Re: [gentoo-user] Re: New Intel CPU flaws discovered
On Wed, 15 May 2019 18:42:03 +0300 Nikos Chantziaras wrote: > On 15/05/2019 18:25, Dale wrote: > > If my system is off, how's it going to play videos? > > If your system is on, how is it going to replace vulnerable kernels with > patched ones? It is possible to use kernel live patching, see [1] for details. Most kernel bugfixes are available that way. I have not checked MDS problem however. [1] https://wiki.gentoo.org/wiki/Elivepatch Best regards, Andrew Savchenko pgpxo2ldPrmiZ.pgp Description: PGP signature
Re: [gentoo-user] Re: Stable gcc:7.3.0 won't build with stable glibc
On Sat, 30 Mar 2019 17:39:03 - (UTC) Grant Edwards wrote: > On 2019-03-30, Andrew Savchenko wrote: > > On Sat, 30 Mar 2019 15:09:06 - (UTC) Grant Edwards wrote: > >> On 2019-03-29, Philip Webb wrote: > >> > 190329 Grant Edwards wrote: > >> > > >> >> gcc-7.3.9-r3 is marked stable, yet it fails to build if you have the > >> >> current stable version of glibc installed (2.28-r5). > >> > > >> > I've been using Gcc-8.2.0-r6 since 170302 with Glibc-2.27-r6 : no > >> > problems. > >> > >> What I'm asking about is that 7.3.0-r3 (which is stable) won't build > >> with glibc-2.28 (which is stable). My question: is that considered a > >> bug or not? > > > > It depends on the details of the problem, but you provided no > > details to make further considerations. > > glibc 2.27 has an include file "ustat.h" which declares a library > function ustat(). glibc 2.28 does not have that include file (nor the > function, AFAICT). Any application that #includes ustat.h or calls > ustat() fails to build with glibc 2.28. migrate to statfs() or fstatfs(), that's easy. Best regards, Andrew Savchenko pgp2ce2n9eV32.pgp Description: PGP signature
Re: [gentoo-user] Re: Stable gcc:7.3.0 won't build with stable glibc
On Sat, 30 Mar 2019 15:09:06 - (UTC) Grant Edwards wrote: > On 2019-03-29, Philip Webb wrote: > > 190329 Grant Edwards wrote: > > > >> gcc-7.3.9-r3 is marked stable, yet it fails to build if you have the > >> current stable version of glibc installed (2.28-r5). > > > > I've been using Gcc-8.2.0-r6 since 170302 with Glibc-2.27-r6 : no problems. > > What I'm asking about is that 7.3.0-r3 (which is stable) won't build > with glibc-2.28 (which is stable). My question: is that considered a > bug or not? It depends on the details of the problem, but you provided no details to make further considerations. In general it would be considered a bug. > One might think that the 7.3.0-r3 ebuild should require > gblic < 2.28. Is one allowed to tweak ebuilds like that without > bumping the revision? > > FWIW 7.3.0-r6 does build and works fine for my application which won't > build with gcc-8 -- so it's purely an academic question. It's better to fix your application. Fixing problem revealed by gcc update is usually not hard. Best regards, Andrew Savchenko pgp_X6SIW88OD.pgp Description: PGP signature
Re: [gentoo-user] Unable to unshare: EINVAL
On Thu, 28 Mar 2019 01:17:01 +0100 (CET) k...@aspodata.se wrote:
> Marc Joliet:
> > Am Mittwoch, 27. März 2019, 11:01:41 CET schrieb Hervé Guillemet:
> > > Le 26/03/2019 à 14:37, k...@aspodata.se a écrit :
> > > > I sometimes get:
> > > > Unable to unshare: EINVAL
> > > Your kernel is probably missing a features used by the new versions of
> > > portage. I'd say something like CONFIG_PID_NS from the General
> > > Setup/Namespaces support section.
>
> Ok, I see, I don't have that, thanks for the info.
>
> > > If you built your own kernel, try to activate this feature.
