trying to get bookworm net going on an rpi4

[gene heskett]

Greetings folks;

Let me say first that I'm around 150 miles from any ipv6 capable network,
just to get that out of the way.

Its booted to a text login and the first thing I did was import a saved
copy of the hosts file, and added rpi4-20220122.coyote.den with an alias
of rpi42 to that file. Then I edited /etc/network/interfaces.d/eth0 to
set a static address, and added a dns-nameserver 192.168.xx.1 line to it,
my router and gateway, and a second additional line to set /proc/sys/
net/.../eth0/disable_ipv6 to a 1. And I've checked, disable_ipv6 is now a
1.

But that's not enough, ip a, after a /e/i/networking restart, still shows
its active, so I assume its sending its dns request out the ipv6 portal
and my router is a dummy load for anything ipv6. So I can ping all the
local machines, but cannot look up yahoo.com.

So question one:
So what is the official, works in bookworm every time, way to totally
kill ipv6, making it use ipv4 for everything?

This ought to be in a faq somewhere. Except everybody has their own
method. :(

And question 2:
I noticed also, there is not a first user, can I assume the first time
adduser gets run it will assign him/her/it as user 1000 AND will put that
user into sudoers?

Again, this is the 20220121 bookworm.

Thanks all.

Cheers, Gene Heskett.
--
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author, 1940)
If we desire respect for the law, we must first make the law respectable.
- Louis D. Brandeis
Genes Web page <http://geneslinuxbox.net:6309/gene>

[Andrew M.A. Cater]

Gene,

a. Debian or Raspberry Pi OS bullseye updated to bookworm?

b. Why testing/Bookworm specifically?

c. Your machine or somebody else's. If somebody else's, I'd really
recommend sticking to Bullseye as more people can help.

Q2. There probably _is_ a first user. If this is Raspberry Pi OS, the
first user will be user pi, with gid 1000

Users will only be added to sudo if you do so. if you set up Debian,
and explicitly say you do not want a root user / set a blank password
then the first user _will_ be added to sudo as a special case.

All the very best, as ever,

Andy Cater

[deloptes]

gene heskett wrote:

> Greetings folks;
>
> Let me say first that I'm around 150 miles from any ipv6 capable network,
> just to get that out of the way.
>
> Its booted to a text login and the first thing I did was import a saved
> copy of the hosts file, and added rpi4-20220122.coyote.den with an alias
> of rpi42 to that file. Then I edited /etc/network/interfaces.d/eth0 to
> set a static address, and added a dns-nameserver 192.168.xx.1 line to it,
> my router and gateway, and a second additional line to set /proc/sys/
> net/.../eth0/disable_ipv6 to a 1. And I've checked, disable_ipv6 is now a
> 1.
>
> But that's not enough, ip a, after a /e/i/networking restart, still shows
> its active, so I assume its sending its dns request out the ipv6 portal
> and my router is a dummy load for anything ipv6. So I can ping all the
> local machines, but cannot look up yahoo.com.
>

I'm not sure - I think dns uses mostly ipv6 - but I can't tell for sure. I
have it on my todo list to get familiar with ipv6 and until then I also
refuse to use it.

> So question one:
> So what is the official, works in bookworm every time, way to totally
> kill ipv6, making it use ipv4 for everything?
>

AFAIR it is a module (or could be compiled as module) so disabling ipv6 will
nuke it

> This ought to be in a faq somewhere. Except everybody has their own
> method. :(
>
> And question 2:
> I noticed also, there is not a first user, can I assume the first time
> adduser gets run it will assign him/her/it as user 1000 AND will put that
> user into sudoers?
>

yes first user will have ID 1000, but I am not sure it is added
automatically to sudoers

> Again, this is the 20220121 bookworm.
>
> Thanks all.
>
> Cheers, Gene Heskett.

