Develop Reference

Debian Bullseye: Bluetooth of Dell Vostro 3500 missing

In a fresh installation of Debian Bullseye 11.2 with Gnome including non-free packages i experience a missing Bluetooth support in my Dell Vostro 3500 - whereas Wifi works fine.
The symptoms are showing in the Gnome > Bluetooth dialog with "No Bluetooth found - Connect an adapter to be able to use Bluetooth." and in the terminal with
$ sudo systemctl status bluetooth
● bluetooth.service - Bluetooth service
Loaded: loaded (/lib/systemd/system/bluetooth.service; enabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:bluetoothd(8)
Jan 04 10:42:42 debian systemd[1]: Condition check resulted in Bluetooth service being skipped.
$ sudo systemctl cat bluetooth
# /lib/systemd/system/bluetooth.service
[Unit]
..
ConditionPathIsDirectory=/sys/class/bluetooth
..
$ sudo ls -la /sys/class/bluetooth
ls: cannot access '/sys/class/bluetooth': No such file or directory
I checked the BIOS setup which confirms that Bluetooth is activated.
I checked and confirmed that the usual packages firmware-misc-nonfree and firmware-iwlwifi are installed.
Now i wonder in general what is missing to make Bluetooth work and in specific what it means that the folder /sys/classes/bluetooth is missing?
Data
Computer: Dell Vostro 3500 (A12, F1SC9N1, bought in 2011)
OS: Debian Bullseye 11.2
ISO image: debian-live-11.2.0-amd64-gnome+nonfree.iso
ISO image url: https://cdimage.debian.org/images/unofficial/non-free/images-including-firmware/11.2.0-live+nonfree/amd64/iso-hybrid/debian-live-11.2.0-amd64-gnome+nonfree.iso

How to verify the integrity of a linux tarball?

The tarballs of the Linux releases from https://www.kernel.org/ can be verified with .sign files. There's no information how to verify the tarball on the website or in the README in the tarball.

The following if derived from the instructions Linux kernel releases PGP signatures on the kernel.org site. Which say (in part), first (and only one time) install the public key like
$ gpg --keyserver hkp://keys.gnupg.net --recv-keys 6092693E
Then you can verify signatures like
$ xz -cd linux-3.1.5.tar.xz | gpg --verify linux-3.1.5.tar.sign -
with an expected output something like
gpg: Signature made Fri 09 Dec 2011 12:16:46 PM EST using RSA key ID 6092693E
gpg: Good signature from "Greg Kroah-Hartman
(Linux kernel stable release signing key) <greg#kroah.com>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 647F 2865 4894 E3BD 4571 99BE 38DB BDC8 6092 693E

