[gentoo-user] Quickest/easiest Gentoo install?

[Walter Dnes]

  I'd like to install Gentoo on an older Lenovo laptop with 3 gigs ram
and 75 gigs disk.  Is there a "robo-installer script" for this? I want
1 partition (/dev/sda via lilo ) as ext3 and openrc.  I'll settle for a
textconsole-only install if necessay, and tweak the kernel and build X
as necessary.

-- 
Walter Dnes 
I don't run "desktop environments"; I run useful applications

Re: [gentoo-user] unable to login some websites using www-client/firefox-68.9.0

[Valmor F. de Almeida]

On 7/5/20 7:36 PM, Серега Филатов wrote:

Maybe "do not track" causes this issue?
Are you able to log in on firefox-bin? Another browser? Another system 
in your network?


On Sun, Jul 5, 2020, 20:36 Valmor F. de Almeida > wrote:



Hello list:
I have emerged www-client/firefox-68.9.0 and I am able to log in to,
say
google email accounts, etc. However at some other websites that require
username/password, I am not able to log in. I have cleared the cache,
deleted all cookies, etc. Still problematic. I don't get any errors
upon
login. Just get straight back to the original site prompting for the
username and password.

Just checking on this list whether I used all USE flags correctly when
emerging firefox:
bindist, gmp-autoupdate, pulseaudio, screenshot, system-av1,
system-harfbuzz, system-icu, system-jpeg, system-libevent,
system-libvpx, system-sqlite, system-webp.

I only have two add-ons: flag and dark background loaded.

Inputs appreciated.
Thanks,
--
Valmor



Yes I am able to log in from a Mac OS using FF. I have not tried 
firefox-bin; I should do it.

Thanks,
--
Valmor

Re: [gentoo-user] Encrypted drive setup at login and locking on logout.

[Rich Freeman]

On Mon, Jul 6, 2020 at 5:05 AM William Kenworthy  wrote:
>
>  It also makes the point that any adminstrator will have access to the sticks 
> data - not just the user (same as root under Linux).

This is just a fundamental issue about how computers work.  If you
attach your storage media to a computer, then potentially anybody who
had either physical access or administrative access to that computer
before you can read the storage media.  If it is encrypted and you
enter the decryption key into the computer, then that includes the
encrypted data too.

There are of course operating systems that try to make this sort of
thing harder, but there are many ways to bypass this sort of thing at
either the hardware or software level.  If you are plugging your USB
drive into a computer you don't control, you really have no way to
know what hardware or software it is using.  It could contain hardware
keyloggers, the OS might be tampered with, if the device is supposed
to prevent OS tampering you don't know if the hardware was swapped out
with hardware that doesn't prevent tampering, and so on.  This is why
things like hardware password/key managers often implement a
minimalistic serial/keyboard interface - to prevent the host they are
plugged into from actually being able to directly access their secure
storage.

I realize that you already said that this is your own hardware - I
just wanted to point out this fundamental limitation.  This is one of
the reasons that when I select laptops/tablets I tend to select ones
that are very light/portable - the more likely I am to have it with me
the less likely I am to need to access my private data from systems I
don't control.

-- 
Rich

Re: [gentoo-user] Encrypted drive setup at login and locking on logout.

[Neil Bothwick]

On Mon, 6 Jul 2020 04:53:24 -0500, Dale wrote:

> > ecryptfs-utils is the userland management of the kernel's ecryptfs.
> > Ecryptfs uses an overlay filesystem to encrypt files within a
> > directory, it is what Ubuntu uses for encrypted home directories
> >
> > cryptmount is for working with LUKS filesystems, which appears to be
> > the route you are leaning towards. I haven't used it and don't know
> > what advantages it has over a user script, if you want to manually
> > mount the filesystem, or /etc/crypttab.

> I thought Gentoo used /etc/conf.d/dmcypt?  I still haven't figured that
> part out yet.  I need to read up on that more.  I'm not sure what it
> does exactly, yet.

It may do, I only encrypt everything-but-/boot or nothing at all.

For your use case, encrypting part of your home directory, ecryptfs may be
more suitable.


-- 
Neil Bothwick

Ralph's Observation - It is a mistake to allow any mechanical object
to realize that you are in a hurry.


pgpyPpJH2S194.pgp
Description: OpenPGP digital signature

Re: [gentoo-user] Encrypted drive setup at login and locking on logout.

