You are not logged in.

#26 2017-03-26 10:20:12

brontosaurusrex
Middle Office
Registered: 2015-09-29
Posts: 1,816
Website

Re: Stretch compared to Jessie

Well I did managed to froze gedit with gtk3-nocsd, so I'll assume

Even worse, this may break some window manager or compositors.

as false. The solution seems to be to either fix gtk+ or ban it from the ecosystem until fixed or live with the inconsistent look.

Last edited by brontosaurusrex (2017-03-26 10:21:49)

Offline

#27 2017-03-26 10:41:46

twoion
ほやほや
Registered: 2015-08-10
Posts: 2,484

Re: Stretch compared to Jessie

Head_on_a_Stick wrote:

Disable Gtk+ 3 client side decorations, globally:

https://packages.debian.org/stretch/gtk3-nocsd

gtk3-nocsd LD_PRELOADs a small library to disable the client side decorations (CSD) of Gtk+ 3.

Since Gtk+ 3.10, its developers added a so-called header bar or custom title bar. With this and the client-side decoration, the original title bar and window border provided by the window manager are disabled by Gtk+. This makes all Gtk+ 3 programs look like alike, but have different handling from other windows on non-GNOME desktops. Even worse, this may break some window manager or compositors.

Unfortunately, there is no reliable way of turning off CSDs in Gtk+ directly. This library makes this possible.

cool

Let's consider putting this on the Helium package list! Sounds very useful indeed.


A silent kite against the blue, blue sky

Online

#28 2017-03-26 11:32:37

hhh
Meep!
Registered: 2015-09-17
Posts: 8,324
Website

Re: Stretch compared to Jessie

^ Agreed, but we'll have to watch for b0rkage, as reported by bronto-rex, between now and then.

I haven't seen any weirdness, but I just started using it.

Offline

#29 2017-03-27 13:04:24

hhh
Meep!
Registered: 2015-09-17
Posts: 8,324
Website

Re: Stretch compared to Jessie

Debranding of Icedove...
https://lists.debian.org/debian-devel-a … 00004.html

I wasn't thrilled with how this was done, in that there were 2 profile folders and 2 desktop entries when it was finished, and the Icedove entry was 'Icedove>Thunderbird'. I missed this 'lists' message and deleted my ~/.icedove folder without backing it up (stupid of me), but everything seemed OK after restarting Thunderbird, meaning my Enigma keys were intact and I was able to download my emails.

The Icedove *.desktop file doesn't get deleted from /usr/share/applications. There is a new Thunderbird file there with the 'Exec=' line set to /usr/bin/thunderbird %u, which means typing 'thund' in xfce4-appfinder doesn't autocomplete. I copied the desktop folder to ~/.local/share/applications and changed it to 'Exec=thunderbird %u' to fix that. I didn't have Icedove setup in a BunsenLabs partition, so I can't say how this would affect gmrun or dmenu.

Offline

#30 2017-03-28 19:54:10

Head_on_a_Stick
Member
From: London
Registered: 2015-09-29
Posts: 8,759
Website

Re: Stretch compared to Jessie

For stretch, only GDM and `startx` (ie, no display manager at all) will support rootless X:

https://www.debian.org/releases/stretch … unpriv-x11

I think that we should either switch to GDM or drop the display manager altogether, running X rootless is a major security advantage.


“Et ignotas animum dimittit in artes.” — Ovid, Metamorphoses, VIII., 18.

Forum Rules   •   How to report a problem   •   Software that rocks

Offline

#31 2017-03-28 20:47:25

Head_on_a_Stick
Member
From: London
Registered: 2015-09-29
Posts: 8,759
Website

Re: Stretch compared to Jessie

Speaking of security and from the same document:

Executables are now compiled as position independent executables (PIE) by default.

HoaS likes this cool


“Et ignotas animum dimittit in artes.” — Ovid, Metamorphoses, VIII., 18.

