Re: [gentoo-user] {OT} rdiff-backup: push or pull?

2011-08-18 Thread Joost Roeleveld
On Thursday, August 18, 2011 06:51:32 PM Grant wrote:
> >> I'm setting up an automated rdiff-backup system and I'm stuck between
> >> pushing the backups to the backup server, and pulling the backups to
> >> the backup server.  If I push, I have to allow read/write access of my
> >> backups via SSH keys.  If I pull, I have to enable root logins on each
> >> system to be backed-up, allow root read access of each system via SSH
> >> keys, and I have to deal with openvpn or ssh -R so my laptop can back
> >> up from behind foreign routers.  The conventional wisdom online seems
> >> to indicate pulling is better, but pushing seems like it might be
> >> better to me.  Do you push or pull?
> > 
> > I would push, to be honest.
> 
> What can be done about the fact that any attacker who can break into a
> system and wipe it out can also wipe out its backups?  That negates
> one of the reasons for making the backups in the first place.

True, except if, after a backup is finished, you move the actual backup to a 
different location. (Or you backup the backup server)

I store all important files on my server and the backups there can not be 
accessed from the fileserver itself. (That backup is done in "pull" mode every 
night.)

> Should private SSH keys be excluded from the backup?  Should anything
> else be excluded?

When a host is compromised, the corresponding entries in the "authorized_keys" 
should be removed from all other servers/hosts. This will make those private 
keys useless.

If you protect them with a passphrase, the private keys are not usable in any 
case. But this will require the backups to be started manually to allow you to 
enter the passphrase.
Or you unlock the passphrase in memory and use ssh-agent for that.

--
Joost



Re: [gentoo-user] {OT} rdiff-backup: push or pull?

2011-08-18 Thread Joost Roeleveld
On Thursday, August 18, 2011 06:01:08 PM Grant wrote:
> >> >> > You can seperate the backups by giving each system a
> >> >> > different
> >> >> > account
> >> >> > where to store the backups.
> >> >> 
> >> >> I'm not sure what you mean.  The backups are all stored on the
> >> >> backup
> >> >> server.
> >> > 
> >> > Each machine to be backed up has a different account on the backup
> >> > server. This will prevent machine A from accessing the backups of
> >> > machine B.
> >> > 
> >> > This way, if one machine is compromised, only this machines
> >> > backups can be accessed using the access-keys for the backup. And
> >> > this machines keys can then be revoked without affecting other
> >> > backups.
> >> 
> >> That's a great idea.  I will do that.  Should that backup account have
> >> any special configuration, or just a standard new user?
> > 
> > I would suspect just a standard new user with default permissions.
> > Eg. only write-access to his/her own files.
> > 
> > And I'd prevent that user account from being able to get a
> > shell-account.
> 
> I created the backup users and everything works as long as the backup
> users have shells on the backup server and are listed in AllowUsers in
> /etc/ssh/sshd_config on the backup server.  Did I do something wrong
> or should the backup users need shells and to be listed in AllowUsers?

I'm not too familiar with rsync backups. A shell might be required, but if you 
set the command run on the server-side in the "authorized_keys" it should 
prevent any other command from being run.

> Should I set up any extra restrictions for them in sshd_config?

I have disabled all password-logins and only allow shared-key logins.

> Should I set passwords for them?

I don't set passwords for these type of users. By default, they can not login 
with any password that way. Setting a password will leave the possibility open 
someone might randomly guess the password.

--
Joost



Re: [gentoo-user] /dev/sda* missing at boot

2011-08-18 Thread Graham Murray
Michael Mol  writes:

> Also, check your BIOS to see if it's running your SATA controller in
> some kind of IDE emulation mode. If it is, disable that. (Some
> motherboards let you choose between "IDE" and "RAID", where "RAID" is
> AHCI mode. Others call IDE mode 'legacy', and still others might
> actually call the AHCI mode 'AHCI')

That is if the BIOS will allow you to do so. Some BIOSes, for example
some Dell servers, will only run SATA in emulation mode despite the
chipset supporting AHCI. The only option they give for SATA is
enable/disable.



Re: [gentoo-user] netqmail blocks maildrop requiered by qmail-scanner.

2011-08-18 Thread felix
On Thu, Aug 18, 2011 at 09:19:42PM +0200, Henk Abma wrote:
> On Wed, Aug 17, 2011 at 08:10:25PM +0200, Henk Abma wrote:
> > Hello list,
> > 
> > yesterday I wanted to emerge -uNDa world, at which point emerge said it 
> > couldn't emerge because maildrop 2.5.4 could not be installed on the same 
> > system 
> > as netqmail 1.06. Silly as I was, I removed maildrop, not knowing it was 
> > required by qmail-scanner, which I use for spam checking.
> 
> OK so I emerged maildrop with the --nodeps option to get things going again, 
> but still wondering how others have dealt with the fact that netqmail and 
> maildrop may no longer exist on the same machine.

Someone told me to set -tools for maildrop in package.use.  I looked
up what that does but forget now, so presumably it's not terribly
important on my system.  Still puzzling.

-- 
... _._. ._ ._. . _._. ._. ___ .__ ._. . .__. ._ .. ._.
 Felix Finch: scarecrow repairman & rocket surgeon / fe...@crowfix.com
  GPG = E987 4493 C860 246C 3B1E  6477 7838 76E9 182E 8151 ITAR license #4933
I've found a solution to Fermat's Last Theorem but I see I've run out of room o



Re: [gentoo-user] /dev/sda* missing at boot

2011-08-18 Thread Mark Knecht
On Thu, Aug 18, 2011 at 11:59 AM,   wrote:
> Hi, guys
>
> It is a shame, I know, but after several years using Gentoo, it is the first
> time I try to build a kernel without "genkernel".
>
> And now I can't boot to that new kernel, it does not find (and really do not
> have a) /dev/sda* root partition ("real-root"); during the boot it stops,
> complaining about that, gives me the option to get a shell, from which I am
> able to see that there is no /dev/sda* .
>
> I have included everything SATA, so it looks like that is not a kernel
> problem, but a initramfs issue, I guess.
>
> What am I missing?
>
> Thanks a lot
> Francisco
>
> P.S.: my boot partition is sda2, sda3 is a swap partition, and everything
> else is in sda4. sda1 is not used (up to now) and this is my grub.conf :
>
> title Gentoo Linux 2.6.39-gentoo-r3
> root (hd0,1)
> kernel /boot/kernel-genkernel-x86_64-2.6.39-gentoo-r3 ro root=/dev/ram0
> init=/linuxrc real_root=/dev/sda4 vga=0x318 video=uvesafb:1024x768-32
> nodevfs udev devfs=nomount quiet CONSOLE=/dev/tty1
> initrd /boot/initramfs-genkernel-x86_64-2.6.39-gentoo-r3

Maybe I'm missing the obvious here but have you taken a copy of
whatever config file was used/generated by genkernel and used that as
a jumping off point for building your own kernel. kernel's a kernel's
a kernel. What it is capable of doing is in the .config file. If
genkernel doesn't give you a .config file - I've never used genkernel
so I don't know what it does - then assuming you have the feature
turned on you can get the running config using zcat /proc/config.gz.
Save that to a new .config file, put it in the kernel source directory
and you should be good to go.

You can also use zcat /proc/config.gz on the install CD kernel if yuo
boot from that. Save it to a disk and use it as the basis for creating
your own config.

HTH,
Mark



Re: [gentoo-user] {OT} rdiff-backup: push or pull?

2011-08-18 Thread Grant
>> I'm setting up an automated rdiff-backup system and I'm stuck between
>> pushing the backups to the backup server, and pulling the backups to
>> the backup server.  If I push, I have to allow read/write access of my
>> backups via SSH keys.  If I pull, I have to enable root logins on each
>> system to be backed-up, allow root read access of each system via SSH
>> keys, and I have to deal with openvpn or ssh -R so my laptop can back
>> up from behind foreign routers.  The conventional wisdom online seems
>> to indicate pulling is better, but pushing seems like it might be
>> better to me.  Do you push or pull?
>
> I would push, to be honest.

What can be done about the fact that any attacker who can break into a
system and wipe it out can also wipe out its backups?  That negates
one of the reasons for making the backups in the first place.

Should private SSH keys be excluded from the backup?  Should anything
else be excluded?

