[gentoo-user] yubikeys
Does anyone (aside from Diego, as I know from his blog) use Yubico Yubikeys with Gentoo? I am especially interested in getting it to work within Gnome, to authenticate ssh-sessions (using the smartcard feature of the Yubikey NEO). There are X howtos out there ... telling me to add udev-rules, disable gnome-keyring, run keychain ... etc etc I had it working already but somehow screwed it up again. ;-) Stefan
[gentoo-user] Re: Project:Installer
J.Rutkowski jrtk at pancakebungalow.com writes: It appears Kickstart may not necessarily require Anaconda as it is compatible the the Ubuntu installer [1]. While Kickstart itself may or may not be ideal, I think having install parameters in one single file is intriguing. UPdate:: https://github.com/gentoo/stager Python is the primary language so that is very encouraging. It'd be really cool is support for BTRFS was included, imho. James
Re: [gentoo-user] Re: Project:Installer
Hi all, I see that you've found stager. I'd like you to share your thoughts on what a perfect installer Gentoo could do. Feel free to open an Issue request on GitHub. I may reject them, but I'm certainly open to community participation! On other notes, I see that you've found Kickstart. You almost might be interested in Andrew Gaffney's Quickstart project: https://github.com/agaffney/quickstart Gaffney worked on the previous Gentoo installer around 2006-2009. All other Quickstart projects have most likely been forked from his code. :) Hope you find this helpful! maffblaster On 7/18/2015 12:11 PM, James wrote: J.Rutkowski jrtk at pancakebungalow.com writes: It appears Kickstart may not necessarily require Anaconda as it is compatible the the Ubuntu installer [1]. While Kickstart itself may or may not be ideal, I think having install parameters in one single file is intriguing. UPdate:: https://github.com/gentoo/stager Python is the primary language so that is very encouraging. It'd be really cool is support for BTRFS was included, imho. James
[gentoo-user] Re: yubikeys
On Sat, 18 Jul 2015 12:21:39 +0200 Stefan G. Weichinger li...@xunil.at wrote: Does anyone (aside from Diego, as I know from his blog) use Yubico Yubikeys with Gentoo? I am especially interested in getting it to work within Gnome, to authenticate ssh-sessions (using the smartcard feature of the Yubikey NEO). There are X howtos out there ... telling me to add udev-rules, disable gnome-keyring, run keychain ... etc etc What an amazing coincidence. I just listened to a podcast about an hour ago where the process was explained in detail (even mentioning the NEO model and smartcard in particular). Weird. I'm curious to know if this link actually gives you what you asked for: http://www.jupiterbroadcasting.com/85062/ssh-authentication-with-yubikey-las-373/ You can either watch (or listen to) the podcast, or scroll down the page about one-third to see written instructions. (Instructions based on ubuntu, not gentoo, but I'm sure you can translate :)
Re: [gentoo-user] booting from a usb flash drive
On Thu, Jul 16 2015, Mike Gilbert wrote: On Thu, Jul 16, 2015 at 12:40 PM, gottl...@nyu.edu wrote: I believe I correctly dd'ed a minimal cd onto a usb flash (aka thumb) drive. I set the boot order on my new system (dell 7450) to have the usb storage device first. Sure enough I get the isolinux prompt and the kernel is loaded. However after asking for the keymap (I just hit enter) it types looking for the cdrom. There is no cdrom. It then tries to mount media /dev/sda[123] (which are dell and windows partitions). When this fails it announces no bootable medium found I tried adding the doscsi option, no change. What did I do wrong? Does your system have USB 3 ports? USB 3 is currently broken on the installcd images. Yes. My new system is USB 3. allan
Re: [gentoo-user] Re: In the fear of getting hacked (WLAN setup)
H, On Sat, 18 Jul 2015 06:47:21 +0300 Nikos Chantziaras wrote: The problem I (possibly needless) see is: While I am tinkering and testing the configuration I may setup an open Wifi access point without noticing it in first glance and BANG! get hacked ... in the worst case: unrecognized... What is the best practice here? Is there a certain independant configuration, which I can set, which prevents this scenario? Thank you very much in advance for any help! Best regards, Meino PS: If one knows the ASUS Memo Pad 7 ME176CX and knows a way to locally connect this tablet to the internet...this would be a way to go also. I would appreciate any hint in this case (Using Lollipop 5.0). If you don't have any daemons running that provide network services (have opened listen ports), you can't get hacked. This is usually a problem for Windows, which by default has a gazillion of services running (NetBIOS, printer/media/filesystem/everything sharing, messaging, remote desktop, etc.) On Gentoo, if *you* didn't set up a service, then nothing is listening on the network. Yes and no. If user enabled network interface and has no network daemons running, kernel still listens to that interface (ARP, icmp and so on) and may be hacked using vulnerabilities in network stack, protocol handlers or even network device drivers. By default Gentoo has no interfaces enabled, but usually they are set up during initial install. And users may be unaware that even without any network applications they may be vulnerable with enabled interfaces. Proper configuration of kernel, especially iproute2 and iptables can minimize such risks, of course. Best regards, Andrew Savchenko pgpKQ3DbwKSv3.pgp Description: PGP signature
[gentoo-user] Re: Project:Installer
Matthew Marchese maffblaster at gentoo.org writes: maffblaster You are already my *fav_dev* just for taking on this subject:: I'm gonna encourage other folks to participate Surely I'll be testing your stage 4 offerings:: amd64 arm8v You're gonna support arm8v right out the shoot, right? Here is the stage 3 for my 96board:: http://dev.gentoo.org/~tgall/ THANKS! James
[gentoo-user] Re: In the fear of getting hacked (WLAN setup)
On Sat, 18 Jul 2015 05:34:53 +0200 meino.cra...@gmx.de wrote: Hi, in order to connect my ASUS Memp Pad 7 ME176CX to the internet I need a working WLAN (my DSL router/modem is of the copper area - no Wifi/WLAN). The hardware (an USB dongle) is already there...it needs only be configured and setup. The problem I (possibly needless) see is: While I am tinkering and testing the configuration I may setup an open Wifi access point without noticing it in first glance and BANG! get hacked ... in the worst case: unrecognized... I heard this on a podcast about security from someone (Steve Gibson) who knows a lot about the subject. He suggested using all those old home routers (you have sitting around collecting dust) in a new way. Apparently we can't trust any individual black-box home router to be secure any more, but maybe we can combine them to make hackers work harder: The idea is to chain all those home routers in series (instead of using them as the manufacturers intended) and then, as the last step, to plug your (new) wireless router into the end of the chain of old routers. I have no idea if this idea is good or bad, I'm just passing it along.
Re: [gentoo-user] Re: Virtualbox-5.0.0 [wow!]
On Friday, July 17, 2015 11:04:04 PM Jeremi Piotrowski wrote: On Wed, 15 Jul 2015 19:43:05 -0400 Fernando Rodriguez frodriguez.develo...@outlook.com wrote: On Tuesday, July 14, 2015 6:53:43 PM walt wrote: I'd like to know if anyone else is seeing spectacular speed performance with vbox-5.0.0. No noticeable performance improvement for me using hardware virtualization. Also here the paravirtualization additions are not having any noticeable effect on performance (checked with the Windows Experience Index on W8). What I am seeing though are various regressions: - fullscreen no longer goes fullscreen (with fluxbox doesn't cover the slit and hides behind toolbar) - weird sound/video problems with youtube (accelerated video, constant popping noises) - doesn't work at all since I updated to the 4.2.0-rc2 kernel I had great expectations but so far I'm disappointed. Fullscreen works fine on kde and openbox. I've had the sound problem with earlier versions and pulseaudio. IIRC I fixed it by tuning PA fragment size. And it works fine with 4.2.0-rc2 for me. Did you remember to re-emerge app- emulation/virtualbox-modules (after setting the /usr/src/linux symlink to the new kernel source)? -- Fernando Rodriguez
[gentoo-user] installing gentoo with a systemd profile
I am installing gentoo on a new laptop. I am a gnome, hence systemd, user. I also use lvm (I have / and /usr combined on a non-lvm partition). At the point where you choose a profile (//wiki.gentoo.org/wiki/Handbook:AMD64/Full/Installation#Choosing_the_right_profile) I selected [5] default/linux/amd64/13.0/desktop/gnome/systemd * But now I get merge conflicts since I have sys-fs/udev installed. I can't depclean udev. Should I have just used the default/linux/amd64/13.0 profile and switched later after the installation is complete. Fortunately, I don't need to used the new machine immediately so I don't mind starting the installation over from the beginning In a similar vein, my systems have PORTDIR=/var/portage. Am I correct in now believing that it is better to do the install with the default PORTDIR=/usr/portage and then switching after the dust settles thanks, allan
Re: [gentoo-user] installing gentoo with a systemd profile
On Sat, Jul 18, 2015 at 8:00 PM, gottl...@nyu.edu wrote: I am installing gentoo on a new laptop. I am a gnome, hence systemd, user. I also use lvm (I have / and /usr combined on a non-lvm partition). At the point where you choose a profile (// wiki.gentoo.org/wiki/Handbook:AMD64/Full/Installation#Choosing_the_right_profile ) I selected [5] default/linux/amd64/13.0/desktop/gnome/systemd * But now I get merge conflicts since I have sys-fs/udev installed. I can't depclean udev. Should I have just used the default/linux/amd64/13.0 profile and switched later after the installation is complete. Fortunately, I don't need to used the new machine immediately so I don't mind starting the installation over from the beginning In a similar vein, my systems have PORTDIR=/var/portage. Am I correct in now believing that it is better to do the install with the default PORTDIR=/usr/portage and then switching after the dust settles What I usually do is: 1. Extract the stage 3 tarball 2. Sync the portage tree 3. Switch to the systemd profile 4. emerge -uDNvp world (this usually solves the systemd/udev conflicts) 5. emerge --depclean 6. Switch to the GNOME/systemd profile 7. Emerge gnome-base/gnome In my experience, if you switch directly to the GNOME/systemd profile, you get many conflicts. Regards. -- Canek Peláez Valdés Profesor de asignatura, Facultad de Ciencias Universidad Nacional Autónoma de México