Re: [gentoo-user] meld ERROR - ImportError: This platform lacks a functioning sem_open
On Sat, 28 Dec 2013 23:44:49 -0700 Joseph syscon...@gmail.com wrote: I've solved the problem by installing meld-1.6.0 from attic, 1.7.0 and 1.8.2 don't work. I've tried python2.7 and 3.2 make no difference. I am wondering if the issue your system is having is related to one of the following: - 2012-11-06-PYTHON_TARGETS-deployment Title PYTHON_TARGETS deployment AuthorMichał Górny mgo...@gentoo.org Posted2012-11-06 Revision 1 Recently, a few new Python eclasses have been deployed. As ebuilds migrate, the way they support multiple Python implementations will change. The previous method built Python modules for Python implementations selected through `eselect python'. The new method uses the PYTHON_TARGETS USE flags to explicitly name the implementations the modules shall be built for. If you are running a modern system with only Python 2.7 3.2 installed, then you don't have to do anything. The defaults will simply fit you, and let you keep your system up-to-date when new Python versions are deployed. However, if you'd like to use another set of Python implementations, you will need to set PYTHON_TARGETS in your make.conf file appropriately. This variable names the enabled implementations in the standard way common to all USE_EXPAND variables. For example, a setup enabling all major Python implementations would look like: PYTHON_TARGETS=python2_7 python3_2 pypy1_9 jython2_5 The variable should list all Python implementations which are going to be used on the system; missing a particular value there will result in missing Python modules. A complete list of all possible values can be obtained using a command equivalent to the following: emerge -1pv dev-python/python-exec For more details, please see the python-r1 User's Guide [1]. [1] http://www.gentoo.org/proj/en/Python/python-r1/user-guide.xml -- 2013-11-07-python-exec-package-move Title python-exec package move AuthorMichał Górny mgo...@gentoo.org Posted2013-11-07 Revision 1 Due to the recent issues which caused dev-python/python-exec:0 to be removed prematurely [1], we had to perform an urgent package move. Since we could not use the automatic updates support in portage, users will notice two python-exec packages and possibly blockers. Currently, dev-lang/python-exec is the real package that contains python-exec and that will be used in the future. dev-python/python-exec is a virtual package that is kept for compatibility with dependencies in already-installed packages. In the most favorable scenario, the package will be upgraded correctly on your next world update if you use the '--deep' (-D) and '--update' (-u) options. If you don't want to perform a complete world update or if it fails for you, you may as well manually upgrade dev-python/python-exec: emerge -1 dev-python/python-exec This will cause portage to update both python-exec packages and resolve the blockers properly. Please note that if you have applied any kind of package-specific modifications to dev-python/python-exec (such as applying keywords through 'package.accept_keywords'), you will need to copy them to dev-lang/python-exec as well. If you have applied keywords to dev-python/python-exec in order to unmask Python 3.3 on a stable system, please consider removing the keywords and reading our wiki page that explains how to properly unmask USE flags [2]. We apologize for all the inconveniences. If you have any more issues with python-exec, please do not hesitate to contact as at #gentoo-python IRC channel (@freenode) or the gentoo-pyt...@lists.gentoo.org mailing list. [1]:https://bugs.gentoo.org/show_bug.cgi?id=489440 [2]:https://wiki.gentoo.org/wiki/Unmasking_non-stable_Python_implementations
Re: [gentoo-user] why media-libs are needed for an email client.
On Sunday 29 Dec 2013 01:38:57 Edward M wrote: So maybe KDE is pulling in something. I guess I will continue using claws-mail,since i only send text emails. Thanks for new options i was not aware. I'm guessing that KDE uses phonon to play sound notifications, e.g. when you get a new message in your kmail Inbox, which requires gstreamer and friends. Kmail does not play anything inside messages. When you click on an attachment it will ask you to save it or open it with the default application, depending on the mime type of the attachment. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] Chmod Failed
Silvio Siefke siefke_lis...@web.de wrote: Hello, self when i use package come the mistake. Emerging binary (1 of 1) sys-apps/dbus-1.6.12 * dbus-1.6.12.tbz2 MD5 SHA1 size ;-) ... [ ok ] Extracting info * Checking for suitable kernel configuration options... [ ok ] Extracting sys-apps/dbus-1.6.12 tar: ./usr/libexec/dbus-daemon-launch-helper: Cannot change mode to rwsr-x---: Permission denied tar: Exiting with failure status due to previous errors tar failed with status 2 !!! Error Extracting '/usr/portage/packages/sys-apps/dbus-1.6.12.tbz2' Failed to emerge sys-apps/dbus-1.6.12, Log file: '/var/tmp/portage/sys-apps/dbus-1.6.12/temp/build.log' I not understand why. Is it the kernel? But i compile same kernel i have on my Netbook installed. Same Option and same patches. On Laptop goes in chroot want not goes? I understand it not. Silvio Had a similar issue not too long ago. It was down to a block error on the hard drive. After a full check and repair, it worked well. Regards Oliver
Re: [gentoo-user] why media-libs are needed for an email client.
On Sun, 29 Dec 2013 11:08:03 + Mick michaelkintz...@gmail.com wrote: On Sunday 29 Dec 2013 01:38:57 Edward M wrote: So maybe KDE is pulling in something. I guess I will continue using claws-mail,since i only send text emails. Thanks for new options i was not aware. I'm guessing that KDE uses phonon to play sound notifications, e.g. when you get a new message in your kmail Inbox, which requires gstreamer and friends. Since I only use lxde as my DE and I don't have anything from KDE installed, I was getting little confuse,as to why those media-libs were needed, but now with these two replies I received. it is making more sense. So basically kmail needs media-libs that KDE uses so it can play sound notifications, even though i'm using another DE instead of KDE? Kmail does not play anything inside messages. When you click on an attachment it will ask you to save it or open it with the default application, depending on the mime type of the attachment. Now i know, thanks.
