Re: [gentoo-user] [OT] Digital signatures

[Mick]

On Friday 20 Jan 2012 07:57:38 Frank Steinmetzger wrote:
 On Thu, Jan 19, 2012 at 01:22:50PM -0600, Paul Hartman wrote:
  On 1/19/2012 11:32 AM, Chris Walters wrote:
   On 1/19/2012 11:57 AM, Frank Steinmetzger wrote:
   On Thu, Jan 19, 2012 at 12:53:07AM -0600, Dale wrote:
   While on this subject, sort of.  Who on here as their email set up to
   encrypt and decrypt emails?  I want to test some things OFF LIST.
   
   Well, if you had signed your mail, then I could write you encrypted.
   :)
   
   This is a test.  Enigmail has been trying to use a revoked and expired
   key to sign my messages, lately.
   
   Chris
  
  Looks good to me, at least based on what's presently available in the
  keyservers.
 
 Hm... I seem to be too dumb. Mutt tells me that the msg is signed, but
 doesn't tell me by whom (I know that I need to have the public key in my
 keyring to see a name, but it doesn't even tell me the key ID). Saving the
 whole mail to a file and verifying the sig doesn't work either, that too
 is obvious because 1) only the text is signed, not the rest of the mail
 and b) the signed stuff and the sig need to be two different files for gpg
 --verify to work. So I saved the signature.asc and the text separately.
 Now verification works and I see a key ID, but using gpg --search key ID
 doesn't find the given key on the server.
 
 GPGing was much easier when KMail still worked. ^^

Yes, I dabbled with mutt but I found the gpg and s/mime rather cranky compared 
with the super-smooth integration of kmail and kgpg.  Unfortunately with 
kdepim-4.7 the whole kmail experience has been a rather unpleasant one for me.  
:(
-- 
Regards,
Mick


signature.asc
Description: This is a digitally signed message part.

Re: [gentoo-user] S.O.P.A and P.I.P.A and the blackout.

[Chris Walters]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 1/20/2012 02:57 AM, Frank Steinmetzger wrote:
 On Thu, Jan 19, 2012 at 01:22:50PM -0600, Paul Hartman wrote:
 On 1/19/2012 11:32 AM, Chris Walters wrote:

 This is a test.  Enigmail has been trying to use a revoked and expired key 
 to
 sign my messages, lately.

 Chris

 Looks good to me, at least based on what's presently available in the
 keyservers.
 
 Hm... I seem to be too dumb. Mutt tells me that the msg is signed, but doesn't
 tell me by whom (I know that I need to have the public key in my keyring to 
 see
 a name, but it doesn't even tell me the key ID). Saving the whole mail to a
 file and verifying the sig doesn't work either, that too is obvious because 1)
 only the text is signed, not the rest of the mail and b) the signed stuff and
 the sig need to be two different files for gpg --verify to work. So I saved 
 the
 signature.asc and the text separately. Now verification works and I see a key
 ID, but using gpg --search key ID doesn't find the given key on the server.
 
 GPGing was much easier when KMail still worked. ^^

Hmmm...  Have you tried running 'gpg -k | less' and searching for either
Christopher Walters or the keyid: EF9C0F58.  If my key is not in your public
keys, that would explain the problem identifying who signed the message.  It
sounds like it might be a problem with Mutt not importing the key, though I
could be wrong.

I only dabbled with Mutt a while ago, and now I don't even have an email client
set up on my Gentoo system.  This time, I'll include my key with the message,
so it will have the key.

Chris
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJPGSihAAoJEFHj8CHvnA9Yh9YP/jYpE9mnf2iCY3ihJ3JkVFQ9
Z4t89c+lBnPqaPs2aGoSbjOMcoWziU1f8adoKXv4DxPFNArX1Qgk+VKbt0GN91D7
L+WFdA7Tn/qZi9WfvhmpMFrA2e73OwOq+vUPLhh6cspRULwXx505VXlcv9QStuFf
CfP1rA5WCU9zhikTwPgChZbiDwEZtfe7A8ypybdudHCeygPHQGBHuMV8Qt88inH6
dQIpH/5n1qimCtgQ+3qlVjordo9CU0FhklfhWT5n+zZhjlVOco8By68mISZjsLyH
g3LHzWnAeLI6G5tJ/wXVyFKCIaQTDsGMijqJA9ChEfO0M/wbiX4X+3yy8QxYUzsz
NgKDSqyYpdPVOdmwCvWgZ66epmZXOWWGWqZp5IVrvGTc+SXzrl6GBAosUdTeGk46
KKiNA9WQ7jasBYZvw21vYar1UxUG5UApMfSQmvmUPoJLjq8r4Ngh29Ed8MX83dSO
INDBpHQQ1X2QsLmY8PdA2/BxQ74Zu00DuK8W/ng2ujcpVNLcZOfKYdoCTB4dP8mk
jWpyK6D4+ogDrr+OQ7E9+oeIqku6IdNNRU50/86MgsoGwQTzprY+wauFNigh7sjF
ZfLTGxtjnZqend6buRenKz6sgKKqpl9mOxpLkrIxpRp3wwpNSSzT7mVoxLeV5IW9
YTMfanz4zXaoDYC/tAbD
=1iC+
-END PGP SIGNATURE-


0xEF9C0F58.asc
Description: application/pgp-keys


---
avast! Antivirus: Outbound message clean.
Virus Database (VPS): 120119-2, 01/19/2012
Tested on: 1/20/2012 3:41:09 AM
avast! - copyright (c) 1988-2012 AVAST Software.
http://www.avast.com

Re: [gentoo-user] S.O.P.A and P.I.P.A and the blackout.

[Dale]

Paul Hartman wrote:
 On Thursday, January 19, 2012, Dale rdalek1...@gmail.com
 mailto:rdalek1...@gmail.com wrote:
 I don't have mine set up to sign them all.  I did a couple to see if it
 worked or not.  Whenever I sign a message, it asks for the password.  It
 is quite a long password and I don't want to type it in every time I
 send something.
 
 If you use gpg-agent (and configure Enigmail to use it), it will
 remember that you already entered your passphrase for some amount of
 time, so you don't need to keep reentering it over and over during the
 same session.


Well, I dug around and found a time out setting.  It is set to 5
minutes.  At least I know I can change it or get er done in 5 minutes or
less.

Oooops.  get er done may violate SOPA.  Am I going to jail?  ROFL

Dale

:-)  :-)

-- 
I am only responsible for what I said ... Not for what you understood or
how you interpreted my words!

Miss the compile output?  Hint:
EMERGE_DEFAULT_OPTS=--quiet-build=n

Re: [gentoo-user] Portage option --changed-use not working?

[Dale]

Hilco Wijbenga wrote:
 On 19 January 2012 19:25, Dale rdalek1...@gmail.com wrote:
 Hilco Wijbenga wrote:
 On 19 January 2012 17:38, Dale rdalek1...@gmail.com wrote:
 Hilco Wijbenga wrote:
 On 19 January 2012 16:05, Dale rdalek1...@gmail.com wrote:
 Well, the USE flag got changed.  Isn't that what -N is supposed to do?

 -N == --newuse not --changed-use :-)

 It's exactly for this reason that I use --changed-use and not
 --newuse. See the man page for the details.




 Well, sort of seems like about the same.  The dev changed the USE flag,
 it is changed, portage sees it was changed, portage wants to recompile
 it with the new/changed flags.

 I'm not exactly clear on the difference between newuse and changed-use.
  If you enable a USE flag, it is changed.  If you disable a USE flag, it
 is changed.  If a new flag comes along and it is different than the last
 install, then it can be either a new flag or a changed flag.  It should
 recompile either way.

 The point here is that a USE flag was removed but it wasn't enabled
 anyway. So no recompile necessary. Which is what --changed-use is
 supposed to be for (as I understand the man page).

 Maybe there is some subtle difference somewhere that I am missing.

 Which is why I included what it says in the man page and then referred
 you to said man page... ;-)




 Well, when I did mine, it showed up as a change.  It was in yellow.
 Maybe your system was different or something.
 
 Nope, same here. And obviously there was a change: a flag was removed.
 But, again, my understanding of --changed-use (as opposed to --newuse)
 is that it should have prevented the reinstall.
 
 Most man pages are Greek.  My Greek is not real good.
 
 :-) I don't think they're quite that bad although I agree that you
 sometimes sort of already need to know where to look.
 
 


Sometimes my problem is it is like shooting skeet, it's a moving target.
 Sometimes it moves pretty darn fast too.  Zac adds it faster than I can
keep up.  I wish they would announce new stuff when it get released,
both unstable and stable.  Then again, maybe it moves so fast he can't
keep up either.  lol

Dale

:-)  :-)

-- 
I am only responsible for what I said ... Not for what you understood or
how you interpreted my words!

Miss the compile output?  Hint:
EMERGE_DEFAULT_OPTS=--quiet-build=n

[gentoo-user] after world update cxfe will not emerge

[covici]

Hi.  I just did a world update using unstable gentoo and my
preserved-rebuild wants me to emerge cxfe, but cxfe will not emerge.  I
get the following:

post.c: In function ?pplugin_parse_and_load?:
post.c:106:5: warning: implicit declaration of function ?xine_strdupa?
post.c:131:6: warning: ?xine_xmalloc? is deprecated (declared at
/usr/include/xine/xineutils.h:136)
post.c:137:6: warning: ?xine_xmalloc? is deprecated (declared at
/usr/include/xine/xineutils.h:136)
post.c: In function ?_pplugin_join_deinterlace_and_post_elements?:
post.c:344:5: warning: ?xine_xmalloc? is deprecated (declared at
/usr/include/xine/xineutils.h:136)
post.c: In function ?pplugin_parse_and_load?:
post.c:106:17: warning: ?post_chain? may be used uninitialized in this
function
x86_64-pc-linux-gnu-gcc -Wall  -O2 -mtune=core2 -pipe -ggdb `xine-config
--cflags`   -c -o termio/getch2.o termio/getch2.c
xine-config is DEPRECATED. Use pkg-config instead.
x86_64-pc-linux-gnu-gcc -Wall -Wl,-O1 -Wl,--as-needed  cxfe.o post.o
termio/getch2.o  `xine-config --libs` -L/usr/X11R6/lib -lXext -lxine
-lncurses -lm -lXext \-lX11  -lX11 -o cxfe
xine-config is DEPRECATED. Use pkg-config instead.
cxfe.o: In function `cxfe_run_x11':
/var/tmp/portage/media-video/cxfe-0.9.2/work/cxfe-0.9.2/cxfe.c:1018:
undefined reference to `xine_gui_send_vo_data'
/var/tmp/portage/media-video/cxfe-0.9.2/work/cxfe-0.9.2/cxfe.c:991:
undefined reference to `xine_gui_send_vo_data'
cxfe.o: In function `main':
/var/tmp/portage/media-video/cxfe-0.9.2/work/cxfe-0.9.2/cxfe.c:1288:
undefined reference to `xine_gui_send_vo_data'
/var/tmp/portage/media-video/cxfe-0.9.2/work/cxfe-0.9.2/cxfe.c:1289:
undefined reference to `xine_gui_send_vo_data'
cxfe.o: In function `cxfe_run_x11':
/var/tmp/portage/media-video/cxfe-0.9.2/work/cxfe-0.9.2/cxfe.c:860:
undefined reference to `xine_gui_send_vo_data'
post.o: In function `pplugin_parse_and_load':
/var/tmp/portage/media-video/cxfe-0.9.2/work/cxfe-0.9.2/post.c:106:
undefined reference to `xine_strdupa'
collect2: ld returned 1 exit status

I emerged xine-lib again, but no joy.

Any assistance would be appreciated.


-- 
Your life is like a penny.  You're going to lose it.  The question is:
How do
you spend it?

 John Covici
 cov...@ccs.covici.com

Re: [gentoo-user] Portage option --changed-use not working?

[Neil Bothwick]

On Fri, 20 Jan 2012 03:07:18 -0600, Dale wrote:

 Sometimes my problem is it is like shooting skeet, it's a moving target.
  Sometimes it moves pretty darn fast too.  Zac adds it faster than I can
 keep up.  I wish they would announce new stuff when it get released,
 both unstable and stable.  Then again, maybe it moves so fast he can't
 keep up either.  lol

--changed-use has been around for many years.


-- 
Neil Bothwick

*Libra*: /(Sept 23--Oct 23)/ An unfortunate typo on your application
results in your being accepted into the Legion Of Superherpes.


signature.asc
Description: PGP signature

Re: [gentoo-user] Portage option --changed-use not working?