--

FCD6 3719 0FFB F1BF 38EA 4727 5348 5F1F DCFE BCB0

[gene heskett]

On Sunday, January 23, 2022 4:28:56 PM EST Andrew M.A. Cater wrote:
> On Sun, Jan 23, 2022 at 04:08:34PM -0500, gene heskett wrote:
> > Greetings folks;
> >
> > Let me say first that I'm around 150 miles from any ipv6 capable
> > network, just to get that out of the way.
> >
> > Its booted to a text login and the first thing I did was import a
> > saved copy of the hosts file, and added rpi4-20220122.coyote.den
> > with an alias of rpi42 to that file. Then I edited
> > /etc/network/interfaces.d/eth0 to set a static address, and added a
> > dns-nameserver 192.168.xx.1 line to it, my router and gateway, and a
> > second additional line to set /proc/sys/ net/.../eth0/disable_ipv6
> > to a 1. And I've checked, disable_ipv6 is now a 1.
> >
> > But that's not enough, ip a, after a /e/i/networking restart, still
> > shows its active, so I assume its sending its dns request out the
> > ipv6 portal and my router is a dummy load for anything ipv6. So I
> > can ping all the local machines, but cannot look up yahoo.com.
> >
> > So question one:
> > So what is the official, works in bookworm every time, way to totally
> > kill ipv6, making it use ipv4 for everything?
> >

> > This ought to be in a FAQ somewhere. Except everybody has their own

> > method. :(
> >
> > And question 2:
> > I noticed also, there is not a first user, can I assume the first
> > time
> > adduser gets run it will assign him/her/it as user 1000 AND will put
> > that user into sudoers?
> >
> > Again, this is the 20220121 bookworm.
> >
> > Thanks all.
> >
> > Cheers, Gene Heskett.
>

> Gene,
>
> a. Debian or Raspberry Pi OS bullseye updated to bookworm?
>
> b. Why testing/Bookworm specifically?
>

cuz I gave up trying to make a realtime kernel work on raspios's
bullseye.

> c. Your machine or somebody else's. If somebody else's, I'd really
> recommend sticking to Bullseye as more people can help.

Will be someone else's about 3000 miles west of me. I have 2, 64G u-sd
cards I'm installing on but when they work in my machine, will be sent
back to him. In the process, I'm using my rpi4 as a test mule.

> Q2. There probably _is_ a first user. If this is Raspberry Pi OS, the
> first user will be user pi, with gid 1000

I've looked at /edtc/passwd, pi does not exist in it.

> Users will only be added to sudo if you do so. if you set up Debian,
> and explicitly say you do not want a root user / set a blank password
> then the first user _will_ be added to sudo as a special case.
>
> All the very best, as ever,

While this confirms its Debian's version, built this past Friday for
armhf, it does nothing to answer my first question above. The other end
user has a similar situation in that he is at least 40 miles from the
nearest ipv6 capable connection. To me, this is a pita, if the guys that
write the dhcp code would get out of their mothers basement and visit the
real world, they would check to see if there was a working dns at its
usual ipv6 address, AND REVERT to ipv4 automatically if its not found!
The existing situation leaves it up to us to figure out how to disable it
unconditionally for every install we do. ipv4 works just fine out here in
the puckerbrush, if we can get ipv6 the hell out of the way.

I'm not frustrated with you Andy. But I think Debian has some pretty
smart coders who seem to be wearing tunnelvision glasses and can't see
the bigger picture that exists 5 miles away from the isp's premises.

That's frustrating, and should be fixed. Looking at the acreage where
ipv6 IS available, I'd guess it is less than 1% of this whole country,
why shove this down our throat?

> Andy Cater

[Andy Smith]

Hi,

On Sun, Jan 23, 2022 at 04:08:34PM -0500, gene heskett wrote:

> So what is the official, works in bookworm every time, way to totally
> kill ipv6, making it use ipv4 for everything?

You don't need to; having IPv6 active doesn't cause any problem even
if you don't have a default route that supports IPv6. If it does
cause a problem then there is a misconfiguration to be solved. You are
wasting your time and introducing more places where you can make a
configuration error resulting in yet another of your megathreadsš.

However, if for your own eccentric reasons you insist:

# echo 'net.ipv6.conf.all.disable_ipv6=1' > /etc/sysctl.d/disableipv6.conf

will disable it from the next boot.

You can use:

# sysctl --system

to re-apply all sysctl configs immediately, so disabling IPv6
without needing to reboot.

> This ought to be in a faq somewhere. Except everybody has their own
> method. :(

The first google hit for "debian disable IPv6" is:

https://www.itzgeek.com/how-tos/linux/debian/how-to-disable-ipv6-on-debian-9-ubuntu-16-04.html

which includes the above method. It's not a great page but it does
contain that info.

So even this highly unusual requirement has a very easy to find
solution.

Regards,
Andy

š Your decision to use Debian testing seems likely to generate some
more of those threads. But I expect you won't be persuaded to
stick with stable.