Re: [gentoo-user] meld ERROR - ImportError: This platform lacks a functioning sem_open
Hi, A few days ago there was a similar issue discussed in http://www.gossamer-threads.com/lists/gentoo/user/281003 In the last answer James proposed a solution that seemingly resolved that issue. Wkr Hinnerk Joseph syscon...@gmail.com wrote: I just upgraded my system and meld as well. I'm using cfg-update -u to compare files that did change utilizing meld When I try to compare two file as root using meld I get: meld /etc/ddclient/ddclient.conf /etc/ddclient/._cfg_ddclient.conf Traceback (most recent call last): File /usr/bin/meld, line 173, in module main() File /usr/bin/meld, line 165, in main new_window = app.parse_args(sys.argv[1:]) File /usr/lib64/meld/meld/meldapp.py, line 169, in parse_args tab = open_paths(args, options.auto_compare, options.auto_merge) File /usr/lib64/meld/meld/meldwindow.py, line 796, in open_paths tab = self.append_diff(paths, auto_compare, auto_merge) File /usr/lib64/meld/meld/meldwindow.py, line 746, in append_diff return self.append_filediff(paths, merge_output=merge_output) File /usr/lib64/meld/meld/meldwindow.py, line 703, in append_filediff doc = filediff.FileDiff(app.prefs, len(files)) File /usr/lib64/meld/meld/filediff.py, line 214, in __init__ self._cached_match = CachedSequenceMatcher() File /usr/lib64/meld/meld/filediff.py, line 72, in __init__ None, matchers.init_worker, maxtasksperchild=1) File /usr/lib64/python2.7/multiprocessing/__init__.py, line 232, in Pool return Pool(processes, initializer, initargs, maxtasksperchild) File /usr/lib64/python2.7/multiprocessing/pool.py, line 138, in __init__ self._setup_queues() File /usr/lib64/python2.7/multiprocessing/pool.py, line 232, in _setup_queues from .queues import SimpleQueue File /usr/lib64/python2.7/multiprocessing/queues.py, line 48, in module from multiprocessing.synchronize import Lock, BoundedSemaphore, Semaphore, Condition File /usr/lib64/python2.7/multiprocessing/synchronize.py, line 59, in module function, see issue 3770.) ImportError: This platform lacks a functioning sem_open implementation, therefore, the required synchronization primitives needed will not function, see issue 3770. -- Joseph -- Diese Nachricht wurde von meinem Android-Mobiltelefon mit K-9 Mail gesendet.
Re: [gentoo-user] Re: KDE nepomuk memory usage
James wirel...@tampabay.rr.com wrote: Alexander Puchmayr alexander.puchmayr at linznet.at writes: How many memory is reasonable for virtuoso to use? I just had a view via htop, and I was surprised to see virtuoso-t processes occupying more than 1.5 GB (!), althoug there is a maximum of 128MB defined. iotop (in portage) may help? There is another app, that I've never tried but folks rave about, memtop, but it's not in portage. A while back, I posted about Ftrace (function trace) and some non portage ebuild, that may help. iotop shows io ( AS in reads and writes to disk). The only memory related info may be swap. You could try slabtop instead, but that isn't that informative either. Maybe valgrind can hell if there really is a memory leak.
Re: [gentoo-user] meld ERROR - ImportError: This platform lacks a functioning sem_open
Hinnerk van Bruinehsen h.v.bruineh...@fu-berlin.de wrote: Hi, A few days ago there was a similar issue discussed in http://www.gossamer-threads.com/lists/gentoo/user/281003 In the last answer James proposed a solution that seemingly resolved that issue. Wkr Hinnerk Joseph syscon...@gmail.com wrote: I just upgraded my system and meld as well. I'm using cfg-update -u to compare files that did change utilizing meld When I try to compare two file as root using meld I get: meld /etc/ddclient/ddclient.conf /etc/ddclient/._cfg_ddclient.conf Traceback (most recent call last): File /usr/bin/meld, line 173, in module main() File /usr/bin/meld, line 165, in main new_window = app.parse_args(sys.argv[1:]) File /usr/lib64/meld/meld/meldapp.py, line 169, in parse_args tab = open_paths(args, options.auto_compare, options.auto_merge) File /usr/lib64/meld/meld/meldwindow.py, line 796, in open_paths tab = self.append_diff(paths, auto_compare, auto_merge) File /usr/lib64/meld/meld/meldwindow.py, line 746, in append_diff return self.append_filediff(paths, merge_output=merge_output) File /usr/lib64/meld/meld/meldwindow.py, line 703, in append_filediff doc = filediff.FileDiff(app.prefs, len(files)) File /usr/lib64/meld/meld/filediff.py, line 214, in __init__ self._cached_match = CachedSequenceMatcher() File /usr/lib64/meld/meld/filediff.py, line 72, in __init__ None, matchers.init_worker, maxtasksperchild=1) File /usr/lib64/python2.7/multiprocessing/__init__.py, line 232, in Pool return Pool(processes, initializer, initargs, maxtasksperchild) File /usr/lib64/python2.7/multiprocessing/pool.py, line 138, in __init__ self._setup_queues() File /usr/lib64/python2.7/multiprocessing/pool.py, line 232, in _setup_queues from .queues import SimpleQueue File /usr/lib64/python2.7/multiprocessing/queues.py, line 48, in module from multiprocessing.synchronize import Lock, BoundedSemaphore, Semaphore, Condition File /usr/lib64/python2.7/multiprocessing/synchronize.py, line 59, in module function, see issue 3770.) ImportError: This platform lacks a functioning sem_open implementation, therefore, the required synchronization primitives needed will not function, see issue 3770. Sorry for top-posting. The mail client on NY phone wasn't properly configured...