[Neil Bothwick]

On Mon, 6 Jul 2020 17:05:48 +0800, William Kenworthy wrote:

> > By the way, the USB stick will have instructions about things after
> > I'm buried or whatever.  I plan to keep the USB stick in a safe and
> > share the password with the person that will be taking care of
> > things.  When I'm gone, they can open the USB stick to access files on
> > what to do and such.  Until I'm gone, they won't know what is on the
> > stick or have access to it.  Getting older makes one think about these
> > things.  :/  External drives will have things that when I'm gone, they
> > gone too. 
> >  
> Paper in a sealed envelope in a safe (bank safety deposit box etc) ...
> too many things to go wrong with an encrypted USB.

I too have a USB stick in the safe, but it's not encrypted. As you say,
too much to go wrong that way. I actually use 2 sticks, just in case one
of them corrupts.


-- 
Neil Bothwick

Barnum was wrongit's more like every 30 seconds!


pgpV75uH0JrJm.pgp
Description: OpenPGP digital signature

Re: [gentoo-user] Encrypted drive setup at login and locking on logout.

[Dale]

Neil Bothwick wrote:
> On Sun, 5 Jul 2020 23:49:14 -0500, Dale wrote:
>
>> Digging around I found these. 
>>
>> [ebuild  N    ~] sys-fs/ecryptfs-utils-111_p20170609::gentoo  USE="gtk
>> nls pam -doc -gpg -openssl -pkcs11 -python -suid -tpm"
>> PYTHON_SINGLE_TARGET="python2_7" 1,401 KiB
>> [ebuild  N ] sys-fs/cryptmount-5.3.2::gentoo  USE="gcrypt largefile
>> luks nls openssl udev -argv0switch -cswap -fsck -mount (-selinux)
>> -systemd" 533 KiB
>>
>> Looking at the info I've found tho, I don't think it will do what I'm
>> looking for.  Has anyone used either of these in the past?  If so, does
>> one of these do what I'm looking for?
> ecryptfs-utils is the userland management of the kernel's ecryptfs.
> Ecryptfs uses an overlay filesystem to encrypt files within a directory,
> it is what Ubuntu uses for encrypted home directories
>
> cryptmount is for working with LUKS filesystems, which appears to be the
> route you are leaning towards. I haven't used it and don't know what
> advantages it has over a user script, if you want to manually mount the
> filesystem, or /etc/crypttab.
>
>

I thought Gentoo used /etc/conf.d/dmcypt?  I still haven't figured that
part out yet.  I need to read up on that more.  I'm not sure what it
does exactly, yet.

Dale

:-)  :-) 

Re: [gentoo-user] Encrypted drive setup at login and locking on logout.

[Dale]

William Kenworthy wrote:
>
>
> On 6/7/20 2:37 pm, Dale wrote:
>> William Kenworthy wrote:
>>> Hi Dale, I looked at Veracrypt and ran into the fact that it on windows
>>> Veracrypt MUST be installed by an administrator which is a blocker for
>>> using USB keys on computers I don't control (such as transporting files
>>> securely between locations - i.e., where there is potential to lose the
>>> usb key):
>>>
>>> see
>>> https://www.veracrypt.fr/en/Using%20VeraCrypt%20Without%20Administrator%20Privileges.html
>>>
>>> BillK
>>>
>>
>> Does that mean that on windoze a person can open a encryted USB stick
>> without a password?  From what I read, it sounds like it doesn't put
>> the stick at risk, as long as you are not using key files or sharing
>> your password by storing it somewhere.  It just means you have to be
>> admin to install Veracrypt but not to access a encrypted USB stick. 
>> From the way it sounds, you insert USB stick, run Veracrypt, enter
>> password, do what you want with the stick, close it and then remove
>> the stick.  Or am I missing something? 
>>
> It means that an administrator must install veracrypt first - if you
> cant do that, you cant access the stick.  It also makes the point that
> any adminstrator will have access to the sticks data - not just the
> user (same as root under Linux).  The blocker for me was that I could
> not get veracrypt installed.
>

Ah I see what you are saying now.  It's a privately owned laptop so that
won't be a issue.  She may even use a desktop system. 


