Re: [gentoo-user] Safe systemd "reload" command

[Michael Orlitzky]

On 06/06/2016 06:04 PM, Tom H wrote:
> 
> 1) I've never used systemd on Gentoo but I assume that you can
> co-install openrc and systemd. So you'd want to check whether systemd
> is running:
> 
> [ -d /run/systemd/system ]
> 

I think the way I did this, it will be a no-op if systemd is not running
(or if e.g. spamd is not running *under* systemd). I committed the cron
job yesterday, so I'll hear about it if it doesn't work.


> 2) spamassassin.service is running
> 3) reload or restart spamassassin.service
> 
> systemctl try-reload-or-restart spamassassin.service
> if sa is running, it'll reload it if sa supports a reload, otherwise
> it'll restart it
> 

Ah, that sounds like an improvement. It looks like amavisd.service
supports reloading, but spamd.service doesn't. The way we do it in
spamd.init is to send a HUP signal to the spamd process (determined from
its PID file). Google tells me that

  ExecReload=/bin/kill -HUP $MAINPID

should work...

Re: [gentoo-user] Safe systemd "reload" command

[Tom H]

On Sun, Jun 5, 2016 at 9:23 AM, J.  wrote:
>
> SYSTEMD_INIT_PID=`pgrep -o -U 0 systemd`

Doesn't systemd call "init" rather "systemd" if you use the "sysv-utils" flag?

Re: [gentoo-user] Safe systemd "reload" command

[Tom H]

On Sun, Jun 5, 2016 at 12:48 AM, Michael Orlitzky  wrote:
>
> I'm planning on adding USE=cron to mail-filter/spamassassin to perform
> nightly updates. I have a script that works for OpenRC,
>
> https://wiki.gentoo.org/wiki/SpamAssassin#Daily_updates
>
> but I've commented where I would like to have something similar for
> systemd users. Anybody know how to do that?
>
> We can't count on systemd being installed, so we need to...
>
> 1. Test that systemd is installed.
>
> 2. Check if e.g. spamd is running (depends on #1 for the commands).
>
> 3. Reload or restart the daemon if #1 and #2 hold; or do nothing if
> one of them doesn't.

1) I've never used systemd on Gentoo but I assume that you can
co-install openrc and systemd. So you'd want to check whether systemd
is running:

[ -d /run/systemd/system ]

2) spamassassin.service is running
3) reload or restart spamassassin.service

systemctl try-reload-or-restart spamassassin.service
if sa is running, it'll reload it if sa supports a reload, otherwise
it'll restart it

systemctl try-restart spamassassin.service
if sa is running, it'll restart it

Re: [gentoo-user] how to use two graphics cards with one display

[Andrew Savchenko]

Hi,

On Sun, 05 Jun 2016 19:34:15 +0200 lee wrote:
> Hi,
> 
> is there a way to reasonably use two graphics cards with a single
> display?
> 
> SLI won't work because it's retarded in requiring the GPUs to be the
> same, which they aren't --- not to mention that the cards would be too
> far away from each other in the slots for a bridge to fit.
> 
> So what I'm thinking of is like using one card as a default and being
> able to use the other one to play a video in some window on the same
> display, preferably managed by the same fvwm, with the window optionally
> being fullscreen in size.  I'd like to do that because the card I have
> isn't powerful enough to play a video while an open gl application is
> running at the same time.
> 
> I'll probably get a better card once prices come down a bit, but it
> might have the same problem, and why would I want to waste an otherwise
> perfectly good graphics card.

Yes, but it depends on your hardware setup. What's yours and why
you need such unusual thing: connect two video cards to a single
monitor, or do you mean by display X display spawn over multiple
monitors?

In case of laptops such configuration is quite common: they may
have two video cards with single switchable output: intel card is
used for general work to save power and nvidia card is used for
applications, requiring high GPU performance. Switching is done
using sys-power/bbswitch. But looks like this is not your case,
since you are talking about card replacement, since most laptop GPU
cards are not replaceable.

If you want a multihead setup using two cards, this is trivial using
either xinerama or X screens depending on your taste.

As far as I understand your e-mail, you are trying to mux video
outputs of two GPU cards to a single monitor (excuse me if I'm
wrong, but it is hard to understand what your hardware is), this is
also doable if your monitor supports dual input (most modern
monitors do). This way separate X screens may be used to achive
your goal. (Xinerama setup is also possible, but GL acceleration
will be limited to abilities of the weakest card).

But honestly I don't get why you need this: if you have a powerful
GPU and it is not a laptop, where power consumption is critical,
why just don't use that card? Most cards have multiple outputs, so
it is not a problem to setup multihead with a single card either.

