[gentoo-user] Kernel module signature now shown on modinfo

[Ben Mezger]

Greetings,

I have enabled module signature verification on my kernel, and it does
seem to be enabled upon boot:

$  dmesg | grep -i 'x.*509'
[1.259988] Asymmetric key parser 'x509' registered
[1.811026] Loading compiled-in X.509 certificates
[1.813833] Loaded X.509 cert 'Build time autogenerated kernel key:
77e716fc52a6293567d953cd24a5977e55b41a5e'

and doing a cat /proc/keys seems to show the key enabled:

$ cat /proc/keys
...
37c67374 I-- 1 perm 1f03 0 0 asymmetri Build time
autogenerated kernel key: 77e716fc52a6293567d953cd24a5977e55b41a5e:
X509.rsa 55b41a5e []
...

However, if I do a modinfo to see the key on a module, it seems empty:

$modinfo ntfs
filename:   /lib/modules/4.9.76-gentoo-r1/kernel/fs/ntfs/ntfs.ko
license:GPL
version:2.1.32
description:NTFS 1.2/3.x driver - Copyright (c) 2001-2014 Anton
Altaparmakov and Tuxera Inc.
author: Anton Altaparmakov 
alias:  fs-ntfs
srcversion: 0D7ACE93F603E9350827FB8
depends:
intree: Y
vermagic:   4.9.76-gentoo-r1 SMP mod_unload
signat: PKCS#7
signer:
sig_key:
sig_hashalgo:   md4

And hex dump does show me the digital signature appended at the end:

$ hexdump -C /lib64/modules/4.9.76-gentoo-r1/kernel/fs/ntfs/ntfs.ko| tail
0004e8c0  e3 dd 54 9d 5e f1 1a 12  56 47 4e 54 91 b9 fa ce  |..T.^...VGNT|
0004e8d0  e6 01 db 37 eb 83 f3 77  10 f0 b5 f8 11 fd 4e 86  |...7...w..N.|
0004e8e0  6c 81 8a 61 c2 15 6d 5a  35 93 8b 33 c0 32 2f e4  |l..a..mZ5..3.2/.|
0004e8f0  8c 15 71 de c8 c5 39 58  cc e8 65 e1 be 36 e6 02  |..q...9X..e..6..|
0004e900  b0 75 b5 a2 73 d8 4d 22  e7 2f 53 1f 42 fb ee 58  |.u..s.M"./S.B..X|
0004e910  f2 65 44 13 26 30 7b 31  1c 58 12 5a f2 5d b1 45  |.eD.&0{1.X.Z.].E|
0004e920  3a f0 a5 79 74 f4 00 00  02 00 00 00 00 00 00 00  |:..yt...|
0004e930  02 9e 7e 4d 6f 64 75 6c  65 20 73 69 67 6e 61 74  |..~Module signat|
0004e940  75 72 65 20 61 70 70 65  6e 64 65 64 7e 0a|ure appended~.|
0004e94e

My question is: why doesn't modinfo show me the key fingerprint?

-- 
Kind regards,
Met een vriendelijke groet,

Ben Mezger
https://seds.nl
PGP: C473 DDC9 D1B1 40AF 2051  1CF6 18C4 6052 1688 92F7

Re: [gentoo-user] openvpn rc script dependencies

[J. Roeleveld]

On Tuesday, April 10, 2018 1:25:42 PM CEST Simon Thelen wrote:
> On 18-04-10 at 10:55, Christoph Böhmwalder wrote:
> > I was wondering how the OpenRC dependencies between start scripts work.
> > 
> > Basically, I have two network interfaces on my laptop (wlp3s0 and
> > enp0s20u2u3 for wireless and ethernet respectively).  When I start the
> > wireless interface service (rc-service net.wlp3s0 start) the OpenVPN
> > service starts and vice versa.  That's great, but I didn't configure
> > that anywhere.
> 
> What does your /etc/runlevels/ look like? Is the openvpn service in one
> of the runlevels? Are either of your network interfaces in one of the
> runlevels?
> 
> > What's even worse is that when I'm not connected via WiFi (i.e.
> 
> > ethernet), the VPN service won't start because net.wlp3s0 isn't started:
> [..]
> 
> > Why would it do that, can I configure this anywhere?
> 
> Also check /etc/rc.conf and try setting rc_depend_strict="NO". I do wish
> there were a way to modify require/provides without having to edit the
> init scripts themselves.

