Re: [gentoo-user] Choosing between system profiles: hardened and desktop for desktop installation.

2017-07-03 Thread Ian Bloss 
If you want to go with the hardened sources, there's a great wiki article
on it.

On Mon, Jul 3, 2017, 10:20 PM Ian Bloss  wrote:

> You should use the hardened profile with the harden sources. On terms with
> security you could compile a hardened kernel but you sacrifice ease of use
> by having to manage pax and if you choose an RBAC system like SElinux or
> grsecuritys adds more burden.
>
> Security isn't a product, so I would recommend sticking with regular
> profile with stable packages, and be mindful of what you have opened up to
> the internet. I would also recommend just reading up on linux security in
> general to understand what you're trying to make yourself more secure to.
>
> On Mon, Jul 3, 2017, 10:13 PM Ста Деюс  wrote:
>
>> Hi.
>>
>> I'm new to Gentoo, and before new installation on my PC, keep trying to
>> choose between system profiles. I want to use the PC as desktop, but am
>> concerned on security and minimalism. So, I would like to use the
>> hardened profile and then add the desktop packages, namely openbox w/o
>> any X-session managers -- just logging in w/ text console and then
>> startx.
>>
>> So, is my setup wise, or i miss something because do not know something
>> on the distro. regarding this points of installation?
>>
>> Thank you for your time,
>> Sthu.
>>
>>

Re: [gentoo-user] Choosing between system profiles: hardened and desktop for desktop installation.

2017-07-03 Thread Ian Bloss 
You should use the hardened profile with the harden sources. On terms with
security you could compile a hardened kernel but you sacrifice ease of use
by having to manage pax and if you choose an RBAC system like SElinux or
grsecuritys adds more burden.

Security isn't a product, so I would recommend sticking with regular
profile with stable packages, and be mindful of what you have opened up to
the internet. I would also recommend just reading up on linux security in
general to understand what you're trying to make yourself more secure to.

On Mon, Jul 3, 2017, 10:13 PM Ста Деюс  wrote:

> Hi.
>
> I'm new to Gentoo, and before new installation on my PC, keep trying to
> choose between system profiles. I want to use the PC as desktop, but am
> concerned on security and minimalism. So, I would like to use the
> hardened profile and then add the desktop packages, namely openbox w/o
> any X-session managers -- just logging in w/ text console and then
> startx.
>
> So, is my setup wise, or i miss something because do not know something
> on the distro. regarding this points of installation?
>
> Thank you for your time,
> Sthu.
>
>

[gentoo-user] Choosing between system profiles: hardened and desktop for desktop installation.

2017-07-03 Thread Ста Деюс 
Hi.

I'm new to Gentoo, and before new installation on my PC, keep trying to
choose between system profiles. I want to use the PC as desktop, but am
concerned on security and minimalism. So, I would like to use the
hardened profile and then add the desktop packages, namely openbox w/o
any X-session managers -- just logging in w/ text console and then
startx.

So, is my setup wise, or i miss something because do not know something
on the distro. regarding this points of installation?

Thank you for your time,
Sthu.

Re: [gentoo-user] Re: problem after upgrading postgresql

2017-07-03 Thread John Covici 
On Mon, 03 Jul 2017 11:57:27 -0400,
Ian Zimmerman wrote:
> 
> On 2017-07-03 07:59, John Covici wrote:
> 
> > So the problem seems to be that postgresql is not logging anything at
> > all, so the log goes to standard output 
> 
> I don't see the causal connection here.
> 
> > which in this case is the console becauuse its systemd.
> 
> Also, I hate systemd but even I don't believe that it cannot be
> configured to not spew logs to the console.

The service file says the logs go to the console until the log
functions of postgresql have started, which seems sensible to me.  The
problem is that such functions never start.

Downgrading from 9.6.3-r1 to 9.6.3 fixes the problem, so maybe I will
either file a bug or wait till next version.

-- 
Your life is like a penny.  You're going to lose it.  The question is:
How do
you spend it?

 John Covici
 cov...@ccs.covici.com

[gentoo-user] Re: problem after upgrading postgresql

2017-07-03 Thread Ian Zimmerman 
On 2017-07-03 07:59, John Covici wrote:

> So the problem seems to be that postgresql is not logging anything at
> all, so the log goes to standard output 

I don't see the causal connection here.

> which in this case is the console becauuse its systemd.

Also, I hate systemd but even I don't believe that it cannot be
configured to not spew logs to the console.

