253 IgnorantGuru S Blog

lgnorantGuru's Blog
Linux software, news, and tips

My Move From Arch To Aptosid
I recently moved over to Aptosid, and after a few days of using it I think its going to be a keeper as a
replacement for Arch. While its fresh in my mind, I thought I would share my experience of moving from
the perspective of someone who has used Arch Linux for a couple of years. Ill give a little background, then a
brief summary, then some real details on how I got some things to work.
Background
I wanted to move from Arch Linux for these primary reasons:
Lack of package signing and general concerns with the Arch devs lax security practices and attitudes (link1
(http://igurublog.wordpress.com/2011/02/19/archs-dirty-little-notso-secret/) link2
(http://igurublog.wordpress.com/2011/02/25/mirror-mirror/) link3 (http://igurublog.wordpress.com
/2011/03/24/lwn-picks-up-on-package-signing/))
Dislike for how the Arch devs regard their users and contributors
The reasons I was reluctant to give up Arch:
Rolling release which I prefer over periodic large upgrades
Package availability and the extended AUR user-contributed repository that makes installing most software
very easy
Ability to have a custom, lightweight, fast system without unnecessary baggage and with mostly vanilla
software
My first distro was SUSE, which became a little too corporate, then Kubuntu, which I eventually found too
heavily modded. When I moved to Arch, I dropped KDE and set up a minimal Openbox desktop with light,
fast apps. My main system has a dual-core CPU and 2G memory, but I find running a light desktop with no
swap file gives me a very responsive system that can keep up with my usual multitasking it waits for me
instead of me waiting for it. And my netbook of course runs better too. So I was shopping for a distro where I
could set this up without having to remove too much.
I also gave FreeBSD and Gentoo a try, which you can read about here (http://igurublog.wordpress.com
/2011/03/18/distro-testing/). FreeBSD had trouble supporting my hardware fully, and Gentoo required a lot
of tweaking, and also had some security issues. I skipped testing Slackware for now because official packages
seemed lacking, and I skipped Gnuffy because it inherits most of the problems of Arch. Then I tried Aptosid.
Enter Aptosid
Aptosid (http://manual.aptosid.com/en/welcome-en.htm), made by the same developers that created the
My Move From Arch To Aptosid IgnorantGuru's Blog http://igurublog.wordpress.com/2011/03/31/my-move-from...
1 of 32 11/08/2013 02:30 PM
popular distro Sidux, is a rolling release distro based on Debians unstable sid branch, with some hot-fixes
and scripts added to make it more stable and ready-to-run. Being a Debian system, the user has access to the
huge Debian package repos. And I like their attitude, as encapsulated in the Debian Social Contract
(http://www.debian.org/social_contract): We will be guided by the needs of our users and the free software
community.
Aptosid does not offer a minimal CLI-only install like Arch. There are various ways to install it generally
one of their live ISOs are used (KDE full or lite, XFCE, and coming soon LXDE). I went with their XFCE
version: aptosid-2011-01-geras-xfce-amd64 ISO.
After using Arch for so long, the installer caught me by surprise I felt pampered and spoiled. First, I was
expecting a text installer, and instead it booted rapidly and flawlessly into a full and attractive XFCE desktop.
There was immediately a feeling of quality Ive never seen a live CD boot so fast and flawlessly on my
home-made hardware. The GUI installer was very simple with just a few options. The only thing I would
change is that it didnt allow me to select no grub install (I wanted to handle that myself). So I told it to install
grub to one of my non-boot drives just to avoid overwriting my boot drives MBR. Other than that it was a
breeze not bad for a 435MB ISO!
I then booted into the installed system, which also booted fast and flawlessly, picking up all the hardware
without a single miss. The included gdm login manager brought me into an XFCE desktop much like the live
version. I was impressed and was definitely enjoying being spoiled like this. The desktop was definitely usable
as it was, and I dont say that about many distros normally I rip out the carpeting and start remodeling
immediately. XFCE was looking the best Ive seen it, with nice fonts and colors. And the included apps were
very sane and useful. Ice Weasel (Firefox) was already in there, and I was online without having to configure a
thing. I actually had to stop and consider what I wanted to do next, because I wasnt expecting to be this far
for at least a day! I opened a terminal to see what was running
Default install processes:
2 of 32 11/08/2013 02:30 PM
uT0 CM0
rool 1n1l |5]
rool |klhreadd]
rool |ksoil1rqd10]
rool |m1ral1on10]
rool |m1ral1on11]
rool |kWorker11.0]
rool |ksoil1rqd11]
rool |kWorker10.1]
rool |cpusel]
rool |khelper]
rool |nelns]
rool |sync_supers]
rool |bd1-deiaull]
rool |k1nler1lyd]
rool |kblockd]
rool |kacp1d]
rool |kacp1_nol1iy]
rool |kacp1_holplu]
rool |kser1od]
rool |kWorker11.1]
rool |ksWapd0]
rool |ksmd]
rool |isnol1iy_mark]
rool |a1o]
rool |cryplo]
rool |khubd]
rool |ala_sii]
rool |scs1_eh_0]
rool |scs1_eh_1]
rool |scs1_eh_2]
rool |scs1_eh_3]
rool |scs1_eh_4]
rool |scs1_eh_5]
rool |scs1_eh_6]
rool |scs1_eh_7]
rool |kWorker1u.5]
rool |kWorker1u.6]
rool |usbh1d_resumer]
rool |kslr1ped]
rool |kournald]
rool udevd --daemon
rool udevd --daemon
rool udevd --daemon
rool |kpsmoused]
rool |kWorker10.2]
rool |hd-aud1o0]
daemon 1sb1n1porlmap
rool 1usr1sb1n1rsyslod -c4
rool 1usr1sb1n11rqbalance
rool 1usr1sb1n1anacron -s
user 1usr1sb1n1iamd -T 0
3 of 32 11/08/2013 02:30 PM
rool 1usr1sb1n1pm -m 1dev11npul1m1ce -l exps2
101 1usr1b1n1dbus-daemon --syslem
rool 1usr1sb1n1cron
rool 1usr1sb1n1acp1d
rool |kondemand]
rool 1usr1sb1n1blueloolhd
rool |kconserval1ve]
rool 1usr1sb1n1cupsd -C 1elc1cups1cupsd.coni
103 1usr1sb1n1hald
rool hald-runner
rool |l2cap]
rool |kricommd]
rool hald-addon-1npul. L1slen1n on 1dev11npul1evenl4...
rool 1usr1l1b1hal1hald-addon-cpuireq
103 hald-addon-acp1. l1slen1n on acp1d sockel
rool hald-addon-slorae. poll1n 1dev1sr0 {every 2
rool hald-addon-slorae. no poll1n on 1dev1id0...
rool 1usr1sb1n1dm
rool 1usr1sb1n1dm
rool 1usr1b1n1X .0 -aud1l 0 -aulh
rool 1sb1n1elly 38400 lly1
rool dhcl1enl -v -pi 1var1run1dhcl1enl.elh0.p1d -li
rool |ilush-8.0]
rool |kaud1ld]
rool 1usr1sb1n1console-k1l-daemon --no-daemon
user 1b1n1sh 1elc1xd1xice41x1n1lrc -- 1elc1X111x1n1l1xserverrc
user 1usr1b1n1ssh-aenl 1usr1b1n1dbus-launch --ex1l-W1lh-sess1on slarlxice4
user 1usr1b1n1dbus-launch --ex1l-W1lh-sess1on slarlxice4
user 1usr1b1n1dbus-daemon --iork --pr1nl-p1d 5 --pr1nl-address
user 1usr1b1n1xice4-sess1on
user 1usr1l1b1xiconi1xiconid
user xisell1nsd
user xiWm4
user xice4-panel
user Thunar --daemon
user xidesklop
user 1usr1l1b1xice41panel-plu1ns1xice4-menu-plu1n sockel_1d 14680095 name xice4-
user 1usr1l1b1vis1visd
user xice4-sell1ns-helper
user xice4-lerm1nal
user nome-ply-helper
user bash
rool su
rool bash
Not bad at all nice and lightweight. The first bonus I found was that I had a great little XFCE system already
4 of 32 11/08/2013 02:30 PM
running, from which to build my openbox setup. I figured once I had that running I could remove whatever I
didnt want. This meant that I had a working browser to research the install and any problems, configured
terminal, editor, etc.
As I began working on the systems internals, I definitely had the impression that this was something
someone took some time to put together well. It had a refined quality to it. I also noticed attention to security
details lots of little and not-so-little settings and refinements that I wasnt used to seeing in Archs default
configurations. Debian packages are definitely put together carefully and well configured. At the same time
Aptosids packages tend to be more vanilla and cutting edge than Debian proper.
Probably the biggest difference from Arch are the runlevels and init system. But I was used to this from
Ubuntu, so I dug out my old notes, and I found that my experience with Arch put me in a good position to
know what was happening and what to adjust to my liking. Most of it worked as is, and worked well.
