Re: [gentoo-user] [SOLVED] Running cryptsetup under mdev
On Wed, 07 May 2014 20:57:29 +0200 J. Roeleveld wrote: On 7 May 2014 20:11:10 CEST, Walter Dnes waltd...@waltdnes.org wrote: On Wed, May 07, 2014 at 08:11:02AM +0200, J. Roeleveld wrote On Tuesday, May 06, 2014 05:34:52 PM Walter Dnes wrote: Unfortunately, mdev != udev. People running RAID have problems too. I know it isn't. I just find it strange that LVM can't work without udev when I see options which configure the LVM-tools to either double-check udevs actions or even completely bypass udev: Thanks for the pointer. After turning off the udev-related options in lvm.conf, I'm getting /dev/mapper device nodes as expected. That is good. Now if only mdadm can be confirmed to work with mdev. I could try it on one of my machines. And what is the problem with mdadm with mdev? I have such setup: nothing special here and works fine. Just to speed up device lookup: $ grep -v ^# /etc/mdadm.conf DEVICE /dev/sd* And here we go: $ cat /proc/mdstat Personalities : [raid10] md0 : active raid10 sdd[3] sdf[2] 2930265088 blocks super 1.2 256K chunks 2 far-copies [2/2] [UU] Best regards, Andrew Savchenko pgpYAu22dxvLA.pgp Description: PGP signature
Re: [gentoo-user] Intel(R) WiFi Link 5100 AGN - random de-authentication
Thank you for taking the time to respond Tom, On Wednesday 07 May 2014 19:05:25 Tom Wijsman wrote: On Wed, 7 May 2014 16:58:05 +0100 Mick michaelkintz...@gmail.com wrote: I have compiled on a 3.12.13-gentoo kernel: Try the latest release candidate kernel (3.15-rc4) to make sure you have most of the the latest iwlwifi changes by upstream; if you want them all, and are not afraid of working with git, you can try to obtain even later changes from here: http://git.kernel.org/cgit/linux/kernel/git/iwlwifi/iwlwifi-next.git I will have some time the week after and I'll give this a go. CONFIG_IWLWIFI=m CONFIG_IWLDVM=m CONFIG_IWLWIFI_OPMODE_MODULAR=y Set CONFIG_IWLWIFI_DEBUG=y to see if debug information tells more. An option to try out too is CONFIG_IWLWIFI_DEBUG_EXPERIMENTAL_UCODE=y. My /etc/conf.d/net section says: [...] wpa_supplicant_wlp4s0=-Dwext [...] Use nl80211 instead, you'll want to enable this in your kernel as well. I recall trying this, but I think it would not connect at all. I may remember incorrectly though, so I will try again. proto=RSN key_mgmt=WPA-PSK pairwise=CCMP group=CCMP Try WPA2 AES if you can configure that and the rest of devices connecting to the router support that, anything else can have a negative effect on obtaining the higher N speeds; talking about router, which kind of router is this and which firmware (eg. DD-WRT, ...) does it run? I thought that CCMP *is* using AES with CBC-MAC ... or are you saying that I should set up IEEE 802.1X EAP Authentication instead? A point of clarification: although the 5100 AGN NIC can do 108.11n, my AP will only do 108.11 a,b g. Therefore I only want to achieve a stable 'g' connection at this moment. [ 514.377859] iwlwifi :04:00.0 wlp4s0: disabling HT as WMM/QoS is not supported by the AP [ 514.377869] iwlwifi :04:00.0 wlp4s0: disabling VHT as WMM/QoS is not supported by the AP Look if your AP allows you enable WMM, to gain more throughput. Will look into it, thanks. # modprobe -v iwlwifi power_save=0 power_level=3 11n_disable=1 insmod /lib/modules/3.12.13-gentoo/kernel/drivers/net/wireless/iwlwifi/iwlwifi. ko power_save=0 power_level=3 11n_disable=1 You shouldn't need all that, please try back with a plain modprobe. There is definitely a difference with the power_level= and 11n_disable= parameters. I tried this repeatedly to be quite certain about it. With the 11n_disable=1 the connection will de/re-authenticate every 7 minutes. With 11n_disable=0 it will de-authenticate and just sit there. However, it may perform differently with a newer kernel. I will check again and report back. On a side note, I'm an owner of the same wireless card; currently I am experiencing the following bug, which has to do with iwlwifi being stuck in higher rates for one or another reason. https://bugzilla.kernel.org/show_bug.cgi?id=56581 I don't think that this is the same problem like mine, since I don't have 11n on the router. There's something going on with the rate control algorithm these days... I seem to recall having CONFIG_MAC80211_RC_MINSTREL=y in the kernel. Is there some other setup to try? I will also try a different access point in the next few days to see if it makes a difference. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] planned btrfs conversion: questions