[Dale]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Neil Bothwick wrote:
 On Fri, 20 Jan 2012 03:07:18 -0600, Dale wrote:
 
 Sometimes my problem is it is like shooting skeet, it's a moving
 target. Sometimes it moves pretty darn fast too.  Zac adds it
 faster than I can keep up.  I wish they would announce new stuff
 when it get released, both unstable and stable.  Then again,
 maybe it moves so fast he can't keep up either.  lol
 
 --changed-use has been around for many years.
 
 


It sounds like the way it works has changed tho.  I don't think I have
used that option before so I don't know how it used to work.  I think
the OP thinks the same.  Something changed I guess.  We all know that
after the build output disappeared a while back.

Dale

:-)  :-)

- -- 
I am only responsible for what I said ... Not for what you understood
or how you interpreted my words!

Miss the compile output?  Hint:
EMERGE_DEFAULT_OPTS=--quiet-build=n
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.18 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk8ZPTkACgkQiBoxVpK2GMDCMQCfUzkiAiQpKZsfWzDyDKe2PEfS
BJYAoLIpyMzkteuaTauSAgVY/Eh7YotY
=WNq0
-END PGP SIGNATURE-

Re: [gentoo-user] Good 'layman' tutorial on IPv4 IPv6?

[Tanstaafl]

On 2012-01-19 5:32 PM, Mick michaelkintz...@gmail.com wrote:

On Thursday 19 Jan 2012 15:48:32 Michael Mol wrote:

On Thu, Jan 19, 2012 at 10:37 AM, Tanstaafltansta...@libertytrek.org  wrote:

I have a reasonable grasp of how to use IP addresses etc with IPv4, but
every time I start rading about IPv6 I get a headache...

Does anyone know of a decent tutorial written specifically to those who
have an ok (but not hugely in-depth) understanding of IPv4, and doesn't
get bogged down in too many technical details, but simply explains what
you need to know to be able to transition to it and use it effectively
*and securely* - and/or how *not* to have to expose your entire private
network to the world (what IPv4 NAT protects you from)?



I've been doing IPv6 presentations at LUGs and tech cons, and I'm
getting scheduled for a few IPv6 topics at Penguicon...but I'm pretty
sure I'm also not the most knowledgeable on this list wrt IPv6,
either. Still, what would you like to know? (I can use your questions
as fodder and experience for future presentations. ^^)



Now that IPv6 is enabled by default on Linux, is one meant to duplicate all
the IPv4 iptable rules also for IPv6?  I'm using arno ip tables and from what
I saw in the config file it is either 4 or 6 that one can activate.  Perhaps
this has improved with later versions.


That was the very first question (and headache) I got from looking at this.


The OP would probably have more questions, but if you ever pull together a
pack of slides I would much appreciate a link to look at them.


I really wouldn't know where to start... that is why I was looking for a 
decent tutorial that covered the topic in total, so I could hopefully 
get to the point that I *could* ask some intelligent questions about it...


One very general question I have is, how can you - or even *can* you - 
hide all of your internal devices from the outside world, similar to how 
the use of 'private' IP's behind a NAT'd firewall are hidden from the 
outside world (nor directly accessible). I definitely do *not* want all 
of my internal devices directly accessible from the internet.

Re: [gentoo-user] S.O.P.A and P.I.P.A and the blackout.

[Tanstaafl]

On 2012-01-19 5:42 PM, Alan McKinnon alan.mckin...@gmail.com wrote:

There's no known way to decrypt a mail like that without the single
private key needed (this works exactly like https traffic to your
bank). I feel very confident saying no known way as cracking that
puzzle has been the Holy Grail of maths prizes for 40 years and no-one
has announced success. Seeing as mathematicians are a vain lot, and the
one that accomplishes this feat with be showered with honour and glory
for all time (making Einstein look like a child), it's a safe
assumption that it hasn't been done yet.


Heh - yeah, *loved* the movie 'Sneakers'...

Setec Astronomy == Too Many Secrets

Re: [gentoo-user] Portage option --changed-use not working?

[Neil Bothwick]

On Fri, 20 Jan 2012 04:08:57 -0600, Dale wrote:

  Sometimes my problem is it is like shooting skeet, it's a moving
  target. Sometimes it moves pretty darn fast too.  Zac adds it
  faster than I can keep up.  I wish they would announce new stuff
  when it get released, both unstable and stable.  Then again,
  maybe it moves so fast he can't keep up either.  lol  
  
  --changed-use has been around for many years.

 It sounds like the way it works has changed tho.  I don't think I have
 used that option before so I don't know how it used to work.  I think
 the OP thinks the same.  Something changed I guess.  We all know
 that after the build output disappeared a while back.

It hasn't changed and generally works as expected. I suspect this is
specific to the KDE ebuilds (or eclass). changed-use should only skip an
ebuild with changed flags if re-emerging would produce exactly the same
code as before, this may not be the case. For example, in some ebuilds,
it is the absence of a USE flag that triggers an extra configure option,
so removing that use flag would give the same code as if the package had
been emerged with it enabled.

Something like this happened recently with the nls flag on glibc.


-- 
Neil Bothwick

Idaho - It's not the end of the world, but you can see it from there.


signature.asc
Description: PGP signature

Re: [gentoo-user] Portage option --changed-use not working?

[Dale]

Neil Bothwick wrote:
 On Fri, 20 Jan 2012 04:08:57 -0600, Dale wrote:
 
 Sometimes my problem is it is like shooting skeet, it's a
 moving target. Sometimes it moves pretty darn fast too.  Zac
 adds it faster than I can keep up.  I wish they would
 announce new stuff when it get released, both unstable and
 stable.  Then again, maybe it moves so fast he can't keep up
 either.  lol
 
 --changed-use has been around for many years.
 
 It sounds like the way it works has changed tho.  I don't think I
 have used that option before so I don't know how it used to work.
 I think the OP thinks the same.  Something changed I guess.  We
 all know that after the build output disappeared a while back.
 
 It hasn't changed and generally works as expected. I suspect this
 is specific to the KDE ebuilds (or eclass). changed-use should only
 skip an ebuild with changed flags if re-emerging would produce
 exactly the same code as before, this may not be the case. For
 example, in some ebuilds, it is the absence of a USE flag that
 triggers an extra configure option, so removing that use flag would
 give the same code as if the package had been emerged with it
 enabled.
 
 Something like this happened recently with the nls flag on glibc.
 
 


I'll take your word for it.  ;-)

Dale

:-)  :-)

-- 
I am only responsible for what I said ... Not for what you understood
or how you interpreted my words!

Miss the compile output?  Hint:
EMERGE_DEFAULT_OPTS=--quiet-build=n

Re: [gentoo-user] Good 'layman' tutorial on IPv4 IPv6?

[covici]

Tanstaafl tansta...@libertytrek.org wrote:

 On 2012-01-19 5:32 PM, Mick michaelkintz...@gmail.com wrote:
  On Thursday 19 Jan 2012 15:48:32 Michael Mol wrote:
  On Thu, Jan 19, 2012 at 10:37 AM, Tanstaafltansta...@libertytrek.org  
  wrote:
  I have a reasonable grasp of how to use IP addresses etc with IPv4, but
  every time I start rading about IPv6 I get a headache...
 
  Does anyone know of a decent tutorial written specifically to those who
  have an ok (but not hugely in-depth) understanding of IPv4, and doesn't
  get bogged down in too many technical details, but simply explains what
  you need to know to be able to transition to it and use it effectively
  *and securely* - and/or how *not* to have to expose your entire private
  network to the world (what IPv4 NAT protects you from)?
 
  I've been doing IPv6 presentations at LUGs and tech cons, and I'm
  getting scheduled for a few IPv6 topics at Penguicon...but I'm pretty
  sure I'm also not the most knowledgeable on this list wrt IPv6,
  either. Still, what would you like to know? (I can use your questions
  as fodder and experience for future presentations. ^^)
 
  Now that IPv6 is enabled by default on Linux, is one meant to duplicate all
  the IPv4 iptable rules also for IPv6?  I'm using arno ip tables and from 
  what
  I saw in the config file it is either 4 or 6 that one can activate.  Perhaps
  this has improved with later versions.
 
 That was the very first question (and headache) I got from looking at this.
 
  The OP would probably have more questions, but if you ever pull together a
  pack of slides I would much appreciate a link to look at them.
 
 I really wouldn't know where to start... that is why I was looking for
 a decent tutorial that covered the topic in total, so I could
 hopefully get to the point that I *could* ask some intelligent
 questions about it...
 
 One very general question I have is, how can you - or even *can* you - 
 hide all of your internal devices from the outside world, similar to
 how the use of 'private' IP's behind a NAT'd firewall are hidden from
 the outside world (nor directly accessible). I definitely do *not*
 want all of my internal devices directly accessible from the internet.

I saw something on the shorewall.org site which was an introduction to
ipv6 -- look in the documentation area.

-- 
Your life is like a penny.  You're going to lose it.  The question is:
How do
you spend it?

 John Covici
 cov...@ccs.covici.com

[gentoo-user] For those who complain

[Albert W. Hopkins]

For those who complain about default portage behavior:
It changes constantly. If you can't accept the bleeding edge behavior,
you're probably using the wrong distro.  There are always going to be
changes.  Some you don't like, some you say oh gosh, finally!.  For
the latter, I cheer, for former, I work around.  EMERGE_DEFAULT_OPTS is
your friend.

For those who complain about not knowing something was
added/removed/changed.  Most packages do a decent job of providing good
ChangeLogs, either from Gentoo or upstream.  It's not Gentoo's
responsibility to make you read them.  It's like reading the fine print.
Yet you can't complain that it's not there if it's in the fine print.
Some say there should be more announcements for changes, yet others
say there are too many announcements and important stuff gets lost.  One
man's trash is another man's treasure.  There just doesn't exist a sweet
spot that will satisfy everyone.

For those who complain about man pages being too cryptic/incomplete/etc.
Man pages have pretty much always been designed to be reference manuals.
The key word is reference.  They are not guides, they are not
tutorials.  They are more suited for I know this library provides a
function to do *this* but I don't know the function's signature.  They
are less suited for I don't know how to do *this*.  There are other
resources for the latter.  And if there are not, that's not the fault of
the man page.  But in my experience, and I'm sure I'm not alone on this,
most people who complain about man pages are those who don't bother, or
at least put *very* little effort, to *read* the man pages.

For those who complain Why do I have to compile all this stuff to get
X?: Why are you using Gentoo?

For those who complain about bugs/regressions: Why do you use software?

For those who complain about software/features needed/unwanted/changed
in a way you disagree with: Where is your patch?

For those who have genuine technical questions; for those who can
provide answers to those questions w/o being overly critical; for those
who give back by submitting bug reports, patches, ideas, praise: Thank
you.

Gentoo is a rainbow with no end and no pot of gold.

-a

[gentoo-user] Re: Link-local ipv6 address in /etc/hosts? in browsers?

[Grant Edwards]

On 2012-01-19, Michael Mol mike...@gmail.com wrote:

 Do you really want that much broadcast and wide multicast (think
 DNS-SD and NTP in multicast mode) traffic on the same Ethernet
 segment?

 That bit I don't understand. ??It's no worse that ARP, and we seem to
 live with that quite easily.

 Not just arp, but actual broadcast/multicast data. If you've ever run
 PulseAudio and enabled network sources and sinks on a couple boxes,
 you might have accidentally discovered an easy way to bring a wireless
 network to its knees. And that's just something I've had personal
 experience with. Come to think of it, that's a good reason I should
 continue to keep my home wired and wireless networks on separate
 subnets, and not simply bridged as I'd done at the time.

I don't understand what that has to do with L-L address support in
applications.

-- 
Grant Edwards   grant.b.edwardsYow! Youth of today!
  at   Join me in a mass rally
  gmail.comfor traditional mental
   attitudes!

[gentoo-user] [OT] IPv6 usage patterns (static, DHCPv6, RA, mDNS, ?)

[Grant Edwards]

As you may have gathered from my posts yesterday, I'm working on
adding IPv6 to an embedded device (actually a family of serial device
servers).

I've got the device working fine with link-local addressing, but I'm
not sure what the next phase should be.

While some of our customers are asking for IPv6 support, I'm pretty
sure almost none of those asking are actually using IPv6 nor do they
have any plans to do so in the near future.  They're either trying to
satisfy a feature checklist handed down from on high (where somebody
read an airline magazine article about IPv6), or they think that
maybe, someday, somehow, IPv6 might be useful (but they have no idea
when or how).

It is unheard of for these devices to have a routable address, and
they're often on small networks that have no connectivity to the
outside world at all.  Very occasionally they will be accessed via a
corporate WAN that involves routing betwen multple subnets. But, they
are pretty much never accessed from The Internet nor do they access
The Internet.

