Package for devuan: powerkit

Powerkit is a neat FLOSS package for monitoring your battery status, and configuring actions associated with batteries and laptop lids.
And now it is available for Devuan ceres in my third-party repository! That first link is the build artifacts. Select this link for the nice download page.


Powerkit is a desktop-independent power manager. You can change settings for how long to wait before locking or suspending or hibernating, and control screen brightness.


I learned with this utility that my one laptop battery is actually treated as two separate batteries! My model uses a 3 cell+3 cell arrangement. I was shocked when I learned that my one invocation of cbatticon was dutifully monitoring just the first-reported battery, the one that drains first when off mains power. But there’s a second battery, as seen by GNU/Linux!
Powerkit status tab
Powerkit settings tab


I have been using cbatticon in my minimal Fluxbox window manager for a while now. I came across this nifty Powerkit utility and skipped it over at first because it requires QT 4.8+. With the recent removal of QT4 packages from Debian (the upstream for Devuan), and my ongoing efforts to maintain some binary packages from Debian’s past for QT4, just so I can install Puddletag, I did not feel like trying to actually build something that depends on QT4. I found, however, that the Arch community builds powerkit with QT5.
Armed with this information, I began my effort to build Powerkit for Devuan. While some of the Devuan target audience may not care about upower or dbus, I am willing to make a few compromises.

Use virt-install to fully automate the install for Devuan Ceres with preseed, March 2020 edition

I have previously written about using virt-install to automate installing a new Devuan GNU+Linux virtual machine in libvirt/qemu.

This article is the March 2020 edition, that uses devuan_ascii_2.1_amd64_dvd-1.iso which is the latest Devuan Ascii iso available.

With this new iso, a number of changes have been made to the image itself, that will interfere with the default settings of virt-install. The branding of the ISO file was updated, so now isoinfo shows “Devuan” in the name and not Debian.

$ isoinfo -J -i devuan_ascii_2.1_amd64_dvd-1.iso -x /.disk/info
Devuan GNU/Linux 2.1 (ascii) amd64 DVD1 - 2019-12-21 07:24:54 UTC

Virt-manager uses this identifying info to find the initramfs/initrd and kernel (“vmlinuz,” “linux,” or similar) to boot. With the branding change, the Devuan disc changed the name of its initrd for some reason.
I wrote a patch for /usr/share/virt-manager/virtinst/ for package virt-install-1.5.0-7.el7.noarch.

--- /usr/share/virt-manager/virtinst/	2020-02-20 21:06:53.515076802 -0500
+++ /usr/share/virt-manager/virtinst/	2020-02-20 21:41:17.649056883 -0500
@@ -1279,6 +1279,33 @@
         logging.debug("Didn't find any known codename in the URL string")
         return self.os_variant
+class DevuanDistro(DebianDistro):
+    name = "Devuan"
+    urldistro = "devuan"
+    def _is_install_cd(self):
+        # For install CDs
+        if not self._check_info(".disk/info"):
+            return False
+        if self.arch == "x86_64":
+            kernel_initrd_pair = ("linux",
+                                  "initrd.gz")
+        elif self.arch == "i686":
+            kernel_initrd_pair = ("install.386/vmlinuz",
+                                  "install.386/initrd.gz")
+        elif self.arch == "aarch64":
+            kernel_initrd_pair = ("install.a64/vmlinuz",
+                                  "install.a64/initrd.gz")
+        elif self.arch == "ppc64le":
+            kernel_initrd_pair = ("install/vmlinux",
+                                  "install/initrd.gz")
+        elif self.arch == "s390x":
+            kernel_initrd_pair = ("boot/linux_vm", "boot/root.bin")
+        else:
+            kernel_initrd_pair = ("install/vmlinuz", "install/initrd.gz")
+        self._hvm_kernel_paths += [kernel_initrd_pair]
+        self._xen_kernel_paths += [kernel_initrd_pair]
+        return True
 class UbuntuDistro(DebianDistro):

It’s clear that we are defining a number of architectures and the kernel and initrd pairs. I copied and altered the DebianDistro class to use the relevant info. I only tested with the x86_64 arch, but it should be easy for you to read the iso file for your architecture and adjust the other pairs as needed.
No word is out on if the initrd and kernel filenames will be static now in Devuan, so I have not tried to submit a patch upstream, who have refactored now anyway.
And now, here is my one-liner for installing with the following, updated preseed file.

