and late_command
. They can be
used to execute arbitrary commands and provide thus extreme flexibility! You
can go as far as replacing parts of the installer with a sed command, or maybe
wgetting an entirely different file. This is a fairly easy way to test minor
Installer patches. As an example, I ve once used this to test a patch to
grub-installer
:
d-i partman/early_command string wget https://people.debian.org/~ema/grub-installer-1035085-1 -O /usr/bin/grub-installer
$ mkdir /tmp/new-initrd $ cd /tmp/new-initrd $ zstdcat /mnt/data/install.a64/initrd.gz sudo cpio -id $ vi lib/udev/rules.d/60-block.rules $ find . cpio -o -H newc zstd --stdout > /mnt/data/install.a64/initrd.gz
early_command
to replace one of
the scripts used by the Installer, namely grub-installer
. It turns out that
such script is installed by a udeb, so let s do things right and build a new
Installer ISO with our custom grub udeb.
dpkg-buildpackage -rfakeroot
.
$ git clone https://salsa.debian.org/installer-team/debian-installer/ $ cd debian-installer/ $ sudo apt build-dep .
grub-installer
udeb to the localudebs
directory and create a
new netboot image:
$ cp /path/to/grub-installer_1.198_arm64.udeb build/localudebs/ $ cd build $ fakeroot make clean_netboot build_netboot
dest/netboot/mini.iso
.
$ git clone https://salsa.debian.org/kernel-team/linux/ $ ./debian/bin/genorig.py https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git
linux-stable
.
debian/config/amd64/config
. Don t worry about where you put it in the file,
there s a tool from https://salsa.debian.org/kernel-team/kernel-team to fix that:
$ /path/to/kernel-team/utils/kconfigeditor2/process.py .
$ export MAKEFLAGS=-j$(nproc) $ export DEB_BUILD_PROFILES='pkg.linux.nokerneldbg pkg.linux.nokerneldbginfo pkg.linux.notools nodoc' $ debian/rules orig $ debian/rules debian/control $ dpkg-buildpackage -b -nc -uc
linux_6.6~rc3-1~exp1_arm64.changes
here. To
generate the udebs used by the Installer you need to first get a linux-signed
.dsc file, and then build it with sbuild
in this example:
$ /path/to/kernel-team/scripts/debian-test-sign linux_6.6~rc3-1~exp1_arm64.changes $ sbuild --dist=unstable --extra-package=$PWD linux-signed-arm64_6.6~rc3+1~exp1.dsc
debian-installer/build/localudebs/
and then run fakeroot make clean_netboot
build_netboot
as described in the previous section. In case you are trying to
use a different kernel version from what is currently in sid, you will have to
install the linux-image
package on the system building the ISO, and change
LINUX_KERNEL_ABI
in build/config/common
. The linux-image
dependency in
debian/control
probably needs to be tweaked as well.
anna
will
complain that
your new kernel cannot be found in the archive. Copy the kernel udebs you have
built onto a vfat formatted USB stick, switch to a terminal, and install them
all with udpkg
:
~ # udpkg -i *.udeb
[1] Choice 5: Change SC for non-free firmware in installer, one installer [2] Choice 1: Only one installer, including non-free firmware [3] Choice 6: Change SC for non-free firmware in installer, keep both installers [4] Choice 2: Recommend installer containing non-free firmware [5] Choice 3: Allow presenting non-free installers alongside the free one [6] Choice 7: None Of The Above [7] Choice 4: Installer with non-free software is not part of DebianWhy have I voted this way? Fundamentally, my motivation for starting this vote was to ask the project for clear positive direction on a sensible way forward with non-free firmware support. Thus, I've voted all of the options that do that above NOTA. On those terms, I don't like Choice 4 here - IMHO it leaves us in the same unclear situation as before. I'd be happy for us to update the Social Contract for clarity, and I know some people would be much more comfortable if we do that explicitly here. Choice 1 was my initial personal preference as we started the GR, but since then I've been convinced that also updating the SC would be a good idea, hence Choice 5. I'd also rather have a single image / set of images produced, for the two reasons I've outlined before. It's less work for our images team to build and test all the options. But, much more importantly: I believe it's less likely to confuse new users. I appreciate that not everybody agrees with me here, and this is part of the reason why we're voting! Other Debian people have also blogged about their voting choices (Gunnar Wolf and Ian Jackson so far), and I thank them for sharing their reasoning too. For the avoidance of doubt: my goal for this vote was simply to get a clear direction on how to proceed here. Although I proposed Choice 1 (Only one installer, including non-free firmware), I also seconded several of the other ballot options. Of course I will accept the will of the project when the result is announced - I'm not going to do anything silly like throw a tantrum or quit the project over this! Finally If you're a DD and you haven't voted already, please do so - this is an important choice for the Debian project.