The existing devices are used probably half the time with Ethernet MAC
addressing only (no IP).  When they're used with IPv4 it's 99% static
addressing with the other 1% using DHCP.

It's also probably relevent that the devices doesn't use a DNS server.

Judging by the lack of support in many apps, I'm assuming people
aren't going to be using IPv6 link-local addressing (though it
corresponds very nicely to our currently common use-case involving MAC
addressing).

What I'm wondering about is what are the most likely use cases for
IPv6 address configuration?

 1) Almost all our customers who are using IPv4 use static addressing.
Do people configure static IPv6 addresses in devices?

 2) Is IPv6 router announcement sufficient for some common use cases?

 3) Is DHPCv6 commonly used?

 4) The device doesn't use DNS and doesn't have a hostname, so there's
nothing to do regarding mDNS, right?

I think I have to implment someting besides link-local addressing, and
I'm wondering what...

-- 
Grant Edwards   grant.b.edwardsYow! I don't understand
  at   the HUMOUR of the THREE
  gmail.comSTOOGES!!

Re: [gentoo-user] Good 'layman' tutorial on IPv4 IPv6?

[Chris Frederick]

On 01/20/12 05:07, Tanstaafl wrote:
 On 2012-01-19 5:32 PM, Mick michaelkintz...@gmail.com wrote:
 On Thursday 19 Jan 2012 15:48:32 Michael Mol wrote:
 On Thu, Jan 19, 2012 at 10:37 AM, Tanstaafltansta...@libertytrek.org  
 wrote:
 I have a reasonable grasp of how to use IP addresses etc with IPv4, but
 every time I start rading about IPv6 I get a headache...

 Does anyone know of a decent tutorial written specifically to those who
 have an ok (but not hugely in-depth) understanding of IPv4, and doesn't
 get bogged down in too many technical details, but simply explains what
 you need to know to be able to transition to it and use it effectively
 *and securely* - and/or how *not* to have to expose your entire private
 network to the world (what IPv4 NAT protects you from)?
 
 I've been doing IPv6 presentations at LUGs and tech cons, and I'm
 getting scheduled for a few IPv6 topics at Penguicon...but I'm pretty
 sure I'm also not the most knowledgeable on this list wrt IPv6,
 either. Still, what would you like to know? (I can use your questions
 as fodder and experience for future presentations. ^^)
 
 Now that IPv6 is enabled by default on Linux, is one meant to duplicate all
 the IPv4 iptable rules also for IPv6?  I'm using arno ip tables and from what
 I saw in the config file it is either 4 or 6 that one can activate.  Perhaps
 this has improved with later versions.
 
 That was the very first question (and headache) I got from looking at this.
 
 The OP would probably have more questions, but if you ever pull together a
 pack of slides I would much appreciate a link to look at them.
 
 I really wouldn't know where to start... that is why I was looking for a 
 decent tutorial that covered the topic in total, so I could hopefully
 get to the point that I *could* ask some intelligent questions about it...
 
 One very general question I have is, how can you - or even *can* you - hide 
 all of your internal devices from the outside world, similar to how
 the use of 'private' IP's behind a NAT'd firewall are hidden from the outside 
 world (nor directly accessible). I definitely do *not* want all of
 my internal devices directly accessible from the internet.
 

If you want a good place to start, try Mark Newton's AusCERT IPv6 talk.
http://risky.biz/AusCERT-Newton
It's not exactly laymen, but I still recommend it.  It's a good talk taking 
your IPv4 knowledge and comparing it to the IPv6 equivalents, and
brings up some good general ideas that make you think of IPv6 in a practical 
sense.  Unfortunately I haven't found a video version of it. :(

I've done a hand full of IPv6 conversions, small to medium networks, I'd be 
willing to answer some questions if you need help.

As for your general question, the short answer is you can't.  If you need 
internet access, then you will have to have public IPs.

Question: Why do you want to hide internal devices?  I don't expect an answer, 
this is something you should ask yourself.

Is it to protect running services from attack/discovery?  Great, that's what 
your firewall is for, so you don't need to worry about private
addresses.  Another option is to deploy IPSec for internal services, this would 
hide internal services even from hosts on the private address
space unless they are trusted though IPSec rules.

Is it to hide the actual devices? or your network architecture/topology?  
Scanning for host discovery in IPv6 is not feasible.  Consider how big
IPv6 is.  A typical host discovery scan on an IPv4 private network can be done 
in a few hours.  Given a (really fast) average host discovery of
1000 hosts a second, lets apply some math to your internal IPv6 range.  We'll 
compare both ::/64 and ::/48, which amounts to 2^64 and 2^80
addresses.  Your host discovery scan would take between 600 million, and 38 
trillion years to check each IP.

If you still want private addresses, IPv6 has unique local addresses (fc00::/7 
range, http://www.sixxs.net/tools/grh/ula/ has a reg form to help
assign a /48 to you).  But since there's no address translation, your stuck 
running dual networks for everything that needs a private address
and internet access.  It's not entirely a bad thing, but it can be a long 
tedious process, and some software sucks at it (mysqld).

Hope that helps.
Chris

[gentoo-user] Re: Portage option --changed-use not working?

[»Q«]

On Thu, 19 Jan 2012 21:25:31 -0600
Dale rdalek1...@gmail.com wrote:

 Most man pages are Greek.  My Greek is not real good.

Maybe you've got LINGUAS set incorrectly. ;)

Quoting the relevant bit again,

  the --changed-use option does not trigger reinstallation when flags
  that the user has not enabled are added or removed.

kdeenablefinla was a flag the user (me or Hilco) had *not* enabled, so
that option should *not* have triggered reinstallation.

FWIW, there is discussion of the issue of triggering needless
reinstalls on the dev list now because of kdeenablefinal, buried in the
thread [gentoo-commits] gentoo-x86 commit in sys-libs/glibc:  It's
mixed in with arguing about changing USE flags on stable ebuilds.

--changed-use isn't mentioned, instead --exclude=kde-base/* is
recommended, and they are talking about mentioning --exclude in the
--newuse section of the man page.

I'm not filing a --changed-use bug or posting in the dev list because of
Medico's IMO rather prickly attitude about this kind of thing.  He
says in this case:

  The fact is, the user is not being forced to rebuild anything. They can 
  simply run full system updates with --newuse less often if it puts
  too much strain on them.

Lest I seem ungrateful, let me be clear I do appreciate the tons of
work he's put into portage for many years.

[gentoo-user] Re: Portage option --changed-use not working?

[»Q«]

On Fri, 20 Jan 2012 12:06:22 +
Neil Bothwick n...@digimed.co.uk wrote:

 I suspect this is
 specific to the KDE ebuilds (or eclass). changed-use should only skip
 an ebuild with changed flags if re-emerging would produce exactly the
 same code as before, this may not be the case. For example, in some
 ebuilds, it is the absence of a USE flag that triggers an extra
 configure option, so removing that use flag would give the same code
 as if the package had been emerged with it enabled.
 
 Something like this happened recently with the nls flag on glibc.

Ah, that makes sense -- thanks.  (And now I wish I'd read the entire
thread in dev before I posted a few minutes ago.)

IMO, the man page's section on --changed-use should say what you've
just said rather than what it says now.

[gentoo-user] Strange outbound requests

[Grant]

My firewall is blocking periodic outbound connections to port 3680 on
a Rackspace IP.  How can I find out more about what's going on?  Maybe
which program is generating the connection requests?

- Grant

Re: [gentoo-user] Re: Portage option --changed-use not working?

[Dale]

»Q« wrote:
 On Thu, 19 Jan 2012 21:25:31 -0600
 Dale rdalek1...@gmail.com wrote:
 
 Most man pages are Greek.  My Greek is not real good.
 
 Maybe you've got LINGUAS set incorrectly. ;)
 
 Quoting the relevant bit again,
 
   the --changed-use option does not trigger reinstallation when flags
   that the user has not enabled are added or removed.
 
 kdeenablefinla was a flag the user (me or Hilco) had *not* enabled, so
 that option should *not* have triggered reinstallation.
 
 FWIW, there is discussion of the issue of triggering needless
 reinstalls on the dev list now because of kdeenablefinal, buried in the
 thread [gentoo-commits] gentoo-x86 commit in sys-libs/glibc:  It's
 mixed in with arguing about changing USE flags on stable ebuilds.
 
 --changed-use isn't mentioned, instead --exclude=kde-base/* is
 recommended, and they are talking about mentioning --exclude in the
 --newuse section of the man page.
 
 I'm not filing a --changed-use bug or posting in the dev list because of
 Medico's IMO rather prickly attitude about this kind of thing.  He
 says in this case:
 
   The fact is, the user is not being forced to rebuild anything. They can 
   simply run full system updates with --newuse less often if it puts
   too much strain on them.
 
 Lest I seem ungrateful, let me be clear I do appreciate the tons of
 work he's put into portage for many years.
 
 
 


Well, I'm like this.  I had to emerge those packages because of the USE
flag doing whatever you want to call it.  Then a couple days later, I
had to do it again for another reason.  I posted this on -dev that I
wish they could have done both changes at the same time and someone else
posted about the same thing.  That is a wish tho, nothing else.  No
harm, nothing broke or blew up.  My biggest thing tho, I want a sane
system that works.  Sometimes that means compiling software several
times.  If that is the case, then fine because I get what I want.  I
used to run emerge -uv world for my updates.  Sometimes that lead to
issues.  Something changed and software would no longer work correctly
or was buggy or something.  So, I added options until I could get a sane
system.  I ended up with this boatload of settings:

emerge --jobs=10 --backtrack=30 --keep-going --verbose --newuse
--oneshot --quiet-build=n --with-bdeps=y --deep  world or some package
here 

Lets also not forget the revdep-rebuild command either.

That thing grew over time.  Thing is, my system works pretty darn well.
That's what I wanted.  This is also why I built a nice rig to do this on
too.  I built my rig from parts with a AMD 4 core CPU running at 3.2Ghz,
16Gbs of ram with portages work directory on tmpfs and plenty of drive
space.  I also have one heck of a CPU cooler and a super nice case with
lots of fans.  All this because I know Gentoo requires lots of compiling.

The comment about man pages being Greek was sort of a old saying for
when you read something but it doesn't help or don't understand it.  I
could have said that it was in French, Russian or any other language
that I don't speak.  Sort of like a joke.

As everyone knows, there is always a workaround for things but you also
have to pick and chose your settings.  I recently added --oneshot
because sometime back things started getting added to the world file
even if it was just a request for a upgrade of the package.  I didn't
know that was changed and neither did some other folks.  I had to go
clean up my world file and I think others did the same.

Sometimes I wonder if I should freeze portage version in place, read the
man page and get everything set like I EXPECT then stick with it for a
good long while.  Thing is, Zac adds some really neat stuff and most
everything is really nice.  Sometimes things sort of surprise me, like
adding packages to the world file when you only want a upgrade, but
still, he does make emerge do some neato things.

So, I may disagree with Zac on some things and I usually point that out
but I to am grateful for what he does cause he does some really neat
things.  I also read somewhere that portage was a bit of a mess when he
started.  I think all coders say that since everyone has their own style
but still, he has brought portage forward to say it lightly.  We should
all be supportive of that.  I know I am.  I even said that when the
build output change discussion was going on.

Dale

:-)  :-)

-- 
I am only responsible for what I said ... Not for what you understood or
how you interpreted my words!

Miss the compile output?  Hint:
EMERGE_DEFAULT_OPTS=--quiet-build=n

[gentoo-user] Re: Portage option --changed-use not working?

[»Q«]

On Fri, 20 Jan 2012 10:53:32 -0600
»Q« boxc...@gmx.net wrote:

 I'm not filing a --changed-use bug or posting in the dev list because
 of Medico's IMO rather prickly attitude about this kind of thing.  He
 says in this case:
 
   The fact is, the user is not being forced to rebuild anything. They
   can simply run full system updates with --newuse less often if it
   puts too much strain on them.
 
 Lest I seem ungrateful, let me be clear I do appreciate the tons of
 work he's put into portage for many years.

And I probably owe him an apology for pulling a quote out of context.

Re: [gentoo-user] Strange outbound requests

[Stroller]

On 20 January 2012, at 18:34, Grant wrote:

 My firewall is blocking periodic outbound connections to port 3680 on
 a Rackspace IP.  How can I find out more about what's going on?  Maybe
 which program is generating the connection requests?

Uh, a packet sniffer?

I have an old laptop here that I have a second (cardbus) network card in. 
Really cheap and cheerful - the sort of thing you can pick up on freecycle. 
It's been a while since I've done anything like this, but you should be able to 
stick a box like that between the router and the rest of your network, run 
Wireshark and filter on that port. If the connection is encrypted then at least 
you'll see the originating IP.