vm=d2-04a ; time sudo virt-install -n "${vm}" --memory 2048 --vcpus=1 --os-variant=debiantesting -v --disk path=/var/lib/libvirt/images/"${vm}".qcow2,size=20 -l /mnt/public/Support/SetupsBig/Linux/devuan_ascii_2.1_amd64_dvd-1.iso --initrd-inject=/mnt/public/Support/Platforms/devuan/preseed/preseed.cfg --extra-args "hostname=${vm} interface=auto" --debug --network type=bridge,source=br0 --noautoconsole

I usually omit the –no-autoconsole so my prompt returns after the VM has installed and rebooted.

Preseed file

# File: /mnt/public/Support/Platforms/devuan/preseed/preseed.cfg
# Locations:
#    /mnt/public/Support/Platforms/devuan/preseed/preseed.cfg
# Author: bgstack15
# Startdate: 2019-06-25
# Title: Preseed for devuan vms for
# Purpose: To provide an easy installation for VMs and other systems in the Mersey network
# History:
#    2017-06 I learned how to use kickstart files for the RHCSA EX-200 exam
#    2017-08-08 Added notifyemail to --extra-args
#    2017-10-29 major revision to use local repository
#    2019-06-25 fork from centos7-ks.cfg
#    2019-12-29 fix up repos and in-target conclusion stuff
#    2020-02-27 heavy rewrite to use ascii 2.1
# Usage with virt-install:
#    vm=d2-04a ; time sudo virt-install -n "${vm}" --memory 2048 --vcpus=1 --os-variant=debiantesting -v --disk path=/var/lib/libvirt/images/"${vm}".qcow2,size=20 -l /mnt/public/Support/SetupsBig/Linux/devuan_ascii_2.1_amd64_dvd-1.iso --initrd-inject=/mnt/public/Support/Platforms/devuan/preseed/preseed.cfg --extra-args "hostname=${vm} interface=auto" --debug --network type=bridge,source=br0 --noautoconsole
#    vm=d2-04a; sudo virsh destroy "${vm}"; sudo virsh undefine --remove-all-storage "${vm}";
# Reference:
#    /mnt/public/Support/Platforms/CentOS7/install-vm.txt
#    syntax for --location
#    example preseed
#    skip next dvd question
#    grub problem caused by consolekit:amd64
#    /mnt/public/Support/Platforms/devuan/fix-virt-manager.txt
#    sudo debconf-get-selections -c /mnt/public/Support/Platforms/devuan/preseed/preseed.cfg
#    on d2-03a: sudo debconf-get-selections --installer
# Improve:
#    discover how to send email, using postfix or sendmail. Don't care which, but exclude exim4.
#    echo "$( hostname ) has IP $( ip -4 -o a s eth0 | awk '{print $4}' | sed -r -e 's/\/.*$//' )" | 
#    2020-02-24 add the kernel lines: console=ttyS0 console=tty1. Get this to work; use grub.cfg and "linux" line, not "kernel"

d-i debian-installer/country string US
d-i debian-installer/keymap select us
d-i debian-installer/language string en
d-i debian-installer/locale string en_US
d-i localechooser/supported-locales string en_US.UTF-8

d-i keyboard-configuration/layoutcode string us
d-i keyboard-configuration/variantcode string
d-i keyboard-configuration/xkb-keymap select us

d-i netcfg/disable_autoconfig boolean false
d-i netcfg/get_domain string
d-i netcfg/wireless_wep string
# disable asking for non-free firmware, because this is a vm and has none
d-i hw-detect/load_firmware boolean false

#d-i apt-setup/enable-source-repositories boolean false
# ORIGINAL d-i apt-setup/services-select multiselect security updates, release updates, backported software
d-i apt-setup/contrib boolean true
d-i apt-setup/disable-cdrom-entries boolean true
d-i apt-setup/non-free boolean true
d-i apt-setup/use_mirror boolean true
d-i mirror/country string manual
d-i mirror/http/directory string /merged
d-i mirror/http/hostname string
d-i mirror/http/proxy string
d-i mirror/protocol string http
d-i mirror/suite string testing

d-i apt-setup/cdrom/set-failed boolean false
d-i apt-setup/cdrom/set-first boolean false
d-i apt-setup/cdrom/set-next boolean false