- Grant



Re: [gentoo-user] /dev/sda* missing at boot

2011-08-18 Thread Matthew Finkel
On Thu, Aug 18, 2011 at 2:59 PM,  wrote:

> Hi, guys
>
> It is a shame, I know, but after several years using Gentoo, it is the
> first time I try to build a kernel without "genkernel".
>
> And now I can't boot to that new kernel, it does not find (and really do
> not have a) /dev/sda* root partition ("real-root"); during the boot it
> stops, complaining about that, gives me the option to get a shell, from
> which I am able to see that there is no /dev/sda* .
>
> I have included everything SATA, so it looks like that is not a kernel
> problem, but a initramfs issue, I guess.
>
> What am I missing?
>
> Thanks a lot
> Francisco
>
> P.S.: my boot partition is sda2, sda3 is a swap partition, and everything
> else is in sda4. sda1 is not used (up to now) and this is my grub.conf :
>
> title Gentoo Linux 2.6.39-gentoo-r3
> root (hd0,1)
> kernel /boot/kernel-genkernel-x86_64-2.6.39-gentoo-r3 ro root=/dev/ram0
> init=/linuxrc real_root=/dev/sda4 vga=0x318 video=uvesafb:1024x768-32
> nodevfs udev devfs=nomount quiet CONSOLE=/dev/tty1
> initrd /boot/initramfs-genkernel-x86_64-2.6.39-gentoo-r3



Do you have a block device driver built into the kernel? And what type of
shell are you dropped into when then happens? Is it a single-user mode shell
or grub (or something else entirely)? Also, while you're booted into the
livecd/dvd/usb and you chroot, try lspci -k and check to see what
modules/drivers that lists as installed and see if you have them enabled in
your config.

- Matt


Re: [gentoo-user] {OT} rdiff-backup: push or pull?

2011-08-18 Thread Grant
>> >> > You can seperate the backups by giving each system a different
>> >> > account
>> >> > where to store the backups.
>> >>
>> >> I'm not sure what you mean.  The backups are all stored on the backup
>> >> server.
>> >
>> > Each machine to be backed up has a different account on the backup
>> > server. This will prevent machine A from accessing the backups of
>> > machine B.
>> >
>> > This way, if one machine is compromised, only this machines backups can
>> > be accessed using the access-keys for the backup. And this machines
>> > keys can then be revoked without affecting other backups.
>>
>> That's a great idea.  I will do that.  Should that backup account have
>> any special configuration, or just a standard new user?
>
> I would suspect just a standard new user with default permissions.
> Eg. only write-access to his/her own files.
>
> And I'd prevent that user account from being able to get a shell-account.

I created the backup users and everything works as long as the backup
users have shells on the backup server and are listed in AllowUsers in
/etc/ssh/sshd_config on the backup server.  Did I do something wrong
or should the backup users need shells and to be listed in AllowUsers?

Should I set up any extra restrictions for them in sshd_config?
Should I set passwords for them?

- Grant


> A ".bashrc" with "exit" as the last or first entry is a nice touch. Especially
> if you set the permissions such that it works for the user but the user can
> never change that file.
>
> --
> Joost



Re: [gentoo-user] {OT} USB 3.0 hard drive speed test

2011-08-18 Thread Peter Humphrey
On Thursday 18 August 2011 23:46:30 Paul Hartman wrote:

>  I saw that one of the pins on the port was bent inward on itself, so it
>  never made contact when I plugged devices into it.

And when you tried to straighten it, it broke off, no? That's been my 
experience.

-- 
Rgds
Peter   Linux Counter 5290, 1994-04-23



Re: [gentoo-user] /dev/sda* missing at boot

2011-08-18 Thread Peter Humphrey
On Thursday 18 August 2011 20:42:30 Michael Mol wrote:

> Don't forget to check your BIOS. You might also consider enabling
> "SCSI-generic (disk)", which would catch ide-emulated disks and put a
> scsi interface around them in the kernel.

But it might well shove a generic driver in before the specific one has a 
chance. The docs warn of this.

> Finally, check that it's coming up as "/dev/sda" and not something
> like "/dev/sdb".

Good advice (if I may presume). BIOSes often have weird detection orders: 
I'm still not sure I've got the right optical drive order on my 
superannuated workstation.

-- 
Rgds
Peter   Linux Counter 5290, 1994-04-23



Re: [gentoo-user] {OT} USB 3.0 hard drive speed test

2011-08-18 Thread Paul Hartman
On Thu, Aug 18, 2011 at 2:46 PM, Grant  wrote:
> Just thought I'd mention that one of my USB 3.0 ports works and the
> other doesn't.  The non-working port lights up the USB drive but the
> drive isn't picked up by the system in dmesg at all.  I don't know if
> this is a hardware or software issue.

When I was building my PC, one of the USB ports on the front of my
case didn't work. After looking at it closely, I saw that one of the
pins on the port was bent inward on itself, so it never made contact
when I plugged devices into it.



Re: [gentoo-user] Running HTTP and DNS on same machine

2011-08-18 Thread Stroller

On 18 August 2011, at 01:18, Adam Carter wrote:
> …  I … use a couple of free secondaries … 
> http://www.everydns.net).

Only for the next 14 days.

I'll check out twisted4life.com but would grateful for any other suggestions. 
There's no money in free DNS, unfortunately. 

Stroller.




Re: [gentoo-user] {OT} USB 3.0 hard drive speed test

2011-08-18 Thread Grant
>>> I'm testing this USB 3.0 bus-powered hard drive:
>>>
>>> http://www.amazon.com/gp/product/B0041OSQ9S
>>>
>>> and I get:
>>>
>>> # hdparm -tT /dev/sdb
>>> /dev/sdb:
>>> Timing cached reads:   8006 MB in  2.00 seconds = 4004.33 MB/sec
>>> Timing buffered disk reads: 252 MB in  3.01 seconds =  83.63 MB/sec
>>>
>>> # hdparm -tT /dev/sdb
>>> /dev/sdb:
>>> Timing cached reads:   8230 MB in  2.00 seconds = 4116.54 MB/sec
>>> Timing buffered disk reads: 252 MB in  3.02 seconds =  83.55 MB/sec
>>>
>>> # hdparm -tT /dev/sdb
>>> /dev/sdb:
>>> Timing cached reads:   8446 MB in  2.00 seconds = 4224.36 MB/sec
>>> Timing buffered disk reads: 230 MB in  3.02 seconds =  76.28 MB/sec
>>>
>>> Wikipedia says USB 3.0 has transmission speeds of up to 5 Gbit/s.
>>> Doesn't MB/sec denote mega*bytes* per second?
>> What usb3 is supported by Linux?  Is it a pci card?
>
> I'm on 2.6.39-hardened-r10 and I'm using this motherboard with onboard USB 
> 3.0:
>
> http://www.newegg.com/Product/Product.aspx?Item=N82E16813128490

Just thought I'd mention that one of my USB 3.0 ports works and the
other doesn't.  The non-working port lights up the USB drive but the
drive isn't picked up by the system in dmesg at all.  I don't know if
this is a hardware or software issue.

- Grant

>
> - Grant



Re: Re: Re: [gentoo-user] /dev/sda* missing at boot

2011-08-18 Thread Michael Mol
On Thu, Aug 18, 2011 at 3:26 PM,   wrote:
> Em 18/08/2011 16:17, fra...@gmail.com escreveu:
>
> Forgot to say: I am able to boot the LiveCD and chroot to that partition.
>
> Now checking the kernel configuration, there's only SATA_ACARD_AHCI set up
> as a module, everything else AHCI is included in the kernel.

Don't forget to check your BIOS. You might also consider enabling
"SCSI-generic (disk)", which would catch ide-emulated disks and put a
scsi interface around them in the kernel. (That'd be an emulation
layer on top of an emulation layer, though, so far less than ideal)

Finally, check that it's coming up as "/dev/sda" and not something
like "/dev/sdb". The initial scrolling of kernel messages might tell
you what devices were detected and what names they were given.


-- 
:wq



Re: Re: Re: [gentoo-user] /dev/sda* missing at boot

2011-08-18 Thread frares

Em 18/08/2011 16:17, fra...@gmail.com escreveu:

Em 18/08/2011 16:13, Michael Mol mike...@gmail.com> escreveu:
> On Thu, Aug 18, 2011 at 2:59 PM, fra...@gmail.com> wrote:
> >
> > Hi, guys
> >
> > It is a shame, I know, but after several years using Gentoo, it is  
the first time I try to build a kernel without "genkernel".

> >
> > And now I can't boot to that new kernel, it does not find (and really  
do not have a) /dev/sda* root partition ("real-root"); during the boot it  
stops, complaining about that, gives me the option to get a shell, from  
which I am able to see that there is no /dev/sda* .

> >
> > I have included everything SATA, so it looks like that is not a  
kernel problem, but a initramfs issue, I guess.

>
> If you've got a SATA controller, no frills, then all you *really* need
> is AHCI. Build that into your kernel if you're worried about having
> the right modules in initramfs. You can break it out into a module
> later if you like. Opinions differ as to how much stuff should be
> broken into modules vs being built-in to the kernel. I tend to build
> in everything absolutely needed for boot, myself. Some people build in
> just about everything, and some people build in almost nothing.
> There's no "right" way for every use case.
>
> Also, check your BIOS to see if it's running your SATA controller in
> some kind of IDE emulation mode. If it is, disable that. (Some
> motherboards let you choose between "IDE" and "RAID", where "RAID" is
> AHCI mode. Others call IDE mode 'legacy', and still others might
> actually call the AHCI mode 'AHCI')
>
> Motherboards running SATA controllers in IDE emulation mode is an
> incredibly common thing:
>
> 17:18 beh
> 17:18 hda1 turned into sda1
> 17:19 IRule: Turn SCSI-generic support, or did you
> switch from legacy to AHCI in your BIOS?
> 17:20 shortcircuit: quiet, you
>
> --
>
> :wq
>



Thanks, gonna try it.