I don't think it's relevant that the IP belongs to Rackspace - don't they just 
hire (virtual) servers to anyone that wants one?

Stroller.

Re: [gentoo-user] Strange outbound requests

[Grant]

 My firewall is blocking periodic outbound connections to port 3680 on
 a Rackspace IP.  How can I find out more about what's going on?  Maybe
 which program is generating the connection requests?

 Uh, a packet sniffer?

 I have an old laptop here that I have a second (cardbus) network card in. 
 Really cheap and cheerful - the sort of thing you can pick up on freecycle. 
 It's been a while since I've done anything like this, but you should be able 
 to stick a box like that between the router and the rest of your network, run 
 Wireshark and filter on that port. If the connection is encrypted then at 
 least you'll see the originating IP.

I've actually got the originating local IP from the shorewall log.
I'm just trying to figure out which program and maybe which user on
that system is generating the outbound requests to port 3680.  Is
there any way to get more info without setting up a new box?

 I don't think it's relevant that the IP belongs to Rackspace - don't they 
 just hire (virtual) servers to anyone that wants one?

Yeah I just meant the request could be going to anyone.

- Grant

[gentoo-user] Re: after world update cxfe will not emerge

[walt]

On 01/20/2012 01:15 AM, cov...@ccs.covici.com wrote:
 Hi.  I just did a world update using unstable gentoo and my
 preserved-rebuild wants me to emerge cxfe, but cxfe will not emerge.  I
 get the following:

 /var/tmp/portage/media-video/cxfe-0.9.2/work/cxfe-0.9.2/cxfe.c:1018:
 undefined reference to `xine_gui_send_vo_data'

 
 I emerged xine-lib again, but no joy.

I have xine-lib-1.2.0-r1 installed and it doesn't define any symbols
containing the word gui.  Do you have xine-ui installed?

Re: [gentoo-user] Strange outbound requests

[Mick]

On Friday 20 Jan 2012 19:18:59 Grant wrote:
  My firewall is blocking periodic outbound connections to port 3680 on
  a Rackspace IP.  How can I find out more about what's going on?  Maybe
  which program is generating the connection requests?
  
  Uh, a packet sniffer?
  
  I have an old laptop here that I have a second (cardbus) network card in.
  Really cheap and cheerful - the sort of thing you can pick up on
  freecycle. It's been a while since I've done anything like this, but you
  should be able to stick a box like that between the router and the rest
  of your network, run Wireshark and filter on that port. If the
  connection is encrypted then at least you'll see the originating IP.
 
 I've actually got the originating local IP from the shorewall log.
 I'm just trying to figure out which program and maybe which user on
 that system is generating the outbound requests to port 3680.  Is
 there any way to get more info without setting up a new box?
 
  I don't think it's relevant that the IP belongs to Rackspace - don't they
  just hire (virtual) servers to anyone that wants one?
 
 Yeah I just meant the request could be going to anyone.
 
 - Grant

Are you running NPDS in your LAN and is it configured to access any sites on 
rackspace?
-- 
Regards,
Mick


signature.asc
Description: This is a digitally signed message part.

Re: [gentoo-user] Good 'layman' tutorial on IPv4 IPv6?

[Michael Mol]

On Fri, Jan 20, 2012 at 6:07 AM, Tanstaafl tansta...@libertytrek.org wrote:
 On 2012-01-19 5:32 PM, Mick michaelkintz...@gmail.com wrote:

 On Thursday 19 Jan 2012 15:48:32 Michael Mol wrote:

 On Thu, Jan 19, 2012 at 10:37 AM, Tanstaafltansta...@libertytrek.org
  wrote:

 I have a reasonable grasp of how to use IP addresses etc with IPv4, but
 every time I start rading about IPv6 I get a headache...

 Does anyone know of a decent tutorial written specifically to those who
 have an ok (but not hugely in-depth) understanding of IPv4, and doesn't
 get bogged down in too many technical details, but simply explains what
 you need to know to be able to transition to it and use it effectively
 *and securely* - and/or how *not* to have to expose your entire private
 network to the world (what IPv4 NAT protects you from)?


 I've been doing IPv6 presentations at LUGs and tech cons, and I'm
 getting scheduled for a few IPv6 topics at Penguicon...but I'm pretty
 sure I'm also not the most knowledgeable on this list wrt IPv6,
 either. Still, what would you like to know? (I can use your questions
 as fodder and experience for future presentations. ^^)


 Now that IPv6 is enabled by default on Linux, is one meant to duplicate
 all
 the IPv4 iptable rules also for IPv6?  I'm using arno ip tables and from
 what
 I saw in the config file it is either 4 or 6 that one can activate.
  Perhaps
 this has improved with later versions.


 That was the very first question (and headache) I got from looking at this.


 The OP would probably have more questions, but if you ever pull together a
 pack of slides I would much appreciate a link to look at them.


 I really wouldn't know where to start... that is why I was looking for a
 decent tutorial that covered the topic in total, so I could hopefully get to
 the point that I *could* ask some intelligent questions about it...

 One very general question I have is, how can you - or even *can* you - hide
 all of your internal devices from the outside world, similar to how the use
 of 'private' IP's behind a NAT'd firewall are hidden from the outside world
 (nor directly accessible). I definitely do *not* want all of my internal
 devices directly accessible from the internet.

Use a firewall on your router. My home firewall disallows incoming
connections, except to ports/hosts I designate.

If you want to avoid an external host from knowing your internal
hosts' IP addresses, you can use IPv6 privacy extensions. With these,
a machine has several temporary IP addresses and one permanent IP
address. It will prefer using its temporary IP addresses for outbound
connections.

If you want to go further, you can use DHCPv6 to prevent hosts from
autoconfiguring global-scope addresses.

-- 
:wq

Re: [gentoo-user] Good 'layman' tutorial on IPv4 IPv6?

[Michael Mol]

On Fri, Jan 20, 2012 at 6:07 AM, Tanstaafl tansta...@libertytrek.org wrote:
 On 2012-01-19 5:32 PM, Mick michaelkintz...@gmail.com wrote:

 On Thursday 19 Jan 2012 15:48:32 Michael Mol wrote:

 On Thu, Jan 19, 2012 at 10:37 AM, Tanstaafltansta...@libertytrek.org
  wrote:

 I have a reasonable grasp of how to use IP addresses etc with IPv4, but
 every time I start rading about IPv6 I get a headache...

 Does anyone know of a decent tutorial written specifically to those who
 have an ok (but not hugely in-depth) understanding of IPv4, and doesn't
 get bogged down in too many technical details, but simply explains what
 you need to know to be able to transition to it and use it effectively
 *and securely* - and/or how *not* to have to expose your entire private
 network to the world (what IPv4 NAT protects you from)?


 I've been doing IPv6 presentations at LUGs and tech cons, and I'm
 getting scheduled for a few IPv6 topics at Penguicon...but I'm pretty
 sure I'm also not the most knowledgeable on this list wrt IPv6,
 either. Still, what would you like to know? (I can use your questions
 as fodder and experience for future presentations. ^^)


 Now that IPv6 is enabled by default on Linux, is one meant to duplicate
 all
 the IPv4 iptable rules also for IPv6?  I'm using arno ip tables and from
 what
 I saw in the config file it is either 4 or 6 that one can activate.
  Perhaps
 this has improved with later versions.


 That was the very first question (and headache) I got from looking at this.


 The OP would probably have more questions, but if you ever pull together a
 pack of slides I would much appreciate a link to look at them.


 I really wouldn't know where to start... that is why I was looking for a
 decent tutorial that covered the topic in total, so I could hopefully get to
 the point that I *could* ask some intelligent questions about it...

I *highly* recommend Hurricane Electric's IPv6 certification process.
It takes you from newbie status up through operating servers on IPv6.

https://ipv6.he.net/certification/

-- 
:wq

Re: [gentoo-user] For those who complain

[Dale]

Albert W. Hopkins wrote:
 For those who complain about default portage behavior:
 It changes constantly. If you can't accept the bleeding edge behavior,
 you're probably using the wrong distro.  There are always going to be
 changes.  Some you don't like, some you say oh gosh, finally!.  For
 the latter, I cheer, for former, I work around.  EMERGE_DEFAULT_OPTS is
 your friend.
 
 For those who complain about not knowing something was
 added/removed/changed.  Most packages do a decent job of providing good
 ChangeLogs, either from Gentoo or upstream.  It's not Gentoo's
 responsibility to make you read them.  It's like reading the fine print.
 Yet you can't complain that it's not there if it's in the fine print.
 Some say there should be more announcements for changes, yet others
 say there are too many announcements and important stuff gets lost.  One
 man's trash is another man's treasure.  There just doesn't exist a sweet
 spot that will satisfy everyone.
 
 For those who complain about man pages being too cryptic/incomplete/etc.
 Man pages have pretty much always been designed to be reference manuals.
 The key word is reference.  They are not guides, they are not
 tutorials.  They are more suited for I know this library provides a
 function to do *this* but I don't know the function's signature.  They
 are less suited for I don't know how to do *this*.  There are other
 resources for the latter.  And if there are not, that's not the fault of
 the man page.  But in my experience, and I'm sure I'm not alone on this,
 most people who complain about man pages are those who don't bother, or
 at least put *very* little effort, to *read* the man pages.
 
 For those who complain Why do I have to compile all this stuff to get
 X?: Why are you using Gentoo?
 
 For those who complain about bugs/regressions: Why do you use software?
 
 For those who complain about software/features needed/unwanted/changed
 in a way you disagree with: Where is your patch?
 
 For those who have genuine technical questions; for those who can
 provide answers to those questions w/o being overly critical; for those
 who give back by submitting bug reports, patches, ideas, praise: Thank
 you.
 
 Gentoo is a rainbow with no end and no pot of gold.
 
 -a
 


And sometimes those people are finding problems.  This is from -dev:

On 01/20/2012 10:28 AM, Hilco Wijbenga wrote:
 I'd like to chime in here. I started a thread on gentoo-user (Portage
 option --changed-use not working?) pretty much about this.

 I use --changed-use instead of --newuse to get the advantages of a
 fully up-to-date system without the unnecessary churn. From the man
 page I understand that (part of) the idea behind --changed-use is to
 *not* rebuild packages where an unused/disabled USE flag is dropped.
 Which ought to apply to kdeenablefinal, right?

 It seems my understanding is incorrect because I see --new-use +
 --exclude is being recommended, not --changed-use. Would somebody
 please set me straight?
You've found a bug. It's fixed in git now:

http://git.overlays.gentoo.org/gitweb/?p=proj/portage.git;a=commit;h=a77292d37e3c2604479514abed2dda64dabace25

As a workaround, you can add --binpkg-respect-use=n to your options.
-- Thanks, Zac

So, it was a bug and Zac is fixing it.  Sometimes when people complain,
it is because something is not working as it should.

Also, complaining is sometimes beneficial.  It's how things get improved.

Dale

:-)  :-)

-- 
I am only responsible for what I said ... Not for what you understood or
how you interpreted my words!

Miss the compile output?  Hint:
EMERGE_DEFAULT_OPTS=--quiet-build=n

Re: [gentoo-user] Portage option --changed-use not working?

[Dale]

Hilco Wijbenga wrote:
 Hi all,
 
 In man emerge I read:
 
 --changed-use
   Tells  emerge  to  include  installed packages where USE flags have
 changed since installation. This option also implies the --selective
 option. Unlike --newuse, the --changed-use option does not trigger
 reinstallation when flags that the user has not enabled are added or
 removed.
 
 So I always include --changed-use when upgrading @world. But with
 the removal of kdeenablefinal I now get 150 reinstalls with
 changed-use. This seems to be contradicting the man page? Or am I
 misunderstanding things? Or did I misconfigure something? To be clear,
 I have never enabled kdeenablefinal.
 
 The full command I usually run is
 
 emerge --verbose --deep --with-bdeps=y --complete-graph --update
 --changed-use --keep-going world
 
 should that be relevant.
 
 Cheers,
 Hilco
 
 


To update, it appears this was a bug and Zac has fixed it.  This is from
-dev:

On 01/20/2012 10:28 AM, Hilco Wijbenga wrote:
 I'd like to chime in here. I started a thread on gentoo-user (Portage
 option --changed-use not working?) pretty much about this.

 I use --changed-use instead of --newuse to get the advantages of a
 fully up-to-date system without the unnecessary churn. From the man
 page I understand that (part of) the idea behind --changed-use is to
 *not* rebuild packages where an unused/disabled USE flag is dropped.
 Which ought to apply to kdeenablefinal, right?