> > If you use gentoo-sources, the option GENTOO_LINUX_PORTAGE ("Gentoo Linux"
> > ->
> > "Gentoo Linux Support" -> "Select options required by Portage features")
> > will
> > automatically select them.
>
> emerge-ing seems work, can't I just ignore the message (I don't need
> that namespace elsewhere in the system) ?
It provides extra isolation features. If you are sure you don't need
that, ignore it.
Best regards,
Andrew Savchenko
pgpMJhV6uGoAC.pgp
Description: PGP signature
Re: [gentoo-user] Kernel modules and security
On Fri, 22 Mar 2019 14:46:20 + Peter Humphrey wrote: > Hello list, > > Years ago, in the days of Yggdrasil I think, the received wisdom was that > enabling kernel module loading was a bad idea because an attacker might be > able to load malicious software directly into the kernel. No modules --> one > more attack route closed. > > What is the current thinking on this topic? I'm not trolling; I'd like to > know > which way to go with a new box. These days one can configure kernel to load only signed modules (with public key compiled into kernel) and refuse to load all unsigned modules [CONFIG_MODULE_SIG_FORCE]. During normal kernel build process all legitimate modules will be signed [CONFIG_MODULE_SIG_ALL]. All out-of-tree modules may be signed manually as well [scripts/sign-file]. Afterwards signing key [certs/signing_key.pem] may be removed from the system (e.g. encrypted or deleted). The benefit of this approach compared to kernel without modules is: 1) out of the tree kernel modules can be used (e.g. I use openafs) 2) kernel can be made smaller and faster by removing rarely needed functionality into modules (e.g. support for various USB devices, network protocols or filters and other subsystems which are not used on daily basis, but may be needed occasionally). Best regards, Andrew Savchenko pgpf7bCg7yH0S.pgp Description: PGP signature
Re: [gentoo-user] Flags for amd 6180se opteron
Hi! On Sat, 9 Mar 2019 10:51:22 +0100 (CET) mad.scientist.at.la...@tutanota.com wrote: > can any one suggest flags for the make.conf file, i'm trying to build on an > hp dl585 g7 with 4 amd 6180se, 12 core, cpu world says k10 microarchetecture, > Maranello platform. > > When this works, I'll be upgrading to 6380 CPUs. All help appreciated. Install and run app-portage/cpuid2cpuflags. Best regards, Andrew Savchenko pgp2AOrdjxjhl.pgp Description: PGP signature
Re: [gentoo-user] [OT] Flashing an old NOKIA 3310 with Linux?
Hi! On Tue, 12 Feb 2019 18:59:06 +0100 tu...@posteo.de wrote: > Hi, > > I got my hands on one of the well known NOKIA 3310 (2001...not the new NOKIA > 3310 > ones) phones. It seems the previous seller has branded the phone with > his own firmware and I want to reflash the original NOKIA firmware > onto it again...if I have a true phone I want the "real true" > phone...you know ... :) > > There are some flasher out therewhich are compatible to windows > versions, which are long forgotten. > > As far as my investigations in this case :) has reached: The phone > needs what they call it a "DCT-3 flasher". > > Does anyone has knowledge in handling this wonderful retro peace > of technique this way and knows a linux compatible flasher for > the firmware? If a flasher you have is for old windows, wine may be your friend. Usually they have good support for emulating old win api. Best regards, Andrew Savchenko pgpVU6Lw4Uuvm.pgp Description: PGP signature
Re: [gentoo-user] Coming up with a password that is very strong.