>> I might add, when I use cryptsetup and mount a external drive I use,
>> I do that as root.  Since my password is only in my head, no
>> password, no access root or not, right?
>>
> Maybe, maybe not ...
>
>> I'm new to this encrypted thing.  I'm learning but don't know all of
>> it and may never know all of it.  I figured out the other day that
>> when I select a two part or three part encryption, it actually
>> encrypts the thing twice or three times.  It's like having to pick
>> two or three locks on a door instead of one.  Only they have to be
>> done in order and you don't really have a way to know if you did it
>> right until you figure out the rest.  I bet that drives the NSA and
>> other Govts nuts.  lol 
>>
>> By the way, the USB stick will have instructions about things after
>> I'm buried or whatever.  I plan to keep the USB stick in a safe and
>> share the password with the person that will be taking care of
>> things.  When I'm gone, they can open the USB stick to access files
>> on what to do and such.  Until I'm gone, they won't know what is on
>> the stick or have access to it.  Getting older makes one think about
>> these things.  :/  External drives will have things that when I'm
>> gone, they gone too. 
>>
> Paper in a sealed envelope in a safe (bank safety deposit box etc) ...
> too many things to go wrong with an encrypted USB.
>
>

Don't have a bank safety deposit box and even if I get one, that will
cause issues when I kick the bucket. 


>> I just wonder how many encryption tools have been cracked that we
>> don't know about.  It's not like they going to tell us or anything.
>>
>> Dale
>>
>> :-)  :-) 
>
> Yep :)
>
> BillK
>

I'm just hoping the newer ones, after Snowden, don't have back doors
etc.  Now let us pray.  ;-)

Dale

:-)  :-) 

Re: [gentoo-user] Encrypted drive setup at login and locking on logout.

[William Kenworthy]

On 6/7/20 2:37 pm, Dale wrote:
> William Kenworthy wrote:
>> Hi Dale, I looked at Veracrypt and ran into the fact that it on windows
>> Veracrypt MUST be installed by an administrator which is a blocker for
>> using USB keys on computers I don't control (such as transporting files
>> securely between locations - i.e., where there is potential to lose the
>> usb key):
>>
>> see
>> https://www.veracrypt.fr/en/Using%20VeraCrypt%20Without%20Administrator%20Privileges.html
>>
>> BillK
>>
>
> Does that mean that on windoze a person can open a encryted USB stick
> without a password?  From what I read, it sounds like it doesn't put
> the stick at risk, as long as you are not using key files or sharing
> your password by storing it somewhere.  It just means you have to be
> admin to install Veracrypt but not to access a encrypted USB stick. 
> From the way it sounds, you insert USB stick, run Veracrypt, enter
> password, do what you want with the stick, close it and then remove
> the stick.  Or am I missing something? 
>
It means that an administrator must install veracrypt first - if you
cant do that, you cant access the stick.  It also makes the point that
any adminstrator will have access to the sticks data - not just the user
(same as root under Linux).  The blocker for me was that I could not get
veracrypt installed.

> I might add, when I use cryptsetup and mount a external drive I use, I
> do that as root.  Since my password is only in my head, no password,
> no access root or not, right?
>
Maybe, maybe not ...

> I'm new to this encrypted thing.  I'm learning but don't know all of
> it and may never know all of it.  I figured out the other day that
> when I select a two part or three part encryption, it actually
> encrypts the thing twice or three times.  It's like having to pick two
> or three locks on a door instead of one.  Only they have to be done in
> order and you don't really have a way to know if you did it right
> until you figure out the rest.  I bet that drives the NSA and other
> Govts nuts.  lol 
>
> By the way, the USB stick will have instructions about things after
> I'm buried or whatever.  I plan to keep the USB stick in a safe and
> share the password with the person that will be taking care of
> things.  When I'm gone, they can open the USB stick to access files on
> what to do and such.  Until I'm gone, they won't know what is on the
> stick or have access to it.  Getting older makes one think about these
> things.  :/  External drives will have things that when I'm gone, they
> gone too. 
>
Paper in a sealed envelope in a safe (bank safety deposit box etc) ...
too many things to go wrong with an encrypted USB.


> I just wonder how many encryption tools have been cracked that we
> don't know about.  It's not like they going to tell us or anything.
>
> Dale
>
> :-)  :-) 

Yep :)

BillK

Re: [gentoo-user] Encrypted drive setup at login and locking on logout.

[Neil Bothwick]

On Sun, 5 Jul 2020 23:49:14 -0500, Dale wrote:

> Digging around I found these. 
> 
> [ebuild  N    ~] sys-fs/ecryptfs-utils-111_p20170609::gentoo  USE="gtk
> nls pam -doc -gpg -openssl -pkcs11 -python -suid -tpm"
> PYTHON_SINGLE_TARGET="python2_7" 1,401 KiB
> [ebuild  N ] sys-fs/cryptmount-5.3.2::gentoo  USE="gcrypt largefile
> luks nls openssl udev -argv0switch -cswap -fsck -mount (-selinux)
> -systemd" 533 KiB
> 
> Looking at the info I've found tho, I don't think it will do what I'm
> looking for.  Has anyone used either of these in the past?  If so, does
> one of these do what I'm looking for?

ecryptfs-utils is the userland management of the kernel's ecryptfs.
Ecryptfs uses an overlay filesystem to encrypt files within a directory,
it is what Ubuntu uses for encrypted home directories

cryptmount is for working with LUKS filesystems, which appears to be the
route you are leaning towards. I haven't used it and don't know what
advantages it has over a user script, if you want to manually mount the
filesystem, or /etc/crypttab.


