Re: [gentoo-user] OT - MythDVD
Try changing the mythdvd player from Internal to Xine (which is noted as having better support for dvd menu's than mplayer... but you can use that too). I've found the that internal player isn't the best... but it gets the job done if you have nothing else. Michael Sullivan wrote: I installed MythDVD this evening. I'm having a problem with it. When I play DVDs, the audio track with spoken dialog is not audible. How can I get it back? Also, is there a way I can get to the menu on the DVD in mythdvd? -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] How do I get KDE to start on boot?
On Tue, 14 Nov 2006 22:24:25 -0500, Philip Webb wrote: Well, Gentoo is also about choice, so do it your way, but very occasionally there is a need to do things outside X your previous my own continuing approach preserves that option. As it's only very occasionally, why not set up a new runlevel that doesn't start X for those rare occasions, rather than having to start X manually the other 99% of the time. Or you could just press Ctrl-Alt-F1 after X has started :) -- Neil Bothwick When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl. signature.asc Description: PGP signature
[gentoo-user] raid does not autostart
Hi List,A few weeks ago I created a Raid 5 set for my data partition using mdadm.This works fine, but last week a short power outage caused the server to reboot.When I came home the server was in need of maintainance because it couldn't check all his filesystems. Strange fact was that the md device wasn't start...mdadm --assemble /dev/md1 works fine, the /etc/mdadm.conf is read the the raid device is started...But why doesn't start it at boot?A piece of output from dmesg: md: Autodetecting RAID arrays.md: autorun ...md: considering hdb1 ...md: adding hdb1 ...md: created md1md: bindhdb1md: running: hdb1raid5: device hdb1 operational as raid disk 0 raid5: not enough operational devices for md1 (2/3 failed)RAID5 conf printout: --- rd:3 wd:1 fd:2 disk 0, o:1, dev:hdb1raid5: failed to run raid set md1md: pers-run() failed ...md: do_md_run() returned -5 md: md1 stopped.md: unbindhdb1md: export_rdev(hdb1)md: ... autorun DONE.It tell's me that 2/3 devices failed, but after I assemble it.. the ouput of mdadm --detail /dev/md1 is: /dev/md1: Version : 00.90.03 Creation Time : Fri Sep 22 22:28:43 2006 Raid Level : raid5 Array Size : 625137152 (596.18 GiB 640.14 GB) Device Size : 312568576 (298.09 GiB 320.07 GB) Raid Devices : 3 Total Devices : 3Preferred Minor : 1 Persistence : Superblock is persistent Intent Bitmap : Internal Update Time : Wed Nov 15 10:56:36 2006 State : active Active Devices : 3Working Devices : 3Failed Devices : 0 Spare Devices : 0 Layout : left-symmetric Chunk Size : 64K UUID : 82544aad:a2e92ea2:72ca2d55:716dada0 Events : 0.1486768 Number Major Minor RaidDevice State 0 3 65 0 active sync /dev/hdb1 1 22 1 1 active sync /dev/hdc1 2 22 65 2 active sync /dev/hdd1 No failed devices!How it this possible?I rebooted aferwards, but still the same issue! :-(Anybody any clue's?!Any help is appriciated-- Met vriendelijke groet / With kind regards, H. van Wees---If UNIX isn't the solution, you've got the wrong problem.
Re: [gentoo-user] Semi OT: hotplug / coldplug / udev ...
On Tue, 14 Nov 2006 14:45:32 -0500 Mark Shields wrote: On 11/9/06, Arnau Bria [EMAIL PROTECTED] wrote: Hi Mark, Ivman is what you want to get the 'automounting' accomplished Well, maybe I did expressed my question correctly, but I was not looking for a automounter, just wondering how udev/hotplug/coldplug/hal/kernel works together... anyway, thanks for your reply! cheers! -- Arnau Bria http://blog.emergetux.net Wiggum: Dispara a las ruedas Lou. Lou: eee, es un tanque jefe. Wiggum: Me tienes hartito con todas tus excusas. -- gentoo-user@gentoo.org mailing list
[gentoo-user] Re: PAM issues
Alexander Skwar [EMAIL PROTECTED]: · Lorenzo Marussi [EMAIL PROTECTED]: but, with pam-0.99.6.3-r1, have you tried to make a revdep-rebuild -p -i ? Oh, right, no, I have not, but I'll do so tomorrow morning. Thanks for reminding me again! It wants to rebuild dev-java/blackdown-jdk-1.4.2.03-r12 :) But it was of course worth a try! Alexander Skwar -- Fortune finishes the great quotations, #2 If at first you don't succeed, think how many people you've made happy. -- gentoo-user@gentoo.org mailing list
[gentoo-user] Spamassassin / fcron / RulesDuJour
Last night my default gentoo RulesDuJour for Spamassassin acquired new Adult and General rule-sets from SARE. Thereafter spamd refused all connections and subsequently received mail was not spam filtered. Issuing '/etc/init.d/spamd restart' as root resolved the situation... but I don't want to have to do this every time a rule-set is automatically updated overnight. This is a (sanitised) extract from /var/log/messages : -- Nov 15 03:20:00 svr fcron[5328]: process already running: root's /usr/bin/test -x /usr/sbin/run-crons /usr/sbin/run-crons Nov 15 03:20:14 svr postfix/pickup[11065]: ...: uid=0 from=root Nov 15 03:20:14 svr postfix/cleanup[11232]: ...: message-id=... Nov 15 03:20:15 svr spamd[7808]: spamd: connection from localhost [127.0.0.1] at port 1125 Nov 15 03:20:15 svr spamd[7808]: spamd: setuid to foouser succeeded Nov 15 03:20:15 svr spamd[7808]: spamd: processing message .. for foouser:1000 Nov 15 03:20:18 svr spamd[7808]: spamd: clean message (-2.9/5.0) for foouser:1000 in 3.1 seconds, 647 bytes. Nov 15 03:20:18 svr spamd[7808]: spamd: result: . -2 - AWL,BAYES_00 scantime=3.1,size=647,user=foouser,... Nov 15 03:20:18 svr postfix/local[11237]: ... Nov 15 03:20:18 svr postfix/qmgr[5607]: ...: removed Nov 15 03:20:19 svr spamd[5462]: prefork: child states: II Nov 15 03:20:26 svr postfix/pickup[11065]: ...: uid=0 from=root Nov 15 03:20:26 svr postfix/cleanup[11232]: ... Nov 15 03:20:27 svr spamd[7808]: spamd: setuid to foouser succeeded Nov 15 03:20:27 svr spamd[7808]: spamd: processing message ... for foouser:1000 Nov 15 03:20:29 svr spamd[7808]: spamd: clean message (-2.2/5.0) for foouser:1000 in 2.7 seconds, 612 bytes. Nov 15 03:20:29 svr spamd[7808]: spamd: result: . -2 - AWL,BAYES_05 scantime=2.7,size=612,user=foouser,uid=1000,... Nov 15 03:20:29 svr postfix/local[11237]: EEA5F3B945: to=[EMAIL PROTECTED], orig_to=root, relay=local, delay=3, status=sent (delivered to command: /usr/bin/proc Nov 15 03:20:29 svr postfix/qmgr[5607]: EEA5F3B945: removed Nov 15 03:20:30 svr spamd[5462]: prefork: child states: II Nov 15 03:21:05 svr spamd[5462]: spamd: server killed by SIGTERM, shutting down Nov 15 03:21:11 svr rc-scripts: Failed to stop spamd Nov 15 03:30:00 svr fcron[5328]: process already running: root's /usr/bin/test -x /usr/sbin/run-crons /usr/sbin/run-crons Nov 15 03:40:00 svr fcron[11746]: Job /usr/bin/test -x /usr/sbin/run-crons /usr/sbin/run-crons started for user root (pid 11747) Nov 15 03:50:00 svr fcron[11759]: Job /usr/bin/test -x /usr/sbin/run-crons /usr/sbin/run-crons started for user root (pid 11760) Nov 15 03:50:24 svr postfix/smtpd[11772]: connect from localhost[127.0.0.1] Nov 15 03:50:24 svr postfix/smtpd[11772]: ...: client=localhost[127.0.0.1] Nov 15 03:50:24 svr postfix/cleanup[11775]: ...: message-id=... Nov 15 03:50:24 svr postfix/qmgr[5607]: 73FAA3B4FB: from=... Nov 15 03:50:24 svr postfix/smtpd[11772]: disconnect from localhost[127.0.0.1] Nov 15 03:50:24 svr spamc[11779]: connect(AF_INET) to spamd at 127.0.0.1 failed, retrying (#1 of 3): Connection refused Nov 15 03:50:25 svr spamc[11779]: connect(AF_INET) to spamd at 127.0.0.1 failed, retrying (#2 of 3): Connection refused -- Does anyone else have this problem? Can it be attributed to Fcron or RulesDuJour or something peculiar to my setup? I don't understand the process already running messages from fcron - my cron jobs all seem to be executed normally. -- gentoo-user@gentoo.org mailing list
[gentoo-user] Re: raid does not autostart
Huib van Wees wrote: md: Autodetecting RAID arrays. md: autorun ... md: considering hdb1 ... md: adding hdb1 ... md: created md1 md: bindhdb1 md: running: hdb1 raid5: device hdb1 operational as raid disk 0 raid5: not enough operational devices for md1 (2/3 failed) You need to mark all the partitions of your RAID array as Linux raid autodetect with fdisk. Here, it seems only hdb1 is marked as such, and hdc1 and hdd1 are not. This prevents the kernel from autostarting your RAID array. Try the following: # fdisk /dev/hdc t 1 fd w # fdisk /dev/hdd t 1 fd w If this doesn't help, are hdc and hdd on a different IDE controller than hda and hdb? -- Remy Remove underscore and suffix in reply address for a timely response. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Semi OT: hotplug / coldplug / udev ...