Francisco


Forgot to say: I am able to boot the LiveCD and chroot to that partition.

Now checking the kernel configuration, there's only SATA_ACARD_AHCI set up  
as a module, everything else AHCI is included in the kernel.


Thanks anyway

Francisco


Re: [gentoo-user] netqmail blocks maildrop requiered by qmail-scanner.

2011-08-18 Thread Henk Abma
On Wed, Aug 17, 2011 at 08:10:25PM +0200, Henk Abma wrote:
> Hello list,
> 
> yesterday I wanted to emerge -uNDa world, at which point emerge said it 
> couldn't emerge because maildrop 2.5.4 could not be installed on the same 
> system 
> as netqmail 1.06. Silly as I was, I removed maildrop, not knowing it was 
> required by qmail-scanner, which I use for spam checking.

OK so I emerged maildrop with the --nodeps option to get things going again, 
but still wondering how others have dealt with the fact that netqmail and 
maildrop may no longer exist on the same machine.

Kind regards,

Henk.
> 
> Result: no mail is picked up by my server any more. Of course I could return 
> to using teh qmail internal scanner, however then I lose the spam checking 
> right?
> 
> Thanks for your help.
> 
> Kind regards,
> 
> Henk.
> 
> 



Re: Re: [gentoo-user] /dev/sda* missing at boot

2011-08-18 Thread frares

Em 18/08/2011 16:13, Michael Mol  escreveu:

On Thu, Aug 18, 2011 at 2:59 PM, fra...@gmail.com> wrote:
>
> Hi, guys
>
> It is a shame, I know, but after several years using Gentoo, it is the  
first time I try to build a kernel without "genkernel".

>
> And now I can't boot to that new kernel, it does not find (and really  
do not have a) /dev/sda* root partition ("real-root"); during the boot it  
stops, complaining about that, gives me the option to get a shell, from  
which I am able to see that there is no /dev/sda* .

>
> I have included everything SATA, so it looks like that is not a kernel  
problem, but a initramfs issue, I guess.



If you've got a SATA controller, no frills, then all you *really* need
is AHCI. Build that into your kernel if you're worried about having
the right modules in initramfs. You can break it out into a module
later if you like. Opinions differ as to how much stuff should be
broken into modules vs being built-in to the kernel. I tend to build
in everything absolutely needed for boot, myself. Some people build in
just about everything, and some people build in almost nothing.
There's no "right" way for every use case.



Also, check your BIOS to see if it's running your SATA controller in
some kind of IDE emulation mode. If it is, disable that. (Some
motherboards let you choose between "IDE" and "RAID", where "RAID" is
AHCI mode. Others call IDE mode 'legacy', and still others might
actually call the AHCI mode 'AHCI')



Motherboards running SATA controllers in IDE emulation mode is an
incredibly common thing:



17:18 beh
17:18 hda1 turned into sda1
17:19 IRule: Turn SCSI-generic support, or did you
switch from legacy to AHCI in your BIOS?
17:20 shortcircuit: quiet, you



--



:wq



Thanks, gonna try it.

Francisco


Re: Re: [gentoo-user] /dev/sda* missing at boot

2011-08-18 Thread frares

Em 18/08/2011 16:08, András Csányi  escreveu:

On 18 August 2011 18:59, fra...@gmail.com> wrote:



> Hi, guys
>
> It is a shame, I know, but after several years using Gentoo, it is the  
first

> time I try to build a kernel without "genkernel".
>
> And now I can't boot to that new kernel, it does not find (and really  
do not
> have a) /dev/sda* root partition ("real-root"); during the boot it  
stops,
> complaining about that, gives me the option to get a shell, from which  
I am

> able to see that there is no /dev/sda* .
>
> I have included everything SATA, so it looks like that is not a kernel
> problem, but a initramfs issue, I guess.
>
> What am I missing?




Why have you choose this way? I mean, non-genkernel way.




--
- -
-- Csanyi Andras (Sayusi Ando) -- http://sayusi.hu --
http://facebook.com/andras.csanyi
-- ""Trust in God and keep your gunpowder dry!" - Cromwell




That's recommended in the new install manual:

http://www.gentoo.org/doc/en/handbook/handbook-amd64.xml?style=printable&full=1#book_part1_chap7

Look for item "7c". The alternative way is to use genkernel.

Francisco


Re: [gentoo-user] /dev/sda* missing at boot

2011-08-18 Thread Michael Mol
On Thu, Aug 18, 2011 at 2:59 PM,  wrote:
>
> Hi, guys
>
> It is a shame, I know, but after several years using Gentoo, it is the first 
> time I try to build a kernel without "genkernel".
>
> And now I can't boot to that new kernel, it does not find (and really do not 
> have a) /dev/sda* root partition ("real-root"); during the boot it stops, 
> complaining about that, gives me the option to get a shell, from which I am 
> able to see that there is no /dev/sda* .
>
> I have included everything SATA, so it looks like that is not a kernel 
> problem, but a initramfs issue, I guess.

If you've got a SATA controller, no frills, then all you *really* need
is AHCI. Build that into your kernel if you're worried about having
the right modules in initramfs. You can break it out into a module
later if you like. Opinions differ as to how much stuff should be
broken into modules vs being built-in to the kernel. I tend to build
in everything absolutely needed for boot, myself. Some people build in
just about everything, and some people build in almost nothing.
There's no "right" way for every use case.

Also, check your BIOS to see if it's running your SATA controller in
some kind of IDE emulation mode. If it is, disable that. (Some
motherboards let you choose between "IDE" and "RAID", where "RAID" is
AHCI mode. Others call IDE mode 'legacy', and still others might
actually call the AHCI mode 'AHCI')

Motherboards running SATA controllers in IDE emulation mode is an
incredibly common thing:

17:18 <@IRule> beh
17:18 <@IRule> hda1 turned into sda1
17:19 < shortcircuit> IRule: Turn SCSI-generic support, or did you
switch from legacy to AHCI in your BIOS?
17:20 <@IRule> shortcircuit: quiet, you

--
:wq



Re: [gentoo-user] /dev/sda* missing at boot

2011-08-18 Thread András Csányi
On 18 August 2011 18:59,   wrote:
> Hi, guys
>
> It is a shame, I know, but after several years using Gentoo, it is the first
> time I try to build a kernel without "genkernel".
>
> And now I can't boot to that new kernel, it does not find (and really do not
> have a) /dev/sda* root partition ("real-root"); during the boot it stops,
> complaining about that, gives me the option to get a shell, from which I am
> able to see that there is no /dev/sda* .
>
> I have included everything SATA, so it looks like that is not a kernel
> problem, but a initramfs issue, I guess.
>
> What am I missing?

Why have you choose this way? I mean, non-genkernel way.

-- 
- -
--  Csanyi Andras (Sayusi Ando)  -- http://sayusi.hu --
http://facebook.com/andras.csanyi
--  ""Trust in God and keep your gunpowder dry!" - Cromwell



[gentoo-user] /dev/sda* missing at boot

2011-08-18 Thread frares

Hi, guys

It is a shame, I know, but after several years using Gentoo, it is the  
first time I try to build a kernel without "genkernel".


And now I can't boot to that new kernel, it does not find (and really do  
not have a) /dev/sda* root partition ("real-root"); during the boot it  
stops, complaining about that, gives me the option to get a shell, from  
which I am able to see that there is no /dev/sda* .


I have included everything SATA, so it looks like that is not a kernel  
problem, but a initramfs issue, I guess.


What am I missing?

Thanks a lot
Francisco

PS: my boot partition is sda2, sda3 is a swap partition, and everything  
else is in sda4. sda1 is not used (up to now) and this is my grub.conf :


title Gentoo Linux 2.6.39-gentoo-r3
root (hd0,1)
kernel /boot/kernel-genkernel-x86_64-2.6.39-gentoo-r3 ro root=/dev/ram0  
init=/linuxrc real_root=/dev/sda4 vga=0x318 video=uvesafb:1024x768-32  
nodevfs udev devfs=nomount quiet CONSOLE=/dev/tty1

initrd /boot/initramfs-genkernel-x86_64-2.6.39-gentoo-r3


Re: [gentoo-user] Running HTTP and DNS on same machine

2011-08-18 Thread Jarry

On 18-Aug-11 20:22, Grant wrote:

Just to counter all of the scary stories,


I do run dns with www on the same server (in addition to ftp,
mail, and a few more things), but each of those services in
its own vserver-guest...


Are those vserver-guest instances for security?  I didn't know people
used those for each service they run on the same machine.


It is a kind of "better chroot". Some services are not easy
to make running chrooted but can still run in vserver guest.