Best regards,
Andrew Savchenko


pgpYRvvxvEDJL.pgp
Description: PGP signature

Re: [gentoo-user] Recommended way to shut down akonadi

[Mick]

On Monday 06 Jun 2016 03:25:42 J. Roeleveld wrote:
> On June 6, 2016 12:13:16 AM GMT+02:00, Mick  
wrote:
> >I run enlightenment DE with a few KDE apps, including KDEPIM and with
> >the
> >arrival of Plasma5 I have migrated most of my systems to this set up.
> >
> >On my laptop I run a stand-alone postgresql for KDEPIM's akonadi,
> >instead of
> >mysql.  Everything was working fine, until a week ago.  Shutdown now
> >takes a
> >while with akonadi apparently trying to restart, before it eventually
> >gives
> >up.  This can take up to 90 seconds.  The delay goes away if I close
> >Kmail and
> >run 'akonadictl stop' in a terminal, before I shutdown from the GUI,
> >but not
> >if I just add it in my .xsession.  Perhaps my syntax is wrong, or there
> >may be
> >a better way to achieve the same.  The contents of my .xsession are:
> >
> >===
> >#!/bin/sh
> >if [ -x /usr/bin/gpg-agent ]; then
> >
> > kill $(ps ux | awk '/gpg-agent/ && !/awk/ {print $2}') >/dev/null 2>&1
> >
> >fi
> >
> >if [ -x /usr/bin/gpg-agent ]; then
> >
> >  eval "$(/usr/bin/gpg-agent --daemon)"
> >
> >fi
> >
> ># Uncomment the following lines to start rxvt-unicode which has the
> >ability to
> ># run multiple terminals in one single process, thus starting up faster
> >and
> ># saving resources.
> ># The --opendisplay ensures that the daemon quits when the X server
> >terminates,
> ># therefore we don't need matching lines in agent-shutdown.sh.
> >
> >if [ -x /usr/bin/urxvtd ]; then
> >
> >/usr/bin/urxvtd --opendisplay --fork --quiet
> >
> >fi
> >
> >#exec ck-launch-session /usr/bin/enlightenment_start
> >exec /usr/bin/enlightenment_start
> >/usr/bin/akonadictl stop
> >wait 4
> >
[snip ...]

> >Is there something I need to correct in my .xsession syntax?
> 
> Running KDE, I don't see this behaviour.

Well I didn't see this behaviour on this box with the above .xsession file up 
until a week ago.  I expect that when KDE shuts down it takes care of all its 
'children' and none are left behind running amok.  ;-)


> I think you want to kill the 'kde session' that is started by the kde
> application(s) during the shutdown process. I'm not certain which process
> to look for, I'll have a look later when I'm with my desktop.
> 
> Alternatively, kill all programs actually using akonadi. Like kmail and all
> the systray apps from the kdepim set.

I do not have KDEPIM systray enabled and I shutdown Kmail before I shutdown 
the PC.

These are the relevant processes I see:

29961 ?SNl0:09 kmail -caption KMail
29968 ?SNl0:00 /usr/bin/akonadi_control
29970 ?SNl0:08  \_ akonadiserver
29998 ?SNl0:00  \_ /usr/bin/akonadi_agent_launcher 
akonadi_akonotes_resource akonadi_akonotes_resource_0
2 ?SN 0:00  \_ /usr/bin/akonadi_archivemail_agent --identifier 
akonadi_archivemail_agent
3 ?SN 0:02  \_ /usr/bin/akonadi_baloo_indexer --identifier 
akonadi_baloo_indexer
30001 ?SNl0:00  \_ /usr/bin/akonadi_agent_launcher 
akonadi_contacts_resource akonadi_contacts_resource_1
30002 ?SN 0:00  \_ /usr/bin/akonadi_followupreminder_agent --
identifier akonadi_followupreminder_agent
30007 ?SNl0:00  \_ /usr/bin/akonadi_imap_resource --identifier 
akonadi_imap_resource_0
30008 ?SNl0:02  \_ /usr/bin/akonadi_imap_resource --identifier 
akonadi_imap_resource_1
30009 ?SNl0:00  \_ /usr/bin/akonadi_agent_launcher 
akonadi_maildir_resource akonadi_maildir_resource_0
30010 ?SN 0:00  \_ /usr/bin/akonadi_maildispatcher_agent --
identifier akonadi_maildispatcher_agent
30013 ?SN 0:00  \_ /usr/bin/akonadi_mailfilter_agent --identifier 
akonadi_mailfilter_agent
30014 ?SN 0:00  \_ /usr/bin/akonadi_migration_agent --identifier 
akonadi_migration_agent
30015 ?SN 0:00  \_ /usr/bin/akonadi_newmailnotifier_agent --
identifier akonadi_newmailnotifier_agent
30016 ?SN 0:00  \_ /usr/bin/akonadi_sendlater_agent --identifier 
akonadi_sendlater_agent
30023 ?SNl0:00  \_ /usr/bin/akonadi_agent_launcher 
akonadi_vcard_resource akonadi_vcard_resource_1
30024 ?SNl0:00  \_ /usr/bin/akonadi_agent_launcher 
akonadi_vcard_resource akonadi_vcard_resource_2
29974 ?SNs0:00 kdeinit4: kdeinit4 Runnin e
29976 ?SN 0:00  \_ kdeinit4: klauncher [kdei e
29979 ?SN 0:00 kdeinit4: kded4 [kdeinit]
29997 ?SNL0:00 kdeinit4: kwalletd [kdein e
30101 ?SNl0:00 /usr/bin/knotify4

after I login and start Kmail.