On Tuesday 14 November 2006 20:23, Neil Bothwick wrote: On Tue, 14 Nov 2006 14:45:32 -0500, Mark Shields wrote: Ivman is what you want to get the 'automounting' accomplished Unless you use KDE, which has its own automounting for removable storage. It works for automounting cds, dvds, and should work for pendrives (although I have yet to get it automounting a pendrive under a user account) Is your user a member of the plugdev group? Automounting won't work otherwise. Hmm . . . = A security policy in place prevents this sender from sending this message to this recipient, see message bus configuration file (rejected message had interface org.freedesktop.Hal.Device.Volume member Mount error name (unset) destination org.freedesktop.Hal) = That's what comes up when I click on the USB pen drive on media:/ PS. This is without ivman, only hald. -- Regards, Mick pgpUkpsr3JwSn.pgp Description: PGP signature
[gentoo-user] Boa server depends on net.eth0?
Hi All, I am trying to start boa while connected to dial-up (ppp0) and what I am getting is this network related error: rc-scripts: WARNING: boa is scheduled to start when net.eth0 has started Any idea why this is so? Do I need to change something to let it start up on any iface? -- Regards, Mick pgpDzgPKoG2RE.pgp Description: PGP signature
Re: [gentoo-user] Semi OT: hotplug / coldplug / udev ...
On Wed, 15 Nov 2006 08:24:12 +, Mick wrote: Is your user a member of the plugdev group? Automounting won't work otherwise. Hmm . . . = A security policy in place prevents this sender from sending this message to this recipient, see message bus configuration file (rejected message had interface org.freedesktop.Hal.Device.Volume member Mount error name (unset) destination org.freedesktop.Hal) = That's what comes up when I click on the USB pen drive on media:/ Which is pretty much what you'd expect it to say if your user is not a member of the correct group. If you were a member of plugdev, KDE would pop up a window when it detected the device. -- Neil Bothwick I don't know what your problem is, but I'll bet it's hard to pronounce. signature.asc Description: PGP signature
Re: [gentoo-user] Boa server depends on net.eth0?
On Wed, 15 Nov 2006 13:02:58 +, Mick wrote: I am trying to start boa while connected to dial-up (ppp0) and what I am getting is this network related error: rc-scripts: WARNING: boa is scheduled to start when net.eth0 has started Any idea why this is so? Do I need to change something to let it start up on any iface? What is RC_NET_STRICT_CHECKING set to in /etc/conf.d/rc? -- Neil Bothwick If you smoke after sex, you're doing it too fast. signature.asc Description: PGP signature
Re: [gentoo-user] sshd issues
Just keep in mind that rsa/dsa keys would be a more secure way of authenticating, especially with all the brute-force scripts out there. Jon M wrote: Ohh okay that makes sense. For everyones information, I got it to work properly. First of all, I'm an idiot and was edited /etc/ssh/ssh_config, not /etc/ssh/sshD_config :P Secondly, I had to enable PasswordAuthentication yes as well as ChallengeResponseAuthentication no This works perfectly now. Thanks again everyone, sorry for wasting your time. [EMAIL PROTECTED] wrote: I think that tells you that this is the default setting if you don't change it. From: Jon M [EMAIL PROTECTED] Date: 2006/11/14 Tue PM 09:35:13 EST To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] sshd issues Hi Daevid, I tried playing around with some options in there and didn't seem to do much, but not sure if I tried changing that specifically. I do have a question though.. My ssh_config looks something along the lines of this: # Host * #PasswordAuthentication yes My question is, should they actually have # symbols in front as if they're commented out? My gut is telling me no.. Thanks again Daevid Vincent wrote: Change/Add this: PasswordAuthentication yes In /etc/ssh/sshd_config DÆVID -Original Message- From: Jon M [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 14, 2006 6:04 PM To: gentoo-user@lists.gentoo.org Subject: [gentoo-user] sshd issues Hey all, I've been using other distributions for a while (CentOS, Slackware, Red Hat, etc) and finally switching to Gentoo, however this oddness with SSH is getting to me. It seems when I SSH into my machine it uses keyboard interative mode, where as I'm used to every other distro using just password mode I think it is. I'm wondering if there is any way to change this. I tried comparing /etc/ssh/ssh_config between my CentOS machine and my Gentoo machine, and both files are pretty much the same, and everything is commented out anyway. Any light someone could shed on this would be much appreciated. Thanks in advance! -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Mail system recommendations
David Relson napisał(a): On Wed, 8 Nov 2006 19:06:12 -0500 Michael Crute wrote: On 11/8/06, Michael Sullivan [EMAIL PROTECTED] wrote: I have a small network, consisting of three PCs. Each of these PCs has a public WAN address, and each runs Apache, vsftpd and sendmail (as well as ipkungfu for firewall protection). One of them runs mailman. I would like to replace sendmail with something not so...shall we say prehistoric? I've been advised many times to do so on this list and others. Would anyone please give me some recommendations for a new choice of mail server? I'd like one with plenty if documentation. For my money I would say run postfix. Michael S: I agree with Michael C. I've been running postfix for several years. It's easy to use and it works! More than that I don't want/need (though I do use mailman with it to handle the bogofilter mailing lists). Hi, I have few (small) sites that run postfix under my control and I also would recommend it. However if you require some advanced features from postfix (anti-virus, spamassassin etc.) then be prepared for few surprises on upgrade and looking through configuration files + documentation + changelog. Once it cought me with my pants down and left my sites for few days without mail until I found source of the problem. Still, postfix is the best IMVHO. Cheers, Radek. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] problem during compile ati-drivers
when i try to compile ati-drivers (version 2.28.8, the latest driver for my card) for radeon 9200 i've the follor error: cannot stat flgrx.ko: no souch file or directory I ran into the same problem (x86, more or less fully stable) after switching to the 2.6.18-gentoo-r2 kernel when it had become stable. In fact, any lastest stable ati-drivers usually haven't worked together with the according lastest stable gentoo-sources for me... Anyway: I suggest moving to ati-drivers-8.29.6 (masked) - this one compiles and runs flawlessly as far as I can say. I.e. put the following line into your /etc/portage/package.keywords: =x11-drivers/ati-drivers-8.29.6 ~x86 Maybe some later unstable version would compile as well. HTH -Roman -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Boa server depends on net.eth0?
