Re: [gentoo-user] Local mail server

[Grant Taylor]

On 7/28/20 5:18 PM, james wrote:
If you know a way around this, with full privileges one gets with static 
IP addresses, I'm all ears.?


A hack that I see used is to pick up a small VPS for a nominal monthly 
fee and establish a VPN to it.  Have it's IP (and ports) directed 
through the VPN to your local system.  You get just about everything, 
save for what's specifically needed for the VPN.




--
Grant. . . .
unix || die

[gentoo-user] BugDay - August 1st - Everyone is welcome to join!

[Aisha Tammy]

# Gentoo BugDay

Come join us over at #gentoo-bugday on freenode IRC on the first Saturday of 
every month
to squash bugs and make Gentoo a bit more awesome.

You don't need to be a Gentoo developer or even a coder to help us on BugDay.

Our next BugDay is on 1st Aug 2020 and we have started making preparations for
selecting and prioritizing bug categories for that day.


## Bug categories

The bug categories should be broad enough that there will be a lot of bugs 
being targeted.
We keep a option poll open to everybody to help us narrow down the categories 
of bugs to
focus.

The opinion poll is there to get an input from everyone about how to best 
tackle the current
bug situation and get an understanding of the community and developer 
priorities.

The poll is open at https://dudle.inf.tu-dresden.de/Bugday_2020-08-01/

Be sure to vote in the poll to get your opinion heard.


## For developers

Even if you have never coded for Gentoo you can help us with your knowledge.
It's always valuable to have your experience to guide us.

Things to help with
- Find a related bug that piques your interest.
- Look at upstream if this has been reported to them.
- If not, make a bug report to the upstream developers.
- If they have already seen it, check if they have managed to patch it.
- If not, try to gather as much information as you can about the bug so that
   it may help the developer tackling it.
- Alert us at #gentoo-bugday and interact with us to see if this can be 
squashed.


## For users
Users are one of the most important part of Gentoo and this is the occasion for 
them to
talk the developers and make your bugs looked at.

Take a look at the categories for BugDay at the poll link and the final BugDay 
wiki page
- Find a related bug that you have experienced and has not been fixed yet
- Try to see how it can be reproduced.
- The related bug reports have been ignored for months you say?
   Come poke us about these bugs at #gentoo-bugday on the freenode IRC
   and we will begin squashing any of those that are pending.


## Whats in it for me?

Bragging rights, permanently being listed on the charts of BugDay, sense of 
entitlement.

Any person who helps us solve valid problems will be given the honor of being 
listed on the page.

Even users who help related bugs and find links which make our problem solving 
easier will be put on a pedestal.


## Contributors

Thanks a lot to jstein@ for being the gracious organizer and making sure 
everything goes smoothly.

And special thanks to contributors who have worked on our previous BugDays.

Past contributors:
- https://wiki.gentoo.org/wiki/Bugday_2020-06-06
- https://wiki.gentoo.org/wiki/Bugday_2020-07-04

Re: [gentoo-user] Local mail server

[james]

On 7/28/20 12:05 PM, Wols Lists wrote:

On 28/07/20 16:01, james wrote:

(2) DNS resolvers, (?) mail-servers for a robust mail system that "I"
admin, and (1) internet facing web server and (1) internal only facing
or limited outward facing Web server for development and security based
testing. Static IP are basically $5/month from my ISP.


Do you really want to pay for a static IP? I'd go IPv6 instead.

I learnt my v4 in the days of 10-base-2, and I'd really love to update
to punching holes in a v6 router. Limited risk, and no worries about
static IPs, NATing, all that legacy stuff ... :-)

Cheers,
Wol




It's the bandwidth provider's policy. Static IPs (4 or 6) requires a 
monthly fee. If you know a way around this, with full privileges one 
gets with static IP addresses, I'm all ears.?


I do not want some limited/dysfunctional solution. I want/need the full 
ability of what static IPs addresses bring. (all ports open etc).


I am curious about your details via IPv6 and static (permanently 
assigned ) addresses.


James

Re: [gentoo-user] Local mail server

[james]

On 7/28/20 12:10 PM, Wols Lists wrote:

On 28/07/20 16:01, james wrote:

(2) DNS resolvers, (?) mail-servers for a robust mail system that "I"
admin, and (1) internet facing web server and (1) internal only facing
or limited outward facing Web server for development and security based
testing. Static IP are basically $5/month from my ISP.


