Re: crypto patch (OT: ports tree)
On Fri, Apr 21, 2000 at 12:29:30PM -0800, Adam Shand wrote: If you're really hard core about security and encryption (and I'm going to be heretical here, but hey, I have to plug my home), try OpenBSD. Since it's main repository is in Canada, US crypto laws don't apply. I played with it a bit, but not enough to really get to know the advantages. Well, except for the ports. I wish GNU/Linux would have something like that. cd /ports/program. make. Automatic download, compilation, installation. No though required... yeah open bsd is nice, but i much prefer apt to the ports collection. before apt showed up i was almost tempted to switch to open/freebsd because the ports tree is so nice. the bummer about the ports tree is that can't clean up after itself as well as a binary package can, and my experience [EMAIL PROTECTED] eb]$ uname -a OpenBSD venabili 2.6 VENABILI#2 i386 [EMAIL PROTECTED] eb]$ /usr/sbin/pkg_info [...] bash-2.03 GNU Bourne Again Shell emacs-20.3 GNU editor screen-3.7.6 multi-screen window manager bzip2-0.9.5d block-sorting file compressor, unencumbered m4-1.4 GNU m4 autoconf-2.13 automatically configure source code on many Un*x platform [...] there is a pkg_delete utility which will allow you to delete any of these listed packages, i've used it and it does work quite well, just as well as apt-get --purge remove. all of the above are installed from the ports collection. with freebsd is that the dependencies aren't handled nearly as well as debian handles them. hmm, well when i went to compile emacs it knew that it would need autoconf and gmake and went ahead and compiled and installed them. and if you want to compile them there's always 'apt-get --compile source packagename'. if you haven't used it before here's how it works :) with the annoying side affect of apt insisting on replacing the locally compiled packages with the debian binary version... unless you never use apt-get upgrade again or put everything on hold, which hides the fact that there is a newer version... (why does apt do that?) -- Ethan Benson http://www.alaska.net/~erbenson/ attachment: Navidad.exe
Re: crypto patch (OT: ports tree)
On Fri, Apr 21, 2000 at 08:27:52PM -0800, Ethan Benson wrote: and if you want to compile them there's always 'apt-get --compile source packagename'. if you haven't used it before here's how it works :) with the annoying side affect of apt insisting on replacing the locally compiled packages with the debian binary version... unless you never use apt-get upgrade again or put everything on hold, which hides the fact that there is a newer version... (why does apt do that?) On my system, i usually bump the version number of the package up by .0001 before i recompile (then again, i usually only recompile to fix a bug ;) If you put the locally compiled package into an apt source before any of the official Debian mirrors, it will keep your version instead of Debian's as long as the version numbers remain equal. For example, i have this at the top of my sources.list: deb file:/usr/local/debs / dpkg-scanpackages creates the packages file. As a side effect, this keeps away the 'obsolete/local' classification. -- finger for GPG public key. attachment: Navidad.exe
RE: crypto patch
Title: RE: crypto patch snip hesitant to put it in by default. Who knows, maybe some other distirbution does? Bastille Linux? [Andrew Weiss] So would you run this OS on a headless server? :-) Epitaph for Bill Gates: This man performed an illegal operation and was shut down --BBC SGI and Motorola team up to design a new chip... the Crayola --personal Apple MacOS X the only UNIX where dumping cores is a good thing. --personal
Re: crypto patch (OT: ports tree)
On Fri, Apr 21, 2000 at 12:29:30PM -0800, Adam Shand wrote: If you're really hard core about security and encryption (and I'm going to be heretical here, but hey, I have to plug my home), try OpenBSD. Since it's main repository is in Canada, US crypto laws don't apply. I played with it a bit, but not enough to really get to know the advantages. Well, except for the ports. I wish GNU/Linux would have something like that. cd /ports/program. make. Automatic download, compilation, installation. No though required... yeah open bsd is nice, but i much prefer apt to the ports collection. before apt showed up i was almost tempted to switch to open/freebsd because the ports tree is so nice. the bummer about the ports tree is that can't clean up after itself as well as a binary package can, and my experience [EMAIL PROTECTED] eb]$ uname -a OpenBSD venabili 2.6 VENABILI#2 i386 [EMAIL PROTECTED] eb]$ /usr/sbin/pkg_info [...] bash-2.03 GNU Bourne Again Shell emacs-20.3 GNU editor screen-3.7.6 multi-screen window manager bzip2-0.9.5d block-sorting file compressor, unencumbered m4-1.4 GNU m4 autoconf-2.13 automatically configure source code on many Un*x platform [...] there is a pkg_delete utility which will allow you to delete any of these listed packages, i've used it and it does work quite well, just as well as apt-get --purge remove. all of the above are installed from the ports collection. with freebsd is that the dependencies aren't handled nearly as well as debian handles them. hmm, well when i went to compile emacs it knew that it would need autoconf and gmake and went ahead and compiled and installed them. and if you want to compile them there's always 'apt-get --compile source packagename'. if you haven't used it before here's how it works :) with the annoying side affect of apt insisting on replacing the locally compiled packages with the debian binary version... unless you never use apt-get upgrade again or put everything on hold, which hides the fact that there is a newer version... (why does apt do that?) -- Ethan Benson http://www.alaska.net/~erbenson/ pgp7h2L9iB6TS.pgp Description: PGP signature
Apt wishlist WAS: Re: crypto patch (OT: ports tree)
Ethan == Ethan Benson [EMAIL PROTECTED] writes: and if you want to compile them there's always 'apt-get --compile source packagename'. if you haven't used it before here's how it works :) with the annoying side affect of apt insisting on replacing the locally compiled packages with the debian binary version... unless you never use apt-get upgrade again or put everything on hold, which hides the fact that there is a newer version... (why does apt do that?) What might be cool is if you compiled your own, it would change the version number so that there would be not conflict between official binaries and roll-your-own. Kinda like using the --revision flag with make-kpkg. I guess ultimately, what would be best, would be to keep track of the sources that you have installed, so that you know when the sources have been updated. Or have apt recompile for you. Heck, why not just have the computer read our minds. :) Marshal -- Ethan Benson http://www.alaska.net/~erbenson/
Re: Apt wishlist WAS: Re: crypto patch (OT: ports tree)
On Sat, Apr 22, 2000 at 02:02:35AM -0400, Marshal Kar-Cheung Wong wrote: Ethan == Ethan Benson [EMAIL PROTECTED] writes: and if you want to compile them there's always 'apt-get --compile source packagename'. if you haven't used it before here's how it works :) with the annoying side affect of apt insisting on replacing the locally compiled packages with the debian binary version... unless you never use apt-get upgrade again or put everything on hold, which hides the fact that there is a newer version... (why does apt do that?) What might be cool is if you compiled your own, it would change the version number so that there would be not conflict between official binaries and roll-your-own. Kinda like using the --revision flag with make-kpkg. --revision just sets an epoch, which is rather evil since it will think your package is newwer then ANY upgraded package unless the upgraded package has an epoch yours. I guess ultimately, what would be best, would be to keep track of the sources that you have installed, so that you know when the sources have been updated. Or have apt recompile for you. well i just don't understand why apt thinks it should `upgrade' my package whose version number is == to the one its `upgrading' to. Heck, why not just have the computer read our minds. :) thats what MacOS and Windoze tries to do ;-) -- Ethan Benson http://www.alaska.net/~erbenson/ pgpznsXj9FD9f.pgp Description: PGP signature
Re: crypto patch (OT: ports tree)
On Fri, Apr 21, 2000 at 08:27:52PM -0800, Ethan Benson wrote: and if you want to compile them there's always 'apt-get --compile source packagename'. if you haven't used it before here's how it works :) with the annoying side affect of apt insisting on replacing the locally compiled packages with the debian binary version... unless you never use apt-get upgrade again or put everything on hold, which hides the fact that there is a newer version... (why does apt do that?) On my system, i usually bump the version number of the package up by .0001 before i recompile (then again, i usually only recompile to fix a bug ;) If you put the locally compiled package into an apt source before any of the official Debian mirrors, it will keep your version instead of Debian's as long as the version numbers remain equal. For example, i have this at the top of my sources.list: deb file:/usr/local/debs / dpkg-scanpackages creates the packages file. As a side effect, this keeps away the 'obsolete/local' classification. -- finger for GPG public key. pgpfVvymyC8V2.pgp Description: PGP signature