[gentoo-user] metasploit jumping into emerge -uDN world
Hello, every time that i try to made a emerge -uDN world, metasploit jump in the process installation. I've check and there aren't dependencies ask for him: /[root@asgard ~]$ equery d net-analyzer/metasploit// // * These packages depend on net-analyzer/metasploit:// //[root@asgard ~]$ equery d dev-ruby/metasploit_data_models// // * These packages depend on dev-ruby/metasploit_data_models:// //[root@asgard ~]$ equery d app-admin/eselect-metasploit * These packages depend on app-admin/eselect-metasploit:// / but, /[root@asgard ~]$ emerge -pvauDN world These are the packages that would be merged, in order: Calculating dependencies ... done! [ebuild R] sys-devel/gcc-4.8.2:4.8 [4.8.2:4.8.2] USE=cxx fortran gcj go graphite mudflap (multilib) multislot nls nptl objc objc++ objc-gc openmp (-altivec) -awt% -doc (-fixed-point) (-hardened) (-libssp) -nopie -nossp -regression-test -vanilla (-gtk%*) (-lto%) 0 kB [ebuild N ] net-analyzer/metasploit-4.8.2:4.8 USE=java lorcon pcap (-development) {-test} 0 kB Total: 2 packages (1 new, 1 reinstall), Size of downloads: 0 kB / How to discover what are putting metasploit into updatable world list? Regards
Re: [gentoo-user] metasploit jumping into emerge -uDN world
Zhu zhushaz...@yahoo.com.br wrote: Hello, every time that i try to made a emerge -uDN world, metasploit jump in the process installation. I've check and there aren't dependencies ask for him: /[root@asgard ~]$ equery d net-analyzer/metasploit// // * These packages depend on net-analyzer/metasploit:// //[root@asgard ~]$ equery d dev-ruby/metasploit_data_models// // * These packages depend on dev-ruby/metasploit_data_models:// //[root@asgard ~]$ equery d app-admin/eselect-metasploit * These packages depend on app-admin/eselect-metasploit:// / but, /[root@asgard ~]$ emerge -pvauDN world These are the packages that would be merged, in order: Calculating dependencies ... done! [ebuild R] sys-devel/gcc-4.8.2:4.8 [4.8.2:4.8.2] USE=cxx fortran gcj go graphite mudflap (multilib) multislot nls nptl objc objc++ objc-gc openmp (-altivec) -awt% -doc (-fixed-point) (-hardened) (-libssp) -nopie -nossp -regression-test -vanilla (-gtk%*) (-lto%) 0 kB [ebuild N ] net-analyzer/metasploit-4.8.2:4.8 USE=java lorcon pcap (-development) {-test} 0 kB Total: 2 packages (1 new, 1 reinstall), Size of downloads: 0 kB / How to discover what are putting metasploit into updatable world list? Most likely metasploit itself is in world. You can check you worldfile with your favourite editor (/var/lib/portage/world). It should also be printed bold in the emerge output if your terminal supports it
Re: [gentoo-user] why media-libs are needed for an email client.
On Sun, 29 Dec 2013 03:53:14 -0800, Edward M wrote: So basically kmail needs media-libs that KDE uses so it can play sound notifications, even though i'm using another DE instead of KDE? Yes. If you were using KDE, all of those dependencies would already be in place for desktop notifications. It beats me why anyone would want to use KMail on KDE, let alone with any other DE. -- Neil Bothwick Psychiatrists say that 1 of 4 people are mentally ill. Check three friends. If they're OK, you're it. signature.asc Description: PGP signature
Re: [gentoo-user] metasploit jumping into emerge -uDN world
On Sun, 29 Dec 2013 14:47:21 +0100, Hinnerk van Bruinehsen wrote: How to discover what are putting metasploit into updatable world list? Most likely metasploit itself is in world. You can check you worldfile with your favourite editor (/var/lib/portage/world). It should also be printed bold in the emerge output if your terminal supports it Adding --tree to the emerge world command will show you what is pulling it in. Once installed, emerge -ca metasploit will show you what needs it. -- Neil Bothwick Mac screen message: Like, dude, something went wrong. signature.asc Description: PGP signature
Re: [gentoo-user] metasploit jumping into emerge -uDN world
Em 29-12-2013 11:47, Hinnerk van Bruinehsen escreveu: Zhu zhushaz...@yahoo.com.br wrote: Hello, every time that i try to made a emerge -uDN world, metasploit jump in the process installation. I've check and there aren't dependencies ask for him: /[root@asgard ~]$ equery d net-analyzer/metasploit// // * These packages depend on net-analyzer/metasploit:// //[root@asgard ~]$ equery d dev-ruby/metasploit_data_models// // * These packages depend on dev-ruby/metasploit_data_models:// //[root@asgard ~]$ equery d app-admin/eselect-metasploit * These packages depend on app-admin/eselect-metasploit:// / but, /[root@asgard ~]$ emerge -pvauDN world These are the packages that would be merged, in order: Calculating dependencies ... done! [ebuild R] sys-devel/gcc-4.8.2:4.8 [4.8.2:4.8.2] USE=cxx fortran gcj go graphite mudflap (multilib) multislot nls nptl objc objc++ objc-gc openmp (-altivec) -awt% -doc (-fixed-point) (-hardened) (-libssp) -nopie -nossp -regression-test -vanilla (-gtk%*) (-lto%) 0 kB [ebuild N ] net-analyzer/metasploit-4.8.2:4.8 USE=java lorcon pcap (-development) {-test} 0 kB Total: 2 packages (1 new, 1 reinstall), Size of downloads: 0 kB / How to discover what are putting metasploit into updatable world list? Most likely metasploit itself is in world. You can check you worldfile with your favourite editor (/var/lib/portage/world). It should also be printed bold in the emerge output if your terminal supports it Yeah, metasploit is in there. Is it safe just remove him from the file? Anyway, thank you. Regards
Re: [gentoo-user] why media-libs are needed for an email client.