 It seems my understanding is incorrect because I see --new-use +
 --exclude is being recommended, not --changed-use. Would somebody
 please set me straight?
You've found a bug. It's fixed in git now:

http://git.overlays.gentoo.org/gitweb/?p=proj/portage.git;a=commit;h=a77292d37e3c2604479514abed2dda64dabace25

As a workaround, you can add --binpkg-respect-use=n to your options.
-- Thanks, Zac

So, it will work like it should pretty soon.  Things are getting better.
 Gentoo has been doing that for years anyway.  lol

Dale

:-) :-)

-- 
I am only responsible for what I said ... Not for what you understood or
how you interpreted my words!

Miss the compile output?  Hint:
EMERGE_DEFAULT_OPTS=--quiet-build=n

[gentoo-user] Re: For those who complain

[Nikos Chantziaras]

On 01/20/2012 10:51 PM, Dale wrote:

Albert W. Hopkins wrote:

[...]


And sometimes those people are finding problems.


Please don't feed the troll.

Re: [gentoo-user] Re: For those who complain

[Dale]

Nikos Chantziaras wrote:
 On 01/20/2012 10:51 PM, Dale wrote:
 Albert W. Hopkins wrote:
 [...]

 And sometimes those people are finding problems.
 
 Please don't feed the troll.
 
 
 


Since it was fixed, I took his food bowl away.

Dale

:-)  :-)

-- 
I am only responsible for what I said ... Not for what you understood or
how you interpreted my words!

Miss the compile output?  Hint:
EMERGE_DEFAULT_OPTS=--quiet-build=n

Re: [gentoo-user] Strange outbound requests

[Grant]

  My firewall is blocking periodic outbound connections to port 3680 on
  a Rackspace IP.  How can I find out more about what's going on?  Maybe
  which program is generating the connection requests?
 
  Uh, a packet sniffer?
 
  I have an old laptop here that I have a second (cardbus) network card in.
  Really cheap and cheerful - the sort of thing you can pick up on
  freecycle. It's been a while since I've done anything like this, but you
  should be able to stick a box like that between the router and the rest
  of your network, run Wireshark and filter on that port. If the
  connection is encrypted then at least you'll see the originating IP.

 I've actually got the originating local IP from the shorewall log.
 I'm just trying to figure out which program and maybe which user on
 that system is generating the outbound requests to port 3680.  Is
 there any way to get more info without setting up a new box?

  I don't think it's relevant that the IP belongs to Rackspace - don't they
  just hire (virtual) servers to anyone that wants one?

 Yeah I just meant the request could be going to anyone.

 - Grant

 Are you running NPDS in your LAN and is it configured to access any sites on
 rackspace?
 --
 Regards,
 Mick

I am not running NPDS.  I looked it up when I was researching port
3680 and read about it for the first time.  I know which machine is
making the requests.  Any way to drill down further?

- Grant

[gentoo-user] Resurrecting a Gentoo install

[Grant]

I have an old Gentoo system that hasn't been updated or used at all in
at least 2 years.  It's remote but I have SSH access.  I've updated
portage but I thought I should check with you guys before I plow ahead
with emerge -DuN world.  It won't be used for anything until I bring
it up to speed and someone can physically log in and issue commands a
couple times per week so an outage isn't the end of the world.  Any
advice?

- Grant

Re: [gentoo-user] Resurrecting a Gentoo install

[Mark Knecht]

On Fri, Jan 20, 2012 at 2:37 PM, Grant emailgr...@gmail.com wrote:
 I have an old Gentoo system that hasn't been updated or used at all in
 at least 2 years.  It's remote but I have SSH access.  I've updated
 portage but I thought I should check with you guys before I plow ahead
 with emerge -DuN world.  It won't be used for anything until I bring
 it up to speed and someone can physically log in and issue commands a
 couple times per week so an outage isn't the end of the world.  Any
 advice?

 - Grant


Ugh...not a fun task.

First step - eix-sync  then emerge -fDuN @world and see if it will
fetch what you need. If it does, great. If not then you have a first
look into what sort of problems you'll be dealing with.

Good luck,
Mark

Re: [gentoo-user] Resurrecting a Gentoo install

[Neil Bothwick]

On Fri, 20 Jan 2012 14:37:06 -0800, Grant wrote:

 I have an old Gentoo system that hasn't been updated or used at all in
 at least 2 years.  It's remote but I have SSH access.  I've updated
 portage but I thought I should check with you guys before I plow ahead
 with emerge -DuN world.  It won't be used for anything until I bring
 it up to speed and someone can physically log in and issue commands a
 couple times per week so an outage isn't the end of the world.  Any
 advice?

Take small steps. emerge -pv @system first and be prepared to emerge
packages a few at a time.


-- 
Neil Bothwick

Top Oxymorons Number 9: Political science


signature.asc
Description: PGP signature

Re: [gentoo-user] Resurrecting a Gentoo install

[Grant]

 I have an old Gentoo system that hasn't been updated or used at all in
 at least 2 years.  It's remote but I have SSH access.  I've updated
 portage but I thought I should check with you guys before I plow ahead
 with emerge -DuN world.  It won't be used for anything until I bring
 it up to speed and someone can physically log in and issue commands a
 couple times per week so an outage isn't the end of the world.  Any
 advice?

 Take small steps. emerge -pv @system first and be prepared to emerge
 packages a few at a time.

Weird, it looks like portage didn't update to the latest version.
emerging it again seems to want to update it again.  I get this:

# emerge -pv portage
[snip]
[ebuild  NS   ] dev-lang/python-2.7.2-r3 [2.5.2-r7] USE=gdbm ncurses
readline ssl threads (wide-unicode) xml -berkdb -build -doc -examples
-ipv6 -sqlite -tk -wininst 11,494 kB
[ebuild U ] sys-apps/portage-2.1.10.41 [2.1.6.13] USE=(ipc%*)
-build -doc -epydoc -python2% -python3% (-selinux) (-less%*)
LINGUAS=-pl 899 kB
[blocks B ] dev-lang/python:2.7 (dev-lang/python:2.7 is blocking
sys-apps/portage-2.1.6.13)
[blocks B ] sys-apps/portage-2.1.9 (sys-apps/portage-2.1.9 is
blocking dev-lang/python-2.7.2-r3)

I think I'll be able to resolve most stuff myself but this one is
tricking me.  I don't want to mess around unmerging python or portage.

- Grant

Re: [gentoo-user] Resurrecting a Gentoo install

[EJ Vincent]

On 1/20/2012 5:37 PM, Grant wrote:

I have an old Gentoo system that hasn't been updated or used at all in
at least 2 years.  It's remote but I have SSH access.  I've updated
portage but I thought I should check with you guys before I plow ahead
with emerge -DuN world.  It won't be used for anything until I bring
it up to speed and someone can physically log in and issue commands a
couple times per week so an outage isn't the end of the world.  Any
advice?

- Grant



You will likely pull in the 'new' OpenRC ebuild during your update 
process (sys-apps/open-rc i believe).  Watch out for this!


If you merge it you must make sure all your configs are up to date in 
/etc or your server won't come back following a restart (etc-update, 
dispatch-conf, etc.).  You'll want to move over any settings in 
/etc/conf.d/rc to /etc/rc.conf.


Upgrade guide: http://www.gentoo.org/doc/en/openrc-migration.xml

Good luck.

--
EJ
e...@ejane.org

Re: [gentoo-user] Strange outbound requests

[Michael Mol]

On Fri, Jan 20, 2012 at 5:32 PM, Grant emailgr...@gmail.com wrote:
  My firewall is blocking periodic outbound connections to port 3680 on
  a Rackspace IP.  How can I find out more about what's going on?  Maybe
  which program is generating the connection requests?
 
  Uh, a packet sniffer?
 
  I have an old laptop here that I have a second (cardbus) network card in.
  Really cheap and cheerful - the sort of thing you can pick up on
  freecycle. It's been a while since I've done anything like this, but you
  should be able to stick a box like that between the router and the rest
  of your network, run Wireshark and filter on that port. If the
  connection is encrypted then at least you'll see the originating IP.

 I've actually got the originating local IP from the shorewall log.
 I'm just trying to figure out which program and maybe which user on
 that system is generating the outbound requests to port 3680.  Is
 there any way to get more info without setting up a new box?

  I don't think it's relevant that the IP belongs to Rackspace - don't they
  just hire (virtual) servers to anyone that wants one?

 Yeah I just meant the request could be going to anyone.

 - Grant

 Are you running NPDS in your LAN and is it configured to access any sites on
 rackspace?
 --
 Regards,
 Mick

 I am not running NPDS.  I looked it up when I was researching port
 3680 and read about it for the first time.  I know which machine is
 making the requests.  Any way to drill down further?

If the machine is running linux, then 'watch lsof -n|grep TCP|grep
3680' as root is a sloppy but effective way to find it. There's
probably some way to set up a firewall rule on the host in question
that logs out the user and (possibly) PID of the connection, but I
don't know.

If the machine is running Windows, then I'd suggest SysInternals
TCPView: http://technet.microsoft.com/en-us/sysinternals/bb897437

-- 
:wq

Re: [gentoo-user] Resurrecting a Gentoo install

[Hinnerk van Bruinehsen]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 21.01.2012 00:09, Grant wrote:
 I have an old Gentoo system that hasn't been updated or used at
 all in at least 2 years.  It's remote but I have SSH access.
 I've updated portage but I thought I should check with you guys
 before I plow ahead with emerge -DuN world.  It won't be used
 for anything until I bring it up to speed and someone can
 physically log in and issue commands a couple times per week so
 an outage isn't the end of the world.  Any advice?
 
 Take small steps. emerge -pv @system first and be prepared to
 emerge packages a few at a time.
 
 Weird, it looks like portage didn't update to the latest version. 
 emerging it again seems to want to update it again.  I get this:
 
 # emerge -pv portage [snip] [ebuild  NS   ]
 dev-lang/python-2.7.2-r3 [2.5.2-r7] USE=gdbm ncurses readline ssl
 threads (wide-unicode) xml -berkdb -build -doc -examples -ipv6
 -sqlite -tk -wininst 11,494 kB [ebuild U ]
 sys-apps/portage-2.1.10.41 [2.1.6.13] USE=(ipc%*) -build -doc
 -epydoc -python2% -python3% (-selinux) (-less%*) LINGUAS=-pl 899
 kB [blocks B ] dev-lang/python:2.7 (dev-lang/python:2.7 is
 blocking sys-apps/portage-2.1.6.13) [blocks B ]
 sys-apps/portage-2.1.9 (sys-apps/portage-2.1.9 is blocking
 dev-lang/python-2.7.2-r3)
 
 I think I'll be able to resolve most stuff myself but this one is 
 tricking me.  I don't want to mess around unmerging python or
 portage.
 
 - Grant
 

You could do:

emerge =dev-lang/python-2.6.7-r2

You should disable threads if it doesn't work (there is something
related to it in the portage ebuild). After that, switch to python 2.6
 via eselect and try to update portage.
If I read the ebuilds correctly, that should work.

Another possibility would be to install a 3.x version of python and
switch portage to that (via the python3 useflag).

I'd try the python3 approach first, since it could spare you a 2.6
install.
Don't forget to run python-updater after updating everything or if you
get strange (python related) errorrs in between...

Good luck

Hinnerk
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.18 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJPGfkPAAoJEJwwOFaNFkYcr48H/iAVc/K6gOkGZ/wFewkoggWZ
gKS5bRiuwWRRLBL3nRPraIlYvnfzqTTG/PLkYasFgcEeCpKE70mMcKqIvFFzt3Ab
UVc5Xly8qaYUR4XUYNzz5ww9TAs6BrmYyJvxCSXdp+oiZx6RmeyuXuwFU6v04v1I
QkWrVkOIOtq9YVFxgu096KiQeRzZ2m5iURgkipl8rBYNXSaKBVktuKlnS0loFUAZ
rqNLs3qUuAsEmlua7KLV8LHWVfnBICuXwrgCssy+cBHJGeTUEQIyIc4lnI7Mwe2d
7GWuMTkxKfyWtChiW/hWxYv5c4lQFkP+5GIyQT64rJ7cjkufkPkkNZx7wQtszjs=
=ASiv
-END PGP SIGNATURE-

Re: [gentoo-user] Strange outbound requests

[Grant]

  My firewall is blocking periodic outbound connections to port 3680 on
  a Rackspace IP.  How can I find out more about what's going on?  Maybe
  which program is generating the connection requests?
 
  Uh, a packet sniffer?
 
  I have an old laptop here that I have a second (cardbus) network card in.
  Really cheap and cheerful - the sort of thing you can pick up on
  freecycle. It's been a while since I've done anything like this, but you
  should be able to stick a box like that between the router and the rest
  of your network, run Wireshark and filter on that port. If the
  connection is encrypted then at least you'll see the originating IP.