There is. You have (at least) 2 other options:

1) In the "/etc/conf.d" files (as I tend to do):
# grep need /etc/conf.d/postgresql-9.5
rc_need="netmount"
(This means, postgresql-9.5 needs the 'netmount' service to have started first)

# grep need /etc/conf.d/netmount 
rc_need="net iscsid"
(This means, netmount needs 'net' and 'iscsid' started first)

2) /etc/rc.conf
See the following section in the default version:
===
# It's possible to define extra dependencies for services like so
#rc_config="/etc/foo"
#rc_need="openvpn"
#rc_use="net.eth0"
#rc_after="clock"
#rc_before="local"
#rc_provide="!net"
===

--
Joost

Re: [gentoo-user] Wrong instructions when installing Oracle JRE

[Dale]

Michael Orlitzky wrote:
> On 04/11/2018 06:27 AM, Dale wrote:
>> I think that is where they were talking about moving it from.  At one
>> point, they were discussing putting it in /var somewhere.  Maybe they
>> decided not to move it at all.  I seem to recall there being a quite
>> active and lengthy thread about it on -dev but that was years ago.  I
>> don't think my archives go back that far. 
>>
> It never worked. None of the better options had 100% support, so we left
> it in the worst place of all, with which everyone is equally unhappy =)
>
>


Maybe that is why I don't recall the end result, there wasn't one. 
lol   Still, all one has to do is move it and change make.conf.  I was
just curious as to where the default was. 

Thanks for having better memory than I did on this.  ;-)

Dale

:-)  :-) 

Re: [gentoo-user] Wrong instructions when installing Oracle JRE

[Michael Orlitzky]

On 04/11/2018 06:27 AM, Dale wrote:
> 
> I think that is where they were talking about moving it from.  At one
> point, they were discussing putting it in /var somewhere.  Maybe they
> decided not to move it at all.  I seem to recall there being a quite
> active and lengthy thread about it on -dev but that was years ago.  I
> don't think my archives go back that far. 
> 

It never worked. None of the better options had 100% support, so we left
it in the worst place of all, with which everyone is equally unhappy =)

Re: [gentoo-user] Re: Odd plasma display problem

[Peter Humphrey]

On Wednesday, 11 April 2018 13:13:46 BST Nikos Chantziaras wrote:
> On 11/04/18 15:02, Peter Humphrey wrote:
> > On one desktop I keep three Konsole windows open all the time, as in the
> > screen shot attached. I've found that I cannot move the central window to
> > the vertical centre of the screen: as I drag it up, or down, to the
> > centre it stops moving for a while and then jumps to a position beyond
> > the centre.
> You have enabled the "center snap zone" setting. Or perhaps it's enabled
> by default, I don't know.
> 
> Disable it in:
> 
> System Settings->Window Management->Window Behavior
> 
> It's in the "Moving" tab. Set it to 0 which will make it show "no center
> snap zone."

Good idea, but no, I already have that set to "no centre snap zone" - but I do 
have "snap windows only when overlapping" set.

-- 
Regards,
Peter.

[gentoo-user] Re: Odd plasma display problem

[Nikos Chantziaras]

On 11/04/18 15:02, Peter Humphrey wrote:

On one desktop I keep three Konsole windows open all the time, as in the
screen shot attached. I've found that I cannot move the central window to the
vertical centre of the screen: as I drag it up, or down, to the centre it
stops moving for a while and then jumps to a position beyond the centre.