Once I installed openbox (apt-get install openbox), I was immediately able to select openbox as my session
and I was into the usual plain gray openbox desktop nothing to it. Heres what was running in the openbox
session even less:
Default Openbox session processes:
5 of 32 11/08/2013 02:30 PM
uT0 CM0
rool 1n1l |5]
rool |klhreadd]
rool |ksoil1rqd10]
rool |m1ral1on10]
rool |m1ral1on11]
rool |kWorker11.0]
rool |ksoil1rqd11]
rool |kWorker10.1]
rool |cpusel]
rool |khelper]
rool |nelns]
rool |sync_supers]
rool |bd1-deiaull]
rool |k1nler1lyd]
rool |kblockd]
rool |kacp1d]
rool |kacp1_nol1iy]
rool |kacp1_holplu]
rool |kser1od]
rool |kWorker11.1]
rool |ksWapd0]
rool |ksmd]
rool |isnol1iy_mark]
rool |a1o]
rool |cryplo]
rool |khubd]
rool |ala_sii]
rool |scs1_eh_0]
rool |scs1_eh_1]
rool |scs1_eh_2]
rool |scs1_eh_3]
rool |scs1_eh_4]
rool |scs1_eh_5]
rool |scs1_eh_6]
rool |scs1_eh_7]
rool |kWorker1u.5]
rool |kWorker1u.6]
rool |usbh1d_resumer]
rool |kslr1ped]
rool |kournald]
rool udevd --daemon
rool udevd --daemon
rool udevd --daemon
rool |kpsmoused]
rool |kWorker10.2]
rool |hd-aud1o0]
daemon 1sb1n1porlmap
rool 1usr1sb1n1rsyslod -c4
rool 1usr1sb1n11rqbalance
rool 1usr1sb1n1iamd -T 0
rool 1usr1sb1n1pm -m 1dev11npul1m1ce -l exps2
6 of 32 11/08/2013 02:30 PM
101 1usr1b1n1dbus-daemon --syslem
rool 1usr1sb1n1cron
rool 1usr1sb1n1acp1d
rool |kondemand]
rool 1usr1sb1n1blueloolhd
rool |kconserval1ve]
rool 1usr1sb1n1cupsd -C 1elc1cups1cupsd.coni
103 1usr1sb1n1hald
rool hald-runner
rool |l2cap]
rool |kricommd]
rool hald-addon-1npul. L1slen1n on 1dev11npul1evenl4 1dev11npul1evenl2
rool 1usr1l1b1hal1hald-addon-cpuireq
103 hald-addon-acp1. l1slen1n on acp1d sockel
rool hald-addon-slorae. poll1n 1dev1sr0 {every 2
rool hald-addon-slorae. no poll1n on 1dev1id0...
rool 1usr1sb1n1dm
rool 1usr1sb1n1dm
rool dhcl1enl -v -pi 1var1run1dhcl1enl.elh0.p1d -li
rool |ilush-8.0]
rool |kaud1ld]
rool 1usr1sb1n1console-k1l-daemon --no-daemon
rool 1usr1b1n1X .0 -aud1l 0 -aulh
user 1usr1b1n1openbox
user 1usr1b1n1ssh-aenl 1usr1b1n1dbus-launch --ex1l-W1lh-sess1on openbox-sess1on
user 1usr1b1n1dbus-launch --ex1l-W1lh-sess1on openbox-sess1on
user 1usr1b1n1dbus-daemon --iork --pr1nl-p1d 5 --pr1nl-address
user 1usr1b1n1xice4-lerm1nal
user 1usr1l1b1vis1visd
user nome-ply-helper
user bash
rool su
rool bash
I then did a full upgrade. The devs recommend you always use apt-get directly. GUI apps like Synaptic can be
used to search and explore the system, but they dont handle Aptosids rolling release mechanisms. For a full
system upgrade, they ask that you exit X and switch to runlevel 3 for the install. First I downloaded required
packages while still in X:
apl-el updale
apl-el d1sl-uprade -d # doWnload bul don`l 1nslall yel
Then I exited X and:
7 of 32 11/08/2013 02:30 PM
1n1l 3
apl-el d1sl-uprade
apl-el clean
# and a rebool {or you can "1n1l 5" lo relurn lo X}
Next I installed my printer, which is sometimes a hassle. Only things to resolve were getting the right 32 bit
libraries for the driver and a little problem with scanning as a normal user solutions for Debian on the
Brother website worked. Then I installed the Nvidia proprietary driver needed for the TV-Out on my card
instead of nouveau.
With those working, I felt confident that I would be using Aptosid for good. I disabled gdm and set the system
up to go straight into Openbox, and got into configuring it, turning off some unneeded daemons, etc. (details
below).
Installing additional software is a breeze with apt-get, and the packages are PGP signed. I was happy to find
that every single piece of software I wanted was in the repos, including a handful that had been in Archs
AUR. And I carefully removed a few things, although I found the default XFCE components were small and
reasonable, so I left a lot of it be never hurts to have alternate apps available.
Moving my home folder from Arch left all my software configured it all worked perfectly no adjustments
to the home folder were required.
When all was done, my system used 3.33GB, compared to 3.88GB on Arch, which surprised me. Same
software plus the XFCE stuff I didnt have on Arch came out smaller! Part of the explanation could be the fact
that Aptosid offers split packages for libreOffice, so I only installed writer and calc.
The system has been running well for several days thus far it is very stable and fast. In general Im very
impressed with how much I was able to accomplish with relatively little effort.
Like Arch, Aptosid is cutting edge, so occasional breakage is the norm. On my most recent dist upgrade the
nvidia kernel source build gave an error, so I stuck with the previous kernel. This is a known issue
(http://aptosid.com/index.php?name=PNphpBB2&file=viewtopic&t=962&postdays=0&postorder=asc&
sid=319196bd04b141ad0aa850a82881ab78) having to do with Nvidia not keeping up, and the Aptosid devs
recommended just using the prior kernel for the time being. Someone also posted an easy fix for the source, but
I havent tried that. That is the only unresolved issue I have at this point. Looking at and using my desktop, I
wouldnt even know I changed distros.
The main difference is with Arch you install software and configure it, whereas with Aptosid the software is
more carefully configured, but you may want to trim back some things. With the lighter components I used
this was very minimal, and I actually appreciated using a configuration that had some work already put into it.
Aptosid seems nicely positioned between the bare minimum of Arch and the overdone complexity of
Ubuntu.
So based on a few days worth of experiences, I definitely am liking Aptosid, which I find to be an interesting
mix of concepts. Its rolling release and unstable, yet polished and refined, and quite stable for use (thus far,
and from what Ive read). Its a small distro, yet can take advantage of the huge repos and issue support of
Debian (many solutions to problems are on Debian forums, and I still use the Arch Wiki as well much of the
content is generic). And the packages seem to be sanely configured with an emphasis on security. Nice job
Aptosid!
Nitty Gritty
8 of 32 11/08/2013 02:30 PM
Below are my detailed and commented install notes, which show how I resolved a few problems and got
things working the way I wanted.
9 of 32 11/08/2013 02:30 PM
# TNSTALL N0TES I0R aplos1d-2011-01-eras-xice-amd64-201102051540
apl-el updale
# d1sabled sWap 1n islab
# 1nslall openbox and some bas1c apps
apl-el 1nslall nano openbox eany
# 01sable vis daemon {d1sabl1n 1l lh1s Way W1ll cause 1l lo come back
# on an updale, so T W1ll look ior a beller solul1on
mv 1usr1share1dbus-11serv1ces1vis-daemon.serv1ce \
1usr1share1dbus-11serv1ces1vis-daemon.serv1ce-d1sabled
mv 1usr1share1dbus-11serv1ces1vis-meladala.serv1ce \
1usr1share1dbus-11serv1ces1vis-meladala.serv1ce-d1sabled
# 01sable passWord aenls
sed -1 `s1^use-ssh-aenl||.blank.]]*1#use-ssh-aenl1` 1elc1X111Xsess1on.opl1ons
# Remove 1nsane synlax h1hl1hl1n 1n nano
sed -1 `s1^\{1nclude .*\}1#\11` 1elc1nanorc # i1x colors
# Add some 1lems lo 1elc1syscll.coni.
# 01sable lhe ma1c-sysrq key {console secur1ly 1ssues}
kernel.sysrq = 0
# Enable TCP SYN Cook1e Prolecl1on
nel.1pv4.lcp_syncook1es = 1
# Reduce d1sk acl1v1ly ior SS0 lo 240 seconds
vm.d1rly_ral1o = 40
vm.d1rly_backround_ral1o = 1
vm.d1rly_Wr1leback_cenl1secs = 24000
# Add lo rc.local ior SS0.
# Sel sda lo use deadl1ne scheduler
echo deadl1ne > 1sys1block1sda1queue1scheduler
echo 1 > 1sys1block1sda1queue11osched1i1io_balch
# Tnslall some more soilWare
apl-el 1nslall amule amule-ul1ls asunder chkroolk1l clamav claWs-ma1l \
claWs-ma1l-lray1con cryslalcursors delue-lk dnsul1ls dosislools i1le-roller \
ilashplu1n-noniree isarch1ver eeq1e ilp-lk hex 1mp lk2-en1nes 1maema1ck \
1nol1iy-lools head klsuss leaipad l1bd2-xpm-dev l1breoii1ce-calc \
l1breoii1ce-Wr1ler lxpanel mencoder moz1lla-plu1n-vlc mp123 nelcal-openbsd \
parl1mae pcal pdnsd p1anobar p1d1n rdale roxlerm secure-delele shell-im \
smplayer smplayer-lhemes speedcrunch sql1le3 slunnel sun-ava6-re synapl1c \
lano-1con-lheme lli-mscoreionls-1nslaller unelbool1n unrar uu1d-runl1me vlc \
x11-apps xd1skusae xpad xscreensaver xlerm
# Selup my Brolher MIC-7420 Laser Pr1nler1Scanner.
10 of 32 11/08/2013 02:30 PM
# add user lo lpadm1n roup so user passWord can coni1ure cups
passWd -a user lpadm1n
# Tnslall lhe dr1vers {some errors beloW are normal}
apl-el 1nslall 1a32-l1bs
dpk -1 --iorce-all --iorce-arch1leclure brmic7420lpr-2.0.1-1.1386.deb
mkd1r 1usr1share1cups1model1
dpk -1 --iorce-all --iorce-arch1leclure cupsWrapperMIC7420-2.0.1-2.1386.deb
ln -s 1usr1l1b1l1bbrcomplpr2.so 1usr1l1b321l1bbrcomplpr2.so
dpk -1 brscan2-0.2.4-0.amd64.deb
# v1s1l hllp.11localhosl.631 lo adm1n cups
# Lel users 1n roup scanner use scanner.
nano 1elc1udev1rules.d1z60_l1bsane.rules # creales i1le, add.