On Wednesday 15 November 2006 13:20, Neil Bothwick wrote: On Wed, 15 Nov 2006 13:02:58 +, Mick wrote: I am trying to start boa while connected to dial-up (ppp0) and what I am getting is this network related error: rc-scripts: WARNING: boa is scheduled to start when net.eth0 has started Any idea why this is so? Do I need to change something to let it start up on any iface? What is RC_NET_STRICT_CHECKING set to in /etc/conf.d/rc? RC_NET_STRICT_CHECKING=no Worth noting that I also have ifplugd running. My ppp0 seems to start and run nicely using kppp alone, so I have not configured it in /etc/conf.d/net. Could this be related in any way? -- Regards, Mick pgpR5goacxg7J.pgp Description: PGP signature
[gentoo-user] emerge hints log?
Hi all,I was wondering if there is a way or a tool wich logs the hints emerge gives you sometimes after merging a program.The hints were usefull for me more than once but I dont want to watch emerge all the time when I ' m merging several packages. best regardsjakommo
[gentoo-user] How to modify menus in Konqueror
Hi All, I had modified the right click/drop down menu in Konqueror to add a command that allowed me to email the page link to a recipient, save it, archive it, etc. Problem is that this was back in kde-3.2.2 days and now I have forgotten how to do it. :-( Would anyone know or still remember how to? -- Regards, Mick pgpI7IkrBSXaK.pgp Description: PGP signature
Re: [gentoo-user] emerge hints log?
Check out ELOG in /etc/make.conf.examples. jakommo wrote: Hi all, I was wondering if there is a way or a tool wich logs the hints emerge gives you sometimes after merging a program. The hints were usefull for me more than once but I dont want to watch emerge all the time when I ' m merging several packages. best regards jakommo -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] emerge hints log?
On Wed, 15 Nov 2006 15:44:59 +0100, jakommo wrote: I was wondering if there is a way or a tool wich logs the hints emerge gives you sometimes after merging a program. The hints were usefull for me more than once but I dont want to watch emerge all the time when I ' m merging several packages. Look at the settings for PORTAGE_ELOG in /etc/make.conf/example. They control which messages are reported to you, and how. -- Neil Bothwick What's another word for `Thesaurus'? signature.asc Description: PGP signature
Re: [gentoo-user] emerge hints log?
On Wednesday 15 November 2006 15:44, jakommo wrote: I was wondering if there is a way or a tool wich logs the hints emerge gives you sometimes after merging a program. The hints were usefull for me more than once but I dont want to watch emerge all the time when I ' m merging several packages. The portage elog system has recently been added to the handbook: http://www.gentoo.org/doc/en/handbook/handbook-x86.xml?part=3chap=1#doc_chap4 -- Bo Andresen pgpsLjrEirjGm.pgp Description: PGP signature
[gentoo-user] Re: Problems getting started with vmware
Walter Dnes [EMAIL PROTECTED] writes: On Mon, Nov 13, 2006 at 11:23:14PM -0500, Brett I. Holcomb wrote It is free however, you still need a license number. Go to their site and get one. Do I really have to give all that personal info to create an account to get a licence which *MIGHT* run OS/2? May as well buy Parallels, instead. Walter, did you actually get a license somehow? When I look on their pages unders `product licensing'. A `VMware Product Licensing' page appears with no real indication of which license or even what product is being discussed... at least the names do not coincide with anything in portage. Further it appears to expect the reader to already have some kind of codes in hand. In fact the whole setup there is massively confusing. A bewildering array of products all with very similar names and no real definitions of how each is different. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] How to modify menus in Konqueror
On Wed, 15 Nov 2006 14:49:40 +, Mick wrote: I had modified the right click/drop down menu in Konqueror to add a command that allowed me to email the page link to a recipient, save it, archive it, etc. Problem is that this was back in kde-3.2.2 days and now I have forgotten how to do it. :-( Does this help? http://developer.kde.org/documentation/tutorials/dot/servicemenus.html -- Neil Bothwick 0 and 1. Now what could be so hard about that? signature.asc Description: PGP signature
Re: [gentoo-user] sshd issues
On Wednesday 15 November 2006 03:08, Jon M wrote: Ohh okay that makes sense. For everyones information, I got it to work properly. First of all, I'm an idiot and was edited /etc/ssh/ssh_config, not /etc/ssh/sshD_config :P Secondly, I had to enable PasswordAuthentication yes as well as ChallengeResponseAuthentication no How does ChallengeResponseAuthentication affect matters? -- Regards, Mick pgp6pFTRV9EW7.pgp Description: PGP signature
Re: [gentoo-user] Semi OT: hotplug / coldplug / udev ...
On 11/15/06, Arnau Bria [EMAIL PROTECTED] wrote: On Tue, 14 Nov 2006 14:45:32 -0500Mark Shields wrote: On 11/9/06, Arnau Bria [EMAIL PROTECTED] wrote:Hi Mark, Ivman is what you want to get the 'automounting' accomplished Well, maybe I did expressed my question correctly, but I was notlooking for a automounter, just wondering howudev/hotplug/coldplug/hal/kernel works together...anyway, thanks for your reply! cheers!--Arnau Briahttp://blog.emergetux.netWiggum: Dispara a las ruedas Lou.Lou: eee, es un tanque jefe.Wiggum: Me tienes hartito con todas tus excusas. --gentoo-user@gentoo.org mailing listYour question was What really happen when you plug a (again, i.e.) pendrive in your computer? Which programs take care in that process? I was replying with what program -- at least, the program I use -- does this. -- - Mark Shields
[gentoo-user] emerge -uDpvt world kdelibs
Hi, I was trying to update my gentoo, when I found next: Calculating world dependencies | !!! All ebuilds that could satisfy ~kde-base/kdelibs-3.5.5 have been masked. [...] (dependency required by kde-base/kdebase-3.5.5-r1 [ebuild]) At the beginning the dependency was kdeartwork-kscreensaver, as I did not use it, I cleaned, then ksnapshot spuerkarmaba, which I also clenaed, but now, I cannot do smae with kdebase. Main question is why portage tries to update to masked packages if I have not set any unmask options: # grep kde /etc/portage/* # How may I find the reason of that? PD: I've installed beryl, could it be the reason? Cheers! -- Arnau Bria http://blog.emergetux.net Wiggum: Dispara a las ruedas Lou. Lou: eee, es un tanque jefe. Wiggum: Me tienes hartito con todas tus excusas. -- gentoo-user@gentoo.org mailing list
[gentoo-user] Install Gentoo on one machine, then move the drive to another
Hey again everyone, Here is my situation: I have CentOS running on a system in a datacenter, but want to switch to Gentoo. Basically what I've started to do is installed Gentoo on a P4 3.0Ghz machine at home, and plan on moving it to a Pentium D 2.66Ghz. Now if I configure/compile/install all my software on the P4, and the kernel is configured for all the hardware in the other machine, will it magically work, or will it freak out? My other concern is that maybe the applications won't be optimized for the other machine. If this is the case, once it's down there, could I simply emerge all of my programs one at a time? My reason for doing this is to minimize downtime. I didn't want to take the server offline for a week while I take my time configuring a new setup. This way it should only be down for maybe 5 minutes while I do a hard drive swap. Thanks in advance for anyones thoughts on this. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] sshd issues
Mick wrote: On Wednesday 15 November 2006 03:08, Jon M wrote: Ohh okay that makes sense. For everyones information, I got it to work properly. First of all, I'm an idiot and was edited /etc/ssh/ssh_config, not /etc/ssh/sshD_config :P Secondly, I had to enable PasswordAuthentication yes as well as ChallengeResponseAuthentication no How does ChallengeResponseAuthentication affect matters? Hi Mick, I'm not sure, however when ChallengeResponseAuthentication is set to yes it still would go into keyboard interactive mode. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] emerge -uDpvt world kdelibs