On Sunday 29 Dec 2013 14:39:53 Neil Bothwick wrote: On Sun, 29 Dec 2013 03:53:14 -0800, Edward M wrote: So basically kmail needs media-libs that KDE uses so it can play sound notifications, even though i'm using another DE instead of KDE? Yes. If you were using KDE, all of those dependencies would already be in place for desktop notifications. It beats me why anyone would want to use KMail on KDE, let alone with any other DE. Before all this KDE4 semantic desktop and KDEPIM nightmare was inflicted upon Linux users, kmail was one of the better mail clients out there. It worked beautifully with maildir file structure, integrated nicely with kgpg and kleopatra, and its flat file address book met the needs of most desktop users (who didn't need a CRM application and database as their mail address book). Then the KDE4 ecosystem happened ... I still unsure what it tried to imitate: the worst things of Gnome or MSWindows? :-( -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] meld ERROR - ImportError: This platform lacks a functioning sem_open
On 12/29/13 13:14, Hinnerk van Bruinehsen wrote: Hi, A few days ago there was a similar issue discussed in [1]http://www.gossamer-threads.com/lists/gentoo/user/281003 In the last answer James proposed a solution that seemingly resolved that issue. Wkr Hinnerk Joseph syscon...@gmail.com wrote: I just upgraded my system and meld as well. I'm using cfg-update -u to compare files that did change utilizing meld When I try to compare two file as root using meld I get: meld /etc/ddclient/ddclient.conf /etc/ddclient/._cfg_ddclient.conf Traceback (most recent call last): File /usr/bin/meld, line 173, in module main() File /usr/bin/meld, line 165, in main new_window = app.parse_args(sys.argv[1:]) File /usr/lib64/meld/meld/[2]meldapp.py, line 169, in parse_args tab = open_paths(args, options.auto_compare, options.auto_merge) File /usr/lib64/meld/meld/[3]meldwindow.py, line 796, in open_paths tab = self.append_diff(paths, auto_compare, auto_merge) File /usr/lib64/meld/meld/[4]meldwindow.py, line 746, in append_diff return self.append_filediff(paths, merge_output=merge_output) File /usr/lib64/meld/meld/[5]meldwindow.py, line 703, in append_filediff doc = filediff.FileDiff(app.prefs, len(files)) File /usr/lib64/meld/meld/[6]filediff.py, line 214, in __init__ self._cached_match = CachedSequenceMatcher() File /usr/lib64/meld/meld/[7]filediff.py, line 72, in __init__ None, matchers.init_worker, maxtasksperchild=1) File /usr/lib64/python2.7/multiprocessing/__init__.py, line 232, in Pool return Pool(processes, initializer, initargs, maxtasksperchild) File /usr/lib64/python2.7/multiprocessing/[8]pool.py, line 138, in __init__ self._setup_queues() File /usr/lib64/python2.7/multiprocessing/[9]pool.py, line 232, in _setup_qu eues from .queues import SimpleQueue File /usr/lib64/python2.7/multiprocessing/[10]queues.py, line 48, in module from multiprocessing.synchronize import Lock, BoundedSemaphore, Semaphore, C ondition File /usr/lib64/python2.7/multiprocessing/[11]synchronize.py, line 59, in m odule function, see issue 3770.) ImportError: This platform lacks a functioning sem_open implementation, therefor e, the required synchronization primitives needed will not function, see issue 3 770. -- Joseph I've changed to permission on /dev/shm to 1777 and recompile both pythons 2.7.5-r3 and 3.3.2-r2 but it makes no difference. Meld 1.8.2 starts empty OK but when I try to open any file I get that error. -- Joseph
Re: [gentoo-user] meld ERROR - ImportError: This platform lacks a functioning sem_open
On 12/29/13 18:56, Adam Carter wrote: I've solved the problem by installing meld-1.6.0 from attic, 1.7.0 and 1.8.2 don't work. I've tried python2.7 and 3.2 make no difference. FYI meld 1.8.2 works for me. From the use flags you can deduce that it cant use 3.2, only 2.6 or 2.7. [ebuild R] dev-util/meld-1.8.2 USE=gnome highlight PYTHON_SINGLE_TARGET=python2_7 -python2_6 PYTHON_TARGETS=python2_7 -python2_6 0 kB From the ebuild; PYTHON_COMPAT=( python2_{6,7} ) Yes, meld-1.8.2 start OK without specifying any file but when I try to open any file with meld, that is the time I get an error. -- Joseph
Re: [gentoo-user] vmware-player-6.0.0.1295980 and gnome?
Am 27.12.2013 10:08, schrieb Stefan G. Weichinger: greets ... I was curious again and unmasked the hardmasked gnome-3.10-stuff as mentioned in https://bugs.gentoo.org/show_bug.cgi?id=486484 So far it works fine on both my desktop and thinkpad. The only issue I see right now is vmware-player crashing when I want to open/resume my small Windows-VM. This might have to do with gnome-3.10 or not, no idea! Does anyone else here have problems with the player lately? Couldn't find anything on bgo. Maybe I should install a small WM in parallel to check if it's gnome or not. Recommendations? The underlying reason for needing windows in a VM is the fact that I can't sync my Suunto Ambit2 watch with movescount.com as they don't provide a linux-binary and the moveslink-windows-binary does not install with wine here. ... installed virtualbox and converted that VM ... works for me. Maybe I stay with this and remove vmware-player. S
[gentoo-user] IPTables question... simple as possible for starters
Hi all, Ok, I'm setting up a new server, and I'd like to rethink my iptables rules. I'd like to start with something fairly simple: 1. Allow connections from anywhere ONLY to certain ports ie, for encrypted IMAP/SMTP connections from users 2. Allow connections from only certain IP addresses to certain ports ie, for limiting SSH access 3. DROP ALL other connection attempts ie, I don't want to see these disallowed attempts in the logs In order to keep my rules more manageable, I have a commented text file that I manually edit whenever modifying my rules, then I do an 'iptables-restore /path/to/iptables-rules' to update them. My first question is about a trick I learned some time ago (but don't remember where)... For the ports for which I want to allow only restricted access, I have something like: ### # bgn exceptions blocks ### :f_22_I - [0:0] :f_25_I - [0:0] :f_22_O - [0:0] :f_25_O - [0:0] Am I correct that the above are what are called 'chains' in iptables speak? # ### allow connections only from the following IP's # ## SSH # # my local admin hosts -A f_22_I -s ###.###.###.### -j ACCEPT -A f_22_I -s ###.###.###.### -j ACCEPT -A f_22_I -s ###.###.###.### -j ACCEPT -A f_22_I -s ###.###.###.### -j ACCEPT -A f_22_I -s ###.###.###.### -j ACCEPT # # external hosts -A f_22_I -s ###.###.###.### -j ACCEPT -A f_22_I -s ###.###.###.### -j ACCEPT And am I also correct that the above adds each rule to the named chain in order, and that the order is significant? So, if I wanted to add a last rule to that chain that DROPs all other connection attempts, it would be just: -A f_22_I -j DROP ? Then... assuming that I have all of the specific rules after these set up to allow just the traffic I want, and I wanted to add a final rule that just silently DROPped all other inbound connection attempts, it would be: -A INPUT -j DROP ? Thanks...
