Only Matthias has access to automation tools, I believe.

I had this issue on the OEM version of PureOS 8 Beta 1, Librem 15 v3. I ended up doing a full reinstall of PureOS.

Thanks for the info on exiftool. I installed it and compared its output with pdfinfo, which was already installed as part of the poppler-utils package. There are slight differences (pdfinfo gives the page size), but both just do not report a nonexistent Creation Date or Modify Date. So at least they don't make up a bogus date for either of those.

As of today 2018-10-08, after intervening system updates, this issue persists. In the meantime I had to install an Xubuntu VM in Boxes, and then install Firefox within the VM.

I'm logged in under GNOME (default Wayland), not GNOME on Xorg, and I get this from gnome-logs after Thunar crashes:

As of today's updates (2018-10-08), this issue persists and is still seen with a number of applications: PureBrowser, GNOME Web (Epiphany), Kate, and Okular. It seems to have been fixed for GNOME Files (Nautilus) and Thunar.

I also encountered this issue today trying to install on my desktop with a USB mouse.

https://bugs.debian.org/906609#30 segfault should be fixed...

I'm going to go ahead and make the executive decision of un-assigning myself from this ticket - feel free to assign back if there is a "Next Action" for me of course, but I do not have an obvious step to proceed.

This was fixed a long time ago.
See https://tracker.pureos.net/T559#10667 for some instructions on how to resolve the configuration issue.

This looks like expected behavior to me: The first prompt is for the disk password, while the second one is for root permission to be actually able to mount the device.
However, there might still be an issue here, because apparently the disk is mounted twice, and also a local user should be able to mount disks directly without root permission, so the second authentication request might not be needed (it could be though that the system policy on what the user can do is different for encrypted disks compared to regular volumes).

Terrific. I am glad that worked for you.

Oh and btw. how do you intend to detect tampering anyway? Please don't tell me you need a Librem Key. Purism tries to sell the laptops as secure and not secure-with-additional-hardware, right? Or is the Key now part of the laptop shipment? If not, what is your security goal for a humble users without Librem Key?

You seem to be trapped in the thinking that signature verification is bad and measuring is good. Please don't see it like that. They both complement each other very well.

Hi Wayne,

I use the following commands from a terminal prompt:

Hi Wayne,
How do I make my system up-to date? I tried sudo apt-get update, but it returns an error.

If you have not already, you may wish to make certain your system is current. There was a similar issue, but it was fixed in late August. Please refer to https://tracker.pureos.net/T502.

We do not need or want it. Specifically the problem with systems like vboot (and why we went with Heads instead) is that we do not want to require that the BIOS pass a signature check against a key that we control. We want the user to be able to flash with a custom BIOS if they so choose, even if we haven't blessed it with our signature.

Kyle, can you evaluate vboot in terms of security, do we need it, do we want it and all that.. so we can decide if we want to add it or not

Alas, I don't know who has bandwidth to do it and do not have control over their inbox. :)

@chris.lamb, sorry, did not now whom to assign it to, so feel free to reassign to Jonas or Matthias.

(curious why this assigned to me, @mladen.pejakovic ?)

Sorry, above was inaccurate: I _do_ expect FSF to tolerate _FSF_ hosts as "middle-ground" but not e.g. "extensions.gnome.org".

No, "middle-ground" is some other option - possibly one of these:

In T585#10838, @jonas.smedegaard wrote:

d) Software center contacts other hosts than pureos.net only after the user spells out the host otherwise not mentioned at all
Case d) is acceptable by both FSF and Debian. Should IMO be acceptable by us.

(Now? Ie. with the openpgp-smartcard branch, no?)

Sweet! So, what's the timeline look like for me to be able to test this on something?

https://bugs.debian.org/909567

https://github.com/evilsocket/opensnitch/pull/207

@kyle.rankin Did you see https://bugs.debian.org/903163#135 ? :)

@james.rufer GNOME Software will fetch an extension list when run under GNOME Shell. So, you'll need to run it in a GNOME Shell session and the GNOME site has to be reachable. Try refreshing the software index (refresh button in GNOME Software) in case information is missing.

@todd It seems to me that your question at 11:52 was ambiguous: I guess you intended to ask about _default_ behaviour, and to me it is more likely that Matthias answered only about _ability_ - i.e. that Software center sends requests outside of pureos.net if told to do so. Therefore I disagree that @james.rufer's test is counter to @mak's answer.

@james.rufer does any GNOME extensions appear? (this would be the answer to only packages from approved PureOS.net and it would be counter to what Matthias mentioned in the chat history @ 12:05)... So I want to confirm that...

Chat history on the subject from #community-pureos:talk.puri.sm

Seems to me those fields are simply not provided, and Evince (which it seems you use to parse and inspect the files) wrongly show a bogus timestamp when none is proviced.

The tool nethogs is available in PureOS in the package nethogs. I.e. the tool is "included in most Linux distributions" as was quoted in that forum thread you are linking to.

This problem seems to occur especially when the system in on heavy load. I can easily reproduce it when building the Debian package hdf5.

Add:
This has occurred on three installations, so does not appear random.

After installation, when doing the system upgrade, get the following message:

Installed the latest ISO in Boxes. "UTC" did not come up in search.

I am not sure I understand the problem - what is the issue here? That extensions can be downloaded from GNOME?
Since we trust GNOME already, I don't think it makes sense to disallow that in GNOME software, especially because doing so means people will have trouble installing GNOME extensions.

Reassigning to Matthias, our expert on AppStream (including what and how much PureOS has derived from Debian in that area).

I am glad you isolated the problem. Having been a developer in a previous life, I was only thinking that maybe Mozilla fixed something that might have coincided with the updates.

Should I be going to the cairo project to report this?

gnome-logs shows that AppArmor is denying something with snap, which is how I've installed Firefox. Firefox had not been updated in a while, so something else was changed during one of the recent PureOS updates. I'm not new to the concept of reverse firewalls, but I'm a complete newbie to AppArmor, so will have to dig in.

Even though Nautilus' own "About" dialog showed version 3.30.0-stable, it was actually version 3.30.0-1. I just saw an update to 3.30.0-4, checked the bugs at https://gitlab.gnome.org/GNOME/nautilus/issues , and saw other people had the same bugs. This just got fixed in version 3.30.0-4. Whew, I was about to install Dolphin or Thunar.

It appears that 62.0.2 (not 62.0-2) was released today by Mozilla. When it is available in snap, you may want to try it to see if it fixes your problem.

The official build downloaded from their webpage works without problem.

Definitely does not matter if there are multiple tabs or not for Nautilus to crash. Fast or slow typing both produce a crash. Pasting into the search field so far does not produce a crash. In one case, %CPU reached 200% and Nautilus became unresponsive for long enough that I killed the process. All this is completely new behavior with 3.30.0-stable and never happened with the prior version, 3.26.3.1, which was rock solid.

As of 2018-09-19 KeePassXC has not failed throughout all the updates through yesterday.