Have you sync your portage today ? The emerge -Dup world give me kdelibs 3.5.5 and they are not mask donc use package.keywords for this, in order to preserve dependancy in mask file Another think usefull, donc emerge kde (the alias), they install lots of think not necessary usefull for you emerge kdebase kdeadmin ... all package you want, and drop all unwant package with depclean emerge unmerge kde, emerge --noreplace kdebase kdeadmin ..., emerge -a depclean, ... emerge -Dup world so ... Le Wed, 15 Nov 2006 17:10:11 +0100, Arnau Bria [EMAIL PROTECTED] a écrit: Hi, I was trying to update my gentoo, when I found next: Calculating world dependencies | !!! All ebuilds that could satisfy ~kde-base/kdelibs-3.5.5 have been masked. [...] (dependency required by kde-base/kdebase-3.5.5-r1 [ebuild]) At the beginning the dependency was kdeartwork-kscreensaver, as I did not use it, I cleaned, then ksnapshot spuerkarmaba, which I also clenaed, but now, I cannot do smae with kdebase. Main question is why portage tries to update to masked packages if I have not set any unmask options: # grep kde /etc/portage/* # How may I find the reason of that? PD: I've installed beryl, could it be the reason? Cheers! ___ Découvrez une nouvelle façon d'obtenir des réponses à toutes vos questions ! Profitez des connaissances, des opinions et des expériences des internautes sur Yahoo! Questions/Réponses http://fr.answers.yahoo.com -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Install Gentoo on one machine, then move the drive to another
Well, I do this often time You can compile on one computer and put the drive to another without any problem If your both computer have the same material ... nothing to do Well CFGLAS on P4 should be like -02 -march=p4 -pipe -fmoit-frame-pointer so both are P4, you can switch easyly if both haven't got same material and you don't use genkernel you should probably redo the kernel if you hd are not at the same place on new computer you need to change fstab but globally, they don't take more than half an hour good luck Le Wed, 15 Nov 2006 17:15:35 +0100, Jon M [EMAIL PROTECTED] a écrit: Hey again everyone, Here is my situation: I have CentOS running on a system in a datacenter, but want to switch to Gentoo. Basically what I've started to do is installed Gentoo on a P4 3.0Ghz machine at home, and plan on moving it to a Pentium D 2.66Ghz. Now if I configure/compile/install all my software on the P4, and the kernel is configured for all the hardware in the other machine, will it magically work, or will it freak out? My other concern is that maybe the applications won't be optimized for the other machine. If this is the case, once it's down there, could I simply emerge all of my programs one at a time? My reason for doing this is to minimize downtime. I didn't want to take the server offline for a week while I take my time configuring a new setup. This way it should only be down for maybe 5 minutes while I do a hard drive swap. Thanks in advance for anyones thoughts on this. ___ Découvrez une nouvelle façon d'obtenir des réponses à toutes vos questions ! Profitez des connaissances, des opinions et des expériences des internautes sur Yahoo! Questions/Réponses http://fr.answers.yahoo.com -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] emerge -uDpvt world kdelibs
On Wednesday 15 November 2006 17:10, Arnau Bria wrote: I was trying to update my gentoo, when I found next: Calculating world dependencies | !!! All ebuilds that could satisfy ~kde-base/kdelibs-3.5.5 have been masked. [...] (dependency required by kde-base/kdebase-3.5.5-r1 [ebuild]) At the beginning the dependency was kdeartwork-kscreensaver, as I did not use it, I cleaned, then ksnapshot spuerkarmaba, which I also clenaed, but now, I cannot do smae with kdebase. Main question is why portage tries to update to masked packages if I have not set any unmask options: You've snipped way too much of the output of `emerge -uDpvt world` for us to know what's causing it. If `emerge --sync` doesn't solve it then please provide the full output of `emerge -uDpvt world`. -- Bo Andresen pgp82NcbnKkpk.pgp Description: PGP signature
Re: [gentoo-user] emerge -uDpvt world kdelibs
On Wed, 15 Nov 2006 17:20:17 +0100 Geistteufel Geistteufel wrote: Have you sync your portage today ? Yes, every night... The emerge -Dup world give me kdelibs 3.5.5 and they are not mask $ eix kdelibs * kde-base/kdelibs Available versions: 3.5.2-r6:3.5 3.5.2-r6:3.5[1] ~3.5.3-r4:3.5 ~3.5.3-r4:3.5[1] ~3.5.4-r1:3.5[1] ~3.5.4-r2:3.5[1] ~3.5.4-r3:3.5 ~3.5.4-r4:3.5 ~3.5.5:3.5 ~3.5.5:3.5[1] ~3.5.5-r1:3.5[1] ~3.5.5-r2:3.5[1] ~3.5.5-r3:3.5[1] ~3.5.5-r4:3.5 ~3.5.5-r4:3.5[1] 3.5.5-r5:3.5 ~3.5.5-r5:3.5[1] Installed: 3.5.2-r6 Mine neither So, what does portage says so? donc use package.keywords for this, in order to preserve dependancy in mask file Well, I pasted the grep just to say that I have nothing related to kde unmasked... Another think usefull, donc emerge kde (the alias), they install lots of think not necessary usefull for you emerge kdebase kdeadmin ... all package you want, and drop all unwant package with depclean emerge unmerge kde, emerge --noreplace kdebase kdeadmin ..., emerge -a depclean, ... emerge -Dup world Thanks, thanks what I do :-) so ... Thaks for your reply. -- Arnau Bria http://blog.emergetux.net Wiggum: Dispara a las ruedas Lou. Lou: eee, es un tanque jefe. Wiggum: Me tienes hartito con todas tus excusas. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Install Gentoo on one machine, then move the drive to another
On Wednesday 15 November 2006 18:15, Jon M wrote: Hey again everyone, Here is my situation: I have CentOS running on a system in a datacenter, but want to switch to Gentoo. Basically what I've started to do is installed Gentoo on a P4 3.0Ghz machine at home, and plan on moving it to a Pentium D 2.66Ghz. Now if I configure/compile/install all my software on the P4, and the kernel is configured for all the hardware in the other machine, will it magically work, or will it freak out? My other concern is that maybe the applications won't be optimized for the other machine. If this is the case, once it's down there, could I simply emerge all of my programs one at a time? My reason for doing this is to minimize downtime. I didn't want to take the server offline for a week while I take my time configuring a new setup. This way it should only be down for maybe 5 minutes while I do a hard drive swap. Thanks in advance for anyones thoughts on this. The one thing you *have* to do is configure the kernel on the compiling machine for the correct hardware that the date center machine has. There's no magic involved, when you boot into the new machine the driver for it's hardware is either there or it isn't. You probably also want to set your CFLAGS to the lowest common denominator cpu - I don't recall off-hand what a Pentium D is, but I imagine the setting will be -march=pentium4. This will avoid the problem of code being compiled with cpu settings that are not present on the target system. And don't worry too much about optimization. We have a word for that - it's called ricing and it's not a good thing. Compile the apps with sane settings and stuff works. Trying to eke out those last 4 cpu cycles just ain't worth the effort... If you need better performance, buy more RAM or faster disks alan -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] emerge -uDpvt world kdelibs
On Wed, 15 Nov 2006 17:34:58 +0100 Bo Ørsted Andresen wrote: On Wednesday 15 November 2006 17:10, Arnau Bria wrote: [...] You've snipped way too much of the output of `emerge -uDpvt world` for us to know what's causing it. If `emerge --sync` doesn't solve it then please provide the full output of `emerge -uDpvt world`. # emerge -uDpvt world These are the packages that would be merged, in reverse order: Calculating world dependencies | !!! All ebuilds that could satisfy ~kde-base/kdelibs-3.5.5 have been masked. !!! One of the following masked packages is required to complete your request: - kde-base/kdelibs-3.5.5-r1 (masked by: ~x86 keyword) - kde-base/kdelibs-3.5.5-r3 (masked by: ~x86 keyword) - kde-base/kdelibs-3.5.5 (masked by: ~x86 keyword) - kde-base/kdelibs-3.5.5-r5 (masked by: ~x86 keyword) - kde-base/kdelibs-3.5.5-r4 (masked by: ~x86 keyword) - kde-base/kdelibs-3.5.5-r2 (masked by: ~x86 keyword) For more information, see MASKED PACKAGES section in the emerge man page or refer to the Gentoo Handbook. (dependency required by kde-base/kdebase-3.5.5-r1 [ebuild]) !!! Problem resolving dependencies for media-sound/amarok !!! Depgraph creation failed. you're right, I did not read until end. Is amarok who want to pull kdelibs, isn't it? # grep amarok /etc/portage/* /etc/portage/package.use:media-sound/amarok xine * media-sound/amarok Available versions: 1.4.3-r1 ~1.4.4 What else could I provide to solve my problem? thanks for your help! -- Arnau Bria http://blog.emergetux.net Wiggum: Dispara a las ruedas Lou. Lou: eee, es un tanque jefe. Wiggum: Me tienes hartito con todas tus excusas. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] emerge -uDpvt world kdelibs