-- 
Please *no* private Cc: on mailing lists and newsgroups
Personal signed mail: please _encrypt_ and sign
Don't clear-text sign:
http://primate.net/~itz/blog/the-problem-with-gpg-signatures.html

Re: [gentoo-user] problem after upgrading postgresql

2017-07-03 Thread John Covici 

On Mon, 03 Jul 2017 05:38:25 -0400,
John Covici wrote:
> 
> Hi.  I have been using postgresql for quite some time, but after my
> last world update to 9.6.3-r1, I get all lines from the log on my
> console.  They don't appear in the ordinary system journal, so I have
> no idea why this is happening.
> 
> I am using "unstable" gentoo.
> 
> Thanks in advance for any assistance.

So the problem seems to be that postgresql is not logging anything at
all, so the log goes to standard output which in this case is the
console becauuse its systemd.

-- 
Your life is like a penny.  You're going to lose it.  The question is:
How do
you spend it?

 John Covici
 cov...@ccs.covici.com

[gentoo-user] problem after upgrading postgresql

2017-07-03 Thread John Covici 
Hi.  I have been using postgresql for quite some time, but after my
last world update to 9.6.3-r1, I get all lines from the log on my
console.  They don't appear in the ordinary system journal, so I have
no idea why this is happening.

I am using "unstable" gentoo.

Thanks in advance for any assistance.

-- 
Your life is like a penny.  You're going to lose it.  The question is:
How do
you spend it?

 John Covici
 cov...@ccs.covici.com

Re: [gentoo-user] SR-IOV for RAID/HBA's? anyone tried it?

2017-07-03 Thread R0b0t1 
On Sat, Jul 1, 2017 at 4:23 PM, taii...@gmx.com  wrote:
> I am wondering if anyone has tried this, apparently several LSI controllers
> support portioning out drives to VF's so the guest sees a controller with
> those drives attached to it.
>
> What was your experience like? and what controllers did you use?
>
>
> - Thanks
>

Why bother with a raid controller? Doing the processing required of
RAID takes essentially no processing power. You also don't need to
worry about the hardware failing and leaving your disks potentially
useless.

I do what you do by using a LVM volume group among a couple of SSDs.
Logical volumes can be any size up to the size of the entire
collection. There is additional functionality in LVM that you may be
interested in.

I have interacted with one (the process of turning it off). The menu
is usable but not as good as a simple CLI interface. It seems to mimic
the most basic functionality of LVM - you create groupings of physical
disks and then split them into logical disks. I would highly recommend
reading about LVM to know what else is possible that these controllers
likely do not or can not implement.

R0b0t1.

Re: [gentoo-user] SR-IOV for RAID/HBA's? anyone tried it?

2017-07-03 Thread J. Roeleveld 
On Monday, July 3, 2017 8:30:08 AM CEST taii...@gmx.com wrote:
> On 07/03/2017 12:24 AM, J. Roeleveld wrote:
> > On July 2, 2017 7:36:02 PM GMT+02:00, "taii...@gmx.com"  
wrote:
> >> On 07/02/2017 02:51 AM, J. Roeleveld wrote:
> >>> On July 1, 2017 11:23:06 PM GMT+02:00, "taii...@gmx.com"

> >> VM with quality performance.
> >> It'll always be faster than an emulated disk.
> > 
> > Never noticed any performance issues. Using Xen and raw disk format to the
> > VMs.
> http://semiaccurate.com/2009/09/30/lsi-virtualizes-storage-hardware/

I am missing how to accessed the disks here in both options.
The difference in performance is far more then I ever saw, even with older 
hardware.
With that difference, it seems their KVM configuration is rubbish.

> For me I have 3/4 the native copy speed, and the I/O for example
> extracting a zip is terrible.

I never noticed any real difference, even when the host managed the HBA.
How do you configure your VMs and which technology do you use?

> >>> Either the VM needs a fraction of a single disk. Or it needs multiple
> >> 
> >> disks.
> >> 
> >>> For the latter case, I prefer to pass an entire HBA.
> >> 
> >> Which one do you have and does yours support FLR?
> > 
> > Using a Supermicro card based on a LSI3008 chipset and dual expander
> > backplane. I can always add a second HBA of I need more bandwidth.
> > 
> > What is FLR? Googling that gives me a lot of non IT related results.
> 
> Function level reset, it is required to be able to assign devices to
> VM's without annoyance.

Passing to VM works flawlessly with this card. Didn't have any issues with 
setting it all up.

> The 3K series supports SR-IOV so you probably have it.
> Could you run # lspci -vv?

Results from the VM attached.
I don't see any mention of SR-IOV in there.

My network-card does have this, but unless I can have the card do the bonding 
and vlans, I see no use for it there either.