Re: [gentoo-user] IPTables question... simple as possible for starters
On Sun, Dec 29, 2013 at 1:07 PM, Tanstaafl tansta...@libertytrek.org wrote: Hi all, Ok, I'm setting up a new server, and I'd like to rethink my iptables rules. I'd like to start with something fairly simple: 1. Allow connections from anywhere ONLY to certain ports ie, for encrypted IMAP/SMTP connections from users 2. Allow connections from only certain IP addresses to certain ports ie, for limiting SSH access I'd reverse the order that #1 and #2 appear. 3. DROP ALL other connection attempts ie, I don't want to see these disallowed attempts in the logs In order to keep my rules more manageable, I have a commented text file that I manually edit whenever modifying my rules, then I do an 'iptables-restore /path/to/iptables-rules' to update them. My first question is about a trick I learned some time ago (but don't remember where)... For the ports for which I want to allow only restricted access, I have something like: ### # bgn exceptions blocks ### :f_22_I - [0:0] :f_25_I - [0:0] :f_22_O - [0:0] :f_25_O - [0:0] Am I correct that the above are what are called 'chains' in iptables speak? That defines non-kernel chains but you still need to jump to them from INPUT/OUTPUT or whatever. So, something like: -A -m tcp -p tcp --dport 22 --sport 1024:65535 -j f_22_I ^ I just came up with something for the sport - it's possible there's a default mor narrower for your client. # ### allow connections only from the following IP's # ## SSH # # my local admin hosts -A f_22_I -s ###.###.###.### -j ACCEPT -A f_22_I -s ###.###.###.### -j ACCEPT -A f_22_I -s ###.###.###.### -j ACCEPT -A f_22_I -s ###.###.###.### -j ACCEPT -A f_22_I -s ###.###.###.### -j ACCEPT # # external hosts -A f_22_I -s ###.###.###.### -j ACCEPT -A f_22_I -s ###.###.###.### -j ACCEPT And am I also correct that the above adds each rule to the named chain in order, and that the order is significant? Yep - like ACLs, rules are processed from top down. ACCEPT, REJECT, and DROP are end points when they match. So, if I wanted to add a last rule to that chain that DROPs all other connection attempts, it would be just: -A f_22_I -j DROP I would do this just because it simplifies my life when looking at stuff (and probably removes microseconds of processing from the kernel). Only do this if you limit what hits this jump though (with --dport or whatever). Otherwise, the default behavior is basically a -j RETURN. ? Then... assuming that I have all of the specific rules after these set up to allow just the traffic I want, and I wanted to add a final rule that just silently DROPped all other inbound connection attempts, it would be: -A INPUT -j DROP What you're looking for is the policy which are by default ACCEPT on all kernel rules and which you change in the save file with something like this: :INPUT DROP [0:0] And, just so that there's no confusion, you should state the policy of OUTPUT and FORWARD at the top of your save file along with INPUT - see the output of iptables-save as an example of what your file should look like. Also, if you're creating a chain just to do the same thing with different addresses, look at using ipset. Then you just: ipset create ssh_in iphash ipset add ssh_in 1.2.3.4 and then this works: -A -m set --match-set ssh_in src -j ACCEPT ipset has the same save/load type things as ipt (minor differences with how you handle reload, but google or ask if you want to know). The set needs to be in place before the ipt rule is added, so ipset comes first in your boot sequence. ? Thanks...
Re: [gentoo-user] meld ERROR - ImportError: This platform lacks a functioning sem_open
On 12/29/13 00:27, Edward M wrote: On Sat, 28 Dec 2013 23:44:49 -0700 Joseph syscon...@gmail.com wrote: I've solved the problem by installing meld-1.6.0 from attic, 1.7.0 and 1.8.2 don't work. I've tried python2.7 and 3.2 make no difference. I am wondering if the issue your system is having is related to one of the following: - 2012-11-06-PYTHON_TARGETS-deployment Title PYTHON_TARGETS deployment AuthorMichał Górny mgo...@gentoo.org Posted2012-11-06 Revision 1 Recently, a few new Python eclasses have been deployed. As ebuilds migrate, the way they support multiple Python implementations will change. The previous method built Python modules for Python implementations selected through `eselect python'. The new method uses the PYTHON_TARGETS USE flags to explicitly name the implementations the modules shall be built for. If you are running a modern system with only Python 2.7 3.2 installed, then you don't have to do anything. The defaults will simply fit you, and let you keep your system up-to-date when new Python versions are deployed. However, if you'd like to use another set of Python implementations, you will need to set PYTHON_TARGETS in your make.conf file appropriately. This variable names the enabled implementations in the standard way common to all USE_EXPAND variables. For example, a setup enabling all major Python implementations would look like: PYTHON_TARGETS=python2_7 python3_2 pypy1_9 jython2_5 The variable should list all Python implementations which are going to be used on the system; missing a particular value there will result in missing Python modules. A complete list of all possible values can be obtained using a command equivalent to the following: emerge -1pv dev-python/python-exec For more details, please see the python-r1 User's Guide [1]. [1] http://www.gentoo.org/proj/en/Python/python-r1/user-guide.xml -- 2013-11-07-python-exec-package-move Title python-exec package move AuthorMichał Górny mgo...@gentoo.org Posted2013-11-07 Revision 1 Due to the recent issues which caused dev-python/python-exec:0 to be removed prematurely [1], we had to perform an urgent package move. Since we could not use the automatic updates support in portage, users will notice two python-exec packages and possibly blockers. Currently, dev-lang/python-exec is the real package that contains python-exec and that will be used in the future. dev-python/python-exec is a virtual package that is kept for compatibility with dependencies in already-installed packages. In the most favorable scenario, the package will be upgraded correctly on your next world update if you use the '--deep' (-D) and '--update' (-u) options. If you don't want to perform a complete world update or if it fails for you, you may as well manually upgrade dev-python/python-exec: emerge -1 dev-python/python-exec This will cause portage to update both python-exec packages and resolve the blockers properly. Please note that if you have applied any kind of package-specific modifications to dev-python/python-exec (such as applying keywords through 'package.accept_keywords'), you will need to copy them to dev-lang/python-exec as well. If you have applied keywords to dev-python/python-exec in order to unmask Python 3.3 on a stable system, please consider removing the keywords and reading our wiki page that explains how to properly unmask USE flags [2]. We apologize for all the inconveniences. If you have any more issues with python-exec, please do not hesitate to contact as at #gentoo-python IRC channel (@freenode) or the gentoo-pyt...@lists.gentoo.org mailing list. [1]:https://bugs.gentoo.org/show_bug.cgi?id=489440 [2]:https://wiki.gentoo.org/wiki/Unmasking_non-stable_Python_implementations I think this problem has something to do with this bug: https://bugs.gentoo.org/show_bug.cgi?id=496328 -- Joseph
Re: [gentoo-user] vmware-player-6.0.0.1295980 and gnome?