 I've actually got the originating local IP from the shorewall log.
 I'm just trying to figure out which program and maybe which user on
 that system is generating the outbound requests to port 3680.  Is
 there any way to get more info without setting up a new box?

  I don't think it's relevant that the IP belongs to Rackspace - don't they
  just hire (virtual) servers to anyone that wants one?

 Yeah I just meant the request could be going to anyone.

 - Grant

 Are you running NPDS in your LAN and is it configured to access any sites on
 rackspace?
 --
 Regards,
 Mick

 I am not running NPDS.  I looked it up when I was researching port
 3680 and read about it for the first time.  I know which machine is
 making the requests.  Any way to drill down further?

 If the machine is running linux, then 'watch lsof -n|grep TCP|grep
 3680' as root is a sloppy but effective way to find it. There's
 probably some way to set up a firewall rule on the host in question
 that logs out the user and (possibly) PID of the connection, but I
 don't know.

All of my systems run Gentoo. :)  Where does watch come from?

- Grant

Re: [gentoo-user] Strange outbound requests

[Paul Hartman]

On Fri, Jan 20, 2012 at 5:27 PM, Michael Mol mike...@gmail.com wrote:
 If the machine is running linux, then 'watch lsof -n|grep TCP|grep
 3680' as root is a sloppy but effective way to find it. There's
 probably some way to set up a firewall rule on the host in question
 that logs out the user and (possibly) PID of the connection, but I
 don't know.

lsof -i is easier, it only shows network connections :)

catching it when it happens (if it is very briefly connected) could be
hard with lsof... Maybe setup a tarpit firewall rule on that box so
the connection stays open for a long time.

Re: [gentoo-user] Resurrecting a Gentoo install

[Mark Knecht]

On Fri, Jan 20, 2012 at 3:09 PM, Grant emailgr...@gmail.com wrote:
 I have an old Gentoo system that hasn't been updated or used at all in
 at least 2 years.  It's remote but I have SSH access.  I've updated
 portage but I thought I should check with you guys before I plow ahead
 with emerge -DuN world.  It won't be used for anything until I bring
 it up to speed and someone can physically log in and issue commands a
 couple times per week so an outage isn't the end of the world.  Any
 advice?

 Take small steps. emerge -pv @system first and be prepared to emerge
 packages a few at a time.

 Weird, it looks like portage didn't update to the latest version.
 emerging it again seems to want to update it again.  I get this:

 # emerge -pv portage
 [snip]
 [ebuild  NS   ] dev-lang/python-2.7.2-r3 [2.5.2-r7] USE=gdbm ncurses
 readline ssl threads (wide-unicode) xml -berkdb -build -doc -examples
 -ipv6 -sqlite -tk -wininst 11,494 kB
 [ebuild     U ] sys-apps/portage-2.1.10.41 [2.1.6.13] USE=(ipc%*)
 -build -doc -epydoc -python2% -python3% (-selinux) (-less%*)
 LINGUAS=-pl 899 kB
 [blocks B     ] dev-lang/python:2.7 (dev-lang/python:2.7 is blocking
 sys-apps/portage-2.1.6.13)
 [blocks B     ] sys-apps/portage-2.1.9 (sys-apps/portage-2.1.9 is
 blocking dev-lang/python-2.7.2-r3)

 I think I'll be able to resolve most stuff myself but this one is
 tricking me.  I don't want to mess around unmerging python or portage.

 - Grant


OK, so the install is old and portage has dependencies, right?

emerge -pvDuN portage

will get you closer. However this is probably best covered using
Neil's suggestion of

emerge -pvDuN @system

which would, if successful, update portage as well as everything else
that's required to get the machine up and running.

If that does work then don't forget all the eselect python 
gcc-config type stuff that you'll need to do to tell the system about
the new environment.

One little area you might want to be careful about here is grub. Best
IMO if you do not update grub until you have the machine actually
booting the updated environment, assuming we get that far.

HTH,
Mark

Re: [gentoo-user] Resurrecting a Gentoo install

[Grant]

 Weird, it looks like portage didn't update to the latest version.
 emerging it again seems to want to update it again.  I get this:

 # emerge -pv portage [snip] [ebuild  NS   ]
 dev-lang/python-2.7.2-r3 [2.5.2-r7] USE=gdbm ncurses readline ssl
 threads (wide-unicode) xml -berkdb -build -doc -examples -ipv6
 -sqlite -tk -wininst 11,494 kB [ebuild     U ]
 sys-apps/portage-2.1.10.41 [2.1.6.13] USE=(ipc%*) -build -doc
 -epydoc -python2% -python3% (-selinux) (-less%*) LINGUAS=-pl 899
 kB [blocks B     ] dev-lang/python:2.7 (dev-lang/python:2.7 is
 blocking sys-apps/portage-2.1.6.13) [blocks B     ]
 sys-apps/portage-2.1.9 (sys-apps/portage-2.1.9 is blocking
 dev-lang/python-2.7.2-r3)

 I think I'll be able to resolve most stuff myself but this one is
 tricking me.  I don't want to mess around unmerging python or
 portage.

 - Grant


 You could do:

 emerge =dev-lang/python-2.6.7-r2

 You should disable threads if it doesn't work (there is something
 related to it in the portage ebuild). After that, switch to python 2.6
  via eselect and try to update portage.
 If I read the ebuilds correctly, that should work.

I get:

# emerge -av1 =dev-lang/python-2.6.7-r2
[snip]
[ebuild  NS   ] dev-lang/python-2.6.7-r2 [2.5.2-r7] USE=gdbm ncurses
readline ssl threads (wide-unicode) xml -berkdb -build -doc -examples
-ipv6 -sqlite -tk -wininst 10,840 kB
[blocks B ] =dev-lang/python-2.6.6:2.6
(=dev-lang/python-2.6.6:2.6 is blocking sys-apps/portage-2.1.6.13)
[blocks B ] sys-apps/portage-2.1.9 (sys-apps/portage-2.1.9 is
blocking dev-lang/python-2.6.7-r2)

Total: 6 packages (5 new, 1 in new slot), Size of downloads: 11,588 kB
Conflict: 2 blocks (2 unsatisfied)

 * Error: The above package list contains packages which cannot be
 * installed at the same time on the same system.

  ('ebuild', '/', 'dev-lang/python-2.6.7-r2', 'merge') pulled in by
=dev-lang/python-2.6.7-r2

 Another possibility would be to install a 3.x version of python and
 switch portage to that (via the python3 useflag).

I get:

# emerge -av1 =dev-lang/python-3.1.4-r3
[snip]
!!! All ebuilds that could satisfy =dev-lang/python-3.1.4-r3 have been masked.
!!! One of the following masked packages is required to complete your request:
- dev-lang/python-3.1.4-r3 (masked by: EAPI 3)

The current version of portage supports EAPI '2'. You must upgrade to a
newer version of portage before EAPI masked packages can be installed.

- Grant

Re: [gentoo-user] Resurrecting a Gentoo install

[Philip Webb]

120120 Neil Bothwick wrote:
 On Fri, 20 Jan 2012 14:37:06 -0800, Grant wrote:
 I have an old Gentoo system that hasn't been updated or used at all
 in at least 2 years.  It's remote but I have SSH access.
 Take small steps. emerge -pv @system first
 and be prepared to emerge packages a few at a time.

That's always the best way to update a Gentoo system.
I've never done a simple 'emerge -??? world'  hoped for the best
 have never run off the rails since first installing Gentoo 2003.
'emerge -Dup world' lists all the pkgs Portage wants to update
 shows the order in which it plans to tackle them :
you can use that to do a few pkgs at a time  as you do them,
check the output, warnings etc.

-- 
,,
SUPPORT ___//___,   Philip Webb
ELECTRIC   /] [] [] [] [] []|   Cities Centre, University of Toronto
TRANSIT`-O--O---'   purslowatchassdotutorontodotca

Re: [gentoo-user] Strange outbound requests

[Mick]

On Friday 20 Jan 2012 23:34:12 Grant wrote:
   My firewall is blocking periodic outbound connections to port 3680
   on a Rackspace IP.  How can I find out more about what's going on?
Maybe which program is generating the connection requests?
   
   Uh, a packet sniffer?
   
   I have an old laptop here that I have a second (cardbus) network
   card in. Really cheap and cheerful - the sort of thing you can pick
   up on freecycle. It's been a while since I've done anything like
   this, but you should be able to stick a box like that between the
   router and the rest of your network, run Wireshark and filter on
   that port. If the connection is encrypted then at least you'll see
   the originating IP.
  
  I've actually got the originating local IP from the shorewall log.
  I'm just trying to figure out which program and maybe which user on
  that system is generating the outbound requests to port 3680.  Is
  there any way to get more info without setting up a new box?
  
   I don't think it's relevant that the IP belongs to Rackspace - don't
   they just hire (virtual) servers to anyone that wants one?
  
  Yeah I just meant the request could be going to anyone.
  
  - Grant
  
  Are you running NPDS in your LAN and is it configured to access any
  sites on rackspace?
  --
  Regards,
  Mick
  
  I am not running NPDS.  I looked it up when I was researching port
  3680 and read about it for the first time.  I know which machine is
  making the requests.  Any way to drill down further?
  
  If the machine is running linux, then 'watch lsof -n|grep TCP|grep
  3680' as root is a sloppy but effective way to find it. There's
  probably some way to set up a firewall rule on the host in question
  that logs out the user and (possibly) PID of the connection, but I
  don't know.
 
 All of my systems run Gentoo. :)  Where does watch come from?
 
 - Grant

ps axf and look at the tree that contains the PID of what lsof | grep 3680 
showed.
-- 
Regards,
Mick


signature.asc
Description: This is a digitally signed message part.

Re: [gentoo-user] Resurrecting a Gentoo install

[Grant]

 OK, so the install is old and portage has dependencies, right?

 emerge -pvDuN portage

 will get you closer. However this is probably best covered using
 Neil's suggestion of

 emerge -pvDuN @system

I can't even get started:

# emerge -avDuN system
[snip]
!!! All ebuilds that could satisfy =sys-auth/pambase-20081028 have
been masked.
!!! One of the following masked packages is required to complete your request:
- sys-auth/pambase-20101024-r1 (masked by: EAPI 4)
- sys-auth/pambase-20101024 (masked by: EAPI 3)

The current version of portage supports EAPI '2'. You must upgrade to a
newer version of portage before EAPI masked packages can be installed.

- Grant

Re: [gentoo-user] Resurrecting a Gentoo install

[Mick]

On Friday 20 Jan 2012 23:53:32 Philip Webb wrote:
 120120 Neil Bothwick wrote:
  On Fri, 20 Jan 2012 14:37:06 -0800, Grant wrote:
  I have an old Gentoo system that hasn't been updated or used at all
  in at least 2 years.  It's remote but I have SSH access.
  
  Take small steps. emerge -pv @system first
  and be prepared to emerge packages a few at a time.
 
 That's always the best way to update a Gentoo system.
 I've never done a simple 'emerge -??? world'  hoped for the best
  have never run off the rails since first installing Gentoo 2003.
 'emerge -Dup world' lists all the pkgs Portage wants to update
  shows the order in which it plans to tackle them :
 you can use that to do a few pkgs at a time  as you do them,
 check the output, warnings etc.

Only to add use -1 instead of -u if you do not want these packages in your 
world file.
-- 
Regards,
Mick


signature.asc
Description: This is a digitally signed message part.

Re: [gentoo-user] Resurrecting a Gentoo install

[Michael Orlitzky]

On 01/20/12 18:58, Grant wrote:
 OK, so the install is old and portage has dependencies, right?

 emerge -pvDuN portage

 will get you closer. However this is probably best covered using
 Neil's suggestion of

 emerge -pvDuN @system
 
 I can't even get started:
 

Do you have some idea of what config files are important on the machine?
You can always extract a stage3 at the root. That basically installs the
latest @system for you, with the massive caveat that you won't have
CONFIG_PROTECTion.

Re: [gentoo-user] Strange outbound requests

[Grant]

 If the machine is running linux, then 'watch lsof -n|grep TCP|grep
 3680' as root is a sloppy but effective way to find it. There's
 probably some way to set up a firewall rule on the host in question
 that logs out the user and (possibly) PID of the connection, but I
 don't know.

 lsof -i is easier, it only shows network connections :)

 catching it when it happens (if it is very briefly connected) could be
 hard with lsof... Maybe setup a tarpit firewall rule on that box so
 the connection stays open for a long time.

The connections are only attempted a few times throughout the day.  Is
a tarpit firewall rule the only way to do this?  Can anyone tell me
what package 'watch' belongs to if that would work?

