I work on PureOS and infrastructure.
- User Since
- Sep 24 2016, 09:40 (313 w, 2 d)
Feb 17 2022
Thank you for the issue report! This problem should be resolved with the latest updates :-)
Should be fixed in a few hours :-)
Jan 22 2022
This is an annoying issue, as it is extremely hard (if not impossible currently) to fix properly. A proper fix would be to re-sign the fwupd-amd64-signed binary package, but we can not do that as we do not have any EFI signing facilities for PureOS...
This package has been removed from PureOS (as we don't support UEFI with secure boot signing enabled properly anyways), but users who have installed the package manually before will of course run into this issue now until they run an apt purge fwupd-amd64-signed. We could force the removal of this package via conflicts, but that may also not be an ideal solution here :-/
Nov 4 2021
Oct 9 2021
This is resolved now - please test the images available on https://downloads.pureos.net/byzantium/ (preferably the latest ones built ^^) as I could only test this on a few systems and configurations that I had available. The images should support UEFI, as long as secure boot is not enforced, as the necessary pieces are not signed.
Oct 5 2021
We certainly can't update the system's certificates store, as that would mean people couldn't get the update that lets them get updates again :-P
Oct 3 2021
This should be resolved in byzantium already :-)
Does this issue still exist? I changed the image build process quite a bit, so the current images are not comparable to the old ones.
This should be fixed in landing/byzantium for a while now :-)
I would rather add a search function to this, as this page can get extremely large (to the point of hanging up a browser tab).
Currently, the database has indices (no dedicated fulltext searches), but with that one could already implement a simple search. Added to the todo list, but as usual, patches welcome :-)
Sep 25 2021
Just FTR, we can't binary-sync anything from experimental, ever. Packages there are built with other binaries from experimental, which would break any suite we sync them into. Source syncs can work though, but will need support implemented in Synchrontron in Laniakea.
To me, this Lintian check actually makes little sense. The one for Maintainer is important, so the maintenance status is reflected in the modified package, but Changed-by could be any address. When Zlatan and I created the project, the initial goal was explicitly to get the community involved and have people outside of Purism contribute. That didn't really work out, but by limiting change authors to people with an @puri.sm address we make this even less likely and also make the project look a lot more like a Purism inside job than is good for it ;-)
This was a bit tricky, as byzantium is still an in-development release and all changes should go through landing. Fortunately though, the synchrotron Laniakea module is flexible enough nowadays to accommodate for that.
I've implemented a solution which will fill up the -updates and -security suites directly for byzantium from the respective bullseye suites, while not allowing manual uploads from us which should still go through landing. That workflow should work well for byzantiums current odd in-between state between "released" and "in-development".
Sep 8 2021
We could probably have debug symbols packages for our self-built packages with a bit more space (the dbgsym packages are *insanely* huge, they dwarf the size of the actual archive), but for the full archive, so syncing the debug symbols from Debian to make them available easily in PureOS, we'd need quite a lot of space (I need to look at Debian to actually give a - then very good - estimate).
At time, PureOS holds dbgsym packages for everything that we have built in the landing suite, but byzantium doesn't have own debug symbols. You can however use the ones from landing, which are either equal to the versions in byzantium, or newer.
Jul 11 2021
May 27 2021
I have a preliminary image with PureOS 10 for UEFI available, but some polishing work is still needed on this.
Apr 17 2021
So, that RST packet is indeed the issue, and there's a high chance that either APT or GnuTLS don't handle this correctly. I talked with an APT developer, and we may actually need to debug this further in future.
In the meanwhile though, the issue can be mitigated by throwing an Apache2 webserver in front as proxy, instead of Nginx.
Apr 16 2021
Some new observations:
- This is not a proxy server issue: Even without proxy, the issue occurs
- The TLS version doesn't matter at all
- Before the issue occurs, we get quite a few TCP retransmissions from the client to the server, and then the current connection is dropped:
- There is nothing suspicious in the Nginx logs, not even at info priority. A quick glance at the debug logs also didn't show anything interesting, but those are massive and it's possible that I missed something.
Mar 4 2021
I also tried messing with timeouts on APTs transport methods, with no luck - according to APT, the server just stops responding (according to curl though, it doesn't).
I pasted the wrong log, but the connection timeout is actually even more frequent now than the Resource temporarily unavailable issue - but both appear.
I tested this with https::Verify-Peer false, still the same issue happens:
Fetched 1016 MB in 4min 12s (4025 kB/s) 2021/03/04 22:30:39 apt | E: Failed to fetch https://repo.pureos.net/pureos/pool/main/f/fftw3/libfftw3-double3_3.3.8-2_amd64.deb Connection timed out [IP: 220.127.116.11 443] 2021/03/04 22:30:39 apt | E: Failed to fetch https://repo.pureos.net/pureos/pool/main/s/spice-gtk/libspice-client-glib-2.0-8_0.39-1_amd64.deb Connection timed out [IP: 18.104.22.168 443] 2021/03/04 22:30:39 apt | E: Failed to fetch https://repo.pureos.net/pureos/pool/main/libs/libsodium/libsodium23_1.0.18-1_amd64.deb Connection timed out [IP: 22.214.171.124 443] 2021/03/04 22:30:39 apt | E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?