I think it is good to have services running separated.
If one of them gets compromised, others still keep running.
One more extra layer of security, worth trying. The only
service I'm running on "master-server" (host) is ssh on
non-standard port, with pretty tight firewall rules...

Jarry

--
___
This mailbox accepts e-mails only from selected mailing-lists!
Everything else is considered to be spam and therefore deleted.



Re: [gentoo-user] Running HTTP and DNS on same machine

2011-08-18 Thread Michael Mol
On Thu, Aug 18, 2011 at 2:22 PM, Grant  wrote:
>> I do run dns with www on the same server (in addition to ftp,
>> mail, and a few more things), but each of those services in
>> its own vserver-guest...
>>
>> Jarry
>
> Are those vserver-guest instances for security?  I didn't know people
> used those for each service they run on the same machine.

If you can do resource allotments, it can be handy to prevent a
runaway process on one machine from sucking all the CPU, RAM or disk
I/O away from other services.

-- 
:wq



Re: [gentoo-user] Running HTTP and DNS on same machine

2011-08-18 Thread Michael Mol
On Thu, Aug 18, 2011 at 2:17 PM, Florian Philipp  wrote:
> Am 18.08.2011 03:35, schrieb Michael Mol:
>> On Wed, Aug 17, 2011 at 5:53 PM, Alan McKinnon  
>> wrote:
>>> On Wed 17 August 2011 17:23:41 Michael Mol did opine thusly:
>>> At a minimum they should be on different interfaces and preferably in
>>> chroots. Otherwise all manner of $BAD_STUFF happens.
>>
>> Hm. Interested.
>>
>> echo $BAD_STUFF
>>
>> (or URI)
>>
>
> URI: http://cr.yp.to/djbdns/separation.html

Ah, gotcha. Yeah, I'm a bit worried about that. Even though I use a
FQDN, I'm only authorative within my own network and I don't (yet)
expose my DNS records publicly. (It all resolves to RFC1918
addresses...what'd be the point?)

-- 
:wq



Re: [gentoo-user] Running HTTP and DNS on same machine

2011-08-18 Thread Grant
>>> Just to counter all of the scary stories,
>>
>> Yeah, i'd like to counter too. While the implications of getting it
>> wrong are serious, technically its quite simple. I run my own DNS, and
>> use a couple of free secondaries (http://www.twisted4life.com and
>> http://www.everydns.net).
>
> The same here. I have been running my own dns for about 2 years,
> primary for a few domains. As secondaries I use twisted4life,
> xname, afraid, nether, and rollernet. Never had any problem.
> I did this mainly because my registrar had terrible web-interface
> which I simply refused to use. As a side-effect, I learned a lot
> about dn-system. Now I'm playing with dnssec, and it's quite
> interesting...
>
> I do run dns with www on the same server (in addition to ftp,
> mail, and a few more things), but each of those services in
> its own vserver-guest...
>
> Jarry

Are those vserver-guest instances for security?  I didn't know people
used those for each service they run on the same machine.

- Grant



Re: [gentoo-user] Running HTTP and DNS on same machine

2011-08-18 Thread Florian Philipp
Am 18.08.2011 03:35, schrieb Michael Mol:
> On Wed, Aug 17, 2011 at 5:53 PM, Alan McKinnon  
> wrote:
>> On Wed 17 August 2011 17:23:41 Michael Mol did opine thusly:
>>> On Wed, Aug 17, 2011 at 4:56 PM, Grant  wrote:
 I currently use a free service to host the DNS records for my
 website, but I'm thinking of running a DNS server on the same
 machine that runs my website instead.  Would that be fairly
 trivial to set up and maintain?  If so, which package should I
 use?
>>>
>>> ISC bind is the de facto standard for DNS servers. I haven't
>>> administered bind on Gentoo, but on Debian, most of the problems I
>>> run into come from how Debian packages and updates configuration
>>> files.
>>>
>>> I'm not running DNS servers in any major production capacity; I've
>>> got a bind server at home linking my home domain and my employer's
>>> work domain across a VPN, and updated dynamically via a dhcpd on
>>> the same server. It's also serving as a caching recursive resolver
>>> for my home network, which was *really* necessary when I was still
>>> on AT&T. (The DSL link was dropping packets every now and again,
>>> and it's a PITA when that happens to DNS queries)
>>
>> You're running an auth server and a cache on the same machine?
> 
> Split across a couple views, but yeah. And no recursion allowed on the wan 
> side.
> 
>>
>> At a minimum they should be on different interfaces and preferably in
>> chroots. Otherwise all manner of $BAD_STUFF happens.
> 
> Hm. Interested.
> 
> echo $BAD_STUFF
> 
> (or URI)
> 

URI: http://cr.yp.to/djbdns/separation.html

Regards,
Florian Philipp



signature.asc
Description: OpenPGP digital signature


Re: [gentoo-user] Running HTTP and DNS on same machine

2011-08-18 Thread Michael Mol
On Thu, Aug 18, 2011 at 1:26 PM, Jarry  wrote:
>
> The same here. I have been running my own dns for about 2 years,
> primary for a few domains. As secondaries I use twisted4life,
> xname, afraid, nether, and rollernet. Never had any problem.
> I did this mainly because my registrar had terrible web-interface
> which I simply refused to use. As a side-effect, I learned a lot
> about dn-system. Now I'm playing with dnssec, and it's quite
> interesting...
>
> I do run dns with www on the same server (in addition to ftp,
> mail, and a few more things), but each of those services in
> its own vserver-guest...

Interesting is an understatement. DNS is fascinating. I've got syslogd
on my router set up to send everything to tty1, which I also disabled
getty on, so I get to watch my syslog scroll by while I'm in the room.
I've been doing it this way for most of this year, and I've watched
DNS change in that time. For example:
* I'm seeing far fewer errors logged complaining about EDNS. That's been nice.
* I'm seeing fewer errors logged about bad  lookups (FORMERR et
al). Most sites which publish  records seem to be doing it OK,
although some CDNs, Google+ and Wikipedia *still* aren't doing it
right.

I've also switched from AT&T ADSL to Comcast in that time (though my
IPv6 comes from 6to4 in both cases), so some of those changes may be
an ISP-level issue.

--
:wq



Re: [gentoo-user] Running HTTP and DNS on same machine

2011-08-18 Thread Jarry

On 18-Aug-11 2:18, Adam Carter wrote:

Just to counter all of the scary stories,


Yeah, i'd like to counter too. While the implications of getting it
wrong are serious, technically its quite simple. I run my own DNS, and
use a couple of free secondaries (http://www.twisted4life.com and
http://www.everydns.net).


The same here. I have been running my own dns for about 2 years,
primary for a few domains. As secondaries I use twisted4life,
xname, afraid, nether, and rollernet. Never had any problem.
I did this mainly because my registrar had terrible web-interface
which I simply refused to use. As a side-effect, I learned a lot
about dn-system. Now I'm playing with dnssec, and it's quite
interesting...

I do run dns with www on the same server (in addition to ftp,
mail, and a few more things), but each of those services in
its own vserver-guest...

Jarry
--
___
This mailbox accepts e-mails only from selected mailing-lists!
Everything else is considered to be spam and therefore deleted.



[gentoo-user] OT: SSD with Sata

2011-08-18 Thread james
Enjoy!

Lots of folks have periodic quesions about SSD devices; so 
I thought this link would be welcome information on SSDs.

http://www.linuxfordevices.com/c/a/News/Samsung-SSD-830/?kc=LNXDEVNL081711

James






[gentoo-user] Re: OT: but cool - NASDAQ is gentoo powered

2011-08-18 Thread James
Gregory Shearman  gmail.com> writes:


> Is ARM more efficient than the intel atom?

Overwhelmingly YES! check out this bad boy that runs 
gentoo: [1] [2]

ARM has chipsets coming in months that are being dubbed
"the intel killers" based on the A15. [3]

There are notebooks with arm processors:[4] like the
ASUS Eee Pad Transformer (dual ARM Cortex-A9, touchscreen.

The future is ARM, bro Super low power, clusters
being developed that control resources awake/sleep/awake
in micro seconds and full sata interfaces. Intel cannot
compete with ARM on similar power/heat comparisons.
Several large clusters are being design around new ARM
chips and memory resources on the same die.

Better start dumping that Intel/Nvidia stock!
Arm already rules the new carrier design wins competitions
according to chips vendors (FAE's) that I talk too.


Unless a miracle happens, Intel is doomed to follow
IBM and MS tainted hardware efforts. MS has many secret
porting efforts to ARM arch style SOCs, trying to avoid
another implosion on is doz lack_ware.


hth,
James



[1] http://pandaboard.org/
[2] http://www.gentoo.org/proj/en/base/embedded/handbook/?part=4&chap=9

[3]
http://www.anandtech.com/show/4153/ti-reveals-omap-5-the-first-arm-cortex-a15-soc
[4] http://www.anandtech.com/show/4445/samsung-galaxy-tab-101-review









Re: [gentoo-user] what is /usr/lib64/debug ?