On Sun, 10 Feb 2019 10:27:32 -0600 Dale wrote: > Andrew Savchenko wrote: > > On Sun, 3 Feb 2019 23:47:35 -0600 Dale wrote: > >> Howdy, > >> > >> Some may recall me mentioning using LastPass to manage my passwords. > >> Obviously, it can generate very strong passwords that are different for > >> each site. It can also remember them as well which makes things more > >> secure than using just a few passwords for all sites. One for things > >> like financial sites, maybe a less secure one for some site you still > >> want reasonably secure and a even weaker one for sites you don't care > >> about hacking, and hackers likely won't either. I know some people who > >> do this even today. Heck, ages ago, I was one of them. Things change > >> tho. Some passwords can be hacked in seconds by a desktop computer, > >> including my own if I had the software and knowledge to do it. > >> > >> The one thing about most all password managers, they have a master > >> password. That one password unlocks the rest. Trick is, having that > >> one be a good one that is easy to remember, type on a keyboard and be > >> secure, virtually unhackable but also unforgettable. I've had what used > >> to be a strong password for a while. Thing is, with today's computing > >> power, it really isn't anymore. While no one could just guess it, it > >> could be cracked/hacked I'm sure. I need to come up with a new one that > >> meets the requirements I just mentioned. Strong, easy to remember, easy > >> to type but won't forget. I've read that using maiden names, years of > >> birth or whole dates of birth, actual names, pet's name, words in a > >> dictionary and a whole list of other things makes it easier, especially > >> if you post a lot on social media, for hackers to use against you. I'm > >> trying to avoid that sort of thing obviously and have a couple ideas but > >> am curious as to what method others use, without exposing to much detail > >> since this is public. > >> > >> How do you, especially those who admin systems that are always being > >> hacked at, generate strong passwords that meet the above? I've googled > >> and found some ideas but if I use the same method, well, how many others > >> are using that same method, if you know what I mean. ;-) Just looking > >> for ideas. > > 1) Install app-admin/apg. > > 2) apg -a1 -m40 > > > > Best regards, > > Andrew Savchenko > > > My password manager does that already. The password I was trying to > come up with was the master password which I must easily remember, be > secure and be easy to type. The other passwords I let the password > manager generate and remember as well. I don't type those so they can > be anything. The line above is approximately the same how I got one of my master passwords. It is not that hard to remember 30-40 random chars. Just try typing them several hundred times. I'm serious. > Goes to show tho, there is yet another tool to come up with passwords. > lol > > Dale > > :-) :-) > > Best regards, Andrew Savchenko pgpfLizNmTD_z.pgp Description: PGP signature
Re: [gentoo-user] xorg 1.20.x not working
On Sun, 10 Feb 2019 10:21:21 -0600 Dale wrote: > Andrew Savchenko wrote: > > On Wed, 16 Jan 2019 15:18:37 +0800 Bill Kenworthy wrote: > >> Hi, > >> > >> I have a problem with any of the xorg-server 1.20.x series where I can > >> start simple apps like xterm but more complexapps like firefox and > >> thunderbird (for example) hang X with no erros in dmessage, log, > >> Xorg.0.log, .xsession-errors etc. The mouse can move but no clicks are > >> accepted. I have also recently run emerge -ep with the profile upgrade > >> (using 1.19 as I needed to use the system at the time) and a previous > >> rebuild of almost everything with 1.20 installed with no change. > > You need to rebuild all x11-drivers after xorg update. Input > > problems you are describing are likely caused by modules built for > > older xorg version. > > > > Try: > > # emerge -av $(eix -IC x11-drivers --only-names) > > > > Best regards, > > Andrew Savchenko > > Isn't one of these supposed to do that? > > emerge @module-rebuild > > emerge @x11-module-rebuild > > I think the top one is the correct one. The top one will rebuild kernel modules. So it has nothing to do with xorg. The bottom one is correct, I just forgot about it. Best regards, Andrew Savchenko pgpEWMqv_NINt.pgp Description: PGP signature
Re: [gentoo-user] Coming up with a password that is very strong.