On Wednesday 15 November 2006 18:53, Arnau Bria wrote: you're right, I did not read until end. Is amarok who want to pull kdelibs, isn't it? Indirectly yes. Amarok depends on konqueror and kdebase, which depends on kdelibs # grep amarok /etc/portage/* /etc/portage/package.use:media-sound/amarok xine hmmm, no kde there * media-sound/amarok Available versions: 1.4.3-r1 ~1.4.4 What else could I provide to solve my problem? post 'emerge -avuNDt world' the -t gives a tree display so we can see what depends on what, with USE flags alan -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] emerge -uDpvt world kdelibs
On Wednesday 15 November 2006 17:53, Arnau Bria wrote: [SNIP] # emerge -uDpvt world These are the packages that would be merged, in reverse order: Calculating world dependencies | !!! All ebuilds that could satisfy ~kde-base/kdelibs-3.5.5 have been [SNIP] - kde-base/kdelibs-3.5.5-r5 (masked by: ~x86 keyword) [SNIP] (dependency required by kde-base/kdebase-3.5.5-r1 [ebuild]) [SNIP] Hmm.. kdelibs-3.5.5-r5 was stabilized before kdebase-3.5.5-r1. [SNIP] What else could I provide to solve my problem? Do you have kdelibs-3.5.5-r5 in any overlay? Like say the xeffects overlay? Then maybe you need to sync that overlay. If it's in another overlay then it probably needs to be stabilised or temporarily added to /etc/portage/package.keywords. -- Bo Andresen pgpRUqcZLekT3.pgp Description: PGP signature
Re: [gentoo-user] Mail system recommendations
Radosław Grzanka wrote: Hi, I have few (small) sites that run postfix under my control and I also would recommend it. However if you require some advanced features from postfix (anti-virus, spamassassin etc.) then be prepared for few surprises on upgrade and looking through configuration files + documentation + changelog. Once it cought me with my pants down and left my sites for few days without mail until I found source of the problem. Still, postfix is the best IMVHO. The moral of the story is that that the move between 2.0 to 2.1 or 2.1 to 2.2 or 2.2 to 2.3 are actually major updates and a number of things change within the internals of Postfix. If you don't actually look at the change logs you will run into problems. On the other hand each of these releases introduced some nice functionality. 2.1 was policy servers which made graylisting easy, 2.2 changed SQL syntax which made the queries you could do much more powerful, 2.3 was actual sendmail style milters that didn't need to be requeued. I've been really happy with Postfix over the past 4 years. kashani -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] emerge -uDpvt world kdelibs
On Wednesday 15 November 2006 17:43, Arnau Bria wrote: $ eix kdelibs * kde-base/kdelibs Available versions: 3.5.2-r6:3.5 3.5.2-r6:3.5[1] ~3.5.3-r4:3.5 ~3.5.3-r4:3.5[1] ~3.5.4-r1:3.5[1] ~3.5.4-r2:3.5[1] ~3.5.4-r3:3.5 ~3.5.4-r4:3.5 ~3.5.5:3.5 ~3.5.5:3.5[1] ~3.5.5-r1:3.5[1] ~3.5.5-r2:3.5[1] ~3.5.5-r3:3.5[1] ~3.5.5-r4:3.5 ~3.5.5-r4:3.5[1] 3.5.5-r5:3.5 ~3.5.5-r5:3.5[1] Installed: 3.5.2-r6 Mine neither So, what does portage says so? Ahh, I'd missed that you had posted this. Once again you've snipped an important piece of information, namely the one that tells you what overlay [1] refers to. It is, however, called an overlay for a reason.. :p Whenever the same ebuild exists in the tree an in an overlay portage will use the one in the overlay which in this case is ~x86 masked.. -- Bo Andresen pgpMOZ8ALpKI2.pgp Description: PGP signature
[gentoo-user] OT: nvidia-cg-toolkit
Hello, I'm looking for a recommendation where someone has purchased an Nvidia card that has good to excellent graphics performance in 3D video games (such as bzflag) and/or anyone that written and code that uses the nvidia (gpu) as a general or special purpose processor Any info or ideas, even other video cards that have opensource drivers are most welcome. James -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] python segfault
ToMike Ferry: I have tried it. The same problem but withoutINFO: Can't locate Tcl/Tk libs and/or headers.To Bo Ørsted Andresen:;)Yes I've unstable flags: LDFLAGSHASHSTYLE= -Wl,--hash-style=both CFLAGS=-Os -march=pentium3 -frename-registers -fweb -pipe -fomit-frame-pointer -funit-at-a-time -freorder-blocks -fno-ident -freorder-blocks-and-partition -fgcse-sm -fgcse-las -fgcse-after-reload -fmerge-all-constants -combine CXXFLAGS=${CFLAGS} -fvisibility-inlines-hiddenLDFLAGS=-Wl,-O1${LDFLAGSHASHSTYLE}But all system emerged well. And works also fine.Except python... It doesn't compile.Now I'm using python emerged with stable flags...
Re: [gentoo-user] python segfault
On Wednesday 15 November 2006 19:10, Andrey wrote: [SNIP] To Bo Ørsted Andresen: ;) Yes I've unstable flags: LDFLAGSHASHSTYLE= -Wl,--hash-style=both CFLAGS=-Os -march=pentium3 -frename-registers -fweb -pipe -fomit-frame-pointer -funit-at-a-time -freorder-blocks -fno-ident -freorder-blocks-and-partition -fgcse-sm -fgcse-las -fgcse-after-reload -fmerge-all-constants -combine CXXFLAGS=${CFLAGS} -fvisibility-inlines-hidden LDFLAGS=-Wl,-O1${LDFLAGSHASHSTYLE} But all system emerged well. And works also fine. Except python... It doesn't compile. Now I'm using python emerged with stable flags... So.. been following Conrad's guide to bork your system [1], huh? I got the hunch from bug #146292 [2]. In either case please don't *ever* file a bug using this configuration. And note that changing your configuration isn't just changing the contents of /etc/make.conf. You need to `emerge -e world` after that! I for one will never understand why people want to break their systems like this...! [1] http://forums.gentoo.org/viewtopic-t-509252-highlight-hashstyle.html [2] http://bugs.gentoo.org/show_bug.cgi?id=146292 -- Bo Andresen pgpzpbEaegivu.pgp Description: PGP signature
Re: [gentoo-user] emerge -uDpvt world kdelibs
Arnau Bria wrote: - kde-base/kdelibs-3.5.5-r5 (masked by: ~x86 keyword) You need to sync your portage tree. kdelibs-3.5.5-r5 is marked x86 as of 13 Nov. -- Naga -- gentoo-user@gentoo.org mailing list
[gentoo-user] offline runlevel
Hello, I am following the runlevel guide http://www.gentoo.org/doc/en/handbook/handbook-x86.xml?part=2chap=4 to set up an offline runlevel for my laptop. I have in /etc/runlevels/offline: rmason # rc-update show offline acpid | offline cpufreqd | offline gpm | offline ivman | offline local | offline pcmcia | offline syslog-ng | offline vixie-cron | offline Based on the ouput of scriptname ineed, nothing there needs net.eth0. When I boot into the kernel with this entry in grub.conf: # For booting GNU/Linux title Gentoo Linux 2.6.17-gentoo-r8 (offline) root (hd0,0) kernel /boot/kernel-2.6.17-gentoo-r8 root=/dev/sda3 softlevel=offline the system still tries to start eth0 and then wastes time while dhcpd times out. I am not sure what what I have done wrong. Can anyone help? Thanks, Roger Mason -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] offline runlevel
On Wed, 15 Nov 2006, Roger Mason wrote: I am following the runlevel guide http://www.gentoo.org/doc/en/handbook/handbook-x86.xml?part=2chap=4 to set up an offline runlevel for my laptop. When I boot into the kernel with this entry in grub.conf: # For booting GNU/Linux title Gentoo Linux 2.6.17-gentoo-r8 (offline) root (hd0,0) kernel /boot/kernel-2.6.17-gentoo-r8 root=/dev/sda3 softlevel=offline the system still tries to start eth0 and then wastes time while dhcpd times out. Is it possible that there are still some services set to start in the boot runlevel that would be more appropriate in the default or offline runlevel? Joe -- gentoo-user@gentoo.org mailing list
[gentoo-user] X resources contorl file