- Grant

Re: [gentoo-user] Resurrecting a Gentoo install

[Hinnerk van Bruinehsen]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 21.01.2012 00:52, Grant wrote:
 Weird, it looks like portage didn't update to the latest
 version. emerging it again seems to want to update it again.  I
 get this:
 
 # emerge -pv portage [snip] [ebuild  NS   ] 
 dev-lang/python-2.7.2-r3 [2.5.2-r7] USE=gdbm ncurses readline
 ssl threads (wide-unicode) xml -berkdb -build -doc -examples
 -ipv6 -sqlite -tk -wininst 11,494 kB [ebuild U ] 
 sys-apps/portage-2.1.10.41 [2.1.6.13] USE=(ipc%*) -build -doc 
 -epydoc -python2% -python3% (-selinux) (-less%*) LINGUAS=-pl
 899 kB [blocks B ] dev-lang/python:2.7
 (dev-lang/python:2.7 is blocking sys-apps/portage-2.1.6.13)
 [blocks B ] sys-apps/portage-2.1.9
 (sys-apps/portage-2.1.9 is blocking 
 dev-lang/python-2.7.2-r3)
 
 I think I'll be able to resolve most stuff myself but this one
 is tricking me.  I don't want to mess around unmerging python
 or portage.
 
 - Grant
 
 
 You could do:
 
 emerge =dev-lang/python-2.6.7-r2
 
 You should disable threads if it doesn't work (there is
 something related to it in the portage ebuild). After that,
 switch to python 2.6 via eselect and try to update portage. If I
 read the ebuilds correctly, that should work.
 
 I get:
 
 # emerge -av1 =dev-lang/python-2.6.7-r2 [snip] [ebuild  NS   ]
 dev-lang/python-2.6.7-r2 [2.5.2-r7] USE=gdbm ncurses readline ssl
 threads (wide-unicode) xml -berkdb -build -doc -examples -ipv6
 -sqlite -tk -wininst 10,840 kB [blocks B ]
 =dev-lang/python-2.6.6:2.6 (=dev-lang/python-2.6.6:2.6 is
 blocking sys-apps/portage-2.1.6.13) [blocks B ]
 sys-apps/portage-2.1.9 (sys-apps/portage-2.1.9 is blocking
 dev-lang/python-2.6.7-r2)
 
 Total: 6 packages (5 new, 1 in new slot), Size of downloads: 11,588
 kB Conflict: 2 blocks (2 unsatisfied)
 
 * Error: The above package list contains packages which cannot be *
 installed at the same time on the same system.
 
 ('ebuild', '/', 'dev-lang/python-2.6.7-r2', 'merge') pulled in by 
 =dev-lang/python-2.6.7-r2
 
 Another possibility would be to install a 3.x version of python
 and switch portage to that (via the python3 useflag).
 
 I get:
 
 # emerge -av1 =dev-lang/python-3.1.4-r3 [snip] !!! All ebuilds that
 could satisfy =dev-lang/python-3.1.4-r3 have been masked. !!! One
 of the following masked packages is required to complete your
 request: - dev-lang/python-3.1.4-r3 (masked by: EAPI 3)
 
 The current version of portage supports EAPI '2'. You must upgrade
 to a newer version of portage before EAPI masked packages can be
 installed.
 
 - Grant
 
Could you try:

emerge =python-2.6.6-r2 -v1


-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.18 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJPGgRQAAoJEJwwOFaNFkYcz2sIAMsA6Eww2zCgRKCH1ptGxnfU
q7BYe8zvpvNYe2ejedFZH1U9X42mxTFTB3qsZ8ZILClLTu7gLaXbygTJhVeFmBU+
UPXrWtAM6mQSGgdjjavLGHGj0uTr7feNHO9K8t4qYeE1ZFMFznwQPbKKlHK0/Mn5
0Fp+M6pwCR7I5kr3Fv6LsGlBtKz7iuq/a9sCUd460OMTdZOw/ie4TOlcMuM/Td95
s/kIHjT19yprGSZiWzlAW9WJcP2hmHnHLw2gHVoYRqo0eFKYoOAMgfPYz12EV3uJ
a1rSWD2yTMjfUX8lKw0edREbERpyImHDH4HZuVE6Va/9ZBdMPNDUxD/SWCwugdQ=
=AVYG
-END PGP SIGNATURE-

Re: [gentoo-user] Resurrecting a Gentoo install

[Grant]

 You could do:

 emerge =dev-lang/python-2.6.7-r2

 You should disable threads if it doesn't work (there is
 something related to it in the portage ebuild). After that,
 switch to python 2.6 via eselect and try to update portage. If I
 read the ebuilds correctly, that should work.

 I get:

 # emerge -av1 =dev-lang/python-2.6.7-r2 [snip] [ebuild  NS   ]
 dev-lang/python-2.6.7-r2 [2.5.2-r7] USE=gdbm ncurses readline ssl
 threads (wide-unicode) xml -berkdb -build -doc -examples -ipv6
 -sqlite -tk -wininst 10,840 kB [blocks B     ]
 =dev-lang/python-2.6.6:2.6 (=dev-lang/python-2.6.6:2.6 is
 blocking sys-apps/portage-2.1.6.13) [blocks B     ]
 sys-apps/portage-2.1.9 (sys-apps/portage-2.1.9 is blocking
 dev-lang/python-2.6.7-r2)

 Total: 6 packages (5 new, 1 in new slot), Size of downloads: 11,588
 kB Conflict: 2 blocks (2 unsatisfied)

 * Error: The above package list contains packages which cannot be *
 installed at the same time on the same system.

 ('ebuild', '/', 'dev-lang/python-2.6.7-r2', 'merge') pulled in by
 =dev-lang/python-2.6.7-r2

 Another possibility would be to install a 3.x version of python
 and switch portage to that (via the python3 useflag).

 I get:

 # emerge -av1 =dev-lang/python-3.1.4-r3 [snip] !!! All ebuilds that
 could satisfy =dev-lang/python-3.1.4-r3 have been masked. !!! One
 of the following masked packages is required to complete your
 request: - dev-lang/python-3.1.4-r3 (masked by: EAPI 3)

 The current version of portage supports EAPI '2'. You must upgrade
 to a newer version of portage before EAPI masked packages can be
 installed.

 - Grant

 Could you try:

 emerge =python-2.6.6-r2 -v1

I get the same thing unfortunately.

- Grant

Re: [gentoo-user] Strange outbound requests

[Hinnerk van Bruinehsen]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 21.01.2012 01:12, Grant wrote:
 If the machine is running linux, then 'watch lsof -n|grep
 TCP|grep 3680' as root is a sloppy but effective way to find
 it. There's probably some way to set up a firewall rule on the
 host in question that logs out the user and (possibly) PID of
 the connection, but I don't know.
 
 lsof -i is easier, it only shows network connections :)
 
 catching it when it happens (if it is very briefly connected)
 could be hard with lsof... Maybe setup a tarpit firewall rule on
 that box so the connection stays open for a long time.
 
 The connections are only attempted a few times throughout the day.
 Is a tarpit firewall rule the only way to do this?  Can anyone tell
 me what package 'watch' belongs to if that would work?
 
 - Grant
 
I get:

equery b watch
 * Searching for watch ...
net-irc/irssi-0.8.15-r1 (/usr/share/irssi/help/watch)
sys-process/procps-3.2.8_p11 (/usr/bin/watch)
x11-themes/gnome-themes-standard-3.3.4
(/usr/share/cursors/xorg-x11/Adwaita/cursors/watch)

First and third can be ruled out, I think. So one candidate remains:

sys-process/procps
 Available versions:  3.2.8 (~)3.2.8-r1 3.2.8-r2 (~)3.2.8_p10-r1
3.2.8_p11 {unicode}
 Installed versions:  3.2.8_p11(00:15:18 22.12.2011)(unicode)
 Homepage:http://procps.sourceforge.net/
 Description: Standard informational utilities and
process-handling tools
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.18 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJPGghBAAoJEJwwOFaNFkYc22gH/1hx7MQb/exllk3GhkQSQes/
P6XFg/8dJy3Kag0FReAN/xN6or9SHPHXgUiVUsN+XIYV6Vt94Gbm/ZUHfwkzckJG
DP3/z+pQ0E0+xle32Gabo5Hpt47chgzsThdyghVkWVefMqQdkJwJPGwHcQ3yCzC5
LIXgZzmKoPUx5I9BaFnl/KkxRGbtTDYieWdpaxkOPjHiMZ+8wDPO6XDfhSggJPdR
4hMFik2B/04s7OTlqA9Qfvk1PZszSPnFN5t4Ick1PHwi/ZesobJGR5eeBlUfq5av
Y9STFvDojCAo3Mjf2IiXWCP8j8Fs9e7ToXvwmhn55t4XjS0v9Y+qhq8B3IsSl7o=
=gaPQ
-END PGP SIGNATURE-

Re: [gentoo-user] Strange outbound requests

[Michael Orlitzky]

On 01/20/2012 07:12 PM, Grant wrote:

If the machine is running linux, then 'watch lsof -n|grep TCP|grep
3680' as root is a sloppy but effective way to find it. There's
probably some way to set up a firewall rule on the host in question
that logs out the user and (possibly) PID of the connection, but I
don't know.


lsof -i is easier, it only shows network connections :)

catching it when it happens (if it is very briefly connected) could be
hard with lsof... Maybe setup a tarpit firewall rule on that box so
the connection stays open for a long time.


The connections are only attempted a few times throughout the day.  Is
a tarpit firewall rule the only way to do this?  Can anyone tell me
what package 'watch' belongs to if that would work?



`watch` isn't going to help too much unless you're looking at it. Append 
the output to some log file instead. I chose netstat because its output 
looked easier to parse with a stupid regexp.


  while true; do
netstat -antp | grep ':993 '  mystery.log;
sleep 1;
  done;

You'll want to change the port -- I tested to make sure that was really 
logging my Thunderbird connections.

Re: [gentoo-user] Re: For those who complain

[Érico Porto]

Gentoo is a rainbow with no end and no pot of gold.

I will write that one down..

In the mean while, if you just want something that you install quickly on a
small system it is really good - assuming you will update your system only
6 to 6 months ...

Érico V. Porto


On Fri, Jan 20, 2012 at 7:31 PM, Dale rdalek1...@gmail.com wrote:

 Nikos Chantziaras wrote:
  On 01/20/2012 10:51 PM, Dale wrote:
  Albert W. Hopkins wrote:
  [...]
 
  And sometimes those people are finding problems.
 
  Please don't feed the troll.
 
 
 


 Since it was fixed, I took his food bowl away.

 Dale

 :-)  :-)

 --
 I am only responsible for what I said ... Not for what you understood or
 how you interpreted my words!

 Miss the compile output?  Hint:
 EMERGE_DEFAULT_OPTS=--quiet-build=n

Re: [gentoo-user] Strange outbound requests

[Grant]

 If the machine is running linux, then 'watch lsof -n|grep TCP|grep
 3680' as root is a sloppy but effective way to find it. There's
 probably some way to set up a firewall rule on the host in question
 that logs out the user and (possibly) PID of the connection, but I
 don't know.


 lsof -i is easier, it only shows network connections :)

 catching it when it happens (if it is very briefly connected) could be
 hard with lsof... Maybe setup a tarpit firewall rule on that box so
 the connection stays open for a long time.


 The connections are only attempted a few times throughout the day.  Is
 a tarpit firewall rule the only way to do this?  Can anyone tell me
 what package 'watch' belongs to if that would work?


 `watch` isn't going to help too much unless you're looking at it. Append the
 output to some log file instead. I chose netstat because its output looked
 easier to parse with a stupid regexp.

  while true; do
    netstat -antp | grep ':993 '  mystery.log;
    sleep 1;
  done;

 You'll want to change the port -- I tested to make sure that was really
 logging my Thunderbird connections.

Thanks a lot.  Test, working, will watch the log and report back.

- Grant

Re: [gentoo-user] Strange outbound requests

[Michael Mol]

On Fri, Jan 20, 2012 at 6:34 PM, Grant emailgr...@gmail.com wrote:
  My firewall is blocking periodic outbound connections to port 3680 on
  a Rackspace IP.  How can I find out more about what's going on?  Maybe
  which program is generating the connection requests?
 
  Uh, a packet sniffer?
 
  I have an old laptop here that I have a second (cardbus) network card 
  in.
  Really cheap and cheerful - the sort of thing you can pick up on
  freecycle. It's been a while since I've done anything like this, but you
  should be able to stick a box like that between the router and the rest
  of your network, run Wireshark and filter on that port. If the
  connection is encrypted then at least you'll see the originating IP.

 I've actually got the originating local IP from the shorewall log.
 I'm just trying to figure out which program and maybe which user on
 that system is generating the outbound requests to port 3680.  Is
 there any way to get more info without setting up a new box?