--
https://bitfolk.com/ -- No-nonsense VPS hosting

[Andrew M.A. Cater]

OK: I checked. That's the Gunnar Wolf "unofficial only because it
includes non-free firmware" Bookworm from raspi.debian.net / cdimage.debian.org

> >
> > b. Why testing/Bookworm specifically?
> >
> cuz I gave up trying to make a realtime kernel work on raspios's
> bullseye.
>

As before, you're pretty much on your own with realtime kernels on RPi.
I'd still suggest using stable Debian - so Bullseye - because testing
has the habit of large numbers of changes and you could end up with
problems in the next >1 year until Bookworm is released. And this is
64 bit under Debian - so RaspiOS knowledge won't really help anyway.

> > c. Your machine or somebody else's. If somebody else's, I'd really
> > recommend sticking to Bullseye as more people can help.
>

See above: you could end up being a long distance support provider. Been
there, done it, got the T-shirt :( Your choices are not necessarily my
choices, however, and I need to learn to respect that.

> Will be someone else's about 3000 miles west of me. I have 2, 64G u-sd
> cards I'm installing on but when they work in my machine, will be sent
> back to him. In the process, I'm using my rpi4 as a test mule.
>

Quite a distance and possibly a few TZ - not my favourite for tech
support if it goes wrong.

> > Q2. There probably _is_ a first user. If this is Raspberry Pi OS, the
> > first user will be user pi, with gid 1000
>

OK - so Gunnar's images specifically do _not_ have a first user set up.
They do have a "login for root with no password" / allow ssh as root set up.
That's OK in limited circumstances - you might want to go back and reread
the rationale for Gunnar's decisions. if there's a root user with no password
and effectively autologin, you'll need to rethink that.

> I've looked at /edtc/passwd, pi does not exist in it.
>

See above

> > Users will only be added to sudo if you do so. if you set up Debian,
> > and explicitly say you do not want a root user / set a blank password
> > then the first user _will_ be added to sudo as a special case.
> >

See above: if there's a root account set, sudo is pretty much moot.

> > All the very best, as ever,
>
> While this confirms its Debian's version, built this past Friday for
> armhf, it does nothing to answer my first question above. The other end
> user has a similar situation in that he is at least 40 miles from the
> nearest ipv6 capable connection. To me, this is a pita, if the guys that
> write the dhcp code would get out of their mothers basement and visit the
> real world, they would check to see if there was a working dns at its
> usual ipv6 address, AND REVERT to ipv4 automatically if its not found!
> The existing situation leaves it up to us to figure out how to disable it
> unconditionally for every install we do. ipv4 works just fine out here in
> the puckerbrush, if we can get ipv6 the hell out of the way.
>

Do you _know_ exactly how his router / DNS / ISP connection is set up _in
advance_ ? A lot of folk have an ISP cable connection where the router
does everything. You can set up the router to provide DNS, acquire hostnames
for each machine, fix IP leases locked to MAC address.

if he doesn't want to connect a CNC mill to anything, what does an IP address
matter anyway.

> I'm not frustrated with you Andy. But I think Debian has some pretty
> smart coders who seem to be wearing tunnelvision glasses and can't see
> the bigger picture that exists 5 miles away from the isp's premises.
>
> That's frustrating, and should be fixed. Looking at the acreage where
> ipv6 IS available, I'd guess it is less than 1% of this whole country,
> why shove this down our throat?
>

That's maybe true for you, but not for everybody.
At least knowing that it's mostly Debian is a help.

You may well find https://raspi.debian.net/defaults-and-settings/ useful

All best, as ever,

Andy Cater

[gene heskett]

On Sunday, January 23, 2022 5:43:49 PM EST Andy Smith wrote:
> Hi,
>
> On Sun, Jan 23, 2022 at 04:08:34PM -0500, gene heskett wrote:
> > So what is the official, works in bookworm every time, way to totally
> > kill ipv6, making it use ipv4 for everything?
>
> You don't need to; having IPv6 active doesn't cause any problem even
> if you don't have a default route that supports IPv6. If it does
> cause a problem then there is a misconfiguration to be solved. You are
> wasting your time and introducing more places where you can make a

> configuration error resulting in yet another of your megathreads¹.

>
> However, if for your own eccentric reasons you insist:
>
> # echo 'net.ipv6.conf.all.disable_ipv6=1' >
> /etc/sysctl.d/disableipv6.conf
>

And thats backwards from setting it in the /proc tree, there a zero in a
long path to disable_ipv6 disables it after an /e/i/networking restart.
And I just noticed this is an arm64 build, I need an armhf, where can I
get that from?