Forum Rules   •   How to report a problem   •   Software that rocks

Offline

#32 2017-03-28 20:58:20

twoion
ほやほや
Registered: 2015-08-10
Posts: 2,484

Re: Stretch compared to Jessie

Head_on_a_Stick wrote:

For stretch, only GDM and `startx` (ie, no display manager at all) will support rootless X:

https://www.debian.org/releases/stretch … unpriv-x11

I think that we should either switch to GDM or drop the display manager altogether, running X rootless is a major security advantage.

Woah, I think that is going a bit too far. I've got no experience with this, but from the Arch wiki, there are requirements (apart from the Xorg version):

    systemd; version >=216 for multiple instances
    Kernel mode setting; implementations in proprietary display drivers fail auto-detection and require manually setting needs_root_rights = no in /etc/X11/Xwrapper.config.

If systemd is a hard requirement for rootless Xorg, it shan't happen unless switching from rootless to root-ful in the absence of systemd (e.g. after switching to sysvinit or another alternative nit) is automatic and transparent (without much tinkering) and the absence of GDM (to support other display managers like xdm or wdm).

Next, can there truly be a configuration that supports all kinds of graphics drivers at least as good as rootful, standard Xorg settings (not that the "traditional" mess in this area is ideal)?


A silent kite against the blue, blue sky

Online

#33 2017-03-28 21:08:49

Head_on_a_Stick
Member
From: London
Registered: 2015-09-29
Posts: 8,759
Website

Re: Stretch compared to Jessie

twoion wrote:

from the Arch wiki, there are requirements (apart from the Xorg version)

Not sure what you mean by this, I had rootless X on my Arch systems since Xorg version 1.17 (or so).

The stock BL system currently ships with the open drivers so it should all be supported in stretch, at least according to the link.

My Helium system is (was) currently running rootless X with no problems (HD4600).

can there truly be a configuration that supports all kinds of graphics drivers at least as good as rootful, standard Xorg settings

As long as the open drivers are used, no further configuration is should be needed for `startx` & rootless X in Debian stretch.

Last edited by Head_on_a_Stick (2017-03-28 21:09:40)


“Et ignotas animum dimittit in artes.” — Ovid, Metamorphoses, VIII., 18.

Forum Rules   •   How to report a problem   •   Software that rocks

Offline

#34 2017-04-07 18:29:52

hhh
Meep!
Registered: 2015-09-17
Posts: 8,324
Website

Re: Stretch compared to Jessie

What's the deal with at-spi2 dbus in stretch? Is it so tied in with gtk3 that you can't disable it anymore, short of renaming the bin files?

Offline

#35 2017-04-07 19:23:25

twoion
ほやほや
Registered: 2015-08-10
Posts: 2,484

Re: Stretch compared to Jessie

hhh wrote:

What's the deal with at-spi2 dbus in stretch? Is it so tied in with gtk3 that you can't disable it anymore, short of renaming the bin files?

Now you can't. Same on Arch, I have in my config

NoExtract = usr/share/dbus-1/services/org.a11y.*

to prevent the extraction of the dbus service in question (you can do the same with apt too).

It's "AT-SPI = Assistive Technology - Service Provider Interface" and I guess listens all the time in order to be able to do things like right-click on any GTK3 text field->read the text back to the user.


A silent kite against the blue, blue sky

Online

#36 2017-04-07 20:14:38

hhh
Meep!
Registered: 2015-09-17
Posts: 8,324
Website

Re: Stretch compared to Jessie

^ Thanks. The ram usage is minimal, I just thought it was weird that desktop files nor systemctl worked, and that there is very little discussion about it.

I'll try your config tomorrow, do you declare that in your environment or in something like gtk3 ini?

Sorry for the phone shorthand tongue

Offline

#37 2017-04-07 20:21:31

Head_on_a_Stick
Member
From: London
Registered: 2015-09-29
Posts: 8,759
Website

Re: Stretch compared to Jessie

hhh wrote:

I just thought it was weird that desktop files nor systemctl worked

Debian also still uses /etc/rc.d and the legacy sysvinit methods and some programs are started that way.