## my repos and ceres
d-i apt-setup/local0/comment    string stack123deb
d-i apt-setup/local0/key        string
d-i apt-setup/local0/repository string /
d-i apt-setup/local1/comment    string devuan-deb
d-i apt-setup/local1/key        string
d-i apt-setup/local1/repository string /
d-i apt-setup/local2/comment    string ceres
d-i apt-setup/local2/key        string
d-i apt-setup/local2/repository string ceres main contrib non-free
#d-i apt-setup/local2/key        string
#d-i apt-setup/local2/repository string ceres main contrib non-free
d-i apt-setup/local3/comment    string obsmirror
d-i apt-setup/local3/key        string
d-i apt-setup/local3/repository string /
# if for some reason I really need to turn off the gpg key check:
#d-i debian-installer/allow_unauthenticated boolean false

#tasksel tasksel/first multiselect standard, ssh-server
tasksel tasksel/first multiselect none

# adapted from /mnt/public/Support/Platforms/devuan/devuan.txt, main fluxbox desktop, but for a vm
# no xscreensaver, for a vm.
#d-i pkgsel/include string \
#   alsamixergui alttab apt-transport-https bgconf bgscripts bgscripts-core \
d-i pkgsel/include string openssh-server

d-i pkgsel/upgrade select none

popularity-contest popularity-contest/participate boolean true

d-i clock-setup/ntp boolean true
d-i clock-setup/ntp-server string
d-i time/zone string America/New_York

# skip grub during main part, because we will do it in late_command
#d-i grub-installer/skip boolean true
#d-i grub-installer/skip-again boolean true
#d-i grub-installer/skip-confirm boolean true
#d-i grub-installer/confirm_skip boolean true
#d-i nobootloader/confirmation_common boolean true
d-i     choose-init/select_init select  sysvinit
d-i     choose-init/selected_sysvinit bool   true
grub-installer  grub-installer/choose_bootdev   select  /dev/vda

d-i lilo-installer/skip boolean true
#d-i grub-installer/with_other_os boolean true
d-i grub-installer/only_debian boolean true
d-i grub-installer/grub2_instead_of_grub_legacy boolean true
#d-i grub-installer/bootdev string /dev/vda
#d-i grub-installer/choose_bootdev select /dev/vda
#grub-installer grub-installer/force-efi-extra-removable boolean false

d-i passwd/root-password password somethingStrongHere
d-i passwd/root-password-again password somethingStrongHere

d-i partman-auto/choose_recipe select home
d-i partman-auto-crypto/erase_disks boolean false
d-i partman-auto/disk string /dev/vda
d-i partman-auto/init_automatically_partition select biggest_free
d-i partman-auto/method string lvm
d-i partman/choose_label string gpt
d-i partman/choose_partition select finish
d-i partman/confirm boolean true
d-i partman/confirm_nooverwrite boolean true
d-i partman/confirm_write_new_label boolean true
d-i partman/default_label string gpt
#d-i partman-lvm/confirm boolean true
d-i partman-lvm/confirm_nooverwrite boolean true
d-i partman-md/confirm_nooverwrite boolean true
#d-i partman/mount_style select uuid
d-i partman-partitioning/confirm_write_new_label boolean true

# Uncomment this to add multiarch configuration for i386
#d-i apt-setup/multiarch string i386

d-i passwd/make-user boolean true
d-i passwd/user-fullname string bgstack15-local
d-i passwd/username string bgstack15-local
d-i passwd/user-password-crypted password $6$85aKM2DkiD5g9r3D$zkBcVES1Bzu.b5dBJxklSGgEJzswZBlVAyc9lUUIzMA2OLRH3PD2ZWE9Q40ztw/32OyDm2nF031hfE4s5LGuG1
d-i passwd/user-default-groups string audio cdrom video