stunnel problems on Ubuntu 14 and Linux Mint 17

I installed stunnel4 from the program manager. When I try to run stunnel on either of Ubuntu 14 or Linux Mint 17, I get the message below. I have this working on CentOS6.5 and on MacOS X Mavericks. Not sure what to try next. Rebuilding openssl is a mess, if that is even the problem.
idf#idf-ZBOX-ID42-BE ~ $ sudo stunnel
Clients allowed=500
stunnel 4.53 on x86_64-pc-linux-gnu platform
Compiled with OpenSSL 1.0.1e 11 Feb 2013
Running with OpenSSL 1.0.1f 6 Jan 2014
Update OpenSSL shared libraries or rebuild stunnel
Threading:PTHREAD SSL:+ENGINE+OCSP Auth:LIBWRAP Sockets:POLL+IPv6
Reading configuration from descriptor 3
Compression not enabled
PRNG seeded successfully
Initializing inetd mode configuration
Section stunnel: SSL server needs a certificate
str_stats: 2 block(s), 10 data byte(s), 116 control byte(s)
idf#idf-ZBOX-ID42-BE ~ $
my conf file looks like this:
idf#idf-ZBOX-ID42-BE ~ $ more /etc/stunnel/stunnel.conf
;Example stunnel configuration file by Michal Trojnara 2002-2006
; Some options used here may not be adequate for your particular configuration
; Certificate/key is needed in server mode and optional in client mode
; The default certificate is provided only for testing and should not
; be used in a production environment
;cert = stunnel.pem
;key = stunnel.pem
cert = /home/idf/Downloads/cert.pem
key = /home/idf/Downloads/key.pem
fips = no
libwrap=no
;
;Protocol version (all, SSLv2, SSLv3, TLSv1)
;sslVersion = all
sslVersion = all
ciphers = ALL
;
; Some security enhancements for UNIX systems - comment them out on Win32
chroot = /var/run/stunnel4/
setuid = stunnel4
setgid = stunnel4
; PID is created inside the chroot jail
pid = /home/idf/stunnel.pid
; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
compression = zlib
; Workaround for Eudora bug
options = DONT_INSERT_EMPTY_FRAGMENTS
; Authentication stuff
;verify = 2
; Don't forget to c_rehash CApath
;CApath = certs
; It's often easier to use CAfile
;CAfile = cacerts.pem
; Don't forget to c_rehash CRLpath
;CRLpath = crls
; Alternatively you can use CRLfile
;CRLfile = crls.pem
; Some debugging stuff useful for troubleshooting
debug = 7
output = /var/log/stunnel/stunnel.log
; Use it for client mode
client = yes
; Service-level configuration
[xxxxxxx-xxx-xxxxx]
client = yes
accept = 127.0.0.1:9099
connect= xx.xx.xx.xx:2506
; vim:ft=dosini
idf#idf-ZBOX-ID42-BE ~ $
If I uninstall the stunnel that is in the repository and replace it with this one:
https://launchpad.net/ubuntu/utopic/amd64/stunnel4/3:5.01-3
I still get even if I disable compression. I don't understand why it is telling me about the "Service [stunnel]: SSL server needs a certificate" since I am trying to use it only in client mode. Also, the other end does not need a certificate.
idf#idf-ZBOX-ID42-BE ~/Downloads $ sudo stunnel
[ ] Clients allowed=500
[.] stunnel 5.01 on x86_64-pc-linux-gnu platform
[.] Compiled/running with OpenSSL 1.0.1f 6 Jan 2014
[.] Threading:PTHREAD Sockets:POLL,IPv6 SSL:ENGINE,OCSP,FIPS Auth:LIBWRAP
[ ] errno: (*__errno_location ())
[.] Reading configuration from descriptor 3
[.] FIPS mode disabled
[ ] Compression disabled
[ ] PRNG seeded successfully
[ ] Initializing inetd mode configuration
[!] Service [stunnel]: SSL server needs a certificate
idf#idf-ZBOX-ID42-BE ~/Downloads $ ps ax | grep stunnel

i just beat my way thru this the other day.
you want stunnel4_5.01-3_amd64.deb - you'll have to download that - not in the repos yet. i believe someone made it work with 4.53, but i didn't manage it.
https://launchpad.net/ubuntu/utopic/amd64/stunnel4/3:5.01-3
openssl 1.0.1f and libssl.1.0.0 and libssl.1.0.0:i386 1.0.1f (they're the current versions) are good. but note this from your start output:
Compiled with OpenSSL 1.0.1e 11 Feb 2013
Running with OpenSSL 1.0.1f 6 Jan 2014
i think updating stunnel as described above will sort that for you.
and the other thing you need to do is turn off compression in your stunnel.conf - none of the different types of compression i tried currently work. hopefully, that's temporary.
regards,
hth

(I'm the same guys as above user3694589 - finally bothered to create an account.)
FYI, I just subscribed myself to this related bug and marked it as affecting me on launchpad.net:
https://bugs.launchpad.net/ubuntu/+source/stunnel4/+bug/1315844
You might want to add yourself as well. Several minutes later, I got this email:
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: stunnel4 (Ubuntu)
Status: New => Confirmed
-- You received this bug notification because you are subscribed to the bug report. https://bugs.launchpad.net/bugs/1315844 Title: won't start with compression on

openSUSE shim certificate for uefi secure boot

Is openSUSE shim bootloader signed with openSUSE private key?
If so, where can I find the corresponding openSUSE certificate for secure boot verification purpose?

A public key can be retrieved from the shim source package:
Download
http://download.opensuse.org/source/distribution/13.1/repo/oss/suse/src/shim-0.2-3.1.src.rpm
Extract using e.g.:
rpm2cpio shim-0.2-3.1.src.rpm | cpio -dium
Unpack tar-ball that is inside:
tar-xJf shim-12.3-update.tar.xz
The certificate can now be found in the usr/lib64/efi subdir:
openssl x509 -inform der -in usr/lib64/efi/shim-opensuse.der -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=openSUSE Secure Boot CA, C=DE, L=Nuremberg, O=openSUSE Project/emailAddress=build#opensuse.org
You can verify 2nd stage bootloaders and kernels using sbverify from the sbsigntool package (that's what its called on Ubuntu)