-- 
Neil Bothwick

/ For security reasons, all text in this mail
  is double-rot13 encrypted. /


pgphW4I7ivyO4.pgp
Description: OpenPGP digital signature

Re: [gentoo-user] [SOLVED] Upgrade to rsync-3.2.0-r1 results in "didn't get server startup line"

[Steve Freeman]

On 2020-06-30 20:35, Steve Freeman wrote:

I have a local gentoo repo mirror that has been running well for
years.  It is essentially the same setup as described at
https://wiki.gentoo.org/wiki/Local_Mirror except that it runs on a
non-default port.

After upgrading to net-misc/rsync-3.2.0-r1 (from rsync-3.1.3), I can
no longer emerge --sync from my clients.  I receive messages such as:

# emerge --sync
>>> Syncing repository 'gentoo' into '/var/db/repos/gentoo'...
>>> Starting rsync with rsync://10.10.10.10:5873/gentoo-portage...
>>> Checking server timestamp ...
opening tcp connection to 10.10.10.10 port 5873
Connected to 10.10.10.10
msg checking charset: UTF-8
sending daemon args: --server --sender -lWtprze.iLsfxCIv
--timeout=180 --safe-links --inplace .
gentoo-portage/metadata/timestamp.chk  (8 args)

rsync: didn't get server startup line
[Receiver] _exit_cleanup(code=5, file=main.c, line=1777): entered
rsync error: error starting client-server protocol (code 5) at
main.c(1777) [Receiver=3.2.0]
	[Receiver] _exit_cleanup(code=5, file=main.c, line=1777): about to 
call exit(5)

[SNIPPED]


According to this page:

https://www.lagerhaus128.ch/?p=1281

there appears to be a bug in rsync 3.2.0 and 3.2.1 involving transfer 
logging.


He provides two workarounds in /etc/rsyncd.conf.  Both worked for me.
1)  Disable transfer logging (commenting out "transfer logging = yes" 
fixed my issue).
2)  Set a log format, for example "log format = %t %a %m %f %b".  This 
is the option I chose.


I wanted to pass this on in case someone else runs into the problem.

Cheers.

-Steve Freeman

Re: [gentoo-user] Encrypted drive setup at login and locking on logout.

[Dale]

William Kenworthy wrote:
> Hi Dale, I looked at Veracrypt and ran into the fact that it on windows
> Veracrypt MUST be installed by an administrator which is a blocker for
> using USB keys on computers I don't control (such as transporting files
> securely between locations - i.e., where there is potential to lose the
> usb key):
>
> see
> https://www.veracrypt.fr/en/Using%20VeraCrypt%20Without%20Administrator%20Privileges.html
>
> BillK
>

Does that mean that on windoze a person can open a encryted USB stick
without a password?  From what I read, it sounds like it doesn't put the
stick at risk, as long as you are not using key files or sharing your
password by storing it somewhere.  It just means you have to be admin to
install Veracrypt but not to access a encrypted USB stick.  From the way
it sounds, you insert USB stick, run Veracrypt, enter password, do what
you want with the stick, close it and then remove the stick.  Or am I
missing something? 

I might add, when I use cryptsetup and mount a external drive I use, I
do that as root.  Since my password is only in my head, no password, no
access root or not, right?

I'm new to this encrypted thing.  I'm learning but don't know all of it
and may never know all of it.  I figured out the other day that when I
select a two part or three part encryption, it actually encrypts the
thing twice or three times.  It's like having to pick two or three locks
on a door instead of one.  Only they have to be done in order and you
don't really have a way to know if you did it right until you figure out
the rest.  I bet that drives the NSA and other Govts nuts.  lol 

By the way, the USB stick will have instructions about things after I'm
buried or whatever.  I plan to keep the USB stick in a safe and share
the password with the person that will be taking care of things.  When
I'm gone, they can open the USB stick to access files on what to do and
such.  Until I'm gone, they won't know what is on the stick or have
access to it.  Getting older makes one think about these things.  :/ 
External drives will have things that when I'm gone, they gone too. 

I just wonder how many encryption tools have been cracked that we don't
know about.  It's not like they going to tell us or anything.

Dale

:-)  :-)