The only way I have found to show them all is to scour the output of:

systemd-analyze blame

Then use:

# update-rc.d $service disable

To kill the recalcitrant little b*gger  devil

Or use https://packages.debian.org/jessie/sysv-rc-conf but that's cheating...


“Et ignotas animum dimittit in artes.” — Ovid, Metamorphoses, VIII., 18.

Forum Rules   •   How to report a problem   •   Software that rocks

Offline

#38 2017-04-08 03:31:16

johnraff
nullglob
From: Nagoya, Japan
Registered: 2015-09-09
Posts: 5,731
Website

Re: Stretch compared to Jessie

I thought we had previously agreed to leave that a11y stuff in, for accessibility? Or has something nasty happened to it with Stretch?


John
--------------------
( a boring Japan blog , Japan Links, idle twitterings  and GitStuff )
In case you forget, the rules.

Offline

#39 2017-04-08 14:33:48

hhh
Meep!
Registered: 2015-09-17
Posts: 8,324
Website

Re: Stretch compared to Jessie

^ No, leave it in. I was just looking to kill a service that I don't use, but it's a tiny amount of RAM.

Offline

#40 2017-04-28 00:53:55

johnraff
nullglob
From: Nagoya, Japan
Registered: 2015-09-09
Posts: 5,731
Website

Re: Stretch compared to Jessie

Head_on_a_Stick wrote:

For stretch, only GDM and `startx` (ie, no display manager at all) will support rootless X

For stretch, rootless X will be supported, although only for GDM and startx.

I had to read the linked article to realize that this wasn't a regression, but an advance.


John
--------------------
( a boring Japan blog , Japan Links, idle twitterings  and GitStuff )
In case you forget, the rules.

Offline

#41 2017-04-28 01:54:45

johnraff
nullglob
From: Nagoya, Japan
Registered: 2015-09-09
Posts: 5,731
Website

Re: Stretch compared to Jessie

hhh wrote:

Debranding of Icedove...
https://lists.debian.org/debian-devel-a … 00004.html

...there were 2 profile folders and 2 desktop entries when it was finished, and the Icedove entry was 'Icedove>Thunderbird'
...The Icedove *.desktop file doesn't get deleted from /usr/share/applications.

Uninstall icedove and the duplication will go away.

There is a new Thunderbird file there with the 'Exec=' line set to /usr/bin/thunderbird %u, which means typing 'thund' in xfce4-appfinder doesn't autocomplete... I didn't have Icedove setup in a BunsenLabs partition, so I can't say how this would affect gmrun or dmenu.

No problems with gmrun or dmenu. I'm not sure if they actually refer to .desktop files though. Full paths in the Exec: key of .desktop files are permitted by freedesktop.  Actually, icedove.desktop also had a full path - did xfce4-appfinder handle that one OK?

The transition from Icedove went quite smoothly for me. The only residue now is that ~/.thunderbird is a symlink to ~/.icedove. Renaming ~/.icedove (and perhaps removing ~/.thunderbird/.migrated) would fix that I guess.

More: https://wiki.debian.org/Thunderbird


John
--------------------
( a boring Japan blog , Japan Links, idle twitterings  and GitStuff )
In case you forget, the rules.

Offline

#42 2017-04-29 08:53:12

o9000
tint2 developer
From: Network Neighborhood
Registered: 2015-10-24
Posts: 399
Website

Re: Stretch compared to Jessie

twoion wrote:

If systemd is a hard requirement for rootless Xorg

It would be useful to know how this actually works to figure out why that is.

Xorg only needs root rights to access /dev/input/* nodes, the tty, and the graphics card (/dev/video/*), everything else it does can work with the user's permissions. So to get rootless X, one would have to give it permission somehow to access those files.

File permissions work for /dev/input (e.g. adding your user to the group that has access to /dev/input files). If you login via a tty you have permissions over the current tty. But for /dev/video, normal file permissions are not sufficient. To perform certain operations, the user who opened /dev/video must be root.