Do you really want to pay for a static IP? I'd go IPv6 instead.

I learnt my v4 in the days of 10-base-2, and I'd really love to update
to punching holes in a v6 router. Limited risk, and no worries about
static IPs, NATing, all that legacy stuff ... :-)

Cheers,
Wol




So, IPv6 can be assigned without payment to an ISP? Besides having 
static IPs without bandwidth connections routed (assigned) to those IP6 
addresses are not useful?



If I go IPv6, where does the bandwidth come from?

confused,
James

Re: [gentoo-user] OT: Can a linux vmware guest tell if its host is CPU constrained?

[Sid Spry]

On Mon, Jul 27, 2020, at 9:24 PM, Adam Carter wrote:
> >  Compare realtime it to measured CPU time. If one realtime second is 
> > shorter than a
> > CPU second then you know the host is pausing your VM. There are other ways 
> > to
> > check, but this should always work if you can contact an asynchronous time 
> > standard.
> > You may need to average the time over tens of seconds or a minute.
> > 
> > This method will allow you to figure out that AWS spot instances are
> > oversubscribed ~1.5x.
> > 
> 
> Nice. FWIW the guest is running NTP.
> 
> So should I run something like: date ; time  100%CPU for a minute> ; date ?

No, date will pull from your RTC, which is usually kept up to date with an 
asynchronous
counter.

First check GNU top(1) and look in the %Cpu line for "st." That is % CPU time 
stolen. If it is
nonzero then the guest time's accounting is probably working. It's not typical 
for the
hypervisor to hide this information. It's really important for load balancing.

If that doesn't work we're going to have to write some C. Look at 
clock_gettime(3):
https://linux.die.net/man/3/clock_gettime.

The clocks are performance counters. Usually their only guarantee is that they 
go up.
On some platforms you may be able to see a difference between CLOCK_REALTIME and
CLOCK_MONOTONIC. On most platforms however, CLOCK_MONOTONIC is clocked
from the CPU timebase and continues to increment when your program is not 
running.
On Windows the API exposes the per-core clocks as well.

So to get around this, you need to know the frequency of the processor and how 
long
it takes to execute specific instructions.

% time ./stealcheck
real0.680168s
expected0.625681s
./stealcheck  0.69s user 0.00s system 98% cpu 0.698 total

As commented below, I didn't have time to find the exact cycle count for a busy 
loop.
But six is familiar and these times line up with what `time` gives. The other 
issue is
I haven't implemented CPU pinning nor have I fixed the frequency.

If possible do those, otherwise you can still infer an accurate steal time it 
just
requires statistics. This will be good enough for a yes/no answer. (I.e. if you
get a noticeable discrepancy buy more hardware.)

https://github.com/R030t1/stealcheck

g++ -std=gnu++2a -Wall -pedantic \
stealcheck.cc -o stealcheck

#include 
#include 
#include 
#include 

#include 
#include 
#include 
#include 
using namespace std;

uint64_t cpufreq();

int main(int argc, char *argv[]) {
// If you have a newer processor you can request
// cpuid level 0x16. For this impl. libpcre is
// likely faster.
uint64_t cf = cpufreq(),
// Six is familiar but likely not right.
cycles_per_loop = 6;

struct timespec start = { 0 };
clock_gettime(CLOCK_REALTIME, );

// Confirm the cycle count of these instructions for
// accurate results and/or implement loop with asm.
uint64_t count = 0x1000, orig = 0x1000;
while (count--);

struct timespec end = { 0 };
clock_gettime(CLOCK_REALTIME, );
// Calculate delta.
end.tv_sec  -= start.tv_sec;
end.tv_nsec -= start.tv_nsec;

double real = (end.tv_sec * 1.0) + (end.tv_nsec / 10.0);
double expected = (1.0 / cf) * orig * cycles_per_loop;
printf("real\t\t%lfs\n", real);
printf("expected\t%lfs\n", expected);

return 0;
}

uint64_t cpufreq() {
uint64_t res = 0;
regex pattern("^cpu MHz.*?([\\d.]+)");
smatch glean;

string line;
ifstream cpuinf("/proc/cpuinfo");
while (getline(cpuinf, line)) {
if (!regex_search(line, glean, pattern))
continue;
// This effectively returns the last one, but I didn't
// want to add CPU pinning etc. They are typically close
// together.
res = stod(glean[1].str()) * 100;
}

return res;
}

Re: [gentoo-user] Local mail server

[Wols Lists]