On 05/07/14 07:51, Marc Joliet wrote: Am Wed, 07 May 2014 06:56:12 +0800 schrieb William Kenworthy bi...@iinet.net.au: On 05/06/14 18:18, Marc Joliet wrote: Hi all, I've become increasingly motivated to convert to btrfs. From what I've seen, it has become increasingly stable; enough so that it is apparently supposed to become the default FS on OpenSuse in 13.2. I am motivated by various reasons: My btrfs experience: I have been using btrfs seriously (vs testing) for a while now with mixed results but the latest kernel/tools seem to be holding up quite well. ~ 2yrs on a Apple/gentoo laptop (I handed it back to work a few months back) - never a problem! (mounted with discard/trim) That's one HDD, right? From what I've read, that's the most tested and stable use case for btrfs, so it doesn't surprise me that much that it worked so well. Yes, light duty using the builtin ssd chips on the motherboard. btrfs on a 128MB intel ssd (linux root drive) had to secure reset a few times as btrfs said the filesystem was full, but there was 60G+ free - happens after multiple crashes and it seemed the btrfs metadata and the ssd disagreed on what was actually in use - reset drive and restore from backups :( Now running ext4 on that drive with no problems - will move back to btrfs at some point. All the more reason to stick with EXT4 on the SSD for now. I have had had very poor luck with ext anything and would hesitate it to recommend it except for this very specific case where there is little alternative - reiserfs is far better on platters for instance. [snip interesting but irrelevant ceph scenario] Its relevant because it keeps revealing bugs in btrfs by stressing it - one of those reported by me to ceph was reported upstream by the ceph team and fixed last year - bugs still exist in btrfs ! 3 x raid 0+1 (btrfs raid 1 with 3 drives) - working well for about a month That last one is particularly good to know. I expect RAID 0, 1 and 10 to work fairly well, since those are the oldest supported RAID levels. ~10+ gentoo VM's, one ubuntu and 3 x Win VM's with kvm/qemu storage on btrfs - regular scrubs show an occasional VM problem after system crash (VM server), otherwise problem free since moving to pure btrfs from ceph. Gentoo VM's were btrfs in raw qemu containers and are now converted to qcow2 - no problems since moving from ceph. Fragmentation on VM's is a problem but cp --reflink vm1 vm2 for vm's is really really cool! That matches the scenario from the ars technica article; the author is a huge fan of file cloning in btrfs :) . And yeah, too bad autodefrag is not yet stable. Not that its not stable but that it cant deal with large files that change randomly on a continual basis like VM virtual disks. I have a clear impression that btrfs has been incrementally improving and the current kernel and recovery tools are quite good but its still possible to end up with an unrecoverable partition (in the sense that you might be able to get to some of the the data using recovery tools, but the btrfs mount itself is toast) Backups using dirvish - was getting an occasional corruption (mainly checksum) that seemed to coincide with network problems during a backup sequence - have not seen it for a couple of months now. Only lost whole partition once :( Dirvish really hammers a file system and ext4 usually dies very quickly so even now btrfs is far better here. I use rsnapshot here with an external hard drive formatted to EXT4. I'm not *that* worried about the FS dying, more that it dies at an inopportune moment where I can't immediately restore it. [again, snip interesting but irrelevant ceph scenario] as I said above - if it fails under ceph, its likely going to fail under similar stresses using other software - I am not talking ceph bugs (of which there are many) but actual btrfs corruption. I am slowly moving my systems from reiserfs to btrfs as my confidence in it and its tools builds. I really dislike ext4 and its ability to lose valuable data (though that has improved dramaticaly) but it still seems better than btrfs on solid state and hard use - but after getting burnt I am avoiding that scenario so need to retest. Rising confidence: good to hear :) . Perhaps this will turn out similarly to when I was using the xf86-video-ati release candidates and bleeding edge gentoo-sources/mesa/libdrm/etc. (for 3D support in the r600 driver): I start using it shortly before it starts truly stabilising :) . More exposure, more bugs will surface and be fixed - its getting there. BillK
[gentoo-user] bareos, anyone?
Does anyone of you use the bareos backup suite with gentoo? I will start to test it and learn the basics as I need some hands-on-experience for a job at a customer. Quick installation went fine, aside from the missing systemd-unit-files (yes, we know ...). I will grab some unit-files from another distro (got some templates already) and adjust them, then file that as a bug with bgo. As I am a longtime amanda-user I would be interested in your experience and the pros and cons from your point of view (and if the ebuild in portage is in any way problematic). Thanks, regards, Stefan
[gentoo-user] Fwd: Post-Installation Problem
-- Forwarded message -- From: Hunter Jozwiak hunter.t@gmail.com Date: Thu, 8 May 2014 12:23:13 -0400 Subject: Post-Installation Problem To: gentoo-us...@lists.gentoo.org Hi all. I've been working on a Gentoo install for quite some time in tech class, but I've hit a road block. I compiled a Genkernel, and that went smooth. However, I tried to emerge espeakup, and I got errors about how modules weren't enabled. I edited /etc/conf.d/modules and added two lines: modules=CONFIG_SPEAKUP modules=CONFIG_SPEAKUP_SYNTH_SOFT And reemerged the espeakup software; same error message, and on reboot, no software speech. Am I enabling the modules in an incorrect manner? If so, how to I get them to work?
