Debian update – continued

Since I was already updating the server, I though I’d install munin as well. I have used munin 20 years ago at the dormitory and I realized, why I liked it. 🙂 Anyway, while I was installing, and checking, I saw that apache started to max out the CPU. After experimenting with it for a while, it turned out that somehow it is related to HTTPs and mod_gnutls. It turned out that I was not the only one with this problem:

Debian Bug report logs – #942737
libapache2-mod-gnutls: mod_gnutls consumes 100% cpu

So one more thing in the server maintenance backlog…

Read More

Debian update

Finally I found some time to update the vanyi.org server. The first step: move from Debian Stretch, before the support expires in June 2022 to Buster. The update was quite uneventful:
# apt-get update
# apt-get dist-upgrade

I’m still checking, but it looks like only 3 things needed manual update in configuration:

  • dovecot (IMAP server)
  • apache
  • ejabberd

Dovecot replaced ssl_parameters with ssl_dh. To fix the configuration I just followed this page. Actually quite simple. First create a dh.pem (can take several minutes, which was at least half an hour in my case);
# openssl dhparam -out /etc/dovecot/dh.pem 4096
Then you need to update /etc/dovecot/dovecot.conf:
ssl_dh=</etc/dovecot/dh.pem
After a restart dovecot works again.

For apache it is even easier, as it is documented on this page. Just enable the socache_dbm module:
# a2enmod socache_dbm

For ejabberd I have not had the time yet.

Read More

Non-functioning drivers after BIOS update

It looks like that the BIOS update on the HP 250 G7 removes the Machine Owner Key (MOK), so it has to be added again, as described here: https://wiki.debian.org/SecureBoot. Otherwise the custom drivers (like the 8821ce) will not be loaded, if SecureBoot is on.

Fixing it is actually only one step:
# mokutil --import MOK.der

Read More

Debian Linux on a HP 250 G7

After several years the time has come to replace our aging Thinkpad Edge330. Our choice was a HP 250 G7 with Core i7, 512GB SSD and 16GB RAM. Regarding the OS, there was no question: Debian. At the time of installing it was Debian 10 (“buster”). Below some points regarding the installation:

  1. Installation worked out of the box, even with SecucreBoot enabled, no problems with the netinst image, with two exceptions:
    • Wireless LAN is not working (Realtek RTL8821CE)
    • Brightness control keys are not working
  2. There is a solution for the wireless driver, works as described on several forums:
    • install the tools:
      apt-get install git dkms build-essential
    • get the source:
      git clone https://github.com/tomaspinho/rtl8821ce
    • build the kernel module:
      cd rtl8821ce
      chmod +x dkms-install.sh
      chmod +x dkms-remove.sh
      ./dkms-install.sh
  3. To keep using SecureBoot the driver must be signed as described on https://wiki.debian.org/SecureBoot. Otherwise you get the following error message:
    Apr 24 22:58:55 hp250 kernel: [ 3762.662396] Lockdown: Loading of unsigned modules is restricted; see https://wiki.debian.org/SecureBoot
    You can disable SecureBoot so it will work with the following warning in the kernel log:
    Apr 25 13:22:40 hp250 kernel: [ 3.402154] 8821ce: loading out-of-tree module taints kernel.
    Apr 25 13:22:40 hp250 kernel: [ 3.402917] 8821ce: module verification failed: signature and/or required key missing - tainting kernel

    I suggest to sign the driver, it can be done quickly based on the instructions in the Debian Wiki.
  4. Brightness control works via power settings, or via the battery icon, for the keys I’m looking for a solution. In the kernel log I see these error messages:

Some further notes:
$lspci
00:00.0 Host bridge: Intel Corporation Device 3e34 (rev 0c)
00:02.0 VGA compatible controller: Intel Corporation UHD Graphics 620 (Whiskey Lake) (rev 02)
00:04.0 Signal processing controller: Intel Corporation Skylake Processor Thermal Subsystem (rev 0c)
00:08.0 System peripheral: Intel Corporation Skylake Gaussian Mixture Model
00:12.0 Signal processing controller: Intel Corporation Cannon Point-LP Thermal Controller (rev 30)
00:14.0 USB controller: Intel Corporation Cannon Point-LP USB 3.1 xHCI Controller (rev 30)
00:14.2 RAM memory: Intel Corporation Cannon Point-LP Shared SRAM (rev 30)
00:16.0 Communication controller: Intel Corporation Cannon Point-LP MEI Controller (rev 30)
00:17.0 RAID bus controller: Intel Corporation 82801 Mobile SATA Controller [RAID mode] (rev 30)
00:1d.0 PCI bridge: Intel Corporation Cannon Point-LP PCI Express Root Port (rev f0)
00:1d.1 PCI bridge: Intel Corporation Device 9db1 (rev f0)
00:1d.4 PCI bridge: Intel Corporation Device 9db4 (rev f0)
00:1f.0 ISA bridge: Intel Corporation Cannon Point-LP LPC Controller (rev 30)
00:1f.3 Audio device: Intel Corporation Cannon Point-LP High Definition Audio Controller (rev 30)
00:1f.4 SMBus: Intel Corporation Cannon Point-LP SMBus Controller (rev 30)
00:1f.5 Serial bus controller [0c80]: Intel Corporation Cannon Point-LP SPI Controller (rev 30)
01:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (rev 15)
02:00.0 Network controller: Realtek Semiconductor Co., Ltd. RTL8821CE 802.11ac PCIe Wireless Network Adapter
03:00.0 Non-Volatile memory controller: Sandisk Corp WD Black 2018/PC SN520 NVMe SSD (rev 01)

Read More

XBMC and Natty

I also upgraded Ubuntu on our media PC. After the upgrade XBMC started to act strangely. When I tried to move up or down in the menu, it jumped two for each keypress. During the playback, sometimes the video froze for a fraction of the second, while the sound was continuing normally, then the video fast forwarded and caught up with the audio. The third issue was that the OSD wasn’t visible. It appeared for a quick moment, but then it disappeared. It was still there, but it wasn’t visible.

Read More

Fixing wireless after Ubuntu upgrade

Yesterday we upgraded the Eee PC 1000H from Ubuntu 10.10 to 11.04. Today it was unable to connect to the wireless network. After searching a little bit on the internet, I found the reason. There is a Ralink wireless card in the netbook:

01:00.0 Network controller: Ralink corp. RT2860

Read More