d-i finish-install/reboot_in_progress note
d-i cdrom-detect/eject boolean true

# additional application stuff just in case it works and is useful
# LDAP server URI:
d-i shared/ldapns/ldap-server	string	ldapi:///

d-i openssh-server/password-authentication	boolean	true
d-i openssh-server/permit-root-login	boolean	false

d-i preseed/late_command string mkdir -p /target/etc/apt/sources.list.d /target/mnt/bgstack15 /target/mnt/public ; cd /target/etc/apt ; \
   in-target wget -O /Release.gpg ; in-target apt-key add /Release.gpg ; \
   echo "deb ceres main contrib non-free" > sources.list ; \
   in-target wget -O /stack123deb.gpg ; in-target apt-key add /stack123deb.gpg ; \
   echo "deb /" > sources.list.d/stack123deb.list ; \
   echo "deb /" > sources.list.d/devuan-deb.list ; \
   in-target wget -O /Release.key ; in-target apt-key add /Release.key ; \
   echo "deb /" > sources.list.d/home\:bgstack15.list ; \
   in-target apt-get update ; \
   in-target apt-get purge -q -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" consolekit exim4\* lxqt\* udev ; \
   in-target apt-get install -q -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" alsamixergui alttab apt-transport-https bgconf bgscripts bgscripts-core cifs-utils curl fluxbox freeipa-client git grub lightdm lightdm-gtk-greeter mlocate net-tools nfs-common ntpdate oddjob-mkhomedir=0.0.1-1 openssh-server p7zip palemoon-ublock-origin parted qemu-guest-agent rsync scite screen spice-vdagent strace sudo tcpdump vim vlc volumeicon-alsa xfce4-terminal xfe xserver-xorg-video-qxl fluxbox-themes-stackrpms xdgmenumaker man logout-manager freeipa-helper palemoon waterfox ; \
   in-target wget -O /usr/local/share/ca-certificates/ && update-ca-certificates || : ; \
   in-target su bgstack15-local -c "sudo /usr/bin/ -d 10 1>/home/bgstack15-local/clone.log 2>&1" ; \
   in-target wget -O /root/ ; in-target sh /root/ ; \
   in-target wget -O /root/ ; in-target sh /root/ ; \
   in-target wget -O /root/ ; in-target sh /root/ ; \
   in-target apt-get install -q -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" postfix ; \
   in-target wget -O /root/ ; in-target sh /root/ preseed ; \
   in-target sed -i -r -e '/^\s*linux/s/(\s*console=.{1,7}[0-9])*\s*$/ console=tty0 console=ttyS0/;' /boot/grub/grub.cfg | grep -E '^\s*linux' ; \
   in-target sed -i -r -e '/^\s*kernel/s/(\s*console=.{1,7}[0-9])*\s*$/ console=tty0 console=ttyS0/;' /boot/grub/menu.lst ; \
   in-target sed -i -r -e '$aT0:23:respawn:/sbin/getty -L ttyS0 9600 vt100' /etc/inittab ;

#   in-target install -m0644 /mnt/public/Support/Platforms/devuan/sources.list /etc/apt/sources.list ; \

For some reason, the pkgsel/include answer would not work here. Also, the native answers for custom apt repositories wouldn’t work, but it might have been implementation errors on my side. So I learned the tricky in-target or not in-target logic required to manipulate apt and install my phone book of packages.



My original conversation: Installing Devuan Ascii 2.1 with virt-install / Installation / Dev1 Galaxy Forum

Package for devuan: freefilesync

I already have a number of posts about FreeFileSync, an open-source software that provides a nice gui for managing file synchronization task and jobs.

While the project itself is open source, there is a non-free release available to monetary donors that includes a few additional features. The package for Devuan is the GPL release.

You can go check out the build artifacts for the dpkg on my OBS. To install the package, follow the instructions on the download page.

The FreeFileSync project does not publish a source tree. While the source is available in a standard tarball, no diffs are presented between versions. I participate in a group that does track the changes in code between FreeFileSync releases.

What’s really interesting to note is that the build available on the OBS uses gtk3, which has an instability in some of the icon functions. Unfortunately Debian, the upstream of Devuan GNU+Linux, has removed some of the more-stable gtk2 libs because gtk2 is really old.