You have enabled the "center snap zone" setting. Or perhaps it's enabled 
by default, I don't know.


Disable it in:

System Settings->Window Management->Window Behavior

It's in the "Moving" tab. Set it to 0 which will make it show "no center 
snap zone."

Re: [gentoo-user] Wrong instructions when installing Oracle JRE

[Dale]

Peter Humphrey wrote:
> On Wednesday, 11 April 2018 11:27:39 BST Dale wrote:
>> R0b0t1 wrote:
>>> On Tue, Apr 10, 2018 at 11:08 PM, Dale  wrote:
 J. Roeleveld wrote:
> Sounds like a bug.
> All fetch restriction packages I encounter want it in your distfiles
> folder. (Wherever you configured it to be)
>
> I haven't really read the text on these myself lately, so not sure if
> other packages have the same, but I didn't notice any path other than
> my distfiles dir.
>
> Most common one I have is the citrix 'icaclient'.
>
> --
> Joost
 Picking random post to reply to so anyone can respond to this question.
 I recall years ago there was talk of moving distfiles and such to a
 directory in /var on new installs at least.  At the time, I moved mine
 to /var/cache/portage.  I seem to recall that another location ended up
 being picked.  Does anyone recall if the move ever did occur and if so,
 where it went?  I recall reading about it but can't recall what was
 final on it or if it ended up being moved at all.
>>> Do you mean /usr/portage/distfiles?
>>>
>>> Can we stop using Oracle's JVM?
>>>
>>> Cheers,
>>>
>>>  R0b0t1
>> I think that is where they were talking about moving it from.  At one
>> point, they were discussing putting it in /var somewhere.  Maybe they
>> decided not to move it at all.  I seem to recall there being a quite
>> active and lengthy thread about it on -dev but that was years ago.  I
>> don't think my archives go back that far. 
>>
>> Oh well.  I was just curious.  Mine is in /var/cache/portage/.  At the
>> time, that I think had the most support.  Either way, it works for me
>> and it can be put pretty much anywhere sensible. 
> Especially if you have separate partitions, as I do. Portage, packages and 
> distfiles can be mounted anywhere with simple changes to fstab and make.conf. 
> That makes the debates over what should live where somewhat moot.
>


Exactly.  At some point I needed to move it because packages was taking
up a lot of drive space.  I don't think I was using LVM back then.  I
did have a good size /var partition tho so it fit nicely there.  I keep
binaries of everything just in case something bad happens and I need to
go back quickly or easily or both.  Thing is, some of those are pretty
large and tend to get larger with each upgrade.  Once a partition gets
to about 80% or so full, I start making plans to make them larger.  I
used to have to boot a DVD/USB stick and have a spare hard drive to do
that but LVM makes that easier.  Everyone doesn't have that option tho. 

Sometimes I wish I had elephant memory but then again, I may not like
that either.  :/

Dale

:-)  :-) 

Re: [gentoo-user] Wrong instructions when installing Oracle JRE

[Peter Humphrey]

On Wednesday, 11 April 2018 11:27:39 BST Dale wrote:
> R0b0t1 wrote:
> > On Tue, Apr 10, 2018 at 11:08 PM, Dale  wrote:
> >> J. Roeleveld wrote:
> >>> Sounds like a bug.
> >>> All fetch restriction packages I encounter want it in your distfiles
> >>> folder. (Wherever you configured it to be)
> >>> 
> >>> I haven't really read the text on these myself lately, so not sure if
> >>> other packages have the same, but I didn't notice any path other than
> >>> my distfiles dir.
> >>> 
> >>> Most common one I have is the citrix 'icaclient'.
> >>> 
> >>> --
> >>> Joost
> >> 
> >> Picking random post to reply to so anyone can respond to this question.
> >> I recall years ago there was talk of moving distfiles and such to a
> >> directory in /var on new installs at least.  At the time, I moved mine
> >> to /var/cache/portage.  I seem to recall that another location ended up
> >> being picked.  Does anyone recall if the move ever did occur and if so,
> >> where it went?  I recall reading about it but can't recall what was
> >> final on it or if it ended up being moved at all.
> > 
> > Do you mean /usr/portage/distfiles?
> > 
> > Can we stop using Oracle's JVM?
> > 
> > Cheers,
> > 
> >  R0b0t1
> 
> I think that is where they were talking about moving it from.  At one
> point, they were discussing putting it in /var somewhere.  Maybe they
> decided not to move it at all.  I seem to recall there being a quite
> active and lengthy thread about it on -dev but that was years ago.  I
> don't think my archives go back that far. 
> 
> Oh well.  I was just curious.  Mine is in /var/cache/portage/.  At the
> time, that I think had the most support.  Either way, it works for me
> and it can be put pretty much anywhere sensible. 