On 29/12/2013 19:29, Stefan G. Weichinger wrote: Am 27.12.2013 10:08, schrieb Stefan G. Weichinger: greets ... I was curious again and unmasked the hardmasked gnome-3.10-stuff as mentioned in https://bugs.gentoo.org/show_bug.cgi?id=486484 So far it works fine on both my desktop and thinkpad. The only issue I see right now is vmware-player crashing when I want to open/resume my small Windows-VM. This might have to do with gnome-3.10 or not, no idea! Does anyone else here have problems with the player lately? Couldn't find anything on bgo. Maybe I should install a small WM in parallel to check if it's gnome or not. Recommendations? The underlying reason for needing windows in a VM is the fact that I can't sync my Suunto Ambit2 watch with movescount.com as they don't provide a linux-binary and the moveslink-windows-binary does not install with wine here. ... installed virtualbox and converted that VM ... works for me. Maybe I stay with this and remove vmware-player. I'd second that idea. In the big picture, vbox works better for me all round: - I can create VMs in the app just like workstation does but without having to pay the workstation license - virtualbox-modules practically always just builds fine even on the latest greatest kernel. Vmware modules is stuck on 3.10 and doesn't build yet as shipped on 3.11 or 3.12 - vbox has a headless mode there's more, but overall I just find vbox does what I require on a desktop and doesn't make me jump through hoops to do it. -- Alan McKinnon alan.mckin...@gmail.com
Re: [gentoo-user] metasploit jumping into emerge -uDN world
On Sun, Dec 29, 2013 at 01:54:48PM -0200, Zhu wrote: Most likely metasploit itself is in world. You can check you worldfile with your favourite editor (/var/lib/portage/world). It should also be printed bold in the emerge output if your terminal supports it Yeah, metasploit is in there. Is it safe just remove him from the file? Yes -- List replies preferred. A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail? Don't top-post: http://en.wikipedia.org/wiki/Top_post#Top-posting
Re: [gentoo-user] why media-libs are needed for an email client.
On Sun, 29 Dec 2013 14:39:53 + Neil Bothwick n...@digimed.co.uk wrote: On Sun, 29 Dec 2013 03:53:14 -0800, Edward M wrote: So basically kmail needs media-libs that KDE uses so it can play sound notifications, even though i'm using another DE instead of KDE? Yes. If you were using KDE, all of those dependencies would already be in place for desktop notifications. It beats me why anyone would want to use KMail on KDE, let alone with any other DE. Thanks for confirming I'm on the right track. I 'm glad that I finally understood it from the kind help I received in all the replies. I saw kmail mentioned somewhere and i got curious about it, but after i noticed the depends it was pulling i lost that curiosity. I'm sticking to claws-mail.
Re: [gentoo-user] meld ERROR - ImportError: This platform lacks a functioning sem_open
On Sun, 29 Dec 2013 11:58:47 -0700 Joseph syscon...@gmail.com wrote: I think this problem has something to do with this bug: https://bugs.gentoo.org/show_bug.cgi?id=496328 Did this occur from a recent emerge --rsync update. If so i'm concern about rsyncing and updating at this time?