2011-08-18 Thread Allan Gottlieb
On Thu, Aug 18 2011, Allan Gottlieb wrote:

> On Thu, Aug 18 2011, Daniel Pielmeier wrote:
>
>> 2011/8/18 Allan Gottlieb :
>>> /usr/lib64/debug seems to have in it a duplicate (at least as far as
>>> directory names are concerned) of much of /usr/lib64.
>>>
>>> For example
>>>
>>>    ajglap lib64 # /bin/pwd
>>>    /usr/lib64/debug/usr/lib64
>>>    ajglap lib64 # du -s * | sort -n | tail -10
>>>    34020       mesa
>>>    53148       gstreamer-0.10
>>>    155992      icedtea6
>>>    161360      llvm
>>>    208932      qt4
>>>    304016      xulrunner-devel-2.0
>>>    308880      xulrunner-2.0
>>>    618408      firefox
>>>    669000      libwebkitgtk-1.0.so.0.7.2.debug
>>>    1087848     libreoffice
>>>    ajglap lib64 #
>>>
>>> Is this correct?  My system is ~amd64
>>
>>
>> Do you have the splitdebug [1] FEATURE enabled?
>>
>> [1] http://www.gentoo.org/proj/en/qa/backtraces.xml
>
> Bingo.
>
> If I drop this feature (I turned it on for tracking a bug) will the
> /usr/lib64/debug tree go away or must I delete it manually.
>
> Also are there any other large subtrees I need to purge?
>
> thanks for the help.
> allan

No need to answer these queries.  Everything is explained in [1]
above.

thanks again,
allan



Re: [gentoo-user] what is /usr/lib64/debug ?

2011-08-18 Thread Allan Gottlieb
On Thu, Aug 18 2011, Daniel Pielmeier wrote:

> 2011/8/18 Allan Gottlieb :
>> /usr/lib64/debug seems to have in it a duplicate (at least as far as
>> directory names are concerned) of much of /usr/lib64.
>>
>> For example
>>
>>    ajglap lib64 # /bin/pwd
>>    /usr/lib64/debug/usr/lib64
>>    ajglap lib64 # du -s * | sort -n | tail -10
>>    34020       mesa
>>    53148       gstreamer-0.10
>>    155992      icedtea6
>>    161360      llvm
>>    208932      qt4
>>    304016      xulrunner-devel-2.0
>>    308880      xulrunner-2.0
>>    618408      firefox
>>    669000      libwebkitgtk-1.0.so.0.7.2.debug
>>    1087848     libreoffice
>>    ajglap lib64 #
>>
>> Is this correct?  My system is ~amd64
>
>
> Do you have the splitdebug [1] FEATURE enabled?
>
> [1] http://www.gentoo.org/proj/en/qa/backtraces.xml

Bingo.

If I drop this feature (I turned it on for tracking a bug) will the
/usr/lib64/debug tree go away or must I delete it manually.

Also are there any other large subtrees I need to purge?

thanks for the help.
allan



Re: [gentoo-user] what is /usr/lib64/debug ?

2011-08-18 Thread Daniel Pielmeier
2011/8/18 Allan Gottlieb :
> /usr/lib64/debug seems to have in it a duplicate (at least as far as
> directory names are concerned) of much of /usr/lib64.
>
> For example
>
>    ajglap lib64 # /bin/pwd
>    /usr/lib64/debug/usr/lib64
>    ajglap lib64 # du -s * | sort -n | tail -10
>    34020       mesa
>    53148       gstreamer-0.10
>    155992      icedtea6
>    161360      llvm
>    208932      qt4
>    304016      xulrunner-devel-2.0
>    308880      xulrunner-2.0
>    618408      firefox
>    669000      libwebkitgtk-1.0.so.0.7.2.debug
>    1087848     libreoffice
>    ajglap lib64 #
>
> Is this correct?  My system is ~amd64


Do you have the splitdebug [1] FEATURE enabled?

[1] http://www.gentoo.org/proj/en/qa/backtraces.xml

-- 
Daniel Pielmeier



[gentoo-user] what is /usr/lib64/debug ?

2011-08-18 Thread Allan Gottlieb
/usr/lib64/debug seems to have in it a duplicate (at least as far as
directory names are concerned) of much of /usr/lib64.

For example

ajglap lib64 # /bin/pwd
/usr/lib64/debug/usr/lib64
ajglap lib64 # du -s * | sort -n | tail -10
34020   mesa
53148   gstreamer-0.10
155992  icedtea6
161360  llvm
208932  qt4
304016  xulrunner-devel-2.0
308880  xulrunner-2.0
618408  firefox
669000  libwebkitgtk-1.0.so.0.7.2.debug
1087848 libreoffice
ajglap lib64 # 

Is this correct?  My system is ~amd64

thanks,
allan



Re: [gentoo-user] OT: but cool - NASDAQ is gentoo powered

2011-08-18 Thread James Broadhead
On 18 August 2011 12:45, Norman Rieß  wrote:
> CFLAGS="-O2 -pipe -march=core2 -mssse3 -mfpmath=sse"

Yes, those work out to the same set as I posted -- the major
difference is that I have USE="gtk gcj", which along with the
additional load probably accounts for the discrepancy. I also have
-j5.

JB



Re: [gentoo-user] OT: but cool - NASDAQ is gentoo powered

2011-08-18 Thread Norman Rieß
Am 08/18/11 12:08, schrieb James Broadhead:
> On 18 August 2011 09:23, Norman Rieß  wrote:
>> Am 08/18/11 09:11, schrieb Matthew Finkel:
>>> Just out of curiosity, how long does it take to compile gcc?
>>>
>>> - Matt
>>
>> Atom:
>>
>> genlop -t sys-devel/gcc-4.4.5
>>  * sys-devel/gcc
>>
>> Sat Feb 26 13:06:08 2011 >>> sys-devel/gcc-4.4.5
>>   merge time: 1 hour, 12 minutes and 27 seconds.
>>
>> Wed Mar 23 23:01:12 2011 >>> sys-devel/gcc-4.4.5
>>   merge time: 1 hour, 10 minutes and 22 seconds.
> 
> I have an Atom 330 machine which is getting significantly worse
> build-times than you. What make.conf options are you using? (Or are
> you using something else to improve build times?)
> 
>  Wed Mar 16 04:49:09 2011 >>> sys-devel/gcc-4.4.5
>merge time: 2 hours, 56 minutes and 20 seconds.
> 
>  Thu May  5 22:07:36 2011 >>> sys-devel/gcc-4.3.4
>merge time: 2 hours, 14 minutes and 15 seconds.
> 
>  Fri May  6 00:35:53 2011 >>> sys-devel/gcc-4.4.5
>merge time: 2 hours, 28 minutes and 17 seconds.
> 
> Admittedly, my machine runs xbmc, which is a resource hog, and has a
> fair bit of disk activity.
> My CFLAGS are:
> CFLAGS="-O2 -march=core2 -mtune=generic -fomit-frame-pointer -pipe
> -mssse3 -mfpmath=sse"
> which date to before -march=atom, and having read a performance
> article suggesting these. I note that the only practical difference
> between the resultant gcc options is that setting -mtune to core2 adds
> "#define __tune_core2__ 1". I wonder what the practical difference is.
> echo | gcc -dM -E - -O2 -march=core2 -mtune=generic
> -fomit-frame-pointer -pipe -mssse3 -mfpmath=sse
> 
> I suppose, having looked into it this far, I'll merge gcc-4.5 to see
> what effect -mtune=atom has.
> 
> (I'm not particularly interested in build times, but whether they're a
> sign of poor overall performance ... )
> 
> JB
> 

Well i use an Atom D510, the core features seems to be quite similar to
yours, with the only difference, that D510 has a graphics unit added.
Here is my make.conf... how many threads are you using in gcc?

CFLAGS="-O2 -pipe -march=core2 -mssse3 -mfpmath=sse"
CXXFLAGS="${CFLAGS}"
CHOST="x86_64-pc-linux-gnu"
MAKEOPTS="-j5"

USE="-X -gtk -gtk2 -qt3 -qt4 -gnome -kde unicode nls -mysql mmx sse sse2
ssse3 acpi hddtemp threads iproute2"

LINGUAS="de"
AUTOCLEAN="yes"
FEATURES="parallel-fetch"

Norman




Re: [gentoo-user] {OT} Can I retrieve my SSL key?

2011-08-18 Thread Andrea Conti
On 18/08/11 03.23, Grant wrote:
> I just accidentally overwrote my SSL certificate key.  Is there any
> way to retrieve it?  Possibly some sort of export since I haven't
> restarted apache2 yet?

If apache keeps the certificate file open after reading it (I doubt
that's the case, but if you have lsof installed you should check just to
make sure) and you didn't restart it, you could try this method:

http://computer-forensics.sans.org/blog/2009/01/27/recovering-open-but-unlinked-file-data

Otherwise, assuming you're on ext2/ext3, ext3undel works quite well,
*provided that you stop any writes to the affected volume ASAP*, e.g. by
remounting it read-only.