> will disable it from the next boot.
>
> You can use:
>
> # sysctl --system
>
> to re-apply all sysctl configs immediately, so disabling IPv6
> without needing to reboot.
>
> > This ought to be in a faq somewhere. Except everybody has their own
> > method. :(
>
> The first google hit for "debian disable IPv6" is:
>
>
> https://www.itzgeek.com/how-tos/linux/debian/how-to-disable-ipv6-on-de
> bian-9-ubuntu-16-04.html
>
> which includes the above method. It's not a great page but it does
> contain that info.
>
> So even this highly unusual requirement has a very easy to find
> solution.
>
> Regards,
> Andy
>

> ¹ Your decision to use Debian testing seems likely to generate some

> more of those threads. But I expect you won't be persuaded to
> stick with stable.

[deloptes]

Andy Smith wrote:

> However, if for your own eccentric reasons you insist:
>
> # echo 'net.ipv6.conf.all.disable_ipv6=1' > /etc/sysctl.d/disableipv6.conf
>
> will disable it from the next boot.
>
> You can use:
>
> # sysctl --system
>
> to re-apply all sysctl configs immediately, so disabling IPv6
> without needing to reboot.

Don't know but I have following there (in /etc/sysctl.conf)

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

and it does not disable ipv6

# lsmod | grep ipv
ipv6 458752 80 bridge,udp_diag

however when I blacklist module ipv6 - it is gone ;-)

kernel used 4.19.161

[Andy Smith]

Hello,

On Sun, Jan 23, 2022 at 06:22:40PM -0500, gene heskett wrote:
> On Sunday, January 23, 2022 5:43:49 PM EST Andy Smith wrote:
> > However, if for your own eccentric reasons you insist:
> >
> > # echo 'net.ipv6.conf.all.disable_ipv6=1' >
> > /etc/sysctl.d/disableipv6.conf
> >
> And thats backwards from setting it in the /proc tree, there a zero in a
> long path to disable_ipv6 disables it after an /e/i/networking restart.

You asked, I answered. I have no idea what else you are referring
to and if you want to ask for help and then argue about it when it's
given, you are on your own.

Regards,
Andy

[Andrew M.A. Cater]

On Sun, Jan 23, 2022 at 06:22:40PM -0500, gene heskett wrote:

> And I just noticed this is an arm64 build, I need an armhf, where can I
> get that from?
>

Hi Gene,

In the mail where I replied to you last night, I pointed out it was an
arm64 build. Debian builds 64 bit for the Raspberry Pi 3 and 4: Raspberry Pi
Foundation buid 32 bit for all Raspberry Pis - irrespective of processor -
to allow some backwards compatibility. They do things differently there -
that's OK.

Short answer: As far as I can see: you can't unless:

a.) You go back to Raspberry Pi OS Lite - and deal with the Raspberry Pi
userland and kernel - and level of support.

b.) You build it yourself - using the same scripts as Gunnar does - but
I would advise spending a time familiarising yourself with them _and_
talking to Gunnar. No guarantees that this will work.

c.) You build something else yourself - again, no guarantees.

As ever, you're out on the very edge of anyone else being readily able
to support you. There was someone suggesting building and maintaining
native Debian packages for LinuxCNC. I don't know how far that got
and I suspect they'd only be for amd64 architecture.

Building realtime pre-emptive kernels and getting them to run on a Pi 4 -
that's deep magic and you might need to find a Pi 4 expert from among
the Raspberry Pi Foundation folks - their 64 bit OS is a rough beta
at the moment, I think.

All the very best, as ever,

Andy Cater

[gene heskett]

On Monday, January 24, 2022 2:38:08 AM EST Andrew M.A. Cater wrote:
> On Sun, Jan 23, 2022 at 06:22:40PM -0500, gene heskett wrote:
> > And I just noticed this is an arm64 build, I need an armhf, where can
> > I get that from?
>
> Hi Gene,
>
> In the mail where I replied to you last night, I pointed out it was an
> arm64 build. Debian builds 64 bit for the Raspberry Pi 3 and 4:
> Raspberry Pi Foundation buid 32 bit for all Raspberry Pis -
> irrespective of processor - to allow some backwards compatibility.
> They do things differently there - that's OK.
>
> Short answer: As far as I can see: you can't unless:
>
> a.) You go back to Raspberry Pi OS Lite - and deal with the Raspberry
> Pi userland and kernel - and level of support.