AVRISP MKII doesn't work with AVRDUDE on Linux

The system sees something is plugged in when I plug and unplug it:
bluehat#Matapan:/dev$ tail -f /var/log/syslog
Mar 23 15:36:35 Matapan kernel: [156082.112874] usb 7-1: new full speed USB device using uhci_hcd and address 6
Mar 23 15:47:19 Matapan kernel: [156726.248081] usb 7-1: USB disconnect, address 6
Mar 23 15:47:29 Matapan kernel: [156736.200148] usb 6-1: new full speed USB device using uhci_hcd and address 3
AVRISP MKII should rely on cdc-acm:
bluehat#Matapan:/dev$ modinfo cdc-acm -V
module-init-tools version 3.12
So it should be able to see it just fine, and yet I am unable to write to it.
avrdude -p m1280 -c avrispmkII -P usb -U test.hex
Returns
avrdude: usb_open(): cannot read serial number "error sending control message: Operation not permitted"
avrdude: usb_open(): cannot read product name "error sending control message: Operation not permitted"
avrdude: usbdev_open(): error setting configuration 1: could not set config 1: Operation not permitted
avrdude: usbdev_open(): did not find any USB device "usb"

It turns out that Ubuntu will acknowledge that the object is there but not play nicely with it until you fix up some of your udev rules. Thanks to http://steve.kargs.net/bacnet/avr-isp-mkii-on-ubuntu-hardy/ which provided files that only needed a little updating.
Create new file /etc/udev/avrisp.rules
SUBSYSTEM!="usb", ACTION!="add", GOTO="avrisp_end"
# Atmel Corp. JTAG ICE mkII
ATTR{idVendor}=="03eb", ATTR{idProduct}=="2103", MODE="660", GROUP="dialout"
# Atmel Corp. AVRISP mkII
ATTR{idVendor}=="03eb", ATTR{idProduct}=="2104", MODE="660", GROUP="dialout"
# Atmel Corp. Dragon
ATTR{idVendor}=="03eb", ATTR{idProduct}=="2107", MODE="660", GROUP="dialout"
LABEL="avrisp_end"
Now create a virtual link to the file and give it a rule priority
cd /etc/udev/rules.d
sudo ln ../avrisp.rules 60-avrisp.rules
Check you're in the dialout group
groups
Restart udev
sudo service udev restart
Hooray!

For Ubuntu 12.04, there's a minor change that must be carried out to the configuration that Katy posted:
All occurrences of SYSFS should be replaced with ATTR
Additionally, if you're still having problems, make sure you have installed all the required dependent libraries. I found that I had to install the uisp package as well.
If restarting udev doesn't make a difference, unplugging the programmer and plugging it in back in does.

Updated rule that works for 13.10:
SUBSYSTEM!="usb", ACTION!="add", GOTO="avrisp_end"
# Atmel Corp. JTAG ICE mkII
ATTR{idVendor}=="03eb", ATTR{idProduct}=="2103", MODE="660", GROUP="dialout"
# Atmel Corp. AVRISP mkII
ATTR{idVendor}=="03eb", ATTR{idProduct}=="2104", MODE="660", GROUP="dialout"
# Atmel Corp. Dragon
ATTR{idVendor}=="03eb", ATTR{idProduct}=="2107", MODE="660", GROUP="dialout"
LABEL="avrisp_end"
Based on previous posts about changes.

Seems they changed it again in 12.10
The Subsystem is now "usb"
I found a command which shows what you need.
For that you just need to know the Bus and Device number from the plugged device
(use lsusb)
Bus 003 Device 010: ID 03eb:
lsusb
So my Bus number from the isp is 003 and Device is 010
(edit the end /003/010 to your needs)
udevadm info --attribute-walk --name=bus/usb/003/010
shows among many other things
SUBSYSTEM=="usb"
ATTR{idVendor}=="03eb"
ATTR{idProduct}=="2104"
Replace/change the created rule above and everything should work
If there are other Problems the Command will show them to you, it checks the rules (found a typo that way :))
If there is no error it won't show anything (Didn't realise for some time)

I used the following udev rules file to get it working on Fedora 19:
SUBSYSTEM!="usb", ACTION!="add", GOTO="avrisp_end"
# Atmel Corp. JTAG ICE mkII
ATTR{idVendor}=="03eb", ATTR{idProduct}=="2103", MODE="660", GROUP="dialout"
# Atmel Corp. AVRISP mkII
ATTR{idVendor}=="03eb", ATTR{idProduct}=="2104", MODE="660", GROUP="dialout"
# Atmel Corp. Dragon
ATTR{idVendor}=="03eb", ATTR{idProduct}=="2107", MODE="660", GROUP="dialout"
LABEL="avrisp_end"
As you can see, some minor things are different from what is suggested above. Also I had to restart the computer. Using "udevadm control --reload" was not enough.