If the data hasn't been overwritten, carving tools should work too, as
the ASCII-armor of the certificate provides an easily recognizable
pattern and the file is almost certainly small enough to fit within a
single FS block.

andrea




Re: [gentoo-user] OT: but cool - NASDAQ is gentoo powered

2011-08-18 Thread James Broadhead
On 18 August 2011 09:23, Norman Rieß  wrote:
> Am 08/18/11 09:11, schrieb Matthew Finkel:
>> Just out of curiosity, how long does it take to compile gcc?
>>
>> - Matt
>
> Atom:
>
> genlop -t sys-devel/gcc-4.4.5
>  * sys-devel/gcc
>
>     Sat Feb 26 13:06:08 2011 >>> sys-devel/gcc-4.4.5
>       merge time: 1 hour, 12 minutes and 27 seconds.
>
>     Wed Mar 23 23:01:12 2011 >>> sys-devel/gcc-4.4.5
>       merge time: 1 hour, 10 minutes and 22 seconds.

I have an Atom 330 machine which is getting significantly worse
build-times than you. What make.conf options are you using? (Or are
you using something else to improve build times?)

 Wed Mar 16 04:49:09 2011 >>> sys-devel/gcc-4.4.5
   merge time: 2 hours, 56 minutes and 20 seconds.

 Thu May  5 22:07:36 2011 >>> sys-devel/gcc-4.3.4
   merge time: 2 hours, 14 minutes and 15 seconds.

 Fri May  6 00:35:53 2011 >>> sys-devel/gcc-4.4.5
   merge time: 2 hours, 28 minutes and 17 seconds.

Admittedly, my machine runs xbmc, which is a resource hog, and has a
fair bit of disk activity.
My CFLAGS are:
CFLAGS="-O2 -march=core2 -mtune=generic -fomit-frame-pointer -pipe
-mssse3 -mfpmath=sse"
which date to before -march=atom, and having read a performance
article suggesting these. I note that the only practical difference
between the resultant gcc options is that setting -mtune to core2 adds
"#define __tune_core2__ 1". I wonder what the practical difference is.
echo | gcc -dM -E - -O2 -march=core2 -mtune=generic
-fomit-frame-pointer -pipe -mssse3 -mfpmath=sse

I suppose, having looked into it this far, I'll merge gcc-4.5 to see
what effect -mtune=atom has.

(I'm not particularly interested in build times, but whether they're a
sign of poor overall performance ... )

JB



Re: [gentoo-user] OT: but cool - NASDAQ is gentoo powered

2011-08-18 Thread Norman Rieß
Am 08/18/11 11:08, schrieb Neil Bothwick:
> On Thu, 18 Aug 2011 10:41:57 +0200, Norman Rieß wrote:
> 
 Concerning the "Atom not fast enough for compiling"-Problem. I
 compiled, run and update a Gentoo System on a AMD Geode LX, which is
 way less powerfull and it works just fine.  
>>>
>>> That's just plain masochism. I have one of those and even installing
>>> from binary packages is painfully slow.
>>>
>>> I have three Atom machines here, a small server, a netbook and a
>>> nettop used as a MythTV frontend, and the only compiling any of them
>>> do is for their kernels.
> 
>> I am not sitting in front of it watching stuff scroll by and its
>> funktion (Wifi-Accesspoint) is not affected by compiling...
>> Sure it takes a little longer, but why should i care.
> 
> Most of the time, there's no need. There are times when a package is
> updated and needs a config update immediately after or you could end up
> with the new program being called with the old config. Binary installs
> mean you have a better idea of when that will need to be done.
> 
> It's not a big issue, but I already have the binary build setup so adding
> one more host was a simple matter of creating a directory for the chroot
> and adding the host name to an existing script.
> 
> How long did the initial install take on the Geode? I installed to the
> chroot on the build host in the first place then rsynced everything
> across.
> 
> 

Yes, and when i return to that shell some time later i scroll through
the package messages and do what needs to be done, followed by a
etc-update, revdep-rebuild, depclean and sometimes lafilefixer.
I am not saying, i update like fire and forget :-).

Everyone should use a setting that one sees fit. That's why we use
Gentoo, right? Because we have that choice.
If you have a well working setup in place, then it is only right to use it.

Can't remember how long it take exactly, but here is the ouput of a
whole system rebuild with a kind of funny estimate :-).
Shows you all the packages, too.
Just wondering myself right now, why there are N and U packages, when
emerge -uDN world shows nothing to do...

emerge -pe system world | genlop -p
These are the pretended packages: (this may take a while; wait...)

[ebuild   R] sys-libs/zlib-1.2.5-r2
[ebuild   R] virtual/libintl-0
[ebuild   R] app-arch/xz-utils-5.0.1
[ebuild   R] sys-devel/gnuconfig-20110202
[ebuild   R] dev-libs/expat-2.0.1-r3
[ebuild   R] virtual/libiconv-0
[ebuild   R] app-misc/pax-utils-0.2.2
[ebuild   R] app-arch/bzip2-1.0.6
[ebuild   R] app-misc/mime-types-8
[ebuild   R] sys-devel/gcc-config-1.4.1-r1
[ebuild   R] app-arch/cpio-2.11
[ebuild   R] sys-libs/timezone-data-2011e
[ebuild   R] sys-fs/sysfsutils-2.1.0
[ebuild   R] sys-apps/tcp-wrappers-7.6-r8
[ebuild   R] dev-libs/libffi-3.0.9-r2
[ebuild   R] sys-devel/patch-2.5.9
[ebuild   R] sys-apps/which-2.20
[ebuild   R] sys-devel/autoconf-wrapper-10-r1
[ebuild   R] sys-devel/automake-wrapper-4
[ebuild   R] sys-process/cronbase-0.3.2-r1
[ebuild   R] mail-client/mailx-support-20060102-r1
[ebuild   R] dev-libs/libnl-1.1-r2
[ebuild   R] app-portage/portage-utils-0.3.1
[ebuild   R] net-misc/rdate-1.4-r3
[ebuild   R] sys-kernel/module-rebuild-0.5
[ebuild   R] sys-kernel/linux-headers-2.6.36.1
[ebuild   R] virtual/libffi-0
[ebuild   R] sys-apps/sandbox-2.4
[ebuild   R] sys-apps/net-tools-1.60_p20110409135728
[ebuild   R] sys-apps/module-init-tools-3.16-r1
[ebuild   R] sys-devel/m4-1.4.15
[ebuild   R] sys-apps/pciutils-3.1.7
[ebuild   R] virtual/os-headers-0
[ebuild   R] dev-libs/gmp-4.3.2
[ebuild   R] dev-libs/mpfr-3.0.0_p3
[ebuild   R] sys-apps/sysvinit-2.88-r1
[ebuild   R] virtual/init-0
[ebuild   R] sys-apps/baselayout-2.0.3
[ebuild   R] sys-apps/debianutils-3.4.4
[ebuild   R] sys-devel/libperl-5.10.1
[ebuild  N ] virtual/pam-0
[ebuild   R] net-mail/mailbase-1
[ebuild   R] virtual/man-0
[ebuild   R] sys-apps/man-pages-posix-2003a
[ebuild   R] app-i18n/man-pages-de-0.5-r1
[ebuild   R] sys-apps/man-pages-3.28
[ebuild   R] sys-auth/pambase-20101024
[ebuild   R] virtual/acl-0
[ebuild   R] app-admin/python-updater-0.9
[ebuild   R] sys-devel/binutils-config-2-r1
[ebuild   R] app-admin/eselect-vi-1.1.7-r1
[ebuild   R] virtual/mta-0
[ebuild   R] virtual/perl-MIME-Base64-3.08
[ebuild   R] virtual/perl-ExtUtils-CBuilder-0.27.03
[ebuild   R] app-admin/eselect-ctags-1.13
[ebuild   R] dev-util/ctags-5.7
[ebuild   R] virtual/perl-IO-Compress-2.024
[ebuild   R] virtual/perl-Digest-MD5-2.39
[ebuild   R] virtual/perl-libnet-1.220.0-r1
[ebuild   R] virtual/perl-Module-Build-0.36.07
[ebuild   R] virtual/perl-Test-Harness-3.17
[ebuild   R] virtual/perl-Archive-Tar-1.54
[ebuild   R] virtual/perl-ExtUtils-ParseXS-2.22.05
[ebuild   R] sys-devel/gettext-0.18.1.1-r1
[ebui

Re: [gentoo-user] {OT} Can I retrieve my SSL key?

2011-08-18 Thread Adam Carter
> photorec, from the testdisk package, will retrieve all files from a
> filesystem, deleted or otherwise. However it doesn't retrieve the names
> so finding the right one will be fun :-O Grep will help immensely.

This implies that the new file data is not written over to the top of
the old file - is that typically the case? Is it file system
dependent?