[6] Choice 1: Only one installer, including non-free firmware
[2] Choice 2: Recommend installer containing non-free firmware
[3] Choice 3: Allow presenting non-free installers alongside the free one
[7] Choice 4: Installer with non-free software is not part of Debian
[4] Choice 5: Change SC for non-free firmware in installer, one installer
[1] Choice 6: Change SC for non-free firmware in installer, keep both installers
[5] Choice 7: None Of The Above
[1] Choice 6: Change SC for non-free firmware in installer, keep both installers
[2] Choice 2: Recommend installer containing non-free firmware
[3] Choice 3: Allow presenting non-free installers alongside the free one
[4] Choice 5: Change SC for non-free firmware in installer, one installer
[5] Choice 7: None Of The Above
[6] Choice 1: Only one installer, including non-free firmware
[7] Choice 4: Installer with non-free software is not part of Debian
Choice 1
(even though I seconded it, this means, I think
it s very important to have this vote, and as a first proposal, it s
better than the status quo maybe it s contradictory that I prefer
it to the status quo, but ranked it below NotA. Well, more on that
when I present Choice 5
).
My least favorite option is Choice 4
, presented by Simon
Josefsson, which represents the status quo: I don t want Debian not
to have at all an installer that cannot be run on most modern hardware
with reasonably good user experience (i.e. network support or the
ability to boot at all!)
Slightly above my acceptability threshold, I ranked Choice 5
,
presented by Russ Allbery. Debian s voting and its constitution rub
each other in interesting ways, so the Project Secretary has to run
the votes as they are presented but he has interpreted Choice 1
to be incompatible with the Social Contract (as there would no longer
be a DFSG-free installer available), and if it wins, it could lead him
to having to declare the vote invalid. I don t want that to happen,
and that s why I ranked Choice 1
below None of the above
.
[update/note] Several people have asked me to back that the Secretary said so. I can refer to four mails: 2022.08.29, 2022.08.30, 2022.09.02, 2022.09.04.Other than that,
Choice 6
(proposed by Holger Levsen), Choice 2
(proposed by me) and Choice 3
(proposed by Bart Martens) are very
much similar; the main difference is that Choice 6
includes a
modification to the Social Contract expressing that:
The Debian official media may include firmware that is otherwise not
part of the Debian system to enable use of Debian with hardware that
requires such firmware.
2
and 3
to be mostly the same, being Choice 2
more verbose in explaining the reasoning than Choice 3
.
Oh! And there are always some more bits to the discussion For
example, given they hold modifications to the Social Contract, both
Choice 5
and Choice 6
need a 3:1 supermajority to be valid.
So, lets wait until the beginning of October to get the results, and
to implement the changes they will (or not?) allow. If you are a
Debian Project Member, please vote!
raspi.debian.net
, in April 2020,
I had been hosting it in my Dreamhost webspace.
Over two years ago yes, before I finished setting it up in Dreamhost
Steve McIntyre approached me and invited me to host the images under
the Debian cdimages user group. I told him I d first just get the
setup running, and later I would approach him for finalizing the
setup.
debian-arm@lists.debian.org
finished with me stating I would be moving the hosting to Debian
infrastructure
soon.
Well It took me a bit over a month to get this sorted out, together
with several days of half-broken links, but it is finally done:
raspi.debian.net is a CNAME for
ftp.acc.umu.se
, which is the same system that hosts
cdimage.debian.org.
And, of course it is also reachable as
https://cdimage.debian.org/cdimage/unofficial/raspi/
looks more official, but is less memorable
Thanks a lot to Steve for the nudging, and to maswan to help
finalizing the setup.
What next? Well, the images are being built on my server. I d love to
move the builder over to Debian machines as well. When? How? That s
still in the air.