If you are looking to compile FreeFileSync on Devuan with gtk2 bindings, you need these exact packages which are probably available at the Debian archive site.

  • libwxbase3.0-0v5_3.0.4+dfsg-14_amd64.deb
  • libwxbase3.0-0v5_3.0.4+dfsg-14_i386.deb
  • libwxbase3.0-dev_3.0.4+dfsg-14_amd64.deb
  • libwxbase3.0-dev_3.0.4+dfsg-14_i386.deb
  • libwxgtk3.0-0v5_3.0.4+dfsg-14_amd64.deb
  • libwxgtk3.0-0v5_3.0.4+dfsg-14_i386.deb
  • libwxgtk3.0-dev_3.0.4+dfsg-14_amd64.deb
  • libwxgtk3.0-dev_3.0.4+dfsg-14_i386.deb
  • wx3.0-headers_3.0.4+dfsg-14_all.deb

Package for devuan: xdgmenumaker

After a healthy discussion on the Devuan forum about how to get xdg-compliant menus for non-xdg-compliant window managers, I went and packaged up xdgmenumaker for Devuan!

You can go install this utility as an easy dpkg from my OBS, which includes a few of my own wrapper tools. One is a nice menu entry for rebuilding the fluxbox menus.

The nature of xdg menus is to use the system-wide /usr/share/applications directory and its contents, and also include your local ~/.local/share/applications (or other $XDG_DATA_DIRS/applications/ locations as defined), so using the system-wide xdg fluxbox menu would not be complete. Therefore, I highly recommend adding to your ~/.fluxbox/startup script:

/usr/bin/xdgmenumaker -f fluxbox -i > ~/.fluxbox/xdg-menu &

And adjust your ~/.fluxbox/menu file to include at least these entries:

[include] (.fluxbox/xdg-menu)
#[include] (/etc/xdgmenumaker/fluxbox)

I recommend the above commented line, because in case for some reason your per-user stuff is broken,
The dpkg I build provides a menu entry for reloading it, so you don’t have to go to the command line and run the above command.
screenshot showing "Update xdg menu (fluxbox)" menu entry

Package for devuan: waterfox

In my Internet searching I have not found a Devuan-centric Waterfox classic package. So I decided to bundle it myself!
You can see the build info for it in OBS, as well as use the nice download page to get it for yourself. This build is for Devuan Ceres.

It excludes pulseaudio and dbus, which is why I call it “Devuan centric.” While the Open Build Service only offers Debian builds, the package will install just fine on Devuan ceres. If you are the more paranoid type, you can examine my sources and even build the package yourself on Devuan!


I follow a number of people on the Internet to learn packing tricks for dpkgs, or for how to build Waterfox. I know basically nothing about real software development, but I can build scripts pretty well, especially when I can follow good examples.

Build dpkg with Jenkins project

Here is how I build dpkgs in Jenkins. I have not yet tried the jenkinsfile syntax, but I’m sure that’s a better way to do it.


Install the Debian Package Builder plugin. It adds a nice option for a build step which simplifies the debuild process.
Now, I use a single repository to store my rpm specs and dpkg debian/ directories. It’s not ideal, I realize, but it was based on the architecture I understood at the time, as well as it was modeled after a few upstream places I rip off follow.
So I had to set up the Gitlab plugins:

My debuild workflow in Jenkins

Make a new item, of type Freestyle project.
screenshot of Jenkins wui where the user is about to make a new project named "veracrypt."
To load my repository with its specs and debian/ directories, I pointed to my public gitlab repo which is configured elsewhere in Jenkins.
Screenshot of jenkins project showing General settings, Gitlab connection
I am pulling down the updates branch, of my main git repo, and saving to a local subdirectory.
Screenshot of project configuration showing SCM, and additional behavior of "Check out to a sub-directory"
I’m behind a NAT, so I don’t expect to easily set up a webhook. But I really wish I would bother to get it hooked up so any repo changes would do this. I’ll have to check that out in the future.
For the build steps, I have some shell running before and after the main “Build debian package” section.
Screenshot of build steps from jenkins project, showing parts of the shell statments and Build debian package step.
I had to revamp the debian/watch file in my veracrypt sources, because I wasn’t smart enough to get it to reliably download from sourceforge (oh how the might have fallen). But uscan is a wonderful tool that downloads the source tarball for a package.
My first full shell step:

uscan -v -ddd --destdir ../../ --symlink work/veracrypt ; mkdir -p dpkg ; tar -zx -C dpkg --strip-components 1 -f $( find . -maxdepth 1 -iregex '.*\/veracrypt_[0-9]+.*orig.*tar.*z.?' | head -n1 ) ; cp -pr work/veracrypt/debian dpkg/