Is the file overwrite something like;
- write new file data to spare blocks
- move filename (hardlink) to point to the new block location



Re: [gentoo-user] OT: but cool - NASDAQ is gentoo powered

2011-08-18 Thread Gregory Shearman
In linux.gentoo.user, you wrote:
> On Tuesday 16 August 2011 02:48:30 Michael Mol wrote:
>
> I have a midget server on the LAN (Atom N270) which runs Gentoo, but it's 
> too underpowered to do all the compiling itself, so it NFS-exports its 
> packages directory to my workstation, where I have a 32-bit chroot set up as 
> an image of the Atom. Emerging is done here, making the packages available 
> for installation on the Atom. This is a cumbersome operation though.

That's interesting. I run a SheevaPlug with Gentoo onboard. It runs at
1.2G and has half a G of memory. I have no trouble compiling gentoo on
this little server. It works as a file server, backup server, web
server and portage server (distfiles and portage sync for the gentoos on
my network).

Is ARM more efficient than the intel atom?

-- 
Regards,
Gregory.



Re: [gentoo-user] OT: but cool - NASDAQ is gentoo powered

2011-08-18 Thread Neil Bothwick
On Thu, 18 Aug 2011 10:41:57 +0200, Norman Rieß wrote:

> >> Concerning the "Atom not fast enough for compiling"-Problem. I
> >> compiled, run and update a Gentoo System on a AMD Geode LX, which is
> >> way less powerfull and it works just fine.  
> > 
> > That's just plain masochism. I have one of those and even installing
> > from binary packages is painfully slow.
> > 
> > I have three Atom machines here, a small server, a netbook and a
> > nettop used as a MythTV frontend, and the only compiling any of them
> > do is for their kernels.

> I am not sitting in front of it watching stuff scroll by and its
> funktion (Wifi-Accesspoint) is not affected by compiling...
> Sure it takes a little longer, but why should i care.

Most of the time, there's no need. There are times when a package is
updated and needs a config update immediately after or you could end up
with the new program being called with the old config. Binary installs
mean you have a better idea of when that will need to be done.

It's not a big issue, but I already have the binary build setup so adding
one more host was a simple matter of creating a directory for the chroot
and adding the host name to an existing script.

How long did the initial install take on the Geode? I installed to the
chroot on the build host in the first place then rsynced everything
across.


-- 
Neil Bothwick

WWW: World Wide Wait


signature.asc
Description: PGP signature


Re: [gentoo-user] OT: but cool - NASDAQ is gentoo powered

2011-08-18 Thread Matthew Finkel
On Thu, Aug 18, 2011 at 3:58 AM, Dale  wrote:

> Matthew Finkel wrote:
>
>> Just out of curiosity, how long does it take to compile gcc?
>>
>> - Matt
>>
>
> This may help.  I saw one Atom CPU in the list.
>
> http://gentoo.linuxhowtos.org/**compiletimeestimator/
>
> It must be pretty slow since it is at about the bottom of the list.  The
> list goes from fastest to slowest.
>
> Dale
>
> :-)  :-)
>
>
huh, that's a pretty neat site, thanks. A funny thing about this site is
that the 'slowest' core listed is a P2 which has an estimated compile time
that's twice as fast for gcc as Norman's Geo. His atom is quite snappy
though. :)


Re: [gentoo-user] OT: but cool - NASDAQ is gentoo powered

2011-08-18 Thread Matthew Finkel
On Thu, Aug 18, 2011 at 4:23 AM, Norman Rieß  wrote:

> Am 08/18/11 09:11, schrieb Matthew Finkel:
> > On Thu, Aug 18, 2011 at 12:45 AM, Norman Rieß  > > wrote:
> >
> > Am 08/17/11 13:44, schrieb Joost Roeleveld:
> > > On Wednesday, August 17, 2011 09:59:50 AM Peter Humphrey wrote:
> > >> On Tuesday 16 August 2011 02:48:30 Michael Mol wrote:
> > >>> How does everybody here use Gentoo? For personal use? Production
> > use?
> > >>> For
> > >>> server, desktop or embedded roles? What's your most interesting
> > setup
> > >>> or use case?
> > >>
> > >> Since you ask: my workstation runs Gentoo. My old workstation
> > sometimes
> > >> does; at other times it's experimenting with other distributions.
> > >>
> > >> I have a midget server on the LAN (Atom N270) which runs Gentoo,
> > but it's
> > >> too underpowered to do all the compiling itself, so it
> > NFS-exports its
> > >> packages directory to my workstation, where I have a 32-bit
> > chroot set up as
> > >> an image of the Atom. Emerging is done here, making the packages
> > available
> > >> for installation on the Atom. This is a cumbersome operation
> though.
> > >>
> > >> The Atom serves web, time, squid proxy, dns, cups and mysql to
> > the LAN. It
> > >> runs http-replicator and rsyncd to keep a local portage tree for
> > the other
> > >> boxes. I'd like it to serve mail too, but I've never managed to
> > set that up.
> > >
> > > Putting email on the Atom using IMAP might not be the best option.
> > IMAP can be
> > > quite heavy on resources on the server-side.
> > >
> > > I use a quad-core AMD for my server.
> > >
> > > --
> > > Joost
> > >
> >
> > Depends on how you use it. I have an IMAP-Server running on Atom
> which
> > holds my email archive. Also depends on the Software you use for the
> > IMAP-Server.
> > I can not see why a N270 could not serve a moderate amount of users
> > on IMAP.
> >
> > Concerning the "Atom not fast enough for compiling"-Problem. I
> compiled,
> > run and update a Gentoo System on a AMD Geode LX, which is way less
> > powerfull and it works just fine.
> >
> > Norman
> >
> >
> > Just out of curiosity, how long does it take to compile gcc?
> >
> > - Matt
>
> Atom:
>
> genlop -t sys-devel/gcc-4.4.5
>  * sys-devel/gcc
>
> Sat Feb 26 13:06:08 2011 >>> sys-devel/gcc-4.4.5
>   merge time: 1 hour, 12 minutes and 27 seconds.
>
> Wed Mar 23 23:01:12 2011 >>> sys-devel/gcc-4.4.5
>   merge time: 1 hour, 10 minutes and 22 seconds.
>
>
> Geode:
>
>  genlop -t sys-devel/gcc-4.4.5
>  * sys-devel/gcc
>
> Sat Feb 26 19:11:36 2011 >>> sys-devel/gcc-4.4.5
>   merge time: 7 hours, 17 minutes and 41 seconds.
>
> Fri Mar 25 05:51:21 2011 >>> sys-devel/gcc-4.4.5
>   merge time: 7 hours, 17 minutes and 2 seconds.
>
>
> Norman
>
>
Interesting, thanks! I was interested in a comparison of compile times. I
was originally going to ask how long it takes to compile OO/LibreOffice but
then figured your system most likely didn't have it. haha

And as you said in your other reply, if you rarely have to interact with
this system, and compiling doesn't result in significant lag, why not
compile it? It'd take a century to emerge an entire feature-full
desktop/server build, but as a small embedded system it actually sounds
reasonable.


Re: [gentoo-user] OT: but cool - NASDAQ is gentoo powered

2011-08-18 Thread Norman Rieß
Am 08/18/11 09:50, schrieb Neil Bothwick:
> On Thu, 18 Aug 2011 06:45:14 +0200, Norman Rieß wrote:
> 
>> Concerning the "Atom not fast enough for compiling"-Problem. I compiled,
>> run and update a Gentoo System on a AMD Geode LX, which is way less
>> powerfull and it works just fine.
> 
> That's just plain masochism. I have one of those and even installing from
> binary packages is painfully slow.
> 
> I have three Atom machines here, a small server, a netbook and a nettop
> used as a MythTV frontend, and the only compiling any of them do is for
> their kernels.
> 
> 

I am not sitting in front of it watching stuff scroll by and its
funktion (Wifi-Accesspoint) is not affected by compiling...
Sure it takes a little longer, but why should i care.

And compiling on the Atoms is not worth a mention... my pentium m is
less snappy.




Re: [gentoo-user] {OT} Can I retrieve my SSL key?

2011-08-18 Thread Neil Bothwick
On Thu, 18 Aug 2011 03:45:11 +0200, Francisco Blas Izquierdo Riera
(klondike) wrote:

> > I generated a new key but used the wrong filename so it overwrote a
> > key that has an associated certificate.  
> Hopefully you can still ext3undelete it Worst case you have to parse the
> whole disk looking for a pattern with a custom C program (AHH the pain!)

photorec, from the testdisk package, will retrieve all files from a
filesystem, deleted or otherwise. However it doesn't retrieve the names
so finding the right one will be fun :-O Grep will help immensely.