Re: crypto patch (OT: ports tree)
On Sat, Apr 22, 2000 at 01:25:15AM -0500, Brad wrote: On Fri, Apr 21, 2000 at 08:27:52PM -0800, Ethan Benson wrote: and if you want to compile them there's always 'apt-get --compile source packagename'. if you haven't used it before here's how it works :) with the annoying side affect of apt insisting on replacing the locally compiled packages with the debian binary version... unless you never use apt-get upgrade again or put everything on hold, which hides the fact that there is a newer version... (why does apt do that?) On my system, i usually bump the version number of the package up by .0001 before i recompile (then again, i usually only recompile to fix a bug ;) likewise, or if im tired of waiting for a updated package to get built for powerpc, in which case i don't care if the real one replaces mine. If you put the locally compiled package into an apt source before any of the official Debian mirrors, it will keep your version instead of Debian's as long as the version numbers remain equal. For example, i have this at the top of my sources.list: deb file:/usr/local/debs / dpkg-scanpackages creates the packages file. As a side effect, this keeps away the 'obsolete/local' classification. this sounds like the perfect solution! thanks. -- Ethan Benson http://www.alaska.net/~erbenson/ pgp6XTkKZecSF.pgp Description: PGP signature
Re: Apt wishlist WAS: Re: crypto patch (OT: ports tree)
On Fri, 21 Apr 2000, Ethan Benson wrote: I guess ultimately, what would be best, would be to keep track of the sources that you have installed, so that you know when the sources have been updated. Or have apt recompile for you. well i just don't understand why apt thinks it should `upgrade' my package whose version number is == to the one its `upgrading' to. The most common case of recompiling is to make something from unstable work on stable, mostly due to library versions. By always upgrading these people get what they want. Everyone else *should* change the version number or put the package on hold. Jason
Re: Apt wishlist WAS: Re: crypto patch (OT: ports tree)
Ethan Benson [EMAIL PROTECTED] writes: --revision just sets an epoch, which is rather evil since it will think your package is newwer then ANY upgraded package unless the upgraded package has an epoch yours. The --revision flag in kernel-package only makes an epoch if you explicitly include an epoch in your revision number. Manoj's recommendation in the README is to use something like kernel-image-2.2.14_custom.2.0, which is not an epoch. Bob -- _ |_) _ |_ Robert D. Hilliard [EMAIL PROTECTED] |_) (_) |_) 1294 S.W. Seagull Way [EMAIL PROTECTED] Palm City, FL USA PGP Key ID: A8E40EB9
Re: crypto patch
you have to get the international kernal patch from either www.kerneli.org, or in the non-US section. Then you have to patch the kernel and recompile. with the new mellowing of usa crypto laws, is there any chance that the international kernel patch could be included in the default debian kernel? sure would be nice ... ipsec, s/wan, encrypted file systems oh my! adam.
Re: crypto patch
Adam == Adam Shand [EMAIL PROTECTED] writes: you have to get the international kernal patch from either www.kerneli.org, or in the non-US section. Then you have to patch the kernel and recompile. with the new mellowing of usa crypto laws, is there any chance that the international kernel patch could be included in the default debian kernel? Probably not. Beside the crypto laws, there is also the DSFG that debian adheres to, and many of the encryption schemes have patents on them, thus makeing them non-free, and not in debian by default. If you're really hard core about security and encryption (and I'm going to be heretical here, but hey, I have to plug my home), try OpenBSD. Since it's main repository is in Canada, US crypto laws don't apply. I played with it a bit, but not enough to really get to know the advantages. Well, except for the ports. I wish GNU/Linux would have something like that. cd /ports/program. make. Automatic download, compilation, installation. No though required... Marshal sure would be nice ... ipsec, s/wan, encrypted file systems oh my! adam.