Especially if you have separate partitions, as I do. Portage, packages and 
distfiles can be mounted anywhere with simple changes to fstab and make.conf. 
That makes the debates over what should live where somewhat moot.

-- 
Regards,
Peter.

Re: [gentoo-user] Wrong instructions when installing Oracle JRE

[Dale]

R0b0t1 wrote:
> On Tue, Apr 10, 2018 at 11:08 PM, Dale  wrote:
>> J. Roeleveld wrote:
>>> Sounds like a bug.
>>> All fetch restriction packages I encounter want it in your distfiles 
>>> folder. (Wherever you configured it to be)
>>>
>>> I haven't really read the text on these myself lately, so not sure if other 
>>> packages have the same, but I didn't notice any path other than my 
>>> distfiles dir.
>>>
>>> Most common one I have is the citrix 'icaclient'.
>>>
>>> --
>>> Joost
>>
>> Picking random post to reply to so anyone can respond to this question.
>> I recall years ago there was talk of moving distfiles and such to a
>> directory in /var on new installs at least.  At the time, I moved mine
>> to /var/cache/portage.  I seem to recall that another location ended up
>> being picked.  Does anyone recall if the move ever did occur and if so,
>> where it went?  I recall reading about it but can't recall what was
>> final on it or if it ended up being moved at all.
>>
> Do you mean /usr/portage/distfiles?
>
> Can we stop using Oracle's JVM?
>
> Cheers,
>  R0b0t1
>
>


I think that is where they were talking about moving it from.  At one
point, they were discussing putting it in /var somewhere.  Maybe they
decided not to move it at all.  I seem to recall there being a quite
active and lengthy thread about it on -dev but that was years ago.  I
don't think my archives go back that far. 

Oh well.  I was just curious.  Mine is in /var/cache/portage/.  At the
time, that I think had the most support.  Either way, it works for me
and it can be put pretty much anywhere sensible. 

Thanks.

Dale

:-)  :-) 

Re: [gentoo-user] Wrong instructions when installing Oracle JRE

[R0b0t1]

On Tue, Apr 10, 2018 at 11:08 PM, Dale  wrote:
> J. Roeleveld wrote:
>>
>> Sounds like a bug.
>> All fetch restriction packages I encounter want it in your distfiles folder. 
>> (Wherever you configured it to be)
>>
>> I haven't really read the text on these myself lately, so not sure if other 
>> packages have the same, but I didn't notice any path other than my distfiles 
>> dir.
>>
>> Most common one I have is the citrix 'icaclient'.
>>
>> --
>> Joost
>
>
> Picking random post to reply to so anyone can respond to this question.
> I recall years ago there was talk of moving distfiles and such to a
> directory in /var on new installs at least.  At the time, I moved mine
> to /var/cache/portage.  I seem to recall that another location ended up
> being picked.  Does anyone recall if the move ever did occur and if so,
> where it went?  I recall reading about it but can't recall what was
> final on it or if it ended up being moved at all.
>

Do you mean /usr/portage/distfiles?

Can we stop using Oracle's JVM?

Cheers,
 R0b0t1