  I don't think it's relevant that the IP belongs to Rackspace - don't 
  they
  just hire (virtual) servers to anyone that wants one?

 Yeah I just meant the request could be going to anyone.

 - Grant

 Are you running NPDS in your LAN and is it configured to access any sites 
 on
 rackspace?
 --
 Regards,
 Mick

 I am not running NPDS.  I looked it up when I was researching port
 3680 and read about it for the first time.  I know which machine is
 making the requests.  Any way to drill down further?

 If the machine is running linux, then 'watch lsof -n|grep TCP|grep
 3680' as root is a sloppy but effective way to find it. There's
 probably some way to set up a firewall rule on the host in question
 that logs out the user and (possibly) PID of the connection, but I
 don't know.

 All of my systems run Gentoo. :)  Where does watch come from?

shortcircuit@saffron ~ $ equery b `which watch`
/usr/lib64/portage/pym/portage/package/ebuild/config.py:353:
UserWarning: 'cache.metadata_overlay.database' is deprecated:
/etc/portage/modules
  (user_auxdbmodule, modules_file))
 * Searching for /usr/bin/watch ...
sys-process/procps-3.2.8_p11 (/usr/bin/watch)
shortcircuit@saffron ~ $

Incidentally, does anyone know why all my portage-related executions
get that 'cache.metadata_overlay.database' warning? I've been seeing
it for weeks, even on fresh installs. I would have assumed a bug like
that would have been fixed by now.


-- 
:wq

Re: [gentoo-user] Strange outbound requests

[Hinnerk van Bruinehsen]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 21.01.2012 02:39, Michael Mol wrote:
 On Fri, Jan 20, 2012 at 6:34 PM, Grant emailgr...@gmail.com
 wrote:
 My firewall is blocking periodic outbound connections
 to port 3680 on a Rackspace IP.  How can I find out
 more about what's going on?  Maybe which program is
 generating the connection requests?
 
 Uh, a packet sniffer?
 
 I have an old laptop here that I have a second
 (cardbus) network card in. Really cheap and cheerful -
 the sort of thing you can pick up on freecycle. It's
 been a while since I've done anything like this, but
 you should be able to stick a box like that between the
 router and the rest of your network, run Wireshark and
 filter on that port. If the connection is encrypted
 then at least you'll see the originating IP.
 
 I've actually got the originating local IP from the
 shorewall log. I'm just trying to figure out which
 program and maybe which user on that system is generating
 the outbound requests to port 3680.  Is there any way to
 get more info without setting up a new box?
 
 I don't think it's relevant that the IP belongs to
 Rackspace - don't they just hire (virtual) servers to
 anyone that wants one?
 
 Yeah I just meant the request could be going to
 anyone.
 
 - Grant
 
 Are you running NPDS in your LAN and is it configured to
 access any sites on rackspace? -- Regards, Mick
 
 I am not running NPDS.  I looked it up when I was researching
 port 3680 and read about it for the first time.  I know which
 machine is making the requests.  Any way to drill down
 further?
 
 If the machine is running linux, then 'watch lsof -n|grep
 TCP|grep 3680' as root is a sloppy but effective way to find
 it. There's probably some way to set up a firewall rule on the
 host in question that logs out the user and (possibly) PID of
 the connection, but I don't know.
 
 All of my systems run Gentoo. :)  Where does watch come from?
 
 shortcircuit@saffron ~ $ equery b `which watch` 
 /usr/lib64/portage/pym/portage/package/ebuild/config.py:353: 
 UserWarning: 'cache.metadata_overlay.database' is deprecated: 
 /etc/portage/modules (user_auxdbmodule, modules_file)) * Searching
 for /usr/bin/watch ... sys-process/procps-3.2.8_p11
 (/usr/bin/watch) shortcircuit@saffron ~ $
 
 Incidentally, does anyone know why all my portage-related
 executions get that 'cache.metadata_overlay.database' warning? I've
 been seeing it for weeks, even on fresh installs. I would have
 assumed a bug like that would have been fixed by now.
 
 

You get the warning, because you hat a directory /etc/portage/modules
- - simply remove it (or move it, if you are afraid to break something).
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.18 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJPGhmmAAoJEJwwOFaNFkYcBFQIAJlWjVqACiqCSxwNnigFvXfa
olRedLttuzZUGcJKsx59gptBeaRxSc/kQ7oEai6QSmFzY7nq5bsz3QMtJEB5QJpo
rOwD844f6pKRKv4GWjCg++1W6LJJcbMs4s0TARLM1+o+uaTC8Lgb/tjdJCov6cWF
Hhl/KxRpdy/mCL/QB7/kOQRL/lDryy23xoxCln8S60xzD8pWQ/HsPdMNKg2LDpOL
RxKyywJQ/y35OTJU60w6vgkPhJnhQQ4WgzrruvsNCSS60t1Mr51XXdmj5ATEChCw
qaxml/3x1eHc4L2j5GekjED0PL2fROOTYujoDlpuTHGTUy5tHNvww+/2upqLf9U=
=t8zl
-END PGP SIGNATURE-

Re: [gentoo-user] Resurrecting a Gentoo install

[Neil Bothwick]

On Fri, 20 Jan 2012 15:58:36 -0800, Grant wrote:

 # emerge -avDuN system
 [snip]
 !!! All ebuilds that could satisfy =sys-auth/pambase-20081028 have
 been masked.
 !!! One of the following masked packages is required to complete your
 request:
 - sys-auth/pambase-20101024-r1 (masked by: EAPI 4)
 - sys-auth/pambase-20101024 (masked by: EAPI 3)

USE=-pam emerge @system will avoid that particular block, although it
may only get you as far as the next one.


-- 
Neil Bothwick

C:\BELFRY is where I keep my .BAT files ^^^oo^^^


signature.asc
Description: PGP signature

Re: [gentoo-user] Resurrecting a Gentoo install

[Grant]

 # emerge -avDuN system
 [snip]
 !!! All ebuilds that could satisfy =sys-auth/pambase-20081028 have
 been masked.
 !!! One of the following masked packages is required to complete your
 request:
 - sys-auth/pambase-20101024-r1 (masked by: EAPI 4)
 - sys-auth/pambase-20101024 (masked by: EAPI 3)

 USE=-pam emerge @system will avoid that particular block, although it
 may only get you as far as the next one.

I seem to get an error like this from whatever I try to emerge.  Is
untarring a stage3 my only option?

- Grant

Re: [gentoo-user] Resurrecting a Gentoo install

[Michael Orlitzky]

On 01/20/2012 09:42 PM, Grant wrote:

# emerge -avDuN system
[snip]
!!! All ebuilds that could satisfy =sys-auth/pambase-20081028 have
been masked.
!!! One of the following masked packages is required to complete your
request:
- sys-auth/pambase-20101024-r1 (masked by: EAPI 4)
- sys-auth/pambase-20101024 (masked by: EAPI 3)


USE=-pam emerge @system will avoid that particular block, although it
may only get you as far as the next one.


I seem to get an error like this from whatever I try to emerge.  Is
untarring a stage3 my only option?

- Grant



You don't have to do the entire stage3 at once,

  http://tinderbox.dev.gentoo.org/

has precompiled packages for the major arches and profiles. You could 
try to replace just pambase, pam, python, etc. -- whatever's giving you 
trouble.


This was not my first recommendation because I've managed to break e.g. 
`tar` and `cp` before in the attempt at which point you have two rescues 
to attempt.

Re: [gentoo-user] Good 'layman' tutorial on IPv4 IPv6?

[Walter Dnes]

On Fri, Jan 20, 2012 at 10:45:08AM -0600, Chris Frederick wrote

 If you still want private addresses, IPv6 has unique local addresses
 (fc00::/7 range, http://www.sixxs.net/tools/grh/ula/ has a reg form to
 help assign a /48 to you).

  If it's a unique ***LOCAL*** address, then why is it a problem if
multiple places on the planet use it???  Doesn't sound very local to
me.

  Probably the easiest conversion for most people would be to do what
was done with TV sets...

* When analogue UHF stations first came out, you could get a translator
  box that had a tuner which translated UHF channels to channel 3 or 4
  on your old VHF-only TV set

* When non-encrypted analogue midband channels came out on cable TV, you
  could get a translator box that mapped cable midband channels to UHF

* When ATSC (digital) broadcast TV came out, you could get a translator
  box that converted ATSC signals to NTSC, and fed them to your old
  non-digital TV set.

  Too bad that NAT-PT has been deprecated.  It could've been the
transition answer.

  Don't get me wrong.  I agree that eventually we'll have to transition
to IPV6.  I held off going 64-bit on Gentoo, until I got a machine with
more than 3 gigs of RAM.  Similarly, one of these days, I'll eventually
do an IPV6 install.  What I did not appreciate was the day when the
ipv6 USE flag was added as a default.  I found out about it when
Firefox started taking a minute or so to find sites, i.e. timing out on
the IPV6 lookup before failing over to IPV4.  Since that day, I start my
USE flags with -* in /etc/make.conf to avoid similar surprises.

-- 
Walter Dnes waltd...@waltdnes.org

[gentoo-user] System shuts off on boot-up

[BRM]

I am working on trying to get my AMD64 system back online. I recently rebuilt 
it (from scratch) after a very bad case of being out of date and build issues 
as a result (for numerous reasons). However, after I started trying to get X 
configured (Xorg) with the nouveau driver (I think I ran the proprietary nVidia 
driver before) it is now shutting off during boot-up.

As the system starts to boot-up, it switches like it is going to start X - 
changing a video mode somehow. I don't have xdm in the runlevels yet, so it 
can't be starting XDM at all.This seems to happen right after udevd is started, 
while it waiting on the udev events. The system then just shuts off (power 
remain on - fans are still on, but monitors are off,  and nothing responds, 
etc.) , and it never completes boot-up.

Note: Xorg won't load yet as I am still figuring out the drivers.

I'm out of my mind in trying to figure out what is wrong with the system.

Ben

Re: [gentoo-user] Resurrecting a Gentoo install

[Grant]

 # emerge -avDuN system
 [snip]
 !!! All ebuilds that could satisfy =sys-auth/pambase-20081028 have
 been masked.
 !!! One of the following masked packages is required to complete your
 request:
 - sys-auth/pambase-20101024-r1 (masked by: EAPI 4)
 - sys-auth/pambase-20101024 (masked by: EAPI 3)


 USE=-pam emerge @system will avoid that particular block, although it
 may only get you as far as the next one.


 I seem to get an error like this from whatever I try to emerge.  Is
 untarring a stage3 my only option?

 - Grant


 You don't have to do the entire stage3 at once,

  http://tinderbox.dev.gentoo.org/

 has precompiled packages for the major arches and profiles. You could try to
 replace just pambase, pam, python, etc. -- whatever's giving you trouble.

 This was not my first recommendation because I've managed to break e.g.
 `tar` and `cp` before in the attempt at which point you have two rescues to
 attempt.

The errors I'm getting seem to be complaining about emerging ebuilds
with a higher EAPI number than my portage has.  Should I just install
the latest portage binary package?  If so, how should I do that?

- Grant

Re: [gentoo-user] Resurrecting a Gentoo install

[Dale]

Grant wrote:
 # emerge -avDuN system
 [snip]
 !!! All ebuilds that could satisfy =sys-auth/pambase-20081028 have
 been masked.
 !!! One of the following masked packages is required to complete your
 request:
 - sys-auth/pambase-20101024-r1 (masked by: EAPI 4)
 - sys-auth/pambase-20101024 (masked by: EAPI 3)


 USE=-pam emerge @system will avoid that particular block, although it
 may only get you as far as the next one.


 I seem to get an error like this from whatever I try to emerge.  Is
 untarring a stage3 my only option?

 - Grant


 You don't have to do the entire stage3 at once,

  http://tinderbox.dev.gentoo.org/

 has precompiled packages for the major arches and profiles. You could try to
 replace just pambase, pam, python, etc. -- whatever's giving you trouble.

 This was not my first recommendation because I've managed to break e.g.
 `tar` and `cp` before in the attempt at which point you have two rescues to
 attempt.
 
 The errors I'm getting seem to be complaining about emerging ebuilds
 with a higher EAPI number than my portage has.  Should I just install
 the latest portage binary package?  If so, how should I do that?
 
 - Grant
 
 


Only because I had to do this once myself.

http://www.gentoo.org/proj/en/portage/doc/manually-fixing-portage.xml

Hope that helps.

Dale

:-)  :-)

-- 
I am only responsible for what I said ... Not for what you understood or
how you interpreted my words!

Miss the compile output?  Hint:
EMERGE_DEFAULT_OPTS=--quiet-build=n