Re: [gentoo-user] metasploit jumping into emerge -uDN world
On 29/12/2013 17:54, Zhu wrote: Em 29-12-2013 11:47, Hinnerk van Bruinehsen escreveu: Zhu zhushaz...@yahoo.com.br wrote: Hello, every time that i try to made a emerge -uDN world, metasploit jump in the process installation. I've check and there aren't dependencies ask for him: /[root@asgard ~]$ equery d net-analyzer/metasploit// // * These packages depend on net-analyzer/metasploit:// //[root@asgard ~]$ equery d dev-ruby/metasploit_data_models// // * These packages depend on dev-ruby/metasploit_data_models:// //[root@asgard ~]$ equery d app-admin/eselect-metasploit * These packages depend on app-admin/eselect-metasploit:// / but, /[root@asgard ~]$ emerge -pvauDN world These are the packages that would be merged, in order: Calculating dependencies ... done! [ebuild R] sys-devel/gcc-4.8.2:4.8 [4.8.2:4.8.2] USE=cxx fortran gcj go graphite mudflap (multilib) multislot nls nptl objc objc++ objc-gc openmp (-altivec) -awt% -doc (-fixed-point) (-hardened) (-libssp) -nopie -nossp -regression-test -vanilla (-gtk%*) (-lto%) 0 kB [ebuild N ] net-analyzer/metasploit-4.8.2:4.8 USE=java lorcon pcap (-development) {-test} 0 kB Total: 2 packages (1 new, 1 reinstall), Size of downloads: 0 kB / How to discover what are putting metasploit into updatable world list? Most likely metasploit itself is in world. You can check you worldfile with your favourite editor (/var/lib/portage/world). It should also be printed bold in the emerge output if your terminal supports it Yeah, metasploit is in there. Is it safe just remove him from the file? yes, and it will be removed from the system next time you run emerge --depclean To remove it immediately run emerge -avC metasploit But the big question is, do you want to keep that package or not? You didn't say if you want it, you only wondered why it was being updated. -- Alan McKinnon alan.mckin...@gmail.com
[gentoo-user] unwanted msgs from cron after upgrade
Yesterday I did my usual Sat system update, emerging new versions of libassuan HTTP-Cookies dialog curl coreutils binutils procps virtual/man . Today after restarting the system, mail continues to be downloaded normally, my mailbox is receiving notices every 5 min from my cron mail job : Date: Sun, 29 Dec 2013 17:29:16 -0500 From: Cron Daemon r...@pop.ca.inter.net To: purs...@pop.ca.inter.net Subject: Cron purslow@localhost test -e /var/run/dhcpcd.pid /usr/bin/fetchmail -s 2 /dev/null X-Cron-Env: SHELL=/bin/sh X-Cron-Env: HOME=/home/purslow X-Cron-Env: PATH=/usr/bin:/bin X-Cron-Env: LOGNAME=purslow X-Cron-Env: USER=purslow fetchmail: Query status=2 (SOCKET) Mail is fetched by a cron job in /var/spool/cron/crontabs/ : # DO NOT EDIT THIS FILE - edit the master and reinstall. # (/tmp/crontab.v4nXL6 installed on Sun Mar 31 10:46:54 2013) # (Cron version V5.0 -- $Id: crontab.c,v 1.12 2004/01/23 18:56:42 vixie Exp $) */5 * * * * test -e /var/run/dhcpcd.pid /usr/bin/fetchmail -s 2 /dev/null ~/.fetchmailrc : set postmaster purslow set bouncemail set no spambounce set properties poll pop.ca.inter.net user 'purslow' there with password '' is 'purslow' here options stripcr mda '/usr/bin/procmail -f - -d purslow' poll cmail.chass.utoronto.ca user 'purs...@chass.utoronto.ca' there with password '' is 'purslow' here ssl mda '/usr/bin/procmail -f - -d purslow' Can anyone suggest what might have changed to cause this nuisance ? -- ,, SUPPORT ___//___, Philip Webb ELECTRIC /] [] [] [] [] []| Cities Centre, University of Toronto TRANSIT`-O--O---' purslowatchassdotutorontodotca
Re: [gentoo-user] vmware-player-6.0.0.1295980 and gnome?
Am 29.12.2013 22:37, schrieb Alan McKinnon: I'd second that idea. In the big picture, vbox works better for me all round: - I can create VMs in the app just like workstation does but without having to pay the workstation license - virtualbox-modules practically always just builds fine even on the latest greatest kernel. Vmware modules is stuck on 3.10 and doesn't build yet as shipped on 3.11 or 3.12 - vbox has a headless mode there's more, but overall I just find vbox does what I require on a desktop and doesn't make me jump through hoops to do it. thanks ... evaluating this for me ... everything must change ;-)
[gentoo-user] Re: unwanted msgs from cron after upgrade
Philip Webb purslow at ca.inter.net writes: Yesterday I did my usual Sat system update, emerging new versions of libassuan HTTP-Cookies dialog curl coreutils binutils procps virtual/man . Today after restarting the system, mail continues to be downloaded normally, my mailbox is receiving notices every 5 min from my cron mail job : Can anyone suggest what might have changed to cause this nuisance ? Not sure about your posting. But, I've been reading about many folks upgrading the deprecated cron to the maintained cronie. You might want to read up on /sys-process/cronie. hth, James
Re: [gentoo-user] meld ERROR - ImportError: This platform lacks a functioning sem_open
On 12/29/13 14:28, Edward M wrote: On Sun, 29 Dec 2013 11:58:47 -0700 Joseph syscon...@gmail.com wrote: I think this problem has something to do with this bug: https://bugs.gentoo.org/show_bug.cgi?id=496328 Did this occur from a recent emerge --rsync update. If so i'm concern about rsyncing and updating at this time? Yes, it was recent upgrade. I had similar problem with meld-1.7.0 (so I had it masked) but 1.8.2 sipped IN and is showing the same problem. I suggest use 1.6.0 from attic or mask ver. =1.7.0 All other packages are working OK, and all of them compiled without errors. -- Joseph
[gentoo-user] USB permission/owner - change not allowed as root
After recent upgrade when I mount my USB and try as root: chown joseph:users /media/stick/Ancient-Electricity_new.ppt chown: changing ownership of ‘/media/stick/Ancient-Electricity_new.ppt’: Operation not permitted file ownership is: -rwxr-xr-x 1 root root 5796864 Mar 6 2013 Ancient-Electricity_new.ppt -- Joseph
Re: [gentoo-user] meld ERROR - ImportError: This platform lacks a functioning sem_open
On Sun, 29 Dec 2013 19:04:47 -0700 Joseph syscon...@gmail.com wrote: On 12/29/13 14:28, Edward M wrote: On Sun, 29 Dec 2013 11:58:47 -0700 Joseph syscon...@gmail.com wrote: I think this problem has something to do with this bug: https://bugs.gentoo.org/show_bug.cgi?id=496328 Did this occur from a recent emerge --rsync update. If so i'm concern about rsyncing and updating at this time? Yes, it was recent upgrade. I had similar problem with meld-1.7.0 (so I had it masked) but 1.8.2 sipped IN and is showing the same problem. I suggest use 1.6.0 from attic or mask ver. =1.7.0 All other packages are working OK, and all of them compiled without errors. Thank you for the suggestion. I really appreciate it
Re: [gentoo-user] USB permission/owner - change not allowed as root
Joseph wrote: After recent upgrade when I mount my USB and try as root: chown joseph:users /media/stick/Ancient-Electricity_new.ppt chown: changing ownership of ‘/media/stick/Ancient-Electricity_new.ppt’: Operation not permitted file ownership is: -rwxr-xr-x 1 root root 5796864 Mar 6 2013 Ancient-Electricity_new.ppt Is it mounted Read Only? It's the only thing I can think of. I'm not sure if that would keep it from changing it if it is either. Dale :-) :-) -- I am only responsible for what I said ... Not for what you understood or how you interpreted my words!