-- 
Neil Bothwick

FINE: Tax for doing wrong. Tax: fine for doing fine.


signature.asc
Description: PGP signature


Re: [gentoo-user] OT: but cool - NASDAQ is gentoo powered

2011-08-18 Thread Norman Rieß
Am 08/18/11 09:11, schrieb Matthew Finkel:
> On Thu, Aug 18, 2011 at 12:45 AM, Norman Rieß  > wrote:
> 
> Am 08/17/11 13:44, schrieb Joost Roeleveld:
> > On Wednesday, August 17, 2011 09:59:50 AM Peter Humphrey wrote:
> >> On Tuesday 16 August 2011 02:48:30 Michael Mol wrote:
> >>> How does everybody here use Gentoo? For personal use? Production
> use?
> >>> For
> >>> server, desktop or embedded roles? What's your most interesting
> setup
> >>> or use case?
> >>
> >> Since you ask: my workstation runs Gentoo. My old workstation
> sometimes
> >> does; at other times it's experimenting with other distributions.
> >>
> >> I have a midget server on the LAN (Atom N270) which runs Gentoo,
> but it's
> >> too underpowered to do all the compiling itself, so it
> NFS-exports its
> >> packages directory to my workstation, where I have a 32-bit
> chroot set up as
> >> an image of the Atom. Emerging is done here, making the packages
> available
> >> for installation on the Atom. This is a cumbersome operation though.
> >>
> >> The Atom serves web, time, squid proxy, dns, cups and mysql to
> the LAN. It
> >> runs http-replicator and rsyncd to keep a local portage tree for
> the other
> >> boxes. I'd like it to serve mail too, but I've never managed to
> set that up.
> >
> > Putting email on the Atom using IMAP might not be the best option.
> IMAP can be
> > quite heavy on resources on the server-side.
> >
> > I use a quad-core AMD for my server.
> >
> > --
> > Joost
> >
> 
> Depends on how you use it. I have an IMAP-Server running on Atom which
> holds my email archive. Also depends on the Software you use for the
> IMAP-Server.
> I can not see why a N270 could not serve a moderate amount of users
> on IMAP.
> 
> Concerning the "Atom not fast enough for compiling"-Problem. I compiled,
> run and update a Gentoo System on a AMD Geode LX, which is way less
> powerfull and it works just fine.
> 
> Norman
> 
> 
> Just out of curiosity, how long does it take to compile gcc?
> 
> - Matt

Atom:

genlop -t sys-devel/gcc-4.4.5
 * sys-devel/gcc

 Sat Feb 26 13:06:08 2011 >>> sys-devel/gcc-4.4.5
   merge time: 1 hour, 12 minutes and 27 seconds.

 Wed Mar 23 23:01:12 2011 >>> sys-devel/gcc-4.4.5
   merge time: 1 hour, 10 minutes and 22 seconds.


Geode:

 genlop -t sys-devel/gcc-4.4.5
 * sys-devel/gcc

 Sat Feb 26 19:11:36 2011 >>> sys-devel/gcc-4.4.5
   merge time: 7 hours, 17 minutes and 41 seconds.

 Fri Mar 25 05:51:21 2011 >>> sys-devel/gcc-4.4.5
   merge time: 7 hours, 17 minutes and 2 seconds.


Norman



Re: [gentoo-user] OT: but cool - NASDAQ is gentoo powered

2011-08-18 Thread Dale

Matthew Finkel wrote:

Just out of curiosity, how long does it take to compile gcc?

- Matt


This may help.  I saw one Atom CPU in the list.

http://gentoo.linuxhowtos.org/compiletimeestimator/

It must be pretty slow since it is at about the bottom of the list.  The 
list goes from fastest to slowest.


Dale

:-)  :-)



Re: [gentoo-user] OT: but cool - NASDAQ is gentoo powered

2011-08-18 Thread Neil Bothwick
On Thu, 18 Aug 2011 06:45:14 +0200, Norman Rieß wrote:

> Concerning the "Atom not fast enough for compiling"-Problem. I compiled,
> run and update a Gentoo System on a AMD Geode LX, which is way less
> powerfull and it works just fine.

That's just plain masochism. I have one of those and even installing from
binary packages is painfully slow.

I have three Atom machines here, a small server, a netbook and a nettop
used as a MythTV frontend, and the only compiling any of them do is for
their kernels.


-- 
Neil Bothwick

This virus requires Microsoft Windows XP


signature.asc
Description: PGP signature


Re: [gentoo-user] OT: but cool - NASDAQ is gentoo powered

2011-08-18 Thread Neil Bothwick
On Tue, 16 Aug 2011 02:10:18 -0700 (PDT), Alan McKinnon wrote:

> I was interested to read that NASDAQ runs a "modified" Gentoo and 
> wondered "what does an unmodified stock Gentoo look like". 

Shiny, round, about 5.25" in diameter :)


-- 
Neil Bothwick

To be sure of hitting the target, shoot first and call whatever you hit
the target.


signature.asc
Description: PGP signature


Re: [gentoo-user] What's the status of ht://Dig?

2011-08-18 Thread Matthew Finkel
On Wed, Aug 17, 2011 at 11:02 PM, Peter Humphrey
wrote:

> Hello list,
>
> I'd like to add a search facility to my choir's website, and a likely-
> looking candidate is ht://Dig, but its News dates from seven years ago.
> Does
> this mean it's dead or absolutely stable?
>
> If this isn't a runner, does the team wish to offer an alternative? I have
> over 100 pages in this site, and I'm sure a visitor would like to be able
> to
> search for a particular member, song, venue etc.
>
> --
> Rgds
> Peter   Linux Counter 5290, 1994-04-23
>
>
Browsing through the page, the project looks pretty dead which seems strange
considering how many contributors it had.

As such, I've never used it but Hyper Estraier[0] may do what you want, as
well. There are probably others out there. There's also always the Google
option.

[0] http://fallabs.com/hyperestraier/

- Matt


Re: [gentoo-user] {OT} Can I retrieve my SSL key?

2011-08-18 Thread Matthew Finkel
On Wed, Aug 17, 2011 at 10:24 PM, Michael Mol  wrote:

> On Wed, Aug 17, 2011 at 9:45 PM, Francisco Blas Izquierdo Riera (klondike)
>  wrote:
>
>> El 18/08/11 03:37, Grant escribió:
>> >>> I just accidentally overwrote my SSL certificate key.  Is there any
>> >>> way to retrieve it?  Possibly some sort of export since I haven't
>> >>> restarted apache2 yet?
>> >> What, exactly, did you do that caused the overwrite?
>> > I generated a new key but used the wrong filename so it overwrote a
>> > key that has an associated certificate.
>> Hopefully you can still ext3undelete it Worst case you have to parse the
>> whole disk looking for a pattern with a custom C program (AHH the pain!)
>>
>> There are file carver tools I've not had any luck with them, though.
>
>
> --
> :wq
>


As Francisco mentioned, depending on the filesystem you're using, there may
exist an 'undelete' tool which came with the util package. If not, then
assuming you have at least a few gigs of free space on your drive/partition
the chances that the file was /actually/ overwritten are quite slim, so the
cert is most likely still there. Any decent "data recovery" program should
be able to find it (and just about every single other file you've ever
deleted). I wish I could recommend one, but I thankfully have not needed one
recently (hopefully this won't jinx it :) ).

Good Luck!

- Matt


Re: [gentoo-user] OT: but cool - NASDAQ is gentoo powered

2011-08-18 Thread Matthew Finkel
On Thu, Aug 18, 2011 at 12:45 AM, Norman Rieß  wrote:

> Am 08/17/11 13:44, schrieb Joost Roeleveld:
> > On Wednesday, August 17, 2011 09:59:50 AM Peter Humphrey wrote:
> >> On Tuesday 16 August 2011 02:48:30 Michael Mol wrote:
> >>> How does everybody here use Gentoo? For personal use? Production use?
> >>> For
> >>> server, desktop or embedded roles? What's your most interesting setup
> >>> or use case?
> >>
> >> Since you ask: my workstation runs Gentoo. My old workstation sometimes
> >> does; at other times it's experimenting with other distributions.
> >>
> >> I have a midget server on the LAN (Atom N270) which runs Gentoo, but
> it's
> >> too underpowered to do all the compiling itself, so it NFS-exports its
> >> packages directory to my workstation, where I have a 32-bit chroot set
> up as
> >> an image of the Atom. Emerging is done here, making the packages
> available
> >> for installation on the Atom. This is a cumbersome operation though.
> >>
> >> The Atom serves web, time, squid proxy, dns, cups and mysql to the LAN.
> It
> >> runs http-replicator and rsyncd to keep a local portage tree for the
> other
> >> boxes. I'd like it to serve mail too, but I've never managed to set that
> up.
> >
> > Putting email on the Atom using IMAP might not be the best option. IMAP
> can be
> > quite heavy on resources on the server-side.
> >
> > I use a quad-core AMD for my server.
> >
> > --
> > Joost
> >
>
> Depends on how you use it. I have an IMAP-Server running on Atom which
> holds my email archive. Also depends on the Software you use for the
> IMAP-Server.
> I can not see why a N270 could not serve a moderate amount of users on
> IMAP.
>
> Concerning the "Atom not fast enough for compiling"-Problem. I compiled,
> run and update a Gentoo System on a AMD Geode LX, which is way less
> powerfull and it works just fine.
>
> Norman
>
>
Just out of curiosity, how long does it take to compile gcc?

- Matt