Which for me, exists only thru apt. I'm subscribed, but blocked from
posting on their forum. Their loss.

> b.) You build it yourself - using the same scripts as Gunnar does - but
> I would advise spending a time familiarising yourself with them _and_
> talking to Gunnar. No guarantees that this will work.
>
> c.) You build something else yourself - again, no guarantees.
>
> As ever, you're out on the very edge of anyone else being readily able
> to support you. There was someone suggesting building and maintaining
> native Debian packages for LinuxCNC. I don't know how far that got
> and I suspect they'd only be for amd64 architecture.

Nope, the LinuxCNC folks and me have been doing it for quite some time
now.

Sorry to disappoint, but I've been building debs of LinuxCNC master on
the armhf, or downloading it from the buildbot since back in the rpi3b
days. Usually from the buildbot, but if its jammed it takes me around an
hour to build it on a 2gig rpi4b working against an SSD. I also have one
of my x86-64 machines setup to do that. Not at all difficult to generate
my own .deb's and install them with dpkg. As for bleeding edge, I play
the part of the canary in the coal mine, reporting problems before others
get stung, but we have good coders, I've only failed twice in around 3 or
maybe 4 years now, But I'm not one of the good coders, I do it all with
bash scripts. Sometimes twice a day when the git commits are fast &
furious.

> Building realtime pre-emptive kernels and getting them to run on a Pi 4
> - that's deep magic and you might need to find a Pi 4 expert from
> among the Raspberry Pi Foundation folks - their 64 bit OS is a rough
> beta at the moment, I think.

That may be, but debians arm64 is also rougher than a corn cob.
But I'm running the armhf full version of buster on that pi4 and it Just
Works with all the eye candy you'll want. Uptimes are until I unplug it
from the ups. Cheap $35 ups, and it lasts long enough to start the
generac I put in years ago to make sure Dee's oxygen generator had power.

And they'll block you from posting to their forum forever if you ask
about realtime preempt kernels a third time, they do NOT support, nor
allow any such conversations on their forum.

As for the deep magic Andy, the only thing I had to invent to put a
realtime kernel on a pi, was how to install it, the foundation does not
share enough info to allow that to be made into a deb. So I've been doing
it from a 24 megabyte tarball for around 3 years now. You can get that
file from my web page in the sig if you know where to look. But its
getting a bit long in the tooth now, its a 4.19.71-rt24-v7l+ kernel,
latency-test says about 12 microseconds unless firefox is running at the
same time. firefox is a pig. But we all know that ;o)

> All the very best, as ever,

Take care & stay well Andy.

[Andrei POPESCU]

On Lu, 24 ian 22, 00:27:23, deloptes wrote:
>
> Don't know but I have following there (in /etc/sysctl.conf)
>
> net.ipv6.conf.all.disable_ipv6 = 1
> net.ipv6.conf.default.disable_ipv6 = 1
> net.ipv6.conf.lo.disable_ipv6 = 1
>
> and it does not disable ipv6
>
> # lsmod | grep ipv
> ipv6 458752 80 bridge,udp_diag

Why should disabling the IPv6 support in the kernel prevent the module
from loading?

Kind regards,
Andrei
--
http://wiki.debian.org/FAQsFromDebianUser

[Andrei POPESCU]

On Du, 23 ian 22, 22:43:49, Andy Smith wrote:
> Hi,
>
> On Sun, Jan 23, 2022 at 04:08:34PM -0500, gene heskett wrote:
> > So what is the official, works in bookworm every time, way to totally
> > kill ipv6, making it use ipv4 for everything?
>
> You don't need to; having IPv6 active doesn't cause any problem even
> if you don't have a default route that supports IPv6. If it does
> cause a problem then there is a misconfiguration to be solved. You are
> wasting your time and introducing more places where you can make a

> configuration error resulting in yet another of your megathreads¹.

To be 100% fair, there *were* some issues with DNS and IPv6.

It's 10 years or more since, but as far as I remember it was due to
crappy DNS servers (mostly in proprietary firmwares of home routers),
that claimed to support IPv6, but failed to do so properly.

The quick fix was indeed disabling IPv6 support on the Linux side, but I
believe the issues were soon worked around in the Linux kernel[1].

This is very unlikely to affect Gene as he is running (hopefully
updated) DD-WRT on the router.

[1] Not sure if any Debian stable release was even affected by this, and
even if it did, it was one release at most.