# Brolher
SYSIS{1dvendor)=="04i9", M00E="0666", 0R0uP="scanner", ENv{l1bsane_malched)="
# I1x pr1nler mar1ns ior neWer cups.
nano 1usr1local1Brolher11ni1brMIC7420rc # chane.
PaperType=Leller
# v1deo Card Selup
# i1rsl ed1l 1elc1apl1sources.l1sl.d1deb1an.l1sl lo 1nclude unslable non-iree
apl-el updale
apl-el 1nslall nv1d1a-kernel-source nv1d1a-kernel-common dmakms
echo nv1d1a-kernel-source >> 1elc1deiaull1dmakms
m-a a-1 nv1d1a-kernel-source
apl-el 1nslall nv1d1a-lx
# REB00T
# Manual Noles.
# # When xor updales you only need lo re1nslall nv1d1a-lx.
# apl-el 1nslall --re1nslall nv1d1a-lx
# # When lhe nv1d1a-kernel-source 1s updaled.
# m-a a-1 nv1d1a-kernel-source
# apl-el 1nslall --re1nslall nv1d1a-lx
# 01sable dm.
updale-rc.d dm d1sable
# Add anolher user
useradd -s 1b1n1bash -m -u 1001 exlrauser
usermod -0 exlrauser cdrom,aud1o,v1deo,users
# Bu1ld pcmanim-mod W1lhoul hal supporl {hal 1s runn1n on aplos1d bul T don`l
# use lhe pcmanim-mod volume manaemenl}. {Aplos1d uses iam by deiaull and lh1s
# seems lo Work beller lhan am1n d1d 1n Arch.}
apl-el 1nslall 1nlllool pk-coni1 l1blk2.0-dev l1bslarlup-nol1i1cal1on0-dev l1biam
# sk1p 1nslall oi. l1bhal-slorae-dev l1bhal-dev
# unpack pcmanim-mod larball
.1coni1ure --d1sable-hal --prei1x=1usr # RAL supporl d1sabled lh1s Way
make
sudo make 1nslall
11 of 32 11/08/2013 02:30 PM
sudo 1nslall -c -m 755 pcmanim-opener 1usr1b1n
sudo updale-m1me-dalabase 1usr1share1m1me
sudo updale-desklop-dalabase
# Slop PC speaker beep1n
nano 1elc11npulrc # ed1l.
sel bell-slyle none
nano 1elc1modprobe.d1blackl1sl # add.
blackl1sl pcspkr
# Repa1r W1ndoWs key - by deiaull 1l Was mapped lo anolher key Wh1ch caused
# my openbox keyboard shorlculs lo nol Work.
# Tnio. hllp.11bda.alh.cx1blo120101111141W1ndoWs-key-1n-aplos1ds1duxdeb1an1
nano 1elc1deiaull1keyboard # chane.
XKB0PTT0NS="lv3.rall_sW1lch,compose.lW1n,rp.all_sh1il_lole"
# lo.
XKB0PTT0NS="lv3.rall_sW1lch,rp.all_sh1il_lole"
# IuLL uP0ATE
apl-el updale
apl-el d1sl-uprade -d # doWnloads bul nol 1nslall
# TMP0RTANT. ex1l X, lo1n lo lly
1n1l 3
apl-el d1sl-uprade
apl-el clean
# ed1l 1elc1sudoers W1lh des1red deiaulls
# Sel slal1c TP.
nano 1elc1nelWork11nleriaces # d1sable dhcp l1ne and add.
# Slal1c
1iace elh0 1nel slal1c
address 192.168.1.100
nelmask 255.255.255.0
nelWork 192.168.1.0
broadcasl 192.168.1.255
aleWay 192.168.1.1
# Nole. lhe deiaull 1n1l scr1pl ior pdnsd d1dn`l Work ior me because 1l seemed
# lo have an error 1n 1l, and 1l also expecled lhe cache lo be 1n lhe deiaull
# local1on. So T d1sabled lhal scr1pl and 1nslalled a mod1i1ed one.
# Add more loop dev1ces 1 lhru 7
nano 1elc1modules # add.
loop max_loop=8
# Add l1bdvdcss2 ior 0v0s.
p --recv-keys 070C56301I41B907 && p -a --exporl 070C56301I41B907 ] sudo apl-key a
# ed1l 1elc1apl1sources.l1sl.d1deb1an.l1sl lo 1nclude.
deb hllp.11WWW.deb1an-mull1med1a.or s1d ma1n
apl-el updale
apl-el 1nslall l1bdvdcss2
12 of 32 11/08/2013 02:30 PM
# I1x cryslal cursor m1ss1n dra-n-drop cursors
cd 1usr1share11cons1cryslalreen1cursors
ln -s quesl1on_arroW dnd-ask
ln -s l1nk dnd-l1nk
ln -s leil_plr dnd-move
ln -s leil_plr dnd-none
# Tnslall 0oole Earlh 6
# N0TE. To prevenl ex1m4 MTA be1n 1nslalled as a dependency ior lsb-core
# T crealed a dummy packae {ex1m4 1s nol really needed}.
apl-el 1nslall equ1vs
nano ex1m4.cll # creale, add conlenls.
Secl1on. Web
Packae. ex1m4-dummy
Prov1des. ex1m4, ex1m4-base, ex1m4-coni1, ex1m4-daemon-l1hl, ma1l
0escr1pl1on. EXTM4 dummy packae
Th1s packae prov1des dpk W1lh lhe 1niormal1on lhal
lhere 1s a local ma1l server 1nslalled.
equ1vs-bu1ld ex1m4.cll
dpk -1 ex1m4-dummy_1.0_all.deb
# N0TE. To prevenl al be1n 1nslalled as a dependency ior lsb-core
# T crealed a dummy packae.
apl-el 1nslall equ1vs
nano al.cll # creale, add conlenls.
Secl1on. Web
Packae. al-dummy
Prov1des. al
0escr1pl1on. al dummy packae
Th1s packae prov1des dpk W1lh lhe 1niormal1on lhal
lh1s packae 1s 1nslalled.
equ1vs-bu1ld al.cll
dpk -1 al-dummy_1.0_all.deb
# 0oWnload oole-earlh-slable_currenl_amd64.deb {irom earlh.oole.com}
dpk -1 oole-earlh-slable_currenl_amd64.deb
apl-el 1nlall 1a32-l1bs 1a32-l1bs-lk lsb-core
# someone sa1d l1b32nss-mdns Was needed bul 1l doesn`l appear lo be
# W1lh above, Works bul no 1mae - add nv1d1a 32b1l l1bs {lhanks d1bl}
apl-el 1nslall nv1d1a-lx-1a32
# TMP0RTANT. oole deb also 1nslalls.
1elc1cron.da1ly1oole-earlh
1elc1apl1sources.l1sl.d1oole-earlh.l1sl
plus some m1me sluii 1n 1usr1share1appl1cal1ons
# so T remove 1l.
rm 1elc1cron.da1ly1oole-earlh
rm 1elc1apl1sources.l1sl.d1oole-earlh.l1sl
nano 1usr1share1appl1cal1ons1m1me1nio.cache # remove oole enlr1es
nano 1usr1share1appl1cal1ons1deiaulls.l1sl # remove oole enlr1es
appl1cal1on1keyhole=oole-earlh.desklop
appl1cal1on1vnd.oole-earlh.kml+xml=oole-earlh.desklop
appl1cal1on1vnd.oole-earlh.kmz=oole-earlh.desklop
13 of 32 11/08/2013 02:30 PM
appl1cal1on1earlhv1eWer=oole-earlh.desklop
# N0TE. S1nce 1ls closed-source, cons1der runn1n oole-earlh 1n a sandbox
# such as sandiox.
# un1nslall some unneeded {by me} and unWanled lh1ns. {irees 146MB} {T checked
# lhese careiully ior dependenc1es, olherW1se apl-el can lake oul hali your syslem -
# use "apl-el -s remove PK0NAME" lo s1mulale and see Whal 1l W1ll do, or check us1n
# Synapl1c {bul alWays use apl-el d1reclly lo do lhe aclual removal}
apl-el pure ab1Word aplos1d-manual-de blueloolh bluez br2684cll busybox cen1 \
c1is-ul1ls iluxbox ioo2zs calclool numer1c p1cv1eW x1ne x1neplu1n hp1s \
hp1s-ppds hpl1p hpl1p-cups hpl1p-dala 1ceWeasel-l10n-de lvm2 mc mlocale \
myspell-de-de nmap openssh-server orae pcmc1aul1ls r1slrello samba-common spl1x \
squeeze lhunar-volman lransm1ss1on vpnc xarch1ver xiburn
# Remove unneeded locales {lanuaes} lo iree 300MB.
apl-el 1nslall localepure # unselecl all bul selecled ones 1n your lanuae!