Once upon a time. I think before there was a `gentoo', linux users used an ~/.Xdefaults file to control or set how many of the apps run in X would look, what font etc. I've used it for many years and don't really remember when I quit paying attention to it. Probably not as a gentoo user which would span about 1.7 or so years. There was a point where the name changed from .Xdefaults to .xresources and I use to symlink my old .Xdefaults to .xresources. Now running gentoo (synced about a week ago), xorg-x11-7.1 and kdebase 3.5.5-r1. I'd like to start using that kind of resource control file again. Can anyone tell me if that is possible in Kde and if so how it is done? Currently the .xresoruces file appears to be ignored. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] python segfault
2006/11/15, Bo Ørsted Andresen [EMAIL PROTECTED]: On Wednesday 15 November 2006 19:10, Andrey wrote:[SNIP] To Bo Ørsted Andresen: ;) Yes I've unstable flags: LDFLAGSHASHSTYLE= -Wl,--hash-style=both CFLAGS=-Os -march=pentium3 -frename-registers -fweb -pipe -fomit-frame-pointer -funit-at-a-time -freorder-blocks -fno-ident -freorder-blocks-and-partition -fgcse-sm -fgcse-las -fgcse-after-reload -fmerge-all-constants -combine CXXFLAGS=${CFLAGS} -fvisibility-inlines-hidden LDFLAGS=-Wl,-O1${LDFLAGSHASHSTYLE} But all system emerged well. And works also fine. Except python... It doesn't compile. Now I'm using python emerged with stable flags... So.. been following Conrad's guide to bork your system [1], huh? I got thehunch from bug #146292 [2]. In either case please don't *ever* file a bugusing this configuration. And note that changing your configuration isn't just changing the contents of /etc/make.conf. You need to `emerge -e world`after that! I for one will never understand why people want to break theirsystems like this...!Yes, I took theese flagsat[1](Conradguide). But I don't want to break my system. It really work and speed up my system! :)The only trouble is python doesn't want to build. So I'm going to reemerge it stable cflags but with hash-style! ;)
Re: [gentoo-user] offline runlevel
On 11/15/06, Roger Mason [EMAIL PROTECTED] wrote: the system still tries to start eth0 and then wastes time while dhcpd times out. Probably you need one or both of the following in /etc/conf.d/rc: RC_PLUG_SERVICES=!net.eth0 RC_NET_STRICT_CHECKING=lo BUT, what you probably really want is to emerge ifplugd. With this installed, gentoo will detect when there is a cable connected and startup networking automagically when a cable is inserted. It should also avoid timing out on dhcp requests when no link is detected. -Richard -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] X resources contorl file
[EMAIL PROTECTED] wrote: [...] Currently the .xresoruces file appears to be ignored. Try with a capital X (.Xresources). -- Naga -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Semi OT: hotplug / coldplug / udev ...
On Wednesday 15 November 2006 13:18, Neil Bothwick wrote: On Wed, 15 Nov 2006 08:24:12 +, Mick wrote: Is your user a member of the plugdev group? Automounting won't work otherwise. Hmm . . . = A security policy in place prevents this sender from sending this message to this recipient, see message bus configuration file (rejected message had interface org.freedesktop.Hal.Device.Volume member Mount error name (unset) destination org.freedesktop.Hal) = That's what comes up when I click on the USB pen drive on media:/ Which is pretty much what you'd expect it to say if your user is not a member of the correct group. If you were a member of plugdev, KDE would pop up a window when it detected the device. Thank you Neil. For some reason it won't automount a usb CF here, let alone pop up windows: === # cat /etc/group | grep hald disk:x:6:root,adm,haldaemon floppy:x:11:root,haldaemon cdrom:x:19:michael,haldaemon cdrw:x:80:haldaemon usb:x:85:haldaemon haldaemon:x:440:haldaemon plugdev:x:441:haldaemon,michael === -- Regards, Mick pgpePcks0w5eA.pgp Description: PGP signature
[gentoo-user] Help with script for iptables
Hi All, I have been using Daniel Robbins' basic script for years but now on a laptop I have more than one ways of connecting to the Internet. The script uses the variable UPLINK to define the incoming interface like so: == #change this to the name of the interface that provides your uplink #(connection to the Internet) UPLINK=eth0 if [ $1 = start ] then echo Starting firewall... iptables -P INPUT DROP iptables -A INPUT -i ! ${UPLINK} -j ACCEPT iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT [snip...] == I would like to define more than one iface in UPLINK, e.g. eth0, wlan0, ppp0. How am I supposed to do this? I've tried space, comma and colon as delimiters, but all fail. I've also tried entering UPLINK=iface_name one on each line, but the last line seems to be the one that is always used. I'd very much appreciate your script savvy guidance here, because I couldn't fight my way out of a paper bag when it comes to scripting . . . :) -- Regards, Mick pgpBrDIS1WnND.pgp Description: PGP signature
Re: [gentoo-user] offline runlevel
Flophouse Joe [EMAIL PROTECTED] writes: Is it possible that there are still some services set to start in the boot runlevel that would be more appropriate in the default or offline runlevel? Joe Well, the only script in boot that looks promising is net.lo: I had considered removing it from boot but decided to ask before (possibly) making a big problem from a small one. Thanks, Roger -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] emerge -uDpvt world kdelibs
El Wed, 15 Nov 2006 18:26:07 +0100 Bo Ørsted Andresen dijo: On Wednesday 15 November 2006 17:53, Arnau Bria wrote: [...] What else could I provide to solve my problem? Do you have kdelibs-3.5.5-r5 in any overlay? Like say the xeffects overlay? You're right... Maybe, if I provided it from the beginning... (from eix output) [1] /usr/portage/local/layman/xeffects Then maybe you need to sync that overlay. If it's in another overlay then it probably needs to be stabilised or temporarily added to /etc/portage/package.keywords. I OP, I only said that I installed beryl, assuming that people who answer will know that it needs an overlay... My fault. Really sorry for that. Gonna read some doc about overlays, and If I still have problems with that, I'll update this threat. Many thanks for your help. -- Bo Andresen Arnau -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Help with script for iptables
On Wed, 15 Nov 2006, Mick wrote: iptables -P INPUT DROP iptables -A INPUT -i ! ${UPLINK} -j ACCEPT iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT I would like to define more than one iface in UPLINK, e.g. eth0, wlan0, ppp0. It sounds like you want to write a rule that says, If the packet arrives on any of the interfaces eth0, wlan0, or ppp0, then do ${something} with it. I have never found a good way to do this, but I have found several bad ways of doing this. :) Here is one of the easiest of the bad ways: Make separate rules which effectively test for each of the interfaces you're interested in. If the rules match, then make the packets jump to a new chain for further testing. Let's use eth0, wlan0, and ppp0 as an example. Assume that you've got these interfaces bound on a Gentoo system acting as a firewall and NAT device. You trust eth0 and wlan0, as these are the interfaces from which you connect to the system. You don't trust ppp0, as its IP address is publicly routable. You wish to be able to SSH into the Gentoo system from hosts on the eth0 and wlan0 interfaces, but not from packets arriving on the ppp0 interface. You can't write a rule like the following: iptables -A INPUT -i eth0,wlan0 -p tcp --dport ssh -j ACCEPT So instead you write rules like this: iptables -N in-from-trusted iptables -A INPUT -i eth0 -j in-from-trusted iptables -A INPUT -i wlan0 -j in-from-trusted iptables -A in-from-trusted -p tcp --dport ssh -j ACCEPT Consider how this works. Assume that one of your trusted hosts on the eth0 segment sends a new SSH packet to the Gentoo system. The SSH packet hits the INPUT chain, where it matches the first rule because it arrives on the eth0 interface. The packet them jumps (-j) to the chain in-from-trusted. The packet matches the first rule in this chain because its destination tcp port is 22, and so the packet is accepted. The same rules apply for an incoming ssh packet arriving on the wlan0 interface. If an ssh packet comes in on the ppp0 interface, it won't match any of the rules from the INPUT chain listed above, and-- assuming that there are no further rules in the INPUT chain-- its fate will be that of the policy of the INPUT chain: DROP. Finally, consider a packet arriving on the wlan0 interface whose destination tcp port is, say, http . This packet will match the rule -A INPUT -i wlan0 and it will jump to the in-from-trusted chain. It won't match the rule in in-from-trusted -p tcp --dport ssh, and so it won't be accepted here. This method works well enough in this example, but gets unwieldly quickly if taken to its logical extreme. I once maintained a set of iptables rules that was written entirely in this method. It was nothing but a series of tests chained together with jumps and returns. Even though I wrote it, it was nearly impossible for me to follow and debug it: tracing a packet required consulting five or six chains, and inserting new rules was a chore because it was always necessary to avoid inserting a rule in such a way to short-circuit an existing test. I warned you this was a bad way. :) It's entirely possible that I'm misunderstanding the design of netfilter, but it seems to me that the solution to complicated rulesets is to permit boolean logic in rules like so: iptables -A INPUT \ \(-i eth0 -or -i wlan0) -and \(-p tcp --dport ssh\) \ -j ACCEPT Joe -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] emerge -uDpvt world kdelibs