[gentoo-user] Re: package download verification
Mick michaelkintzios at gmail.com writes: What if the RNG you use on your PC is either backdoored by Intel (if hardware generated), or it has such a low entropy that it is trivial to crack its algorithmic derivatives. Rest easy here. ALL commercial hardware is backdoor at the silicon layer, not only by US interests, but various others, with extreme amounts of financial resources. That is a whole other topic. If you want to fix that, you'd better plan on building up, from a FPGA or such. [1] I usually do not work about such powerful forces as they usually police their own. If you are part of an anarchy, terrorist to looking to supplant those folks, then you have to worry about them. I'm more concerned with the petty criminals, interlopers, and script_kiddies who destroy things for fun. So hardwware comprises, although fully acknowledged, are of little concern to me, as they are closely managed by folks with a very limited scope of usage. Furthermore, the way they propage their (digitally undetecable, low bandwidwth) information pretty much makes them immune from exploitation by the pecker_heads (hacking commmunity without access to billions of dollars nor Rf signal intercept resources). It's pretty much the domain of a few dozen nation states. I was quite surprised to see that the random pool available on a laptop I was working on at the time, was exceedingly lower than the 4096 max entropy. Try this to see yours: cat /proc/sys/kernel/random/entropy_avail I now run sys-apps/haveged in the background, at least when I am generating ssl/gpg/ssh keys. Interesting [2] Do you have a formal document/wiki that explains it's usage in some detail? Some further discussion on it's usage and verification would be interested. Maybe haveged should have it's own page on the gentoo wiki? Do tell more on this. my FX-8350 came back with: entropy_avail 2188. It seems low and I would think that it is fixable in the kernel sources? Do tell me more on entropy, or anyone else that can delineate this entropy further..? [1] http://arstechnica.com/information-technology/2014/04/openssl- code-beyond-repair-claims-creator-of-libressl-fork/ Useful to know someone is cleansing the code. Thanks for sharing! The Rat is a very interesting humanoid. He has worked both sides of the fence and is a brilliant coder; idolized my some (many?) young pups.. [3] [1] http://opencores.org/ [2] http://www.issihosts.com/haveged/history.html [3] http://www.theos.com/deraadt/
Re: [gentoo-user] Fwd: Post-Installation Problem
Hunter Jozwiak hunter.t@gmail.com wrote: -- Forwarded message -- From: Hunter Jozwiak hunter.t@gmail.com Date: Thu, 8 May 2014 12:23:13 -0400 Subject: Post-Installation Problem To: gentoo-us...@lists.gentoo.org Hi all. I've been working on a Gentoo install for quite some time in tech class, but I've hit a road block. I compiled a Genkernel, and that went smooth. However, I tried to emerge espeakup, and I got errors about how modules weren't enabled. I edited /etc/conf.d/modules and added two lines: modules=CONFIG_SPEAKUP modules=CONFIG_SPEAKUP_SYNTH_SOFT And reemerged the espeakup software; same error message, and on reboot, no software speech. Am I enabling the modules in an incorrect manner? If so, how to I get them to work? I don't think those are the correct module names, you can tell by looking at your kernel configs to see what speakup modules you have chosen. Module names do not usually have config_ at the beginning. -- Your life is like a penny. You're going to lose it. The question is: How do you spend it? John Covici cov...@ccs.covici.com
Re: [gentoo-user] Post-Installation Problem
On Thu, 8 May 2014, at 5:29 pm, Hunter Jozwiak hunter.t@gmail.com wrote: … I compiled a Genkernel, and that went smooth. However, I tried to emerge espeakup, and I got errors about how modules weren't enabled. I edited /etc/conf.d/modules and added two lines: modules=CONFIG_SPEAKUP modules=CONFIG_SPEAKUP_SYNTH_SOFT And reemerged the espeakup software; same error message, and on reboot, no software speech. Am I enabling the modules in an incorrect manner? If so, how to I get them to work? I'm not familiar with Genkernel - nor Speakup, for that matter - but it sounds like you're talking about _kernel_ modules. In which case it's your kernel you'd need to recompile, not a userspace package. Stroller.
Re: [gentoo-user] Post-Installation Problem
On Thu, 8 May 2014, at 5:45 pm, cov...@ccs.covici.com wrote: … I edited /etc/conf.d/modules and added two lines: modules=CONFIG_SPEAKUP modules=CONFIG_SPEAKUP_SYNTH_SOFT And reemerged the espeakup software; same error message, and on reboot, no software speech. Am I enabling the modules in an incorrect manner? If so, how to I get them to work? I don't think those are the correct module names, you can tell by looking at your kernel configs to see what speakup modules you have chosen. Module names do not usually have config_ at the beginning. I'm not the OP, but this is what I see: $ zcat /proc/config.gz | grep -i speak # Speakup console speech CONFIG_SPEAKUP=m CONFIG_SPEAKUP_SYNTH_ACNTSA=m CONFIG_SPEAKUP_SYNTH_ACNTPC=m CONFIG_SPEAKUP_SYNTH_APOLLO=m CONFIG_SPEAKUP_SYNTH_AUDPTR=m CONFIG_SPEAKUP_SYNTH_BNS=m CONFIG_SPEAKUP_SYNTH_DECTLK=m CONFIG_SPEAKUP_SYNTH_DECEXT=m CONFIG_SPEAKUP_SYNTH_DECPC=m CONFIG_SPEAKUP_SYNTH_DTLK=m CONFIG_SPEAKUP_SYNTH_KEYPC=m CONFIG_SPEAKUP_SYNTH_LTLK=m CONFIG_SPEAKUP_SYNTH_SOFT=m CONFIG_SPEAKUP_SYNTH_SPKOUT=m CONFIG_SPEAKUP_SYNTH_TXPRT=m CONFIG_SPEAKUP_SYNTH_DUMMY=m $ Stroller.