localepure
# I1x clock keeps chan1n on every bool
nano 1elc1deiaull1rcS # chane.
uTC=no
# d1sable daemons T don`l Wanl {many oi lhese don`l aclually slarl and some aren`l
# even 1nslalled anymore, bul T lr1m lhem anyWay}. T use a scr1pl ior lh1s.
updale-rc.d acp1d d1sable
updale-rc.d ald d1sable
updale-rc.d blueloolh d1sable
updale-rc.d clamav-ireshclam d1sable
updale-rc.d cpuirequl1ls d1sable
updale-rc.d crypld1sks d1sable
updale-rc.d crypld1sks-early d1sable
updale-rc.d dns-clean d1sable
updale-rc.d ex1m4 d1sable
updale-rc.d iuse d1sable
updale-rc.d lvm2 d1sable
updale-rc.d pcmc1aul1ls d1sable
updale-rc.d pppd-dns d1sable
updale-rc.d resolvconi d1sable
updale-rc.d saned d1sable
updale-rc.d ssh d1sable
updale-rc.d slunnel4 d1sable
updale-rc.d v1rlualbox-ose-uesl-ul1ls d1sable
# Yel lo do.
# 1nslall lhe enu1ne cdrlools 1nslead oi Wod1m
# d1sable 1pv6 ior speed?
March 31, 2011 - Posted by IgnorantGuru | Tips
14 of 32 11/08/2013 02:30 PM
65 Comments
Ive been increasingly fed up with Arch for a long time, but havent tried anything better so far. When my
new laptop arrives, Ill certainly give this a go, but Im not a fan of xfce myself.
Comment by betamax | March 31, 2011 | Reply
This thread is an interesting read. Even though the devs there say there are no plans for a cli-only
installer, I could see it happening at some point it lends itself to it.
But the xfce stuff didnt get in my way it was actually handy to have it there while I was getting
openbox set up. And actually they did a nice job I never cared much for the look of xfce but Ive never
seen it like this pretty sharp. I should also mention that fluxbox was also included as a session option.
Comment by igurublog | March 31, 2011 | Reply
1.
Glad you like Aptosid. Ive posted a link to this article in our Community Forums. Enjoy.
Comment by detaos | March 31, 2011 | Reply
2.
add the frickelplatz source in /etc/apt/sources.list.d/
deb http://frickelplatz.de/debian/ sid main contrib non-free
That will take care of the nvidia issue, plus 64-bit chromium-browser (if you need it).
Comment by dibl | March 31, 2011 | Reply
3.
After dibls recommendation a few weeks ago on the Kubntu forum I installed the KDE4 version of aptosid.
(Im a KDE fan!) The partition setup is somewhat non-intuitive but experienced users will have no
problems. Other than that the install was easy. The KDE4 version is classic, although not 4.6, but the themes
are beautiful. I like leading edge KDE distros and if Kubuntu ever falters I know where my goto distro is.
Comment by GreyGeek | March 31, 2011 | Reply
4.
Hi.
Currently an Arch user, but Id like to know how Aptosid compares with regards to overall responsiveness
and boot times?
Also, what kernel do they cuurently use? Is it the vanilla Sid 2.6.37/38 or a custom compiled one?
Thanks.
Comment by Nimphtus | April 1, 2011 | Reply
Current kernel is vmlinuz-2.6.38-2.slh.2-aptosid-amd64. Aptosid does compile their own cutting edge
kernel (based on what I read in the nvidia thread).
I didnt measure the boot time because it was simply FAST. I would say close to Arch possibly a bit
faster or slower, but not much difference.
Responsiveness is great in general. I think some of the priorities are different, but these can be adjusted.
5.
15 of 32 11/08/2013 02:30 PM
I have noticed little differences in the paint times on some apps like Geany and Firefox just a hair
slower (a few milliseconds, but within my visual range to detect). But other things seem quicker. Nor
have I optimized things yet still getting to know the system.
Playing video, for example, its completely smooth. I definitely havent encountered any video, audio,
mouse or keyboard pauses, etc., which would drive me crazy.
Comment by IgnorantGuru | April 1, 2011 | Reply
Thanks for the reply, Guru :)
I hope you keep us updated on any future optimizations you make to your aptosid system.
Goes without saying that Im extremely interested, and might take the plunge when I find some time
later.
Best Regards.
Will do. I think the live CD will give you a decent idea. The xfce one booted very fast cant
speak for KDE.
Today I figured out how to remove exim4 (MTA) even though its a dependency of lsb-core
(required by the google-earth 6 monster). I updated the Nitty Gritty details section above with
that info.
And I figured out how to make my own script the systems MTA silly to run a full MTA just to
catch roots mail. (No MTA was installed by default.) I might make a howto on this when I get a
chance. Pretty easy.
the static ip can also be done with ceni. aptosids network tool.
Comment by se7en | April 1, 2011 | Reply
6.
IG,
You might want to give GRML a go one of these days. Ive heard great things about it from many serious
*nixers.
Its touted as a Live system, but most install it to their internal drive (via grml2hd, if I remembered right)
and find that its possibly the snappiest Debian based distro out there. Its said that GRMLs small iso (sid
derived) installs less than Debians own net.iso base.
Another benefit is that it comes with zsh set as default shell, and a pretty good .zshrc to boot (my Arch
setup uses a GRML derived zshrc that someone ported to AUR)
Main page http://grml.org/
Daily snapshots http://daily.grml.org/
GRML zshrc http://grml.org/zsh/
7.
If aptosid meets your needs, great. I was wondering if you considered Sabayon at all. I dont use it, but it is
a rolling release distro that is Gentoo-based, and features Entropy package manager (so you wouldnt be
8.
16 of 32 11/08/2013 02:30 PM
reliant on Portage). It has both a CoreCDX (Fluxbox) edition as well as a SpinBase (no GUI) edition (in
addition to offering KDE, GNOME, Xfce, LXDE, & Enlightenment editions).
http://forum.sabayon.org/viewtopic.php?f=60&t=22982
Comment by Anonymous | April 3, 2011 | Reply
So far so good with aptosid nice system. Sabayon has some promising aspects I did come across it at
one point in my shopping. At this point Im a little concerned with Gentoo as apparently it suffers some
unsigned package issues, as came up in the comments to the LWN article on Arch:
> Unless Im out of date I believe Gentoo has also always suffered this, and continues to do so.
You are many years out of date :) Gentoos portage has had the ability to use GPG to sign and verity
package manifests since 2004: http://www.gentoo.org/news/20041021-portage51.xml
What is true is that there seems to be no policy requiring Gentoo developers to sign manifests, and as
a result, many developers never bother to do so and thousands of packages remain unsigned.
Sounds like Sabayon would inherit these as it uses Gentoo unstable repos. I havent looked into the
details on this, but I think anyone considering Gentoo or derivatives should review the issues.
Especially like the install notes and the fact that you keep openbox.
Gonna try Aptosid too soon.
Would be nice to hear what you do miss leaving Arch. For instance the rc.conf file , easy daemon setup.
And dont you miss the easy compiling with packer or what you used before for Aur?
Comment by Pablo | April 3, 2011 | Reply
I do like Archs simpler init system, but once you get to know update-rc.d its good enough. Just a
matter of translation.
I think the AUR is a great idea that would benefit any distro. I havent actually missed it yet because all
the software I wanted was already available, except for pcmanfm-mod which compiled fine. The debian
repos are hard to beat something I missed while using Arch, but the AUR made up for it.
Working on aptosid with an Arch background is actually pretty fun. Like having a well made system to
explore, while also knowing how to adjust it and make it do what you want. Ive learned a lot already,
and most of it is pretty cool.
Also, I havent used any GUI configuration apps not a one. By choice I know they have some in
there. Only GUI system tool Ive used is Synaptic, which I just like for exploring the installed package
database, dependencies, etc. But even there I mostly use apt-get, apt-cache, and dpkg aliases. Its a great
CLI system.
9.
My trek forth and back trying distro after distro I started with Kubuntu for a year or so then migrated to
Sidux for a good year and then, only after the LOAD_CYCLE_COUNT issue fried my laptops HDD, I tried
Arch and now I think I just stayed with Arch because the documentation/wikis were so much better and
the packages were a bit newer.
Now with the package signing and overall security concerns, Im thinking about going back to Sidux, aka
Aptosid. The question I havent answered for myself is why go to Aptosid instead of just Debian Sid? I just
10.