The way they have chosen to solve this problem is to open those files as root from logind and pass the file descriptors over DBus (which is a wrapper over a UNIX socket, which allows passing open file descriptors between programs) to Xorg.

They have have chosen to add systemd as a dependency when other init-agnostic approaches would have worked as well:

1. Pass the fds over a UNIX socket (instead of DBus) using a simple API that would be implemented by logind. Then one doesn't need DBus and can replace logind with something else if needed. Modularity is good.

2. Start Xorg as root as usual and drop privileges after opening the /dev/* files. This is the simplest, most flexible approach.

But modularity is not desired by these people. Linux is slowly becoming fully monolithic.

Last edited by o9000 (2017-04-29 08:54:33)

Offline

#43 2017-04-29 10:10:00

Head_on_a_Stick
Member
From: London
Registered: 2015-09-29
Posts: 8,759
Website

Re: Stretch compared to Jessie

o9000 wrote:
twoion wrote:

If systemd is a hard requirement for rootless Xorg

It would be useful to know how this actually works to figure out why that is.

Rootless X is acheived through kernel mode setting and is not related to systemd directly, although that is a dependency thanks to the integration of systemd-logind.

Anyway, Xorg is a tangled mess of ancient code, the sooner everyone moves to Wayland the better, IMO.


“Et ignotas animum dimittit in artes.” — Ovid, Metamorphoses, VIII., 18.

Forum Rules   •   How to report a problem   •   Software that rocks

Offline

#44 2017-04-29 10:37:02

o9000
tint2 developer
From: Network Neighborhood
Registered: 2015-10-24
Posts: 399
Website

Re: Stretch compared to Jessie

KMS is not enough. You still need to be root when accessing /dev/video*. Or get a fd from a process running as root.

Offline

#45 2017-06-16 23:48:23

KrunchTime
Member
Registered: 2015-09-29
Posts: 857

Re: Stretch compared to Jessie

And, encrypting or unencrypting with gpa only requires you to enter your password once, not each time for each file as has been in the past.  YAY!!!!

Offline

#46 2017-06-30 22:49:33

brontosaurusrex
Middle Office
Registered: 2015-09-29
Posts: 1,816
Website

Re: Stretch compared to Jessie

Nitrogen 1.6.0 is capable of setting two images to dual-head screens.
nitrogenStretch.th.png

Last edited by brontosaurusrex (2017-06-30 23:07:13)

Offline

#47 2017-07-20 20:12:06

KrunchTime
Member
Registered: 2015-09-29
Posts: 857

Re: Stretch compared to Jessie

I'm not sure what package it is, but you should now receive an error message when typing in the wrong password for gksudo.  I'm assuming this made it to Stretch because it's been in Unstable for quite awhile.

Offline

#48 2017-07-21 05:00:30

johnraff
nullglob
From: Nagoya, Japan
Registered: 2015-09-09
Posts: 5,731
Website

Re: Stretch compared to Jessie

^confirmed - It puts up the password window again with an error message. I didn't test how many times it would do this, in case it cancelled my sudo privileges. sad


John
--------------------
( a boring Japan blog , Japan Links, idle twitterings  and GitStuff )
In case you forget, the rules.

Offline

#49 2017-07-25 09:20:26

KrunchTime
Member
Registered: 2015-09-29
Posts: 857

Re: Stretch compared to Jessie

^ Thank you for the confirmation.

Offline

#50 2017-08-13 16:26:10

Head_on_a_Stick
Member
From: London
Registered: 2015-09-29
Posts: 8,759
Website

Re: Stretch compared to Jessie

The free (as in speech) ATI Debian wiki page has been updated recently (it looks official too) and it now states that:

Debian Stretch comes with the latest MESA version which supports DRI Offloading.

https://wiki.debian.org/AtiHowTo#Debian … testing.29

This allows the use of discrete AMD graphics cards, just like Bumblebee but better  cool


“Et ignotas animum dimittit in artes.” — Ovid, Metamorphoses, VIII., 18.

Forum Rules   •   How to report a problem   •   Software that rocks

Offline

Board footer

Powered by FluxBB