Re: [gentoo-user] Post-Installation Problem
I'd assume that module is the m part? As for how to recompile the genkernel, I'll need to look at that, as I ran genkernel all and am not certain on building self-made kernels. On 5/8/14, Stroller strol...@stellar.eclipse.co.uk wrote: On Thu, 8 May 2014, at 5:45 pm, cov...@ccs.covici.com wrote: ... I edited /etc/conf.d/modules and added two lines: modules=CONFIG_SPEAKUP modules=CONFIG_SPEAKUP_SYNTH_SOFT And reemerged the espeakup software; same error message, and on reboot, no software speech. Am I enabling the modules in an incorrect manner? If so, how to I get them to work? I don't think those are the correct module names, you can tell by looking at your kernel configs to see what speakup modules you have chosen. Module names do not usually have config_ at the beginning. I'm not the OP, but this is what I see: $ zcat /proc/config.gz | grep -i speak # Speakup console speech CONFIG_SPEAKUP=m CONFIG_SPEAKUP_SYNTH_ACNTSA=m CONFIG_SPEAKUP_SYNTH_ACNTPC=m CONFIG_SPEAKUP_SYNTH_APOLLO=m CONFIG_SPEAKUP_SYNTH_AUDPTR=m CONFIG_SPEAKUP_SYNTH_BNS=m CONFIG_SPEAKUP_SYNTH_DECTLK=m CONFIG_SPEAKUP_SYNTH_DECEXT=m CONFIG_SPEAKUP_SYNTH_DECPC=m CONFIG_SPEAKUP_SYNTH_DTLK=m CONFIG_SPEAKUP_SYNTH_KEYPC=m CONFIG_SPEAKUP_SYNTH_LTLK=m CONFIG_SPEAKUP_SYNTH_SOFT=m CONFIG_SPEAKUP_SYNTH_SPKOUT=m CONFIG_SPEAKUP_SYNTH_TXPRT=m CONFIG_SPEAKUP_SYNTH_DUMMY=m $ Stroller.
Re: [gentoo-user] Post-Installation Problem
Stroller strol...@stellar.eclipse.co.uk wrote: On Thu, 8 May 2014, at 5:45 pm, cov...@ccs.covici.com wrote: … I edited /etc/conf.d/modules and added two lines: modules=CONFIG_SPEAKUP modules=CONFIG_SPEAKUP_SYNTH_SOFT And reemerged the espeakup software; same error message, and on reboot, no software speech. Am I enabling the modules in an incorrect manner? If so, how to I get them to work? I don't think those are the correct module names, you can tell by looking at your kernel configs to see what speakup modules you have chosen. Module names do not usually have config_ at the beginning. I'm not the OP, but this is what I see: $ zcat /proc/config.gz | grep -i speak # Speakup console speech CONFIG_SPEAKUP=m CONFIG_SPEAKUP_SYNTH_ACNTSA=m CONFIG_SPEAKUP_SYNTH_ACNTPC=m CONFIG_SPEAKUP_SYNTH_APOLLO=m CONFIG_SPEAKUP_SYNTH_AUDPTR=m CONFIG_SPEAKUP_SYNTH_BNS=m CONFIG_SPEAKUP_SYNTH_DECTLK=m CONFIG_SPEAKUP_SYNTH_DECEXT=m CONFIG_SPEAKUP_SYNTH_DECPC=m CONFIG_SPEAKUP_SYNTH_DTLK=m CONFIG_SPEAKUP_SYNTH_KEYPC=m CONFIG_SPEAKUP_SYNTH_LTLK=m CONFIG_SPEAKUP_SYNTH_SOFT=m CONFIG_SPEAKUP_SYNTH_SPKOUT=m CONFIG_SPEAKUP_SYNTH_TXPRT=m CONFIG_SPEAKUP_SYNTH_DUMMY=m Sure, but those are not the module names, those are the config parameters. If you go into the make menuconfig it will tell you the module names in the help for each one, or do a find on /lib/modules and its the name without the .ko suffix. -- Your life is like a penny. You're going to lose it. The question is: How do you spend it? John Covici cov...@ccs.covici.com
Re: [gentoo-user] Post-Installation Problem
Please don't top post on this list: http://www.idallen.com/topposting.html I've fixed it for you on this occasion, please read below. On Thu, 8 May 2014, at 6:37 pm, Hunter Jozwiak hunter.t@gmail.com wrote: On 5/8/14, Stroller strol...@stellar.eclipse.co.uk wrote: On Thu, 8 May 2014, at 5:45 pm, cov...@ccs.covici.com wrote: ... I edited /etc/conf.d/modules and added two lines: modules=CONFIG_SPEAKUP modules=CONFIG_SPEAKUP_SYNTH_SOFT And reemerged the espeakup software; same error message, and on reboot, no software speech. Am I enabling the modules in an incorrect manner? If so, how to I get them to work? I don't think those are the correct module names, you can tell by looking at your kernel configs to see what speakup modules you have chosen. Module names do not usually have config_ at the beginning. I'm not the OP, but this is what I see: $ zcat /proc/config.gz | grep -i speak # Speakup console speech CONFIG_SPEAKUP=m … CONFIG_SPEAKUP_SYNTH_SOFT=m … $ I'd assume that module is the m part? As for how to recompile the genkernel, I'll need to look at that, as I ran genkernel all and am not certain on building self-made kernels. `zcat /proc/config.gz` shows the configuration of the current kernel (or the configuration with which the current kernel was compiled, I'm not sure). So the =m in the output I've posted shows that on my system, these options are compiled as modules. Compare with these options which are compiled in statically: $ zcat /proc/config.gz | grep '=y' | head CONFIG_GENTOO_LINUX=y CONFIG_GENTOO_LINUX_UDEV=y CONFIG_GENTOO_LINUX_INIT_SCRIPT=y CONFIG_GENTOO_LINUX_INIT_SYSTEMD=y CONFIG_64BIT=y CONFIG_X86_64=y CONFIG_X86=y CONFIG_INSTRUCTION_DECODER=y CONFIG_LOCKDEP_SUPPORT=y CONFIG_STACKTRACE_SUPPORT=y $ If a driver is compiled statically, it is always present in the kernel, and loaded into memory at boot time. If a driver is compiled as a module, it is only loaded into memory if and when needed. This is an incomplete answer for you, because I know nothing about Genkernel. Stroller.
Re: [gentoo-user] Post-Installation Problem
On Thu, 8 May 2014, at 6:55 pm, cov...@ccs.covici.com wrote: ... I don't think those are the correct module names, you can tell by looking at your kernel configs to see what speakup modules you have chosen. Module names do not usually have config_ at the beginning. I'm not the OP, but this is what I see: $ zcat /proc/config.gz | grep -i speak # Speakup console speech ... CONFIG_SPEAKUP_SYNTH_LTLK=m CONFIG_SPEAKUP_SYNTH_SOFT=m CONFIG_SPEAKUP_SYNTH_SPKOUT=m CONFIG_SPEAKUP_SYNTH_TXPRT=m CONFIG_SPEAKUP_SYNTH_DUMMY=m Sure, but those are not the module names, those are the config parameters. If you go into the make menuconfig it will tell you the module names in the help for each one, or do a find on /lib/modules and its the name without the .ko suffix. Ok, sure. Does one use `make menuconfig` with Genkernel? I apologise if I've distracted from the goal of helping Hunter recompile his kernel using this tool. Stroller.
Re: [gentoo-user] planned btrfs conversion: questions
Am 08.05.2014 13:57, schrieb William Kenworthy: I have had had very poor luck with ext anything and would hesitate it to recommend it except for this very specific case where there is little alternative - reiserfs is far better on platters for instance. I would be interested in your experience with ext anything. Poor luck only ? IMO the extX-filesystems are stable and recommended in general. And I use them in a lot of places if I dont't have specific reasons to do otherwise. Stefan
Re: [gentoo-user] Fwd: Post-Installation Problem
On 05/08/2014 05:29 PM, Hunter Jozwiak wrote: -- Forwarded message -- From: Hunter Jozwiak hunter.t@gmail.com Date: Thu, 8 May 2014 12:23:13 -0400 Subject: Post-Installation Problem To: gentoo-us...@lists.gentoo.org Hi all. I've been working on a Gentoo install for quite some time in tech class, but I've hit a road block. I compiled a Genkernel, and that went smooth. However, I tried to emerge espeakup, and I got errors about how modules weren't enabled. I edited /etc/conf.d/modules and added two lines: modules=CONFIG_SPEAKUP modules=CONFIG_SPEAKUP_SYNTH_SOFT And reemerged the espeakup software; same error message, and on reboot, no software speech. Am I enabling the modules in an incorrect manner? If so, how to I get them to work? what you need to do is # genkernel --menuconfig kernel then make sure that speakup is selected conf.d/modules is for kernel modules marked m mostly, these are loaded when needed by programs or drivers as required, but sometimes you want the module loaded in advance -- in that case you list them in conf.d/modules
[gentoo-user] Re: package download verification
Alan McKinnon alan.mckinnon at gmail.com writes: But why not just use a simple script: scriptname package.just.downloaded package.just.downloaded.DIGESTS Right now, I perform manual inspections, which are essential only if deemed essential, proned to (visual inspection) mistakes and time consuming. It there is (which I'm unaware of) scripts, programs, gui-interfaces and such that greatly simplify this manual spot checking random approach? http://arstechnica.com/information-technology/2014/04/openssl-code-beyond-repair-claims-creator-of-libressl-fork/ Thanks, now I understand better the question you are asking. Ok, cleaning up of this tool (openssl code) is but one part of the work that needs to be done. The Rat is well qualified to clean up this code. I don't think it can be solved at all in the general case, for two reasons. ems fight'n words.. One, the internet and it's core protocols are inherently not worthy of trust. There just isn't any way to prove that traffic is what it claims to be and no crypto verification built into the core of it. You either trust the traffic or you don't, but there's nothing inherent in the traffic to help you decide. So, all the download protocols have security checking bolted on afterwards by individual apps. These apps may or may not be compatible with each other and may or may not do their checks similarly from one protocol to the next. Somebody would have to garner enough support so that all the major projects doing file and data transfers agree on some way to implement crypto checks. Good luck with that if they do agree on something, we have the second problem. Internet downloads have an inherent problem - you download an unknown bunch of bits from somewhere and can't fully trust the result. You can check hashes against the downloaded file, but you have to get them from somewhere. And the method to get them is the same as getting the data file itself - a bunch of bits from somewhere and you can't trust it. How can you download trusted hash data from a source where you don't trust the regular downloads? Can't work; two no trusts don't make a one trust. And who's global hash store of all known hashes of all known downloadables would you trust anyway? The NSAs? Best you can do is make something for the specific case. The Gentoo tree and distfiles can be GPG signed and if you agree to trust Gentoo's keys then you are good to go and it can be automated (which is the easy bit btw). For the general case/ I can't see that work at all. I trust Gentoo with Gentoo, but I don't see myself ever trusting $ARB_3RD_PARTY with $EVERYTHING Your comments are well received and I do not even disagree with your points. I think you need to relax, grab your favorite beverage, recline and put on your deep thinking hat. Perhaps a foot massage from your least productive underling would set your mind at ease? So, let us assume you are correct in everything you have stated. But, try on this idea and shoot away. Note in this context, I use the terms code=package=sofware=download, so as to focus on the 10,000 foot view of the idea, not the minutia. Premiss: Any individual code/software/package/download can be hacked as can it's keys/hashes, regardless of where they are located. But, it would be very difficult for an interloper, to inject into such codes at a thousand differnet locations without detection. Note, at each repository, hashes can be regenerated and had better match the hashes of the the orignation site(s). Proposal: So rather than a static singular check-point of where you code check, why not develop checking tools that check the integrity of any given piece of code, from many multiple locations? (Fault tolerance via redundancy, if you like). Possible solution: 1) Source archives usually contain revision histories and sync those up with revision releases. So mantain a master list of hashes/keys on their sources in the form of a histogram. So a code periodically updated n(10) times would have n(10) hashes with n(10) timestamps as the basis of the histogram. Think of a digial (camera) histogram. [1] This would develop a histogram of changes in the hashes for a given code/package not only at the sourcecode reporsitory, but also at those institutional repositories who generate their own hashes/keys and link them to release date-time-stamps; had better have convergence with the development sources. Now we would not only have the hashes, which can be manually checked anywhere anytime, but a historm image check, based on the historical dates where the code is known to have changed. Every code changes does not have to be included, only significant, period releases. Code could be check by a bit by bit number by number approach, as well as a single image that is a compilation of those bits into the form of a histogram. [2] The archive sites (common download repositories) should be able to check
[gentoo-user] Planned Installation Steps
Hi all. Is it safe to install Gentoo in a course of days? Today, I plan to get the partitions set up, mounted, and get all the stage3 things installed, maybe install the kernel if time permits. My question, along with the safety of the installation over days is what is the best way to unmount partitions?
Re: [gentoo-user] planned btrfs conversion: questions
Am Thu, 08 May 2014 19:57:34 +0800 schrieb William Kenworthy bi...@iinet.net.au: On 05/07/14 07:51, Marc Joliet wrote: Am Wed, 07 May 2014 06:56:12 +0800 schrieb William Kenworthy bi...@iinet.net.au: On 05/06/14 18:18, Marc Joliet wrote: Hi all, I've become increasingly motivated to convert to btrfs. From what I've seen, it has become increasingly stable; enough so that it is apparently supposed to become the default FS on OpenSuse in 13.2. I am motivated by various reasons: My btrfs experience: I have been using btrfs seriously (vs testing) for a while now with mixed results but the latest kernel/tools seem to be holding up quite well. ~ 2yrs on a Apple/gentoo laptop (I handed it back to work a few months back) - never a problem! (mounted with discard/trim) That's one HDD, right? From what I've read, that's the most tested and stable use case for btrfs, so it doesn't surprise me that much that it worked so well. Yes, light duty using the builtin ssd chips on the motherboard. SSD chips on the motherboard? I just did a quick googled (well, duckduckwent would be more accurate; funny how language works), do you mean something like the Intel Z68 chipset? btrfs on a 128MB intel ssd (linux root drive) had to secure reset a few times as btrfs said the filesystem was full, but there was 60G+ free - happens after multiple crashes and it seemed the btrfs metadata and the ssd disagreed on what was actually in use - reset drive and restore from backups :( Now running ext4 on that drive with no problems - will move back to btrfs at some point. All the more reason to stick with EXT4 on the SSD for now. I have had had very poor luck with ext anything and would hesitate it to recommend it except for this very specific case where there is little alternative - reiserfs is far better on platters for instance. I, like Stefan, am interested in precisely what kind of negative experiences you've had with ext*. I used to use reiserfs (from waaay back when I still used SuSE), but the only remnant of that is a broken external HDD that I want to attempt a ddrescue on someday (really the only reason I still keep around reiserfs support in my kernel). The only thing I really miss is tail packing of small files; my actual disk usage grew noticeably after my switch to ext4. But ext* have the distinct advantage of being used pretty much everywhere, which, as we all know, is an important factor in finding bugs. Reiserfs, in comparison, is AFAIK unmaintained now (of course, it's maintained in the sense that the existing code is kept working, but that's beside the point). [snip interesting but irrelevant ceph scenario] Its relevant because it keeps revealing bugs in btrfs by stressing it - one of those reported by me to ceph was reported upstream by the ceph team and fixed last year - bugs still exist in btrfs ! Sorry, I read ceph and immediately thought OK, clustering file system, way outside of experience and didn't realise you were talking about outright bugs in btrfs (I kind of assumed a situation similar to btrfs and swap files: one piece of software (e.g., the kernel swap code) making assumptions that don't hold for btrfs). 3 x raid 0+1 (btrfs raid 1 with 3 drives) - working well for about a month That last one is particularly good to know. I expect RAID 0, 1 and 10 to work fairly well, since those are the oldest supported RAID levels. ~10+ gentoo VM's, one ubuntu and 3 x Win VM's with kvm/qemu storage on btrfs - regular scrubs show an occasional VM problem after system crash (VM server), otherwise problem free since moving to pure btrfs from ceph. Gentoo VM's were btrfs in raw qemu containers and are now converted to qcow2 - no problems since moving from ceph. Fragmentation on VM's is a problem but cp --reflink vm1 vm2 for vm's is really really cool! That matches the scenario from the ars technica article; the author is a huge fan of file cloning in btrfs :) . And yeah, too bad autodefrag is not yet stable. Not that its not stable but that it cant deal with large files that change randomly on a continual basis like VM virtual disks. Oh, I thought it was still considered new and unpolished (I did not mean buggy!). I have a clear impression that btrfs has been incrementally improving and the current kernel and recovery tools are quite good but its still possible to end up with an unrecoverable partition (in the sense that you might be able to get to some of the the data using recovery tools, but the btrfs mount itself is toast) Backups using dirvish - was getting an occasional corruption (mainly checksum) that seemed to coincide with network problems during a backup sequence - have not seen it for a couple of months now. Only lost whole partition once :( Dirvish really hammers a file system and ext4 usually dies very quickly so even now btrfs is far better here. I use
Re: [gentoo-user] Planned Installation Steps
Am 08.05.2014 22:30, schrieb Hunter Jozwiak: Hi all. Is it safe to install Gentoo in a course of days? Today, I plan to get the partitions set up, mounted, and get all the stage3 things installed, maybe install the kernel if time permits. Depends on your experience. An experienced gentoo user installs from scratch in maybe one or 2 hours (following the installation docs, knowing his way, good internet access ... ). My question, along with the safety of the installation over days is what is the best way to unmount partitions? This question sounds like you might need more than 2 hours. I wonder if the answer is really umount ? (aside from the discussion if you unmount partitions or filesystems) Stefan
Re: [gentoo-user] Fwd: Post-Installation Problem
On Thursday 08 May 2014 19:42:36 thegeezer wrote: On 05/08/2014 05:29 PM, Hunter Jozwiak wrote: -- Forwarded message -- From: Hunter Jozwiak hunter.t@gmail.com Date: Thu, 8 May 2014 12:23:13 -0400 Subject: Post-Installation Problem To: gentoo-us...@lists.gentoo.org Hi all. I've been working on a Gentoo install for quite some time in tech class, but I've hit a road block. I compiled a Genkernel, and that went smooth. However, I tried to emerge espeakup, and I got errors about how modules weren't enabled. I edited /etc/conf.d/modules and added two lines: modules=CONFIG_SPEAKUP modules=CONFIG_SPEAKUP_SYNTH_SOFT And reemerged the espeakup software; same error message, and on reboot, no software speech. Am I enabling the modules in an incorrect manner? If so, how to I get them to work? what you need to do is # genkernel --menuconfig kernel then make sure that speakup is selected conf.d/modules is for kernel modules marked m mostly, these are loaded when needed by programs or drivers as required, but sometimes you want the module loaded in advance -- in that case you list them in conf.d/modules To find what you have compiled as a loadable module (rather than built in the kernel) have a look at this: http://www.gentoo.org/doc/en/handbook/handbook-amd64.xml?part=1chap=7#doc_chap4 You can also select help when you are running --menuconfig, it usually shows the correct syntax of the corresponding module name. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] Planned Installation Steps
On May 8, 2014, at 17:07, Stefan G. Weichinger li...@xunil.at wrote: Am 08.05.2014 22:30, schrieb Hunter Jozwiak: Hi all. Is it safe to install Gentoo in a course of days? Today, I plan to get the partitions set up, mounted, and get all the stage3 things installed, maybe install the kernel if time permits. Depends on your experience. An experienced gentoo user installs from scratch in maybe one or 2 hours (following the installation docs, knowing his way, good internet access ... ). My question, along with the safety of the installation over days is what is the best way to unmount partitions? This question sounds like you might need more than 2 hours. I wonder if the answer is really umount ? (aside from the discussion if you unmount partitions or filesystems) Stefan The install will exceed well over two hours. Installing espeakup and dependencies takes half a day at best. Sorry, I did mean umount.
Re: [gentoo-user] Re: package download verification
On 08/05/2014 21:13, James wrote: So, what a torrent_style tool that uses a distributed hashes/keys to check code integrity; is possible? In one word: git Surely the code histogram idea is possible? Again, git. An aspect of the git design spec is to try deal with the kind of things you are pondering here. It seems a valid approach - if many people out there clone and make copies of the code then work on it, and if a bad hat injects some weirdness, there are enough eyes to hopefully catch it. Now that I think of it, it's an elegant solution: Avoid the problems of a single master store but not having one. -- Alan McKinnon alan.mckin...@gmail.com
Re: [gentoo-user] More emerge oddity in chroot
On Thursday 24 April 2014 13:57:19 Peter Humphrey wrote: Hello list, I'm wearying of this chroot operation, and I must be sounding like a tyro. The other day emerge started hanging at the end of compilation, thus: # emerge -1 apache-tools [,,,] Completed installing apache-tools-2.2.25 into /var/tmp/portage/app- admin/apache-tools-2.2.25/image/ strip: i686-pc-linux-gnu-strip --strip-unneeded -R .comment -R .GCC.command.line -R .note.gnu.gold-version usr/sbin/htpasswd usr/sbin/ab usr/sbin/rotatelogs usr/sbin/logresolve usr/sbin/htdigest usr/sbin/htdbm usr/sbin/htcacheclean usr/sbin/httxt2dbm usr/sbin/checkgid Done. It never comes back from there, not even with a CTRL-C; I have to kill -9 from another Konsole. I've found what was causing this. I can hardly believe it myself, but the evidence is conclusive. In my /etc/init.d/atom start script I nfs-mounted the Atom's package directory, but for historical reasons (latterly approaching the hysterical) I was passing -o vers=3. Once I removed that, portage sprang back into life. Go figure, as they say on the other side of the pond. -- Regards Peter
Re: [gentoo-user] Planned Installation Steps
On Thursday 08 May 2014 18:07:52 Hunter Jozwiak wrote: Sorry, I did mean umount. I don't think you did. Umount is the (silly IMO) slight shorthand for unmount. Unmount is the action you describe in words, umount is the command you issue to the OS to achieve it. -- Regards Peter
Re: [gentoo-user] Planned Installation Steps
On 05/08/2014 04:30 PM, Hunter Jozwiak wrote: Hi all. Is it safe to install Gentoo in a course of days? Today, I plan to get the partitions set up, mounted, and get all the stage3 things installed, maybe install the kernel if time permits. My question, along with the safety of the installation over days is what is the best way to unmount partitions? I think you're asking if it's safe to stop, unmount everything, shutdown the machine, and then start where you left off? Yes, it is. That's basically what we all do when we reboot for the first time and the kernel can't find /dev/root. Within the chroot, just type `exit` to escape the chroot. Then `cd` to the root of the boot CD and `umount` everything in the opposite order. So, umount /mnt/gentoo/proc umount /mnt/gentoo/dev umount /mnt/gentoo/boot umount /mnt/gentoo and any other partitions you have. Then shut it down. The next day, boot to the CD, mount everything again, and then chroot in.
Re: [gentoo-user] Intel(R) WiFi Link 5100 AGN - random de-authentication
On Thursday 08 May 2014 12:38:32 Mick wrote: My /etc/conf.d/net section says: [...] wpa_supplicant_wlp4s0=-Dwext [...] Use nl80211 instead, you'll want to enable this in your kernel as well. I recall trying this, but I think it would not connect at all. I may remember incorrectly though, so I will try again. Thanks for the prompt! I found out why the netifrc script would not connect ... Entirely my mistake! I had missed out the - in front of -Dnl80211 doh! The same re-authentication problem persists though. Will report back after I try the latest gentoo kernels in the tree. -- Regards, Mick signature.asc Description: This is a digitally signed message part.