17 of 32 11/08/2013 02:30 PM
checked and the packages that I use on a regular basis are very up-to-date and its obviously one less layer
removed from stock Debian, less customization to have to worry about in terms of security, e.g. how
Aptosid compiles its own custom kernel.
Whats kept you or anyone thats in the same boat from just sticking with Debian Sid?
Comment by LoyalArchUser | April 5, 2011 | Reply
Good questions. Personally, I figured Aptosid would be a bit more stable & refined than plain sid at
least thats what they claim is their purpose, and a number of people suggested aptosid to me
specifically. But I cant say I know the differences well. There is some info on the Quick Start page:
The kernel is aptosid optimised to help offset issues, add new functionality, or configured for faster
performance and better stability and tweaked from latest kernel from http://www.kernel.org/
aptosid run levels are different to debian see: aptosid runlevels init
You might inquire on their forum what the specific differences are the devs seem to participate there. I
would be interested too.
I havent done many upgrades yet, but thus far my system is running very well. Having the system and
packages pre-configured is a little different. But Im seeing a benefit it looks like more effort goes into
security settings. With Arch, I think people tend to install a package and use it with minimal
configuration. The problem with this, which Im now realizing better, is that most Arch packages are not
really setup for good security or integrated with other components this is considered the users
responsibility (but how many users take the time to address these refinements?) Ive picked up some
good ideas from how the packages come configured on Aptosid. And its definitely far less busy than
Ubuntu (my only other Debian derivative) pretty sane defaults. For example, sound has worked
without my doing anything, and its using my preferred server by default alsa. There seems to be a
decent respect for simplicity.
Interestingly enough also Linux Mint XFCE is switching to Debian and a rolling release model:
http://blog.linuxmint.com/?p=1725
Rolling editions do not carry version numbers. They follow the Debian Testing branch. Because of their
rolling nature, theyre receiving continuous updates and their version number never changes (technically
its always 1" though we do not mention it since its not relevant). Note the absence of version number in
Linux Mint Xfce for instance, indicating its rolling nature.
An important thing to notice is the fact that rolling editions are in constant evolution but that a particular
ISO image is a snapshot of this edition at a particular time. So, though rolling editions do not get outdated,
ISO images do. For this reason we use a timestamp for our ISO images, such as Linux Mint Xfce (201104).
Would be interesting to compare in configuration, stability and snappiness/
Comment by Pablo | April 7, 2011 | Reply
11.
I am a Linuxer who uses Debian testing, installed from the netinstall cd, with standard and notebook and
every other option unchecked, which gives me a core Debian system, which I then proceed to build to my
liking. Despite the teenage hubris of Arch users, I believe I have a system as customizable and up to date
(currently running .38-2 kernel for example) as Arch, with better program selection and high grade security.
Debian is simply what Linux is meant to be, technically and politically.
Now, reading your blog, I am under the impression that you know your way around computing (certainly
12.
18 of 32 11/08/2013 02:30 PM
much more than me, Im a journalist by trade), so I am puzzled by two things. One, why did you use Arch
for a full year, knowing full well its unacceptable shortcomings? And two, whats the advantage of Aptosid
over running Debian sid, and why sid, and not testing, if stability is an issue? Especially if you dont shy
away from building your own system to your liking (as using Arch in the first place seems to suggest I
guess nobody goes for that distro so they could have no security, theres other motivation)
Comment by istok | April 7, 2011 | Reply
> One, why did you use Arch for a full year, knowing full well its unacceptable shortcomings?
I did not know full well for a year I discovered the extent of the security problems when I looked
into it in detail some weeks ago. My lack of awareness was due to bad assumptions on my part (I
thought any major distribution would have the sense to secure mirrors, especially with the tools
available for decades), and also due to the policy on the forums of removing info embarrassing to the
devs. When I did look into it, the poor attitudes of the primary devs is what drove me away from Arch
more than any one security problem I realized they simply dont care about their users (security or
anything else), to put it mildly.
> And two, whats the advantage of Aptosid over running Debian sid, and why sid, and not testing, if
stability is an issue?
You tell me youre the experienced Debian user. How about providing a summary of the benefits of
these options as you see them Im sure others will appreciate it, as will I. As for why I tried Aptosid
it was recommended and looked capable, and Im still using it because its doing the job. I doubt Ill
change right away (tired of reinstalling), but Im always open to things done smartly, and at some point
I may try other Debian variants, Slackware, SalixOS, Mint, or others that have been brought to my
attention. Thanks.
Im not going to do a Testing vs Sid comparison, as Im sure the are others far more capable than I at
explaining.
One thing I will share;
Some seasoned Debianites seem to prefer Sid over Testing mainly because of the rate broken
packages get fixed. As you know, Testing and Sid arent constantly rolling like Arch or Gentoo. Both
go into a frozen state for a few months once every 2 years or so (usually close to an official release
of Stable). Yes, Testing is probably more stable than 90% of distros out there, but you still get
breakage, especially just after the repos get unfrozen following an official release of Stable. In this
case, fixes often make their way into the Unstable/Sid repos first (lets forget about Experimental for
now, shall we), while it might take some weeks for these fixes to make their way to Testing.
Another reason (Im told) is that packages in Unstable/Sid are more vanilla (as the package devs
intended) compared to those in Testing or Stable which have been modified for better Debian
integration.
Comment by Nymphtus | April 7, 2011 | Reply
Thanks good to know. Im a fan of packages that are left fairly vanilla. I found that many
problems in Ubuntu were caused not by the original developers but by careless and heavy-
handed modding, and then those bug reports were not addressed properly. Ubuntu is probably
the extreme in this behavior.
I actually dont mind breakage as long as it is eventually addressed, or can be addressed by the
user adjusting some config. That is part of rolling release. I always have a reasonably recent
19 of 32 11/08/2013 02:30 PM
backup available, and if I dont like an upgrade, roll it back.
When you decide to try out other Debian variants, give CrunchBang Linux a test drive;
http://www.crunchbanglinux.org. You can make it a rolling release by modifying the sources list to
point to Debian unstable versus stable repos. There is even a forum specifically for CrunchBang
users running unstable. You will find the forums to be very friendly as well.
Comment by Kurt | June 22, 2012 | Reply
Tell them KrunchTime referred you.
Good day.
After having read your impressions on aptosid and coming from Ubuntu, I agree with your findings
regarding the distro.
I guess when one tries Linux they come upon either a very bare distro that can be built up to ones liking
but end up spending more time building it instead of using it, or a heavily modded distro mostly for
beginners with lots of eye candies and conveniences but ends up trimming the fats from it.
You particularly mentioned the use of fam in aptosid over gamin. I would like to ask if you ever
encountered the fam daemon using up 100% of one core of your cpu. After some considerable minutes of
waiting you find that the only way to stop it is to kill it. I have seen this happen a couple of times and I
wonder if you might have some info regarding this unexpected behavior.
/m
Comment by milithruldur | April 7, 2011 | Reply
Hi, There does seem to be a bug in fam on this. I encountered it when for some reason I had disabled the
fam daemon from starting at boot, and manually started it later in the session. It kept pegging one core
as you describe. I stopped and started it several times, but it kept doing this.
However, when started at boot, Ive yet to have it do this, so it hasnt been a problem for me. Maybe try
starting it at an earlier runlevel (its started in 2 thru 5 on mine). You could also see if theres a bug
report on this.
I have not yet found a recent bug report on it, although I have found that Gamin might be a better
alternative to Fam:
Gamin has been designed as a drop-in replacement for FAM with security
and maintainability in mind and can use Linuxs advanced inotify
service when available.
Im not sure why Fam would be used in aptosid instead of Gamin. As a workaround I opted to
replace it with Gamin, and I have several things to say about this:
1) If you manually remove fam and libfam0 packages then this will remove other packages as well.
Simulate the removal process first to see if this is acceptable. However,
13.
20 of 32 11/08/2013 02:30 PM
2) If you decided to install gamin and libgamin on top of fam and libfam0, then those other packages
will not be removed, save for libgnomevfs and thunar-vfs and fam. It really seems that Gamin is
indeed a drop-in replacement for Fam, because removing Fam removes a couple more packages,
while installing Gamin on top of Fam will remove Fam but not the others.
/m
Comment by milithruldur | April 8, 2011 | Reply
I have always understood that gamin was the newer version of fam, so I was surprised to see it
in aptosid too. But it seems to work better with pcmanfm-mod than gamin did pcmanfm-mod
picks up on directory changes instantly now, whereas with gamin there was a delay. Makes it
nice and snappy. But I also disabled hal support when I built pcmanfm-mod this time (so HAL is
not used for mounting I use devmon for that), so perhaps that affected something.
I encountered the 100% cpu load once yesterday with fam when I was working on pcmanfm-mod
(restarting it frequently for testing). But with regular use it hasnt been a problem for me I
actually like fam better.
I do see some old bug reports on this, with some possible workarounds. Doesnt look very well
supported anymore though, so gamin might be the way to go if you encounter this bug. Thanks
for the tips on switching.