El Wed, 15 Nov 2006 22:30:12 +0100 Arnau Bria dijo: El Wed, 15 Nov 2006 18:26:07 +0100 Bo Ørsted Andresen dijo: [...] Then maybe you need to sync that overlay. If it's in another overlay then it probably needs to be stabilised or temporarily added to /etc/portage/package.keywords. After a layman -s ALL, I get: # emerge -uDpvt world These are the packages that would be merged, in reverse order: Calculating world dependencies... done! [blocks B ] kde-base/kde-env (is blocking kde-base/kdelibs-3.5.5-r5) [nomerge ] app-vim/latexsuite-1.5.20060124 [...] Which is a normal output. So now, I know how to proceed. Again, many thanks for your help. I must read doc about overlays! Cheers! Arnau -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] offline runlevel
try grepping for need in /etc/runlevels/boot/* and /etc/runlevels/offline/* to see if any of your boot or offline services has a dependency on networking..If there is something that requires net, see if setting RC_NET_STRICT_CHECKING=lo in /etc/conf.d/rc will do the trick. If that doesn;t work, then you may need to remove the service from that softlevel. Also check for PROGRAM keys in your /etc/udev/rules.d/* to make sure it's not udev trying to start the device. However, I don't believe there's anything like that in the default rule sets.And, I'll second Richard, emerge ifplugd dcmOn 11/15/06, Roger Mason [EMAIL PROTECTED] wrote: Flophouse Joe [EMAIL PROTECTED] writes: Is it possible that there are still some services set to start in the boot runlevel that would be more appropriate in the default or offline runlevel? JoeWell, the only script in boot that looks promising is net.lo : I hadconsidered removing it from boot but decided to ask before (possibly) making abig problem from a small one.Thanks,Roger--gentoo-user@gentoo.org mailing list
Re: [gentoo-user] emerge -uDpvt world kdelibs
On 11/15/06, Arnau Bria [EMAIL PROTECTED] wrote: I OP, I only said that I installed beryl, assuming that people who answer will know that it needs an overlay... Actually, beryl is now in the main portage tree. So if that is your only reason for this overlay, you don't need it anymore. -Richard -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Mail system recommendations
On 11/8/06, Raymond Lewis Rebbeck [EMAIL PROTECTED] wrote: postfix is supposed to be pretty good.gmail is even better :)with all the amount of spam hits my smtp server has received before I removed it, there is no way I will declare a MX record in my dns ever again... jc
Re: [gentoo-user] Install Gentoo on one machine, then move the drive to another
Hi all, Pentium D is actually an emt64 dual core cpu, so while CFLAGS -march=pentium4 will work, it will be x86-32 instead of x86-64 and of course the compiled apps won't know nothing about the dual core (read almost dual CPU), still it will run, and it will run fast, you may want to recompile the kernel on the data center with vSMP option set, so at least the kernel will know how to manage multithreads between two cores. On 11/15/06, Alan McKinnon [EMAIL PROTECTED] wrote: On Wednesday 15 November 2006 18:15, Jon M wrote: Hey again everyone, Here is my situation: I have CentOS running on a system in a datacenter, but want to switch to Gentoo. Basically what I've started to do is installed Gentoo on a P4 3.0Ghz machine at home, and plan on moving it to a Pentium D 2.66Ghz. Now if I configure/compile/install all my software on the P4, and the kernel is configured for all the hardware in the other machine, will it magically work, or will it freak out? My other concern is that maybe the applications won't be optimized for the other machine. If this is the case, once it's down there, could I simply emerge all of my programs one at a time? My reason for doing this is to minimize downtime. I didn't want to take the server offline for a week while I take my time configuring a new setup. This way it should only be down for maybe 5 minutes while I do a hard drive swap. Thanks in advance for anyones thoughts on this. The one thing you *have* to do is configure the kernel on the compiling machine for the correct hardware that the date center machine has. There's no magic involved, when you boot into the new machine the driver for it's hardware is either there or it isn't. You probably also want to set your CFLAGS to the lowest common denominator cpu - I don't recall off-hand what a Pentium D is, but I imagine the setting will be -march=pentium4. This will avoid the problem of code being compiled with cpu settings that are not present on the target system. And don't worry too much about optimization. We have a word for that - it's called ricing and it's not a good thing. Compile the apps with sane settings and stuff works. Trying to eke out those last 4 cpu cycles just ain't worth the effort... If you need better performance, buy more RAM or faster disks alan -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Re: raid does not autostart
On 11/15/06, Remy Blank [EMAIL PROTECTED] wrote: CUT You need to mark all the partitions of your RAID array as Linux raid autodetect with fdisk. Here, it seems only hdb1 is marked as such, and hdc1 and hdd1 are not. This prevents the kernel from autostarting your RAID array. Try the following: # fdisk /dev/hdc t 1 fd w # fdisk /dev/hdd t 1 fd w If this doesn't help, are hdc and hdd on a different IDE controller than hda and hdb? Dôh! Stupid me! I shoud know this! This fixed it, thank you! Up to the folowing weird issue... (will be in a new post)... -- Met vriendelijke groet / With kind regards, H. van Wees --- If UNIX isn't the solution, you've got the wrong problem.
Re: [gentoo-user] Help with script for iptables
Thanks Joe, On Wednesday 15 November 2006 21:25, Flophouse Joe wrote: On Wed, 15 Nov 2006, Mick wrote: iptables -P INPUT DROP iptables -A INPUT -i ! ${UPLINK} -j ACCEPT I would like to define more than one iface in UPLINK, e.g. eth0, wlan0, ppp0. It sounds like you want to write a rule that says, If the packet arrives on any of the interfaces eth0, wlan0, or ppp0, then do ${something} with it. Yes. I was thinking is it possible to define the interfaces like: UPLINK=eth0 wlan0 ppp0 and then add something like: = for x in ${INTERFACES} do iptables -A INPUT -i ! ${x} -j ACCEPT . . . more rules . . . iptables -A INPUT -p tcp -i ${x} -j DROP fi = type of think. Not sure if the syntax is correct, but the idea is that we define multiple interfaces, but only write the rules once with the variable 'x' where the interface is meant to go. Here is one of the easiest of the bad ways: Make separate rules which effectively test for each of the interfaces you're interested in. If the rules match, then make the packets jump to a new chain for further testing. That's a simple enough way although as you say it can quickly get complicated especially so if you want to modify rules, change chains and so on. It's entirely possible that I'm misunderstanding the design of netfilter, but it seems to me that the solution to complicated rulesets is to permit boolean logic in rules like so: iptables -A INPUT \ \(-i eth0 -or -i wlan0) -and \(-p tcp --dport ssh\) \ -j ACCEPT Is there a legit way of specifying such rules? -- Regards, Mick pgprLKi1peHNF.pgp Description: PGP signature
Re: [gentoo-user] emerge hints log?