The syntax got a little weird when I was switching between the bzip2 and the gzip file. Also, I don’t always know the filename, ergo the find command.
And then, the Build debian package step. The source tarball was extracted to the dpkg/ location, and the debian dir copied there. I really appreciate the ability to specify where the debian/ directory is.
And the final shell step deploys the files to my nfs share for final processing by hand. I hand-curate what’s in my own repo. I don’t have a proper pool/ setup like the real Devuan repos, so I curate it myself, plus my volume is low enough I can do it all myself.

mkdir -p /mnt/public/Public/${JOB_NAME} ;
cp -p *.build *.buildinfo *.changes *.deb *.debian.tar* *.dsc /mnt/public/Public/${JOB_NAME}/

And that’s it! For now I will trigger these builds manually.

Package for devuan: chicago95-theme-all

Because self-promotion (erm, I mean… learning!) is the purpose of this blog, here is a package I have assembled from a nifty upstream: Chicago95!

You can go get it from the OBS repository now.

screenshot of XFCE with chicago95 theme in use
Screenshot from project

chicago95-theme-all is a metapackage that pulls in all the elements needed to configure your Devuan GNU+Linux system to look like a classic non-free OS from 1995!

$ apt-cache search chicago
chicago95-theme-all - XFCE Windows 95 Total Conversion
chicago95-theme-cursors - Mouse cursor themes for Chicago95
chicago95-theme-doc - Documentation for Chicago95
chicago95-theme-fonts - Fonts for Chicago95
chicago95-theme-greeter - Lightdm webkit greeter for Chicago95
chicago95-theme-gtk - GTK and WM themes for Chicago95
chicago95-theme-icons - Icon themes for Chicago95
chicago95-theme-login-sound - Login sound for Chicago95
chicago95-theme-plymouth - Plymouth theme for Chicago95
$ apt-cache policy chicago95-theme-all
  Installed: (none)
  Candidate: 0.0.1-1+devuan
  Version table:
     0.0.1-1+devuan 500
        500  Packages

Of course, like any other theme, you need to manually change your settings to use the theme. But these packages make it easy to install it so you can control the files with the package manager.


I was helping a family member set up a system to look like a particular non-free OS, and an old one was acceptable, and even preferred. After some research, I discovered a few good places to look for themes:

There were multiple options for the type of theme I wanted, but Chicago95 was the most cohesive and cleanly-installed set.

Devuan generate new ssh keys for freeipa host

If a Devuan system is a freeipa client, but you cannot ssh -o GSSAPIAuthentication=yes to it, even though all the regular troubleshooting steps work, and the logs don’t show you anything, the host ssh keys might be wrong in freeipa.

Generate new ssh keys for freeipa host

All the steps can be taken on the host in question.
As root, make sure you can kinit -k to get a kerberos key with the host keystore. If this step doesn’t work, you need to go fix that, which is beyond the scope of this post.

kinit -k
# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: host/

Valid starting       Expires              Service principal
12/31/2019 07:25:47  01/01/2020 07:25:47  krbtgt/IPA.EXAMPLE.COM@IPA.EXAMPLE.CO

Now, generate new ssh keys. Apparently on Devuan systems, restarting the daemon is not good enough. On CentOS, if you delete the ssh host keys, restarting the daemon will just generate new ones which can cause some interesting effects when connecting to a host that did so. However, on Devuan you have to run:

rm -rf /etc/ssh/ssh_host_*_key*
dpkg-reconfigure openssh-server
service ssh restart

And then, with the fresh keytab from the kinit -k earlier, it’s a piece of cake to modify this host in freeipa to use a new set of ssh public keys!