I appreciate seeing this article. I had not read it but keep seeing more responses to your article about Arch
Linux. I left Arch because of your article and have seen first hand how they treat the users. I was never as
comfortable of using Arch as I like some thing set up for me. Maybe this is why I kept using KDE as they
seemed to have every thing set up and I had to do nothing. I at one time used Debian and kept coming back
to it but finally stopped using it as I liked a more up to date system and found that some software even in
testing was not that up to date. It sounds like things have changed in this regard. I have used aptosid and
was not to impressed at the time but that was quite some time ago and things may have changed since then.
At the moment I am testing PC-BSD 9 but might leave this and try out aptosid. I like true rolling releases so
may try this out for the time being and then see where Gentoo gets on there problem and go there instead.
Comment by John | April 12, 2011 | Reply
As Nymphtus said and I have noted, sid does seem to be more up to date. One thing I like about Debian
this morning I received this email:
14.
21 of 32 11/08/2013 02:30 PM
Irom. N1co 0olde
To. deb1an-secur1ly-announce@l1sls.deb1an.or
Subecl. |SECuRTTY] |0SA 2218-1] vlc secur1ly updale
0ale. Tue, 12 Apr 2011 14.09.44 +0200
-----BE0TN P0P ST0NE0 MESSA0E-----
Rash. SRA1
- -------------------------------------------------------------------------
0eb1an Secur1ly Adv1sory 0SA-2218-1 secur1ly@deb1an.or
hllp.11WWW.deb1an.or1secur1ly1 N1co 0olde
Apr1l 12, 2011 hllp.11WWW.deb1an.or1secur1ly1iaq
- -------------------------------------------------------------------------
Packae . vlc
vulnerab1l1ly . heap-based buiier overiloW
Problem lype . local
0eb1an-spec1i1c. no
CvE T0 . none yel
Al1z Rammond d1scovered lhal lhe MP4 decoder plu1n oi vlc, a mull1med1a
player and slreamer, 1s vulnerable lo a heap-based buiier overiloW.
Th1s has been 1nlroduced by a Wron dala lype be1n used ior a s1ze
calculal1on. An allacker could use lh1s ilaW lo lr1ck a v1cl1m 1nlo
open1n a spec1ally crailed MP4 i1le and poss1bly execule arb1lrary code
or crash lhe med1a player.
The oldslable d1slr1bul1on {lenny} 1s nol aiiecled by lh1s problem.
Ior lhe slable d1slr1bul1on {squeeze}, lh1s problem has been i1xed 1n
vers1on 1.1.3-1squeeze5.
Ior lhe lesl1n d1slr1bul1on {Wheezy}, lh1s problem W1ll be i1xed soon.
Ior lhe unslable d1slr1bul1on {s1d}, lh1s problem has been i1xed 1n
vers1on 1.1.8-3.
We recommend lhal you uprade your vlc packaes.
Iurlher 1niormal1on aboul 0eb1an Secur1ly Adv1sor1es, hoW lo apply
lhese updales lo your syslem and irequenlly asked quesl1ons can be
iound al. hllp.11WWW.deb1an.or1secur1ly1
Ma1l1n l1sl. deb1an-secur1ly-announce@l1sls.deb1an.or
-----BE0TN P0P ST0NATuRE-----
vers1on. 0nuP0 v1.4.10 {0Nu1L1nux}
1EYEARECAAYIAk2kACkRYilSXNkiP9KhCeTMouW1sbaTR17lu1YTupu
1EAn211B3ER4k2ns4c0AKXZy8TTn
=uvB
22 of 32 11/08/2013 02:30 PM
-----EN0 P0P ST0NATuRE-----
I looked and I had vlc 1.1.8-2 installed, so I did an upgrade immediately. These security alerts are nice. I
also have noted that on the handful of alerts Ive received so far, the problems were already fixed in sid
and testing said this problem will be fixed soon.
I tried to install this to my main hard drive. It is funny they are using such an old installer. For me it keeps
aborting after step 5 so now I have no linux installed on this machine. Not sure what the problem is as the
files it tells me to check do not offer any advice as to what went wrong. I guess I might try out gentoo again
or throw Fedora 15 on here again as I know that works.
Comment by John | April 13, 2011 | Reply
15.
I obtained a few years ago sidux; now on my three computers are updated Xfce aptosids SSD Netbook
Acer, MSI ATI Radeon AMD 64 laptop and AMD 64 box.
But on AMD 64 laptop during the boot message is:
hda_intel: azx_get_response timeout, switching to single_cmd way
and after 10-15 minutes the computer shuts down.
With Parted Magic hours of hardware inspection is without errors + 80 C, scan disk, CPU tests etc.).
I think the error is in geras or Debian sid kernel with sound card, or grub2, because older apto / siduxes
worked on the laptop properly.
The lesson: no need to rush!
I am going to downgrade my distro and await the resolution of problems.
After 12 years of Linux, from SuSE 6.0 (1999.) to Debian, several Ubuntus, Mandrake, Gentoo, Arch, Mint,
Sabayon, Fedora, Puppy and countless gigas of Debs, rpms, tgzs : huge Gnome and ugly KDE 4.x are not
installed on my computers.
Comment by mlse | April 14, 2011 | Reply
16.
To IgnorantGuru and all who miss package signing.
I was upset when I got to know IgnorantGuru decided to move from Arch to another distro only because of
lack of package signing. Arch is very good distro with a lot of advantages: simple in configuration, one
config file instead of bunch scattered over the system, stable, and of course rolling-release. And I dont think
one defect in a system is enough to abandon it. Maybe someone will now say that its a REAL and BIG
defect! But I am saying not about weight of bug, but about its quantity it is only one! I could understand
switch to another distro if there were heap of them bug on bug driven by bug! But only one
So what do I suggest?
We are living in open source world, right? So whats the problem to make fork of any program we want, if
we have of the sources?!
Decisions (in order of simplicity)
1) *pacmans fork*. The inconvenience is forks maintenance to include all the changes of original pacman
17.
23 of 32 11/08/2013 02:30 PM
2) instead of writing and maintaining the fork, we can use *spaceman*. Why invent something what is
already done! Spaceman is package manager of Gnuffy (Arch based distro) with implemented package
signing! If it is based on Arch then it should work under Arch as well. Take spaceman and change it little
bit for our needs to work in Arch as native.
3) more simple variant *pacmans wrapper*. Like yaourt or packer. I personally prefer more simple
packer. Wrapper is not replacement of orinigal program but its supplement. So you dont have to care about
all changes of pacman. Your program just supplement it, like packer with its ability to install from AUR.
Here is the same thing wrapper cares only about package verification, and if it is correct pass it to
pacman, the rest thing doesnt matter.
4) even more simple variant combination of (2) and (3). It is *wrapper which function like spaceman*.
Inventing your own code is minimal, and changes of pacman dont bother at all.
What next? Next is(are) mirror(s) with signed packages
Again, decisions (in order of simplicity)
1) Download all the packages from the mirror where packages are not faked. Sign them. Make our own
mirror.
2) Find already existsing mirror with correct packages. Contact with mirrors maintainer and arrange about
creation of parallel repos with signed packages.
I believe other mirrors maintainers will appreciate it and will maintain repos with signed packages as well.
Comment by BrainWorker | April 17, 2011 | Reply
Id go with number two, as Ive already done that on my Arch system (which is now a Gnuffy system). I
would be interested to hear what wrapper ideas youd have for spaceman if we go with number four.
(Not to mention editing spacemans codes quite easy)
Also, I think we could go with number 2 quite easily if we can contact him.
You might want to also look at this thread, where I posted about my experiences with Gnuffy:
http://bbs.archbang.org/viewtopic.php?id=519
Comment by amethystsigilyph | April 17, 2011 | Reply
*Durp, I meant number two for the part about the mirrors in the second paragraph of my reply to you.
I am glad to hear that someone else is concerned about package signing, besides IG :)
This is great! Ones as good as none, together they can move mountains! :)
More about point 4. In point 2 I said about usage of spaceman instead of pacman as package
manager under Arch (with possible modifications in order to make it run under Arch smoothly). But
in point 4 I suggested easier (as I think) variant make wrapper for pacman using spaceman features
that have to do with signing.
What do I mean? Spaceman is a stand-alone application, which can, inter alia, install, updrade,
remove packages. I suggest to port only the code concerning package signing (only that part we are
interested in) and make pacman wrapper from it. Thats it. We are not really interested in new way
of installing or upgrading packages, are we?!
24 of 32 11/08/2013 02:30 PM
The second advantage of that approach is that, unfortunately, Gnuffy is abandoned project and it is
not developed. The latest update of projects wiki was one year ago, and the URL to spacemans
packages is broken.
So whether you like it or not, project is abandoned. For some reason it seems that nobody is
interested in it. And in this case I think we have to adopt the best things that was made but now
lying in the ruins. Especially because Arch is good and well.
Comment by BrainWorker | April 18, 2011 | Reply
Oooh, right. What URL are you referring to thats broken? I suppose you mean the package list,
which downloads just fine onto my system and I can still upgrade just fine. Theres probably
some more stuff I can fix in spaceman (most of which are minor bugs) and there is some activity,
but not much due to lack of manpower. Ill go ahead and stick with my decision so I can help
them, but I digress. Onto the feedback for your solution:
I can work on a wrapper to deal with the signing quite easily (provided I can get time back on my
desktop, because my one of my current classes require me to make *.docx files with line
numbering). Ill just have to make sure the wrapper covers all possible options for pacman. A
good starting point for the wrapper would probably be packer, since it by default deals with
operations only it needs to deal with, letting pacman handle the rest.