thanks everyone greez jakommo On 11/15/06, Bo Ørsted Andresen [EMAIL PROTECTED] wrote: On Wednesday 15 November 2006 15:44, jakommo wrote: I was wondering if there is a way or a tool wich logs the hints emerge gives you sometimes after merging a program. The hints were usefull for me more than once but I dont want to watch emerge all the time when I ' m merging several packages. The portage elog system has recently been added to the handbook: http://www.gentoo.org/doc/en/handbook/handbook-x86.xml?part=3chap=1#doc_chap4 -- Bo Andresen
Re: [gentoo-user] Help with script for iptables
On Wed, 2006-11-15 at 20:29 +, Mick wrote: Hi All, I have been using Daniel Robbins' basic script for years but now on a laptop I have more than one ways of connecting to the Internet. The script uses the variable UPLINK to define the incoming interface like so: == #change this to the name of the interface that provides your uplink #(connection to the Internet) you could try modifying the script slightly: UPLINK=eth0 make that UPLINK=eth0 ppp0 # space separated then I was going to say use a for i in x; do ...; done loop, but I realised that won't work exactly, because of the line iptables -A INPUT -i ! ${UPLINK} -j ACCEPT then something strange would happen. What you're really saying is for every interface not specified, accept incoming packets. This gets a bit tricky, cause you either have to parse the output of ifconfig (ugly) or specify the interface that are NOT uplinks (prone to user error). You could say: UPLINK=eth0 wlan0 ppp0 if [ $1 = start ] then echo Starting firewall... iptables -P INPUT DROP for IFS in `ifconfig | grep Link encap: | awk '{print $1}'`; do for UPIFS in ${UPLINK}; do # if IFS isn't in UPIFS, then accept all trafic on IFS if ... forget that! too ugly. What are you really trying to do? Make all your interface the uplink, ie. firewalled? In that case, just say this: UPLINK=who cares? if [ $1 = start ] then echo Starting firewall... iptables -P INPUT DROP iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT done! Now everything is firewalled, and only lo is trusted. However, I haven't seen the rest of this script, so I don't know if that will break things. Maybe you want to post back with some more info if that doesn't suit your needs... cya! -- Iain Buchanan iaindb at netspace dot net dot au How many people work here? Oh, about half. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Help with script for iptables
On Wed, 15 Nov 2006, Mick wrote: On Wednesday 15 November 2006 21:25, Flophouse Joe wrote: On Wed, 15 Nov 2006, Mick wrote: UPLINK=eth0 wlan0 ppp0 for x in ${INTERFACES} do iptables -A INPUT -i ! ${x} -j ACCEPT . . . more rules . . . iptables -A INPUT -p tcp -i ${x} -j DROP fi = type of think. Not sure if the syntax is correct, but the idea is that we define multiple interfaces, but only write the rules once with the variable 'x' where the interface is meant to go. I'm not 100% certain that I understand the goal, so please let me know if I've gotten it wrong. It sounds like you want to apply identical firewall rules to each of three interfaces. It's possible that there are other interfaces, and if traffic arrives on those interfaces, then it should not be matched by the rules in the for loop. If this is the case, then yes, the for loop you've suggested should be perfectly fine. The rules you specify in that loop will only be applied to traffic which arrives on the interfaces that you loop through. If you're anything like me, you'll find the rules created in this manner slightly difficult to read from the output of iptables -vnL, but you'd have the same problem using the test-then-jump method I mentioned in my previous post. As near as I can tell, this is a limitation of iptables (or netfilter) itself, in that (to the best of my knowledge) it isn't possible to specify a rule that matches multiple interfaces whose names don't begin the same way. It's entirely possible that I'm misunderstanding the design of netfilter, but it seems to me that the solution to complicated rulesets is to permit boolean logic in rules like so: iptables -A INPUT \ \(-i eth0 -or -i wlan0) -and \(-p tcp --dport ssh\) \ -j ACCEPT Is there a legit way of specifying such rules? Not that I'm aware of, but I'd very much like to be proven wrong. Does anyone else on the list know of a way to specify boolean conditions in iptables rules as illustrated above? For what it's worth, I have found a way to get something that approximates the ability to use ORs in iptables rules, but it borders on the criminially insane. I describe it below: I have a Gentoo system in my house which acts as a firewall and NAT gateway. It has three network interfaces: eth0 connects to the public internet, eth1 connects to a non-routable network segment, eth2 connects to a non-routable wireless access point left wide open. I wish for some hosts-- and only some hosts-- to be able to connect to the wireless access point and have their traffic masqueraded out to the public internet. Since I'm dealing with a very small number of hosts, and since these hosts are directly connected to the Gentoo system's ethernet segment, I've decided to filter traffic from the wireless access point based on the source MAC address of the ethernet frames coming from the wireless access point. Let's say that I trused the hosts with MAC address 00:11:22:33:44:55 and with MAC address 00:22:44:66:88:AA, and I wished for these hosts to have their traffic forwarded out to the internet without any restrictions whatsoever. This would be simple enough: iptables -A FORWARD -i eth2 -o eth0 \ -m mac --source-mac 00:11:22:33:44:55 -j ACCEPT iptables -A FORWARD -i eth2 -o eth0 \ -m mac --source-mac 00:22:44:66:88:AA -j ACCEPT But in reality, the rules are a bit more complicated. I disallow outgoing access to SMTP and BitTorrent, for example. I also disallow outgoing traffic to certain UDP ports. These rules add up quickly. It's possible to collapse some of these rules using -m multiport , but I still end up with a few rules for each of the hosts that are being forwarded from the wireless interface to the public. And since I can't test for multiple MAC addresses in one rule, I need separate rules for each host. I've got about six hosts connecting to the wireless access point, and I've got three rules for each host. Because I can't OR rules together, I've got 6 x 3 = 18 rules to juggle. This isn't too big of a deal if I wrap it up in a for loop, but it's still unsightly to look at in the output of iptables -vnL I've used the connmark match and the CONNMARK target to get the same effect. In table mangle chain PREROUTING, I have rules that look like this: iptables -t mangle -A PREROUTING \ -m mac --mac-source 00:11:22:33:44:55 \ -j CONNMARK --set-mark 0x1/0x1 iptables -t mangle -A PREROUTING \ -m mac --mac-source 00:22:44:66:88:AA \ -j CONNMARK --set-mark 0x1/0x1 iptables -t mangle -A PREROUTING \ -m mac --mac-source 33:66:99:CC:FF:00 \ -j CONNMARK --set-mark 0x1/0x1 And now I can collapse the rules in table filter, chain FORWARD like so: iptables -A FORWARD -p tcp -m multiport ! --dports 25,6881 \
[gentoo-user] Re: X resources contorl file
Nagatoro [EMAIL PROTECTED] writes: [EMAIL PROTECTED] wrote: [...] Currently the .xresoruces file appears to be ignored. Try with a capital X (.Xresources). Haa.. there was a time and maybe different OS where case didn't matter so I never thought to try that. Even this time, I quickly tried it and saw no difference and was on the verge of posting back saying it didn't change anything but I pondered a moment and thought to try restarting X. Sure enough, the lowercase was the problem. On restarting X the data in .Xresources was recognized. I'd quit even using it mnths ago and am glad to have it back...Thanks. -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Re: X resources contorl file
On Thursday 16 November 2006 04:37, [EMAIL PROTECTED] wrote: Nagatoro [EMAIL PROTECTED] writes: [EMAIL PROTECTED] wrote: [...] Currently the .xresoruces file appears to be ignored. Try with a capital X (.Xresources). Haa.. there was a time and maybe different OS where case didn't matter so I never thought to try that. Even this time, I quickly tried it and saw no difference and was on the verge of posting back saying it didn't change anything but I pondered a moment and thought to try restarting X. Sure enough, the lowercase was the problem. On restarting X the data in .Xresources was recognized. I'd quit even using it mnths ago and am glad to have it back...Thanks. In my experience you'll find that your kde and gnome apps will pretty much mostly ignore your .Xresources or at the very least what's in it gets overridden by kcontrol/gconf. Your other X apps work just fine of course alan -- gentoo-user@gentoo.org mailing list
[gentoo-user] Re: X resources contorl file
Alan McKinnon [EMAIL PROTECTED] writes: I'd quit even using it mnths ago and am glad to have it back...Thanks. In my experience you'll find that your kde and gnome apps will pretty much mostly ignore your .Xresources or at the very least what's in it gets overridden by kcontrol/gconf. Your other X apps work just fine of course Probably the single biggest use I make of it now and historically is to setup emacs and xterms the way I like them. I don't use the konsole much. So that is where I notice it missing. -- gentoo-user@gentoo.org mailing list