On Sun, 3 Feb 2019 23:47:35 -0600 Dale wrote: > Howdy, > > Some may recall me mentioning using LastPass to manage my passwords. > Obviously, it can generate very strong passwords that are different for > each site. It can also remember them as well which makes things more > secure than using just a few passwords for all sites. One for things > like financial sites, maybe a less secure one for some site you still > want reasonably secure and a even weaker one for sites you don't care > about hacking, and hackers likely won't either. I know some people who > do this even today. Heck, ages ago, I was one of them. Things change > tho. Some passwords can be hacked in seconds by a desktop computer, > including my own if I had the software and knowledge to do it. > > The one thing about most all password managers, they have a master > password. That one password unlocks the rest. Trick is, having that > one be a good one that is easy to remember, type on a keyboard and be > secure, virtually unhackable but also unforgettable. I've had what used > to be a strong password for a while. Thing is, with today's computing > power, it really isn't anymore. While no one could just guess it, it > could be cracked/hacked I'm sure. I need to come up with a new one that > meets the requirements I just mentioned. Strong, easy to remember, easy > to type but won't forget. I've read that using maiden names, years of > birth or whole dates of birth, actual names, pet's name, words in a > dictionary and a whole list of other things makes it easier, especially > if you post a lot on social media, for hackers to use against you. I'm > trying to avoid that sort of thing obviously and have a couple ideas but > am curious as to what method others use, without exposing to much detail > since this is public. > > How do you, especially those who admin systems that are always being > hacked at, generate strong passwords that meet the above? I've googled > and found some ideas but if I use the same method, well, how many others > are using that same method, if you know what I mean. ;-) Just looking > for ideas. 1) Install app-admin/apg. 2) apg -a1 -m40 Best regards, Andrew Savchenko pgp562ZjmGipO.pgp Description: PGP signature
Re: [gentoo-user] xorg 1.20.x not working
On Wed, 16 Jan 2019 15:18:37 +0800 Bill Kenworthy wrote: > Hi, > > I have a problem with any of the xorg-server 1.20.x series where I can > start simple apps like xterm but more complexapps like firefox and > thunderbird (for example) hang X with no erros in dmessage, log, > Xorg.0.log, .xsession-errors etc. The mouse can move but no clicks are > accepted. I have also recently run emerge -ep with the profile upgrade > (using 1.19 as I needed to use the system at the time) and a previous > rebuild of almost everything with 1.20 installed with no change. You need to rebuild all x11-drivers after xorg update. Input problems you are describing are likely caused by modules built for older xorg version. Try: # emerge -av $(eix -IC x11-drivers --only-names) Best regards, Andrew Savchenko pgpVSVeA05_HH.pgp Description: PGP signature
Re: [gentoo-user] systemd-240 doesn't load my kernel modules
Hi! On Fri, 11 Jan 2019 13:14:07 +0100 Helmut Jarausch wrote: > Hi, > > I have systemd and openrc installed on my system, but I use openrc for > booting. > Upto systemd-239 this works just fine. > But with systemd-240 my system doesn't load necessary kernel modules > like DRM AMDGPU modules. > This break Xorg : > > (EE) open /dev/dri/card0: No such file or directory > > Has anybody an idea what is different under systemd-240 in comparison > to systemd-239? This is a known bug in udev-240 (and systemd-240): https://github.com/systemd/systemd/issues/11314 It should be fixed in the latest versions in tree. Best regards, Andrew Savchenko pgp9IVGM73nc3.pgp Description: PGP signature
Re: [gentoo-user] Linux 4.19.8 kernel panics with netfilter/iptables
On Wed, 12 Dec 2018 14:39:48 +0100 Ralph Seichter wrote: > With kernel versions 4.19.0 to 4.19.8, I see kernel panics whenever > I activate some iptables rules. The same ruleset works fine with all > earlier kernel versions. > > I found https://marc.info/?l=netfilter-devel=154211825506348=2 and > was wondering if there is any workaround/patch availabe in Gentoo? You can apply patches by your own. This is easy: 1. Create dir /etc/portage/patches/sys-kernel/gentoo-sources-4.19.8 (or whatever kernel you are using). 2. Put patches there, ensure file names end with ".patch". More details are here: https://wiki.gentoo.org/wiki//etc/portage/patches Best regards, Andrew Savchenko pgpLkt_F7Yn3f.pgp Description: PGP signature
Re: [gentoo-user] system clock screwed up since last ntpd update...
On Fri, 14 Dec 2018 19