Adding the signing support to makepkg should be relatively easy itself, only requiring a few
lines to be added to makepkg to sign the package.
The code snippets that would be of most interest to you are the sign_pkg and the check_signature
functions. The check_signature function may require a bit of tweaking to suit the needs of the
wrapper. Ill try to get on my desktop to see how well deal with the checking (and to investigate
it further to see what changes well need).
http://pastebin.com/nN0f1rrt <- At least I was able to get the appropriate functions out of
spaceman for pasting convenience.
This was a very nice read. I am in the process of making my own minimal Ubuntu install with Openbox
and XFCE components as seen in Crunchbang (they have since switched to Debian Sid as well) and your
article has given me new packages to have a look at.
I tried Arch for day in a VM but quickly got fed up with it. Its just too much work and I am too familiar
with the Debian way to switch now.
Dont get me wrong, I love Debian, but I love Ubuntu just a TINY bit more thanks to the PPAs.
Comment by snek | April 19, 2011 | Reply
Out of the box, CrunchBang is based on Debian stable or Debian stable with backports. It is not based on
Sid. However, you can base CrunchBang off of Sid by making changes to the sources file.
18.
Andreas, have you had enough time with Aptosid to be worth an update to this post or a new post?
Im currently using ArchBang, but have to agree with your two primary concerns about Arch. Nice distro,
incorporating much that is nice about CrunchBang, but I really think I want to base my Linux experience off
either Debian Testing or Unstable.
19.
25 of 32 11/08/2013 02:30 PM
I spent almost a year with #! Statler, based on Testing and it was more stable than any newly released
Ubuntu. Decided to try out ArchBang on an Arch base an it is OK. Lovely docs.
However, #! will be based on Stable and I really prefer a rolling release. I think my skills have advanced to
the point where I can config and maintain my own Openbox on Debian Unstable.
Two other advantages to Debian: availability of pre-built apps in .deb format (e.g., Chromium Arch
Extra is not current) and the opportunity to become expert in one of the two major versions of Linux
Debian.
Debian and/or Fedora/RHEL/CentOS skills are more widely applicable professionally than Arch,
Slackware, SuSe, etc.
Comment by Doug | April 19, 2011 | Reply
Thanks interesting points. As far as an update on my experiences with Aptosid, not much to say
(which is a good thing). I havent been toying with the internals too much the past few weeks, just using
it and occasionally updating and adding minor software now and then. It has been running very reliably
in that time, and I havent had any update problems. The only issue I have is still the nvidia driver issue
I spoke about above. Ive just been booting the .37 kernel for now. There were a number of options
discussed for how to update the kernel and keep nvidia happy but I figured Id wait for a bit I have no
need for the very latest kernel at the moment and had some other more pressing things to do.
I did disable the daemons that handle cpu frequency (cpufrequtils & loadcpufreq) to see what it would
do. Im honestly not sure exactly what they do and didnt research it, but for this desktop system I didnt
want any throttling. I think it may have given me a little boost. And the Sensor Viewer that shows temps
and fan speeds still works (it came already setup so left it in there), as does the CPU load monitor in the
lxpanel tray.
Other than that not much to say its working great and I like the security bulletins.
Thanks for the insights. I think aptosid with Openbox & XFCE will be my next distro.
Mea culpa on the Arch/Chromium update issue. My mirror apparently has gone out of sync, which I
didnt suspect because the Arch Chromium package itself had been flagged as out of date. I switched
mirrors and all is well, despite the package flag.
Comment by Doug | April 20, 2011 | Reply
Looks like they are close to implement package signing in Arch.
Look at the beginning of begginers guide https://wiki.archlinux.org/index.php/Beginners%27_Guide
This fact makes me glad :-)
Comment by BrainWorker | May 16, 2011 | Reply
20.
Brainworker said: Look at the beginning of begginers guide https://wiki.archlinux.org/index.php
/Beginners%27_Guide
If you referring to checking the md5sum of a downloaded iso, that is not new.
To what are you referring?
Comment by Pablo | May 17, 2011 | Reply
21.
26 of 32 11/08/2013 02:30 PM
Oops, now that warning is gone!
On the top of begginers guide there was warning (written on red background): ArchLinux currently
uses unsigned packages. Security of your system depends on package mirrors you use.
Comment by BrainWorker | May 17, 2011 | Reply
Brainworker, Im not sure what your purpose is you come across as someone who wants to
convince us that Arch is fine once package signing is implemented, eg:
And I dont think one defect in a system is enough to abandon it.
I disagree, yet this also shows that you have not absorbed the core of my complaint, where I said
repeatedly that lack of package signing for a decade is just one symptom. The real issue is that the
primary Arch devs are irresponsible with their users security, and just adding signatures to
packages wont change that reality. Using a distro where the devs dont care about your security and
treat your concerns dismissively is just as irresponsible. Its clear you are unwilling to give up Arch
so be it. But youre certainly not convincing me of anything but the opposite of what youre saying.
The edits to the wiki in the last two days to add, then tame down, and then completely remove the
warning to new users is yet another example of this irresponsibility (you can see the edits in the May
16, 2011 history). Now that Im no longer an Arch user, its rather humorous they sure do respond
fast to any documentation of their lapses, just not to the lapses themselves. They continue to be
unwilling to inform new users of the implications of using Archs package system. Their pride is far
more valuable to them than their integrity.
Once they do implement package signing, there will be many who will say Arch is now secure. But
thats merely wishful thinking. I now know the attitude and practices of the devs Arch is an
irresponsible Linux distribution which IMO should be avoided on principle alone.
Kid yourself if you like, but not me.
Comment by IgnorantGuru | May 17, 2011 | Reply
FYI, in terms of Debian taking up less disk space than Arch, thats no accident and has nothing to do with
LibreOffice (most of its bulk is in its base, not its individual programs).
The reason it takes up so much less space is that Arch installs the development headers for every single
installed package, but Debian doesnt, and instead expects you to install the corresponding -dev package
for every package you want the headers for. Archs method is more convenient if you compile lots of
programs outside the repositories (say, the AUR), or just like to develop using lots of disparate libraries.
Debians method is better when you want to conserve disk space, or simply dont compile very many
programs with dependencies. Both have their advantages and disadvantages.
Comment by Stan | May 18, 2011 | Reply
Thanks that makes sense.
As an update on the original post, updates have been going very trouble-free with Aptosid, and any
security problems that I receive alerts about have already been resolved by the time I update. The latest
update also included new nvidia source with the latest kernel, and this corrected the nvidia problem
referenced in the OP (not sure if nvidia fixed it or aptosid/debian patched it). I had merely been using a
slightly older .37 kernel until the issue was resolved, although there were easy fixes advertised before
this. With rolling release, I find its often helpful to just wait on some updates. Ive been updating
22.
27 of 32 11/08/2013 02:30 PM
Aptosid about every two weeks with great results. Their forums have been friendly and helpful as well.
And of course I gave myself an introduction to Debian packaging and setup my PPA without much
hassle, making it all compatible with Ubuntu as well as Debian (and other Debian derivatives should
work as well). (I downloadeds Ubuntus latest liveISO to test with, and personally I definitely like
Aptosid better than the direction Ubuntu has gone the live boot time alone was remarkably different,
and I had stability problems with Ubuntu live.)
Comment by IgnorantGuru | May 20, 2011 | Reply
NICE article, I tried aptosid quickly but then I went back to the ArchWay. But aptosid is going back on my
newer spare PC, as soon as I get it.
But yes, OpenBSD / FreeBSD (is just so good, their Docs, userland bar-none is the best UNIX in the world)
But sadly as you mentioned, the lack of good(new) Hardware devices support (no thx to the obvious
greedy-proprietary Manufactureres, and yes, I do mean ATI mostly !) is pushing me farther and farther
away.
No blame on FreeBSDs part here, cause we ALL know what MacOSX really is anyway ;)
But ya, Aptosid + Openbox looks like a winner.
thx.
Comment by Rick | July 28, 2011 | Reply
Thanks for your comments. BSD did look promising. For me the main issue was definitely hardware
support, particularly my Brother printer/scanner. With a lot of work on the driver I might have been
able to get the printer working, but I suspect not the scanner. And that is pretty much a show stopper.
Youre right about OSX! Apple is a parasite in this case not sharing their BSD hardware progress back
to the community.
Aptosid has been working great for 4 months now, and beyond the initial problems I had (which were
resolved fairly promptly), I havent encountered much else. I do bi-monthly updates on average, and
they seem to do a good job with the stability of their rolling release, and the versions seem up-to-date.
Ive definitely had fewer hassles since the switch.
Im not very excited about Linux anymore though. I think the quality, stability, and security of the
kernel and major components like X are being eroded and spoiled by corporate interests, developer
egos, and poor development practices. But the alternatives seem unripe for casual users who dont want
to lose functionality. I look forward to a good alternative thats cleaner and more modern in concept, but
also with a bit more old world quality in it. A lot of whats built for Linux today is built broken
disappointing to see quality drop like that to a Microsoft level. Maybe Hurd will grow into this role.