Feb 28 2021
Feb 11 2021
Fixed now. Apparently dak forgot a source package... Not sure how that happened, this could only occur if something was manually deleted the wrong way, or a bad database backup was restored...
It's fixed now though, and I checked for any more of this kind of issue and found none.
Noticed this too late because the warning email went straight to spam (the attached logfile apparently was suspicious).
This is caused by either a dak bug or something feeding dak bad data:
File "/srv/dist/dak/daklib/archive.py", line 164, in install_binary .filter(Suite.suite_id == source_suites.c.id) AttributeError: 'NoneType' object has no attribute 'c'
Feb 10 2021
Jan 5 2021
Has this been done? I think only sysadmins have the necessary privileges to destroy a user account, all I can do is disable them.
Then this should have worked - they should verify that /etc/apt/apt.conf.d/20auto-upgrades exists and has the correct values.
Jan 4 2021
the issue is the "Software & Updates > Updates > Automatically check for updates: Never" configuration is not preventing the system from automatically checking for updates every day.
Dec 30 2020
No, disabling the timers is completely the wrong approach. The service belonging to the timer unit has built-in logic to do only what it was configured to do + some cleanup work that we always want to have done.
All you need to do to disable upgrades is to disable them in GNOME Software as well as in software-sources-gtk which is available in GNOME Software's burger-menu as well.
See the attached picture:
Dec 7 2020
Why? We want the users to stay secure by default, and disabling automatic upgrades is the opposite of that. So I think disabling updates is a huge disservice and definitely not beginner-friendly. Users who want to disable autoupdates can always do that via the respective GUI (software-properties-gtk).
Nov 26 2020
I think @adrien.plazas pushed a workaround for this recently: https://source.puri.sm/Librem5/pureos-store/-/merge_requests/14
Nov 3 2020
That depends on how the suite is set up and where it gets its overrides from - the phone suites do not share overrides with the main amber suite, so everything goes through NEW once (but that also means the changing overrides for the phone suite is easier and there is less room for error and it impacting one of the main suites).
Oct 13 2020
Those packages are available, but only for the latest builds of the development version of PureOS and only for the ones we rebuilt ourselves: https://repo.pureos.net/pureos-debug/dists/
Anything else would require mirroring the debug packages from Debian, and we do not have the disk space for that, currently.
Sep 27 2020
Did you use the OEM image or the Live image? Which version of the install ISO (date) did you use?
What is the use case for explicitly staying below a Debian revision? This may break quite a few assumptions and no Debian derivative (that I know of) does this.
Aug 16 2020
These images should now be(come) default. Thanks everyone for testing!
Aug 6 2020
Nice! If nobody vetoes this image until next Monday/Tuesday, I will send this image to the factory and marketing people - we really have to update the default image, and especially that OEM username issue is causing very frequent support issues, so it has to go (not to mention the huge amount of security fixes that newer PureOS releases contain and that just aren't there yet with the current images).
Aug 5 2020
Aug 4 2020
The image has been updated to incorporate the latest security fixed for a bunch of vulnerabilities in GRUB (less relevant for us if /boot is verified anyway, but still good to have, especially for custom installations).
This should have been resolved with the latest util-linux upload.
Aug 3 2020
At some point the intent is to make this nicer-looking and better integrated, but until that point is there, we'll have this page :-)
They were signed with an expired key. refreshging that key from a keyserver fixed this issue.
Aug 2 2020
Jul 23 2020
@all but especially @richard.kolla : Can you please test the 2020-07-22 image? There were now functional changes, only minor bugfixes from Debian and security fixes (so I expect everything to still work as before).
Jul 22 2020
Jul 20 2020
Jul 18 2020
Is this not something that can also be pushed to upstream g-i-s
This has been fixed in PureOS for some time now, but we'll still need an upstream solution. I'll likely push this change to Debian as well meanwhile, so Debian can benefit from the bugfix as well.
Jul 9 2020
This bug was indeed fixed by me earlier this week :-)
Jun 4 2020
What do you mean with "breaks"? Does it crash? Is it not installable? In the former case, a backzrace or at least console output would be nice.
Jun 3 2020
This should be fixed now, but the update will need a few days to migrate out of landing.
May 13 2020
It's unfortunately one with a US keyboard :-/
Apr 30 2020
Do we need a new version of the library in amber, or is there a patch that we can apply to the amber version? Uploading a new upstream version always comes with some risk of breaking other stuff (unless it's a pure bugfix release).
Apr 8 2020
Hmm, I don't have a Librem with a German keyboard so I can't test this and would have to apply this change blindly.
This looks like something that should also go into upstream systemd, right?
Feb 17 2020
Jan 8 2020
Whoops, looks like I completely forgot to close this... Thanks!
Jan 3 2020
The only thing I can say at the moment that we will have this done for the next release of PureOS. I know this is kind of vague, but at the moment I can't make a more definitive statement about it, sorry.
Most likely this feature will come with a complete overhaul of the process we use to build images for PureOS.
Dec 14 2019
Nov 20 2019
Oct 13 2019
This should be fixed in amber now :-)
Thanks for reporting the issue!
Oct 10 2019
There are no resource limits on the container, so I have no idea what goes wrong here.
Does this code access a device that is maybe unavailable?
Unfortunately I am traveling in the next weeks, so I don't know if I'll have time to look into this.
Oct 8 2019
The update should be available once it passes QA and the regular delay period.