On 28/07/20 16:01, james wrote:
> (2) DNS resolvers, (?) mail-servers for a robust mail system that "I"
> admin, and (1) internet facing web server and (1) internal only facing
> or limited outward facing Web server for development and security based
> testing. Static IP are basically $5/month from my ISP.

Do you really want to pay for a static IP? I'd go IPv6 instead.

I learnt my v4 in the days of 10-base-2, and I'd really love to update
to punching holes in a v6 router. Limited risk, and no worries about
static IPs, NATing, all that legacy stuff ... :-)

Cheers,
Wol

Re: [gentoo-user] Local mail server

[james]

On 7/28/20 4:23 AM, Peter Humphrey wrote:

On Monday, 27 July 2020 22:10:59 BST james wrote:


I just ran across this document. I hope you find it relevant to your
mail issues.

https://bridge.grumpy-troll.org/2020/07/small-mailserver-bcp/

Small Mailserver Best Current Practices


Thank you James.

I seem to have fixed my problem by removing the specific addresses from
mynetworks and setting mynetworkstyle = subnet.

That doesn't make sense to me, but hey-ho.




Good news.

But I'm still looking for that complete list of (gentoo ebuild) codes to 
run on top of 2-4 stems, for a small, but feature rich solution for


(2) DNS resolvers, (?) mail-servers for a robust mail system that "I" 
admin, and (1) internet facing web server and (1) internal only facing 
or limited outward facing Web server for development and security based 
testing. Static IP are basically $5/month from my ISP.


So this is a point of curiosity for you or anyone with such a setup; but 
only what they wish to reveal publically. A private disclosure, and 
howto is ok too,

and I'll respect your privacy of such detail.

Eventually, when the Rasp.Pi_4 can map or at least utilize 16G of ram, I 
want to move the entire operation to Rp4s.  Then I can have one setup 
stationary, and one mobile in my RV. The thought is the RF (pseudo) 
statics are dominate, unless I travel to an area in the US, that does 
not have connectivity for a mobile rig.


Anyone is encouraged, publically or privately, to make suggestions. 
Eventually, the choices and basic instruction should make it to a web 
page document.


If several folks go down this pathway, then the security and security 
testing semantics, to ensure it is robustly safe, could be well 
documents, via a group effort. So all can benefit and stay safe. Adding 
a secure version of Slack, to these stacks, would be pretty cool too.


After all, such a setup would be sweet, and allow for for travel and 
still be in charge of all of your resources.

Re: [gentoo-user] Ebuild: How to deal with external repositories properly (best practise)?

[Ramon Fischer]

Oh yeah, as Neil was pointing that out.

I will give it a try and report soon.

-Ramon

On 28/07/2020 14:52, tastytea wrote:

On 2020-07-28 12:02+0200 Ramon Fischer  wrote:


Hello tastytea,

I am aware of this "workaround", thank you. :)

I guess, I was not precise enough:

The ebuild "drm_master_util-"[1] is hosted on my repository, but
the ebuild file itself pulls in an external repository[2].

Sorry, I misread your first email.


My question is: Is it a best practise to fork the external
repository[2], to link my fork with "drm_master_util-"[1], so I
have full control about updating the fork. Just to check, that the
external source is not doing shenanigans?

I would use either EGIT_COMMIT from git-r3.eclass¹ or download a
snapshot via SRC_URI².

¹ 
² 

Re: [gentoo-user] Ebuild: How to deal with external repositories properly (best practise)?

[tastytea]

On 2020-07-28 12:02+0200 Ramon Fischer  wrote:

> Hello tastytea,
> 
> I am aware of this "workaround", thank you. :)
> 
> I guess, I was not precise enough:
> 
> The ebuild "drm_master_util-"[1] is hosted on my repository, but
> the ebuild file itself pulls in an external repository[2].