Re: [gentoo-user] meld ERROR - ImportError: This platform lacks a functioning sem_open
On 12/29/13 19:27, Edward M wrote: On Sun, 29 Dec 2013 19:04:47 -0700 Joseph syscon...@gmail.com wrote: On 12/29/13 14:28, Edward M wrote: On Sun, 29 Dec 2013 11:58:47 -0700 Joseph syscon...@gmail.com wrote: I think this problem has something to do with this bug: https://bugs.gentoo.org/show_bug.cgi?id=496328 Did this occur from a recent emerge --rsync update. If so i'm concern about rsyncing and updating at this time? Yes, it was recent upgrade. I had similar problem with meld-1.7.0 (so I had it masked) but 1.8.2 sipped IN and is showing the same problem. I suggest use 1.6.0 from attic or mask ver. =1.7.0 All other packages are working OK, and all of them compiled without errors. Thank you for the suggestion. I really appreciate it Another problem after upgrade I have is the ownership change on mounted USB stick. I can not change the ownership even as root :-( So I can not delete them or save a file to USB stick. -- Joseph
Re: [gentoo-user] USB permission/owner - change not allowed as root
On 12/29/13 21:41, Dale wrote: Joseph wrote: After recent upgrade when I mount my USB and try as root: chown joseph:users /media/stick/Ancient-Electricity_new.ppt chown: changing ownership of ‘/media/stick/Ancient-Electricity_new.ppt’: Operation not permitted file ownership is: -rwxr-xr-x 1 root root 5796864 Mar 6 2013 Ancient-Electricity_new.ppt Is it mounted Read Only? It's the only thing I can think of. I'm not sure if that would keep it from changing it if it is either. Dale :-) :-) -- I am only responsible for what I said ... Not for what you understood or how you interpreted my words! When I open the USB stick, it doesn't say anything (on the top) read only mode. -- Joseph
Re: [gentoo-user] USB permission/owner - change not allowed as root
Joseph syscon...@gmail.com wrote: On 12/29/13 21:41, Dale wrote: Joseph wrote: After recent upgrade when I mount my USB and try as root: chown joseph:users /media/stick/Ancient-Electricity_new.ppt chown: changing ownership of ‘/media/stick/Ancient-Electricity_new.ppt’: Operation not permitted file ownership is: -rwxr-xr-x 1 root root 5796864 Mar 6 2013 Ancient-Electricity_new.ppt Is it mounted Read Only? It's the only thing I can think of. I'm not sure if that would keep it from changing it if it is either. Dale :-) :-) -- I am only responsible for what I said ... Not for what you understood or how you interpreted my words! When I open the USB stick, it doesn't say anything (on the top) read only mode. What file system on the stick? If it is FAT there is no such thing as ownership. -- Your life is like a penny. You're going to lose it. The question is: How do you spend it? John Covici cov...@ccs.covici.com
Re: [gentoo-user] USB permission/owner - change not allowed as root
On 12/29/13 21:41, Dale wrote: Joseph wrote: After recent upgrade when I mount my USB and try as root: chown joseph:users /media/stick/Ancient-Electricity_new.ppt chown: changing ownership of ‘/media/stick/Ancient-Electricity_new.ppt’: Operation not permitted file ownership is: -rwxr-xr-x 1 root root 5796864 Mar 6 2013 Ancient-Electricity_new.ppt Is it mounted Read Only? It's the only thing I can think of. I'm not sure if that would keep it from changing it if it is either. For some reason or another the system doesn't like my fstab entry: /dev/sdb1 /media/stickautonoauto,rw,users 0 0 I like consistent volume naming so I have the above entry in my fstab When I remove this like it mounts read/write with correct permissions/ownership; why? -- Joseph
Re: [gentoo-user] USB permission/owner - change not allowed as root
On 12/29/13 23:05, cov...@ccs.covici.com wrote: [snip] file ownership is: -rwxr-xr-x 1 root root 5796864 Mar 6 2013 Ancient-Electricity_new.ppt Is it mounted Read Only? It's the only thing I can think of. I'm not sure if that would keep it from changing it if it is either. Dale :-) :-) -- I am only responsible for what I said ... Not for what you understood or how you interpreted my words! When I open the USB stick, it doesn't say anything (on the top) read only mode. What file system on the stick? If it is FAT there is no such thing as ownership. Regardless of the file type, if the system present it as owner/user root -rwxr-xr-x 1 root root 5796864 Mar 6 2013 Ancient-Electricity_new.ppt I should be able to change the permission when I login as root, but I can not; that is what puzzling me. -- Joseph
Re: [gentoo-user] USB permission/owner - change not allowed as root
On Sun, 29 Dec 2013 19:42:33 -0700 Joseph syscon...@gmail.com wrote: After recent upgrade when I mount my USB and try as root: chown joseph:users /media/stick/Ancient-Electricity_new.ppt chown: changing ownership of ‘/media/stick/Ancient-Electricity_new.ppt’: Operation not permitted file ownership is: -rwxr-xr-x 1 root root 5796864 Mar 6 2013 Ancient-Electricity_new.ppt I too ran the chown command on my USB flash and got the same response as you did: localhost001 media # chown cru:users flash-drive1/ chown: changing ownership of ‘flash-drive1/’: Operation not permitted drwxr-xr-x 7 root root 16384 Dec 31 1969 flash-drive1 Don't know what to tell you. interestingmy says Dec 31 1969.