--
Joost# lspci -vv
00:00.0 Serial Attached SCSI controller: LSI Logic / Symbios Logic SAS3008 
PCI-Express Fusion-MPT SAS-3 (rev 02)
Subsystem: Super Micro Computer Inc SAS3008 PCI-Express Fusion-MPT SAS-3
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- 
Stepping- SERR+ FastB2B- DisINTx+
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- SERR- 
Capabilities: [190 v1] #16
Capabilities: [148 v1] Alternative Routing-ID Interpretation (ARI)
ARICap: MFVC- ACS-, Next Function: 0
ARICtl: MFVC- ACS-, Function Group: 0
Kernel driver in use: mpt3sas
Kernel modules: mpt3sas

Re: [gentoo-user] binutils-libs-2.28-r1 - loadable library and perl binaries are mismatched

2017-07-03 Thread David Haller 
Hello,

On Sun, 02 Jul 2017, the...@sys-concept.com wrote:
>During upgrade I get an error trying to compile "binutils-libs-2.28-r1"
>
>Any hint what to do with it?
>
>XSParagraph.c: loadable library and perl binaries are mismatched (got 
>handshake key 0xd70, needed 0xd60)
 ^^
>make[3]: *** [Makefile:472: bfd.info] Error 1
 
 
bfd.info: bfd.texinfo $(bfd_TEXINFOS)
[..]
if $(MAKEINFO) $(AM_MAKEINFOFLAGS) $(MAKEINFOFLAGS) -I $(srcdir) \
 -o $@ `test -f 'bfd.texinfo' || echo '$(srcdir)/'`bfd.texinfo; \
then \


Looks like building bfd.info from its texinfo source (bfd.texi) fails,
so it's texinfo again!

# locate XSParagraph
/usr/lib64/texinfo/XSParagraph.a
/usr/lib64/texinfo/XSParagraph.la
/usr/lib64/texinfo/XSParagraph.so
# qfile /usr/lib64/texinfo/XSParagraph.so
sys-apps/texinfo (/usr/lib64/texinfo/XSParagraph.so)
# file /usr/bin/makeinfo 
/usr/bin/makeinfo: symbolic link to texi2any
# file /usr/bin/texi2any
/usr/bin/texi2any: Perl script text executable

[how texi2any uses/requires /usr/lib64/texinfo/XSParagraph.so is
complicated, but it does]

# ldd /usr/lib64/texinfo/XSParagraph.so
linux-vdso.so.1 (0x7fff96654000)
libperl.so.5.24 => /usr/lib64/libperl.so.5.24 (0x7f459518b000)
[..]
# dev-lang/perl (/usr/lib64/libperl.so.5.24)
#

So you'll need to rebuild sys-apps/texinfo to match your perl-binary
and libperl again.

Run perl-cleaner [--all | --reallyall ] recently?

HTH,
-dnh

-- 
Diese Signatur ist vorübergehend nicht erreichbar.
Versuchen Sie es später noch einmal oder hinterlassen
Sie eine Nachricht vor dem Signaturtrenner. Piep.

Re: [gentoo-user] SR-IOV for RAID/HBA's? anyone tried it?

2017-07-03 Thread taii...@gmx.com 

On 07/03/2017 12:24 AM, J. Roeleveld wrote:


On July 2, 2017 7:36:02 PM GMT+02:00, "taii...@gmx.com"  wrote:

On 07/02/2017 02:51 AM, J. Roeleveld wrote:


On July 1, 2017 11:23:06 PM GMT+02:00, "taii...@gmx.com"

 wrote:

I am wondering if anyone has tried this, apparently several LSI
controllers support portioning out drives to VF's so the guest sees

a

controller with those drives attached to it.

What was your experience like? and what controllers did you use?


- Thanks

I am wondering when I would want this?

So you only need one HBA/RAID card per system if you want more than one

VM with quality performance.
It'll always be faster than an emulated disk.

Never noticed any performance issues. Using Xen and raw disk format to the VMs.

http://semiaccurate.com/2009/09/30/lsi-virtualizes-storage-hardware/
For me I have 3/4 the native copy speed, and the I/O for example 
extracting a zip is terrible.



Either the VM needs a fraction of a single disk. Or it needs multiple

disks.

For the latter case, I prefer to pass an entire HBA.

Which one do you have and does yours support FLR?

Using a Supermicro card based on a LSI3008 chipset and dual expander backplane.
I can always add a second HBA of I need more bandwidth.

What is FLR? Googling that gives me a lot of non IT related results.
Function level reset, it is required to be able to assign devices to 
VM's without annoyance.

The 3K series supports SR-IOV so you probably have it.

Could you run # lspci -vv?
Thank you