Re: crypto patch
On Thu, Apr 20, 2000 at 10:49:10PM -0400, Marshal Kar-Cheung Wong wrote: Adam == Adam Shand [EMAIL PROTECTED] writes: with the new mellowing of usa crypto laws, is there any chance that the international kernel patch could be included in the default debian kernel? Probably not. Beside the crypto laws, there is also the DSFG that debian adheres to, and many of the encryption schemes have patents on them, thus makeing them non-free, and not in debian by default. So only use encryption schemes like the ones in libmcrypt4 now in woody's non-US/main -- fully DFSG compliant. -- finger for GPG public key. pgpxhc8xK6nN7.pgp Description: PGP signature
Re: crypto patch
Probably not. Beside the crypto laws, there is also the DSFG that debian adheres to, and many of the encryption schemes have patents on them, thus makeing them non-free, and not in debian by default. oh yeah, i forgot about that ... still there are some that are patent unencumbered aren't there? If you're really hard core about security and encryption (and I'm going to be heretical here, but hey, I have to plug my home), try OpenBSD. Since it's main repository is in Canada, US crypto laws don't apply. I played with it a bit, but not enough to really get to know the advantages. Well, except for the ports. I wish GNU/Linux would have something like that. cd /ports/program. make. Automatic download, compilation, installation. No though required... yeah open bsd is nice, but i much prefer apt to the ports collection. before apt showed up i was almost tempted to switch to open/freebsd because the ports tree is so nice. the bummer about the ports tree is that can't clean up after itself as well as a binary package can, and my experience with freebsd is that the dependencies aren't handled nearly as well as debian handles them. and if you want to compile them there's always 'apt-get --compile source packagename'. if you haven't used it before here's how it works :) adam. heyzeus(larry)$ sudo apt-get --compile source portsentry Password: Reading Package Lists... Done Building Dependency Tree... Done Need to get 61.6kB of source archives. Get:1 http://http.us.debian.org woody/non-free portsentry 1.0-1.4 (dsc) [844B] Get:2 http://http.us.debian.org woody/non-free portsentry 1.0-1.4 (tar) [43.0kB] Get:3 http://http.us.debian.org woody/non-free portsentry 1.0-1.4 (diff) [17.7kB] Fetched 61.6kB in 1s (38.1kB/s) dpkg-source: extracting portsentry in portsentry-1.0 dpkg-buildpackage: source package is portsentry dpkg-buildpackage: source version is 1.0-1.4 dpkg-buildpackage: source maintainer is Guido Guenther (agx) [EMAIL PROTECTED] debian/rules clean DEB_BUILD_ARCH=i386 DEB_BUILD_GNU_CPU=i386 DEB_BUILD_GNU_SYSTEM=linux DEB_BUILD_GNU_TYPE=i386-linux DEB_HOST_ARCH=i386 DEB_HOST_GNU_CPU=i386 DEB_HOST_GNU_SYSTEM=linux DEB_HOST_GNU_TYPE=i386-linux dh_testdir dh_testroot rm -f build-stamp install-stamp # Add here commands to clean up after the build process. make -f Makefile clean make[1]: Entering directory `/tmp/portsentry-1.0' /bin/rm ./portsentry /bin/rm: cannot remove `./portsentry': No such file or directory make[1]: *** [clean] Error 1 make[1]: Leaving directory `/tmp/portsentry-1.0' make: [clean] Error 2 (ignored) dh_clean debian/rules build DEB_BUILD_ARCH=i386 DEB_BUILD_GNU_CPU=i386 DEB_BUILD_GNU_SYSTEM=linux DEB_BUILD_GNU_TYPE=i386-linux DEB_HOST_ARCH=i386 DEB_HOST_GNU_CPU=i386 DEB_HOST_GNU_SYSTEM=linux DEB_HOST_GNU_TYPE=i386-linux dh_testdir # Add here commands to compile the package. make -f Makefile debian-linux make[1]: Entering directory `/tmp/portsentry-1.0' Building for Debian GNU/Linux cc -O -Wall -DDEBIAN -DLINUX -DSUPPORT_STEALTH -o ./portsentry ./portsentry.c \ ./portsentry_io.c ./portsentry_util.c make[1]: Leaving directory `/tmp/portsentry-1.0' touch build-stamp debian/rules binary DEB_BUILD_ARCH=i386 DEB_BUILD_GNU_CPU=i386 DEB_BUILD_GNU_SYSTEM=linux DEB_BUILD_GNU_TYPE=i386-linux DEB_HOST_ARCH=i386 DEB_HOST_GNU_CPU=i386 DEB_HOST_GNU_SYSTEM=linux DEB_HOST_GNU_TYPE=i386-linux dh_testdir dh_testroot dh_clean -k dh_installdirs # Add here commands to install the package into debian/tmp. install portsentry `pwd`/debian/tmp/usr/sbin # install Debian specific stuff install --mode=644 portsentry.ignore.static `pwd`/debian/tmp/etc/portsentry install --mode=644 startup.conf `pwd`/debian/tmp/etc/portsentry install --mode=644 portsentry.conf.Debian `pwd`/debian/tmp/etc/portsentry/portsentry.conf install scripts/ppp/portsentry_ip-up.d `pwd`/debian/tmp/etc/ppp/ip-up.d/portsentry install scripts/ppp/portsentry_ip-down.d `pwd`/debian/tmp/etc/ppp/ip-down.d/portsentry install scripts/portsentry-* `pwd`/debian/tmp/usr/lib/portsentry touch install-stamp dh_testdir dh_testroot dh_installdebconf dh_installdocs ln -s CHANGES.gz `pwd`/debian/tmp/usr/share/doc/portsentry/changelog.gz dh_installexamples dh_installinit -udefaults 99 dh_installmanpages dh_installchangelogs dh_strip dh_compress dh_fixperms dh_suidregister dh_installdeb dh_shlibdeps dh_gencontrol dh_md5sums dh_builddeb dpkg-deb: building package `portsentry' in `../portsentry_1.0-1.4_i386.deb'. dpkg-genchanges -b dpkg-genchanges: binary-only upload - not including any source code dpkg-buildpackage: no source included in upload