Message-ID: <24741.12566.639691.461134@mariner.uk.xensource.com> From: Ian Jackson <iwj@xenproject.org> To: xen-devel@lists.xenproject.org CC: community.manager@xenproject.org Subject: IRC networks Date: Wed, 19 May 2021 16:39:02 +0100 Summary: We have for many years used the Freenode IRC network for real-time chat about Xen. Unfortunately, Freenode is undergoing a crisis. There is a dispute between, on the one hand, Andrew Lee, and on the other hand, all (or almost all) Freenode volunteer staff. We must make a decision. I have read all the publicly available materials and asked around with my contacts. My conclusions: * We do not want to continue to use irc.freenode.*. * We might want to use libera.chat, but: * Our best option is probably to move to OFTC https://www.oftc.net/ Discussion: Firstly, my starting point. I have been on IRC since at least 1993. Currently my main public networks are OFTC and Freenode. I do not have any personal involvement with public IRC networks. Of the principals in the current Freenode dispute, I have only heard of one, who is a person I have experience of in a Debian context but have not worked closely with. George asked me informally to use my knowledge and contacts to shed light on the situation. I decided that, having done my research, I would report more formally and publicly here rather than just informally to George. Historical background: * Freenode has had drama before. In about 2001 OFTC split off from Freenode after an argument over governance. IIRC there was drama again in 2006. Significant proportion of the Free Software world, including Debian, now use OFTC. Debian switched in 2006. Facts that I'm (now) pretty sure of: * Freenode's actual servers run on donated services; that is, the hardware is owned by those donating the services, and the systems are managed by Freenode volunteers, known as "staff". * The freenode domain names are currently registered to a limited liability company owned by Andrew Lee (rasengan). * At least 10 Freenode staff have quit in protest, writing similar resignation letters protesting about Andrew Lee's actions [1]. It does not appear that any Andrew Lee has the public support of any Freenode staff. * Andrew Lee claims that he "owns" Freenode.[2] * A large number of channel owners for particular Free Software projects who previously used Freenode have said they will switch away from Freenode. Discussion and findings on Freenode: There is, as might be expected, some murk about who said what to whom when, what promises were made and/or broken, and so on. The matter was also complicated by the leaking earlier this week of draft(s) of (at least one of) the Freenode staffers' resignation letters. Andrew Lee has put forward a position statement [2]. A large part of the thrust of that statement is allegations that the current head of Freenode staff, tomaw, "forced out" the previous head, christel. This allegation is strongly disputed by by all those current (resigning) Freenode staff I have seen comment. In any case it does not seem to be particularly germane; in none of my reading did tomaw seem to be playing any kind of leading role. tomaw is not mentioned in the resignation letters. Some of the links led to me to logs of discussions on #freenode. I read some of these in particular[3]. MB I haven't been able to verify that these logs have not been tampered with. Having said that and taking the logs at face value, I found the rasengan writing there to be disingenuous and obtuse. Andrew Lee has been heavily involved in Bitcoin. Bitcoin is a hive of scum and villainy, a pyramid scheme, and an environmental disaster, all rolled into one. This does not make me think well of Lee. Additionally, it seems that Andrew Lee has been involved in previous governance drama involving a different IRC network, Snoonet. I have come to the very firm conclusion that we should have nothing to do with Andrew Lee, and avoid using services that he has some effective control over. Alternatives: The departing Freenode staff are setting up a replacement, "libera.chat". This is operational but still suffering from teething problems and of course has a significant load as it deals with an influx of users on a new setup. On the staff and trust question: As I say, I haven't heard of any of the Freenode staff, with one exception. Unfortunately the one exception does not inspire confidence in me[4] - although NB that is only one data point. On the other hand, Debian has had many many years of drama-free involvement with OFTC. OFTC has a formal governance arrangement and it is associated with Software in the Public Interest. I notice that the last few OFTC'[s annual officer elections have been run partly by Steve McIntyre. Steve is a friend of mine (and he is a former Debian Project Leader) and I take his involvement as a good sign. I recommend that we switch to using OFTC as soon as possible. Ian. References: Starting point for the resigning Freenode staff's side [1]: https://gist.github.com/joepie91/df80d8d36cd9d1bde46ba018af497409 Andrew Lee's side [2]: https://gist.github.com/realrasengan/88549ec34ee32d01629354e4075d2d48 [3] https://paste.sr.ht/~ircwright/7e751d2162e4eb27cba25f6f8893c1f38930f7c4 [4] I won't give the name since I don't want to be shitposting.
SOURCE_DATE_EPOCH
supportthe
#debian-reproducible-changes IRC channel for unreproducible -> FTBFS transitions.squid.conf
for all nodes to 5.2.23 (and fixup some).arm64
nodes as well.update_jdn.sh
is updated.jenkins.debian.org
, which affects tests.r-b.o as well.From: Tec Services <tecservices911@gmail.com> Date: Wed, 21 Jun 2017 22:30:26 -0700 To: steve@einval.com Subject: its time for you to retire from debian...unbelievable..your the quality guy and fucked up the installer! i cant ever remember in the hostory of computing someone releasing an installer that does not work!! wtf!!! you need to be retired...due to being retarded.. and that this was dedicated to ian...what a disaster..you should be ashames..he is probably roling in his grave from shame right now....It's nice to be appreciated.
Next.