Sorry, I misread your first email.

> My question is: Is it a best practise to fork the external 
> repository[2], to link my fork with "drm_master_util-"[1], so I
> have full control about updating the fork. Just to check, that the
> external source is not doing shenanigans?

I would use either EGIT_COMMIT from git-r3.eclass¹ or download a
snapshot via SRC_URI².

¹ 
² 

Re: [gentoo-user] Ebuild: How to deal with external repositories properly (best practise)?

[Ramon Fischer]

Hello tastytea,

I am aware of this "workaround", thank you. :)

I guess, I was not precise enough:

The ebuild "drm_master_util-"[1] is hosted on my repository, but the 
ebuild file itself pulls in an external repository[2].


My question is: Is it a best practise to fork the external 
repository[2], to link my fork with "drm_master_util-"[1], so I have 
full control about updating the fork. Just to check, that the external 
source is not doing shenanigans?


-Ramon

[1] 
https://codeberg.org/keks24/gentoo-overlay/src/branch/master/x11-misc/drm_master_util/drm_master_util-.ebuild#L27

[2] https://github.com/gch1p/drm_master_util.git

On 28/07/2020 10:53, tastytea wrote:

On 2020-07-28 06:47+0200 Ramon Fischer  wrote:


[…]
The thing I am concerned about, is, that I am pulling something from
an external source, which I am installing on my system and giving it
root privileges[4].

The only best practise I can think of, is, to fork the external
repository, linking the ebuild to my fork and updating it on demand,
so I have full control over it.

Would this be the way to do it?

You can mask all packages from a repository in
/etc/portage/package.mask/ with
 */*::repo-name
and unmask the packages you want in /etc/portage/package.unmask/ with
 x11-misc/drm_master_util::repo-name
or just the version you want with
 =x11-misc/drm_master_util-::repo-name
.

The maintainer of the repo could still replace the ebuild with a
malware installer.

Re: [gentoo-user] Ebuild: How to deal with external repositories properly (best practise)?

[Neil Bothwick]

On Tue, 28 Jul 2020 06:47:50 +0200, Ramon Fischer wrote:

> I have set up my first ebuild repository[1] with one package 
> "x11-misc/drm_master_util" to run "X" without root privileges. I am 
> still making it to work[2]. The ebuild file accesses an external git 
> repository[3].
> 
> The thing I am concerned about, is, that I am pulling something from an 
> external source, which I am installing on my system and giving it root 
> privileges[4].

Isn't that the case with any software you install? If your concern is
that you are pulling from a git repository, so the code could change at
any minute, you can use the git eclass to pull a specified branch or
commit, so you know what you are getting.


-- 
Neil Bothwick

Anything is possible if you don't know what
you are talking about.


pgpwMXdo2DQ4e.pgp
Description: OpenPGP digital signature

Re: [gentoo-user] Ebuild: How to deal with external repositories properly (best practise)?

[tastytea]

On 2020-07-28 06:47+0200 Ramon Fischer  wrote:

> […]
> The thing I am concerned about, is, that I am pulling something from
> an external source, which I am installing on my system and giving it
> root privileges[4].
> 
> The only best practise I can think of, is, to fork the external 
> repository, linking the ebuild to my fork and updating it on demand,
> so I have full control over it.
> 
> Would this be the way to do it?

You can mask all packages from a repository in
/etc/portage/package.mask/ with
*/*::repo-name
and unmask the packages you want in /etc/portage/package.unmask/ with
x11-misc/drm_master_util::repo-name
or just the version you want with
=x11-misc/drm_master_util-::repo-name
.

The maintainer of the repo could still replace the ebuild with a
malware installer.

Re: [gentoo-user] Local mail server

[Peter Humphrey]

On Monday, 27 July 2020 22:10:59 BST james wrote:

> I just ran across this document. I hope you find it relevant to your
> mail issues.
> 
> https://bridge.grumpy-troll.org/2020/07/small-mailserver-bcp/
> 
> Small Mailserver Best Current Practices

Thank you James.

I seem to have fixed my problem by removing the specific addresses from 
mynetworks and setting mynetworkstyle = subnet.

That doesn't make sense to me, but hey-ho.

-- 
Regards,
Peter.