Re: crypto patch
Adam == Adam Shand [EMAIL PROTECTED] writes: Probably not. Beside the crypto laws, there is also the DSFG that debian adheres to, and many of the encryption schemes have patents on them, thus makeing them non-free, and not in debian by default. oh yeah, i forgot about that ... still there are some that are patent unencumbered aren't there? Yep, there are those that are distributed with the kernel-int patch that's distributed in non-US. I'm guessing that since the crypto patch isn't actually part of the actual kernel source, people would be hesitant to put it in by default. Who knows, maybe some other distirbution does? Bastille Linux? If you're really hard core about security and encryption (and I'm going to be heretical here, but hey, I have to plug my home), try OpenBSD. Since it's main repository is in Canada, US crypto laws don't apply. I played with it a bit, but not enough to really get to know the advantages. Well, except for the ports. I wish GNU/Linux would have something like that. cd /ports/program. make. Automatic download, compilation, installation. No though required... yeah open bsd is nice, but i much prefer apt to the ports collection. before apt showed up i was almost tempted to switch to open/freebsd because the ports tree is so nice. the bummer about the ports tree is that can't clean up after itself as well as a binary package can, and my experience with freebsd is that the dependencies aren't handled nearly as well as debian handles them. and if you want to compile them there's always 'apt-get --compile source packagename'. if you haven't used it before here's how it works :) adam. I've never actually compile using apt-get. I've gotten source though. Thanks for the info. Now that you mention it, I agree that clean up is a lot easier with packaging, dpkg especially. Probably why I'm still using debian. :) Marshal
crypto patch
Hola~ Rookie question here. I'm trying to setup an encrypted filesystem as per: http://www.linuxdoc.org/HOWTO/Loopback-Encrypted-Filesystem-HOWTO-3.html The first step is installing the latest crypto patch. How do I install the latest crypto patch using apt-get? My sources.list include: deb http://http.us.debian.org/debian unstable main contrib non-free deb http://non-us.debian.org/debian-non-US unstable/non-US main contrib non-free deb http://security.debian.org stable updates deb-src http://http.us.debian.org/debian unstable main contrib non-free deb-src http://non-us.debian.org/debian-non-US unstable/non-US main contrib non-free deb-src http://security.debian.org stable updates MO
Re: crypto patch
Michael O'Brien [EMAIL PROTECTED] writes: Rookie question here. I'm trying to setup an encrypted filesystem as per: http://www.linuxdoc.org/HOWTO/Loopback-Encrypted-Filesystem-HOWTO-3.html The first step is installing the latest crypto patch. How do I install the latest crypto patch using apt-get? [snip] You probably don't. The only chance you have is that the Debian kernel source already contains the patch, otherwise you'll have to get the patch yourself and either apply it to a Debian kernel-source package, or download the raw kernel source from someplace like ftp.kernel.org and apply the patch to that. If you have to compile a new kernel be sure to check out the Debian kernel-package package. Nice utility! Gary
Re: crypto patch
Michael == Michael O'Brien [EMAIL PROTECTED] writes: Hola~ Rookie question here. I'm trying to setup an encrypted filesystem as per: http://www.linuxdoc.org/HOWTO/Loopback-Encrypted-Filesystem-HOWTO-3.html The first step is installing the latest crypto patch. How do I install the latest crypto patch using apt-get? you have to get the international kernal patch from either www.kerneli.org, or in the non-US section. Then you have to patch the kernel and recompile. Marshal My sources.list include: deb http://http.us.debian.org/debian unstable main contrib non-free deb http://non-us.debian.org/debian-non-US unstable/non-US main contrib non-free deb http://security.debian.org stable updates deb-src http://http.us.debian.org/debian unstable main contrib non-free deb-src http://non-us.debian.org/debian-non-US unstable/non-US main contrib non-free deb-src http://security.debian.org stable updates MO -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null