What Linux was to UNIX, we now need for Linux. Whos the next Linus?
Comment by IgnorantGuru | July 28, 2011 | Reply
its so ageold it isnt even funny anymore now.
Even a 100 years ago, if you bought a FORD you could literally drive it away.
and to this day, when you buy a new car you can simply drive to wherever u want.
This is why TCP/IP (thanks to BSD/Unix) was Free in the 1st place.
BIOS is not a means of travelling (PC-wise).
Im sorry but when ppl buy a PC/Desktop the NetOS should come with it FREELY, otherwise can
anyone explain to me how you could even USE your brand new PC without an OS ?
Its called the Baiscs, a functional NetOS, and NO why should I pay for it, since obviously my
PC/Desktop/Apple/Laptop/Microwave/Car/,, is USELESS without it. Call it firmware if you
like. but thats not the point. If I cant drive it. I dont want it.
23.
28 of 32 11/08/2013 02:30 PM
We have all been so snafud for years now, that, well, :)
Sooo, you want Apps, on top of your basic ability to function ? fine, then pay for them !
Let the Hardware manufactures give me a fully functioning PC/ whatever, including of course,
a NetOS.
so ya, Mr. Linus seems to have completely forgotten what the fair-fight was for in the 1st place.
Hence, the *BSDs, and the Linuxs,to the rescue.
Im still humbled by the fact that we can download and install thsese wonderfully FREE NetOSs.
wow.
Microsoft has got to leave, its as simple as that now.
This will be the only way, that the Hardware Manufs will write ALL the drivers we could ever
need for any UNIX/Linuxs. If they dont, they DO NOT sell their Hardware and they go out-of-
business.
I actually like Win7-64, its a pheeew,! to say the least. but yes to buyiing MSOffice, and NO to the
NetOS.-that any hardware needs to function. All these hardware manufs gotta get on board the
train, or be left behind.
In the future that is.
Comment by Rick | July 29, 2011 | Reply
Nice article! In fact, you made me curious about aptosid and tried for few days. Unfortunately, for some
reason my wireless card (Intel 2200bg) keeps dropping connection and then refuses to reconnect unless I
reboot. I went on to the Forum on aptosid site and was glad there was already a topic someone posted
about the issue until I started reading it: Ive got to admit I was very discouraged with the way they treat
their users who simply asked a question they didnt like.
http://aptosid.com/index.php?name=PNphpBB2&file=viewtopic&t=1662
Comment by Anonymous | September 9, 2011 | Reply
To an extent I agree I have noted that the behavior of some of the moderators and developers on the
Aptosid forum is sometimes out of line and disrespectful, sometimes engaging in the usual power trips
of moderators. Like any forum there are those who use it as a place to be abusive and arrogant. There
are also helpful people there. I have also noted that they tend to dismiss or explain away, rather than
address, some problems and bug reports. I suspect this is because they dont want to work on them or
be responsible for them. IMO they should simply not reply if theyre not interested in addressing the
problem, leaving it unanswered until someone is ready to actually address it. But at the same time I
have to note that these same people do a lot of work to put Aptosid together and do address many
problems, so you might call it work stress related, as unprofessional as it becomes at times.
The example you cite isnt the best example Ive seen, because the original poster seemed to immediately
inflame the situation rather than simply sticking to the facts and giving the facts a chance. Then, in turn,
the other participants didnt handle the attack well, and got into personalities instead of sticking to the
facts. Common forum behavior, but unpleasant.
I suggest you add a simple fact-based account of your experiences to that thread it looks like they
could use a second poster confirming the problem.
Also, in my experience with wireless drivers and random disconnects, the problem can be in
unsuspected places. For example, in one installation (I think it was on Arch), using wicd to manage the
device caused repeated disconnects (although wicd had always worked well for me on other systems).
Using Network Manager instead of wicd resolved the problem, though I have no idea why that was. So
in my experience it is always valuable to experiment with different wireless managers and setup
methods. In this case, perhaps something in Aptosids wireless manager setup is triggering the problem
(which may be related to a bug in the firmware), and this is why other distros arent seeing the problem.
24.
29 of 32 11/08/2013 02:30 PM
Comment by IgnorantGuru | September 9, 2011 | Reply
Curious and looked at the thread and have a different reaction to it.
The one who replied, slh had the wireless card himself and had it working and had no clues on which to
work on (no error messages or debugging output).
You cant expect someone to be clairvoyant.
I find the demanding tone of nahn also a bit provoking.
And lacking the understanding why some problems cant be solved.
Slh is a bit rude by formulating there is no problem when he in fact explains to mean by saying that, that to
be able to solve you have to have the exact parameters of the problem. It is a pity and a defeat when the
atmosphere of support and collaboration is broken down by these kinds of confrontations.
Everybody in a supporting role loses his patience once in a while. Lets show some understanding for that.
On the other hand, mods of fora should have some understanding for the feelings of frustration and the
helplessness of the new user and explain how the new user can provide the necessary info.
Comment by Pablo | September 9, 2011 | Reply
25.
slh is right: The whole essence of fixing a bug, is understanding what is broken and the key point to
understanding that is finding a lever to reproduce it (or at least to pinpoint its general location through
error messages. The necessary information to fix the problem is simply missing.
And pipers reaction is understandable
Status: Offline
nahn wrote:
It looks like a firmware issue to me. Can anyone help? Thanks!
If this is a firmware issue, why are you taking it out on the devs or aptosid period ?
On the other hand, I have to agree with IgnorantGuru
it is disappointing to me to see moderators using language like noobish, pathetic, troll, and your
kind clearly personal attacks from moderators on a frustrated user asking a technical question.
slam points out the to me childish behaviour of the nahn:
He also left us developers without any of the technical information we asked for, in order to help him and
help fixing possible bugs who might hit others.
nahn wrote:
Haha, defensive, defensive, defensive! How pathetic! I have no time and interest for this kind of stupidity!
Goodbye!
Piper answered
. Please let the door hit your Ass on the way out !, thats as rude as the thread-openers way.
Comment by schdrag | September 28, 2011 | Reply
26.
aptosid is a good distro :)
I love kde but its good xfce
Comment by killjoy | October 15, 2011 | Reply
27.
30 of 32 11/08/2013 02:30 PM
Interesting, I am considering moving from Ubuntu to Arch because I have problems with DPKG packaging
system. Lack of package signing is a big deal though.
Comment by Mad Wombat | October 21, 2011 | Reply
28.
Package signing has been in the [Testing] repo of Arch for a while now.
Comment by Anonymous | November 29, 2011 | Reply
29.
Package signing is no longer in testing since Jan-16, and is now out with pacman 4. This whole rant is
obsolete :P.
Comment by Robert | February 11, 2012 | Reply
30.
I currently use Arch on my workstation at home. I enjoy how easy it is to get it up and running. I see you
moved onto Aptosid. I love the rolling release model and can deal with regressions, but now that its been
quite awhile, how are you finding Aptosid? Ive been trying to move away from Arch but its just so simple
to use, set up, and get running. I see that Aptosid has a KDE based ISO (which is the DE I use).
Comment by Mario | March 5, 2012 | Reply
Hi, I have replied to your comment here, as i was meaning to do an update thanks for the reminder.
If you find Arch easy, Im sure you can handle Aptosid. But the methods do vary so youll need to get to
know apt-get, etc if you dont have debian experience. Their users manual describes the installation and
upgrade process well.
Comment by IgnorantGuru | March 6, 2012 | Reply
31.
Ive seen questions asked in previous posts about the difference between Debian testing and Debian
unstable. Security updates is one difference: http://www.debian.org/security/faq#unstable
32.
I use a full Xfce Testing/Stable installation (Stable when testing is still to wild and Testing as it is getting
closer to a freezing time) in my workstation and Sid in my laptop. I installed Sid from the Stable business
card netinstall image (the only one that, in expert mode, provides the option of installing Sid). I installed
only the base system (just the kernel and system utilities) and then added other stuff like the X server and
so on. You end up with a very clean system and it is more like the Arch way of building it
Comment by Koroshiya Itchy | February 13, 2013 | Reply
33.
thanks for this. Over the years 93 till now; Ive been around the distros, slack, suse, redhat etc and the past
few years ubuntu and Gentoo. Totally fed up of Ubuntu these days. If I wanted Windows Id go buy it; And
Gentoo, though I like it a lot, gives me problems as I work on a ship and dont have good internet there.
Going to give aptosid a try right now!
Pat
Comment by pat mccormack | March 1, 2013 | Reply
34.
You do know this rant is obsolete since around Nov 2011 right?
Comment by Xatruch | June 14, 2013 | Reply
35.
31 of 32 11/08/2013 02:30 PM
About
This blog is where you can check on the latest updates to my Linux software, news and tips, and leave your
comments and questions.
TERMS OF USE
Tips & Donation Info
Site info
IgnorantGuru's Blog
The Andreas04 Theme.
Follow
Follow lgnorantGuru's Blog"
Powered by WordPress.com
32 of 32 11/08/2013 02:30 PM

253 IgnorantGuru S Blog

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

253 IgnorantGuru S Blog

Hochgeladen von

Copyright:

Verfügbare Formate

lgnorantGuru's Blog

Linux software, news, and tips

Das könnte Ihnen auch gefallen