LC_ALL="" LC_CTYPE="C.UTF-8" ipa host-mod --sshpubkey="$( cat /etc/ssh/ )" --sshpubkey="$( cat /etc/ssh/ )" --sshpubkey="$( cat /etc/ssh/ )" $( hostname -s )
Modified host "d2-03a"
  Host name:
  Principal name: host/
  Principal alias: host/
  SSH public key: ssh-rsa
                  root@d2-03a, ecdsa-sha2-nistp256
                  root@d2-03a, ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBU/CbzrNnMivn5kAiHTU6WSadY/FWPG8qZ3sGleDbHr
  SSH public key fingerprint: SHA256:tMcJ2uFNmx6K+dF+Gm6WUBO4AvBmGVj9247mvg5LxU4 root@d2-03a (ssh-rsa),
                              SHA256:uJeRc0dkao/DmnQm2hyQUSfeC0HgIZppB2NVyA+BoTA root@d2-03a (ecdsa-sha2-nistp256),
                              SHA256:j+trvcJAQx5PeaJbUJ8xImBDgCJ2U/nW3h5D3m2kTj4 root@d2-03a (ssh-ed25519)
  Password: False
  Keytab: True
  Managed by:

My ipa command kept complaining about all these language problems. Maybe I failed to set them correctly in my preseed. Whatever.


Internet searches

freeipa new ssh host key


6.8. Managing Public SSH Keys for Hosts
How To: Ubuntu / Debian Linux Regenerate OpenSSH Host Keys – nixCraft

Man pages

ipa help host-mod

Customize binary package for Devuan

Devuan bans some packages so I need to host them myself, with the dependencies altered to work in Devuan. Specifically, I wrote this solution for python3-ipalib (python-ipalib originally, back in February 2019).

I wrote a process that helps Devuan join a freeipa domain. It involves manually manipulating the install dependencies for package python3-ipalib. There’s no need to rebuild the package; you can just alter the listed dependencies. This script turns the manual process into a single command.

# File: /mnt/public/www/smith122/repo/devuan-deb/
# License: CC-BY-SA 4.0
# Author: bgstack15
# Startdate: 2019-11-29 21:28
# Title: Script that Manipulates Dependencies for a Binary Dpkg
# Purpose: Download latest version of python3-ipalib and modify it for internal use
# History:
# Usage:
#    /mnt/public/www/smith122/repo/devuan-deb/
#    Next steps include running to update the apt repo.
# Reference:
#    Original research
#    dpkg-architecture --list-known
# Improve:
# Dependencies:
#    curl, dpkg-deb, sed, grep

#customize_package "${PACKAGE}" "${DEPENDS_REMOVE}" "${DEPENDS_ADD}" "${SOURCE_DIR}" "${OUT_DIR}"
customize_package() {
   # weaknesses: this might struggle with adding or removing "foobar (>= 0.1.1~bz2)" or other complex version numbers.

   # Learn latest version to fetch
   ___cp_newfile="$( curl -L -s "${___cp_source_dir}" | grep -oE ">${___cp_package}.*<\/a" | sed -r -e 's/^>//;' -e 's/<\/a$//;' )" echo "Discovered filename ${___cp_newfile}" curl -L -s "${___cp_source_dir}/${___cp_newfile}" -o "${___cp_newfile}" 1>/dev/null 2>&1
   mkdir -p "${___cp_tmpdir}"
   dpkg-deb -R "${___cp_newfile}" "${___cp_tmpdir}"

   # Remove the requested dependencies
   echo "${___cp_depends_remove}" | tr ',' '\n' | while read word ;
      if test "${word}" != "" ;
         echo "Removing dependency ${word}"
         sed -i -r -e "s/[:,]\s+${word}[^,]{0,13}(,)?/\1/;" "${___cp_tmpdir}/DEBIAN/control"

   # Add the requested dependencies
   echo "${___cp_depends_add}" | tr ',' '\n' | while read word ;
      if test "${word}" != "" ;
         echo "Adding dependency ${word}"
         sed -i -r -e "/^Depends:/s/$/, ${word}/" "${___cp_tmpdir}/DEBIAN/control"
   # Remove trailing comma, just in case
   sed -i -r -e '/^Depends:/s/,\s*$//;' "${___cp_tmpdir}/DEBIAN/control"

   # Calculate new file name
   ___cp_newfile2="$( echo "${___cp_newfile}" | sed -r -e 's/((_(amd64|i386|all))?\..{1,6})$/+stackrpms\1/;' )"
   dpkg-deb -b "${___cp_tmpdir}" "${___cp_newfile2}"

   # Move to outdir
   test -e "${___cp_newfile2}" && mv "${___cp_newfile2}" "${___cp_out_dir}/"

   # Clean up
   rm -rf "${___cp_tmpdir}" "${___cp_newfile}"

customize_package "${PACKAGE}" "${DEPENDS_REMOVE}" "${DEPENDS_ADD}" "${SOURCE_DIR}" "${OUT_DIR}"

If for some reason new packages come up with different dependencies I need to alter, it will just be a one-liner at the bottom.



How I host a Devuan ceres mirror for myself

Building on what I learned a long time ago for building an apt repo on CentOS, and some guidance from the Devuan forum, I have now validated my local Devuan mirror.

I chose to use debmirror because it can be limited to just certain suites (that’s Debian-speak for “version”) and package repositories. I exclusively use Devuan ceres (testing) because I need the FreeIPA packages. And also CentOS had an rpm of debmirror.

I run my script on Sunday and weekdays.
Cron job:

0	9	*	*	0-5	root	/etc/installed/ 1>/dev/null 2>&1

And my script:

#!/usr/bin/env sh
# File: /etc/installed/
# Startdate: 2019-10-02 21:08
# Usage: by cron
{ debmirror --keyring /var/storage1/shares/public/Support/Platforms/devuan/keyrings/devuan-archive-keyring.gpg --verbose --config-file=/etc/debmirror.conf.devuan-ceres ; } 2>&1 | tee -a /var/storage1/shares/public/Support/Systems/storage1/var/log/debmirror/debmirror.devuan.$( date "+%F" ).log

Pretty basic, right? I had to prep the keyrings directory with the contents of a devuan install’s /usr/share/keyrings, but calling the debmirror was pretty easy. I pipe it to some logging as well.

Of course the debmirror.conf for this is extremely relevant.

# File: debmirror.conf.devuan-ceres
# Location: storage1:/etc/
# Author: bgstack15
# Startdate: 2019-09-27 22:43
# Title: Debmirror config for Devuan Ceres i386 and amd64 only
# Purpose: To provide a local mirror of devuan unstable so my clients can traverse only the local network
# History:
# Usage:
#    { time sudo debmirror --keyring /var/storage1/shares/public/Support/Platforms/devuan/keyrings/devuan-archive-keyring.gpg --verbose --config-file=/etc/debmirror.conf.devuan-ceres ; } 2>&1 | tee -a /var/storage1/shares/public/Support/Systems/storage1/var/log/debmirror/debmirror.devuan.$( date "+%F" ).log
# Reference:
#    how to get working keyring
# Improve:
# Documentation:
#    To get the gpg keyring, copy d2-02a:/usr/share/keyrings/ to /mnt/public/Support/Platforms/devuan/keyrings.
#    This setup will copy all the debian+devuan packages into one devuan/ directory. No amprolla or apache rewrites are necessary.
# Location of the local mirror (use with care)

# Output options

# Download options
# @ignores="";
# @excludes="";
# @includes="";
# @excludes_deb_section="";
# @limit_priority="";
# @rsync_extra="doc,tools";
# @di_dists="dists";
# @di_archs="arches";

# Save mirror state between runs; value sets validity of cache in days

# Security/Sanity options

# Cleanup

# Locking options

# Rsync options
$rsync_options="-aIL --partial";

# FTP/HTTP options
# $proxy="http://proxy:port/";

# Dry run

# Don't keep diff files but use them

# The config file must return true or perl complains.
# Always copy this.



  1. How to mirror ascii? / Other Issues / Dev1 Galaxy Forum
  2. Make a mirror of devuan package repository with a modified debmirror / Documentation / Dev1 Galaxy Forum
  7. how to get working keyring: Technical notes, my online memory: Debmirror of ubuntu archive, with valid gpg keys

Web searches

  1. devuan debmirror