I did try 'killall kdeinit4' but from what I recall it made no difference.  
Happy to try any suggestions/syntax you may have.

-- 
Regards,
Mick

signature.asc
Description: This is a digitally signed message part.

Re: [gentoo-user] Systemd to manage (DNS) security?

[Rich Freeman]

On Mon, Jun 6, 2016 at 12:29 PM, James  wrote:
>
> This is about the most scary idea I have every heard of in unix/linux,
> in long time.
>
> I guess all of those conspiracy theories were correct::
> prepare to be assimilateD!
>
>
> https://lists.dns-oarc.net/pipermail/dns-operations/2016-June/014964.html
>

That's pretty old news.  In any case, you certainly don't need to use
systemd as your DNS resolver if you don't want to.

Systemd also doesn't touch /etc/resolv.conf contrary to what that
email states.  It only touches /run/systemd/resolve/resolv.conf which
does absolutely nothing on its own unless you choose to symlink
/etc/resolv.conf to it.  The obvious options using systemd and
resolv.conf are:
1.  Don't use it at all - just put whatever you want in
/etc/resolv.conf and it works like you'd expect it to.
2.  Have systemd-networkd populate /run/systemd/resolve/resolv.conf
with whatever DNS servers were discovered using DHCP and then symlink
that to /etc/resolv.conf so that your system uses it.  This is
basically the behavior you typically expect from the likes of dhcpcd
and such but instead of tampering with a file in /etc it just messes
with a transient file in /run.
3.  Run systemd-resolved as a caching forwarding-only DNS server and
have that end up in /run/systemd/resolve/resolv.conf.  I haven't
really taken a serious look at the security implications of this.  It
is intended as a lightweight forwarding-only DNS server, and if it has
any security flaws I'm sure they'll accept them as bugs.  It is meant
as a single-host solution - not as something you'd point your entire
network at.  It certainly isn't BIND.

As with most systemd integrated solutions they tend to start out
simple and evolve.

The last time I checked systemd does not block you from installing the
DNS server of your choosing, just as it doesn't block installing
syslog, or cron, or a network manager, or even another service
manager.  You could use it as an oversized sysvinit if you wanted to
(not that you would).  How distros choose to use it is another matter.

-- 
Rich

Re: [gentoo-user] Systemd to manage (DNS) security?

[Andrew Savchenko]

Hi,

On Mon, 6 Jun 2016 16:29:13 + (UTC) James wrote:
> This is about the most scary idea I have every heard of in unix/linux,
> in long time.
> 
> I guess all of those conspiracy theories were correct:: 
> prepare to be assimilateD!
> 
> 
> https://lists.dns-oarc.net/pipermail/dns-operations/2016-June/014964.html

I'm glad that both openrc and eudev exist, so that I can safely
burn that horrible abomination with fire and purge it from all my
systems, which is done long time ago and I'm happy.

My gratitude for openrc and eudev devs for their hard work.

It should be noted, that there are other non-systemd solutions like
runit, mdev and so on. I wish them good luck too (and looks like I
even use mdev on one server :)).

Best regards,
Andrew Savchenko


pgplkFLji8ExF.pgp
Description: PGP signature

[gentoo-user] Systemd to manage (DNS) security?

[James]

Hello,

This is about the most scary idea I have every heard of in unix/linux,
in long time.

I guess all of those conspiracy theories were correct:: 
prepare to be assimilateD!


https://lists.dns-oarc.net/pipermail/dns-operations/2016-June/014964.html


found on ha/ker news

enjoy,
James

Re: [gentoo-user] NumLock puzzle

[Peter Humphrey]

On Monday 06 Jun 2016 02:28:48 Philip Webb wrote:
> 160605 Dutch Ingraham wrote:
> > On Sun, Jun 05, 2016 at 11:12:07PM -0400, Philip Webb wrote:
> >> NB my  .xinitrc  has 'numlockx &' : isn't the space necessary ?
> > 
> > Nope - the space should't make a difference.
> 
> No indeed, it doesn't : you learn something every day.

...if you're not careful  :)

-- 
Rgds
Peter

Re: [gentoo-user] NumLock puzzle

[Philip Webb]

160605 Dutch Ingraham wrote:
> On Sun, Jun 05, 2016 at 11:12:07PM -0400, Philip Webb wrote:
>> NB my  .xinitrc  has 'numlockx &' : isn't the space necessary ?
> Nope - the space should't make a difference.

No indeed, it doesn't : you learn something every day.

-- 
,,
SUPPORT ___//___,   Philip Webb
ELECTRIC   /] [] [] [] [] []|   Cities Centre, University of Toronto
TRANSIT`-O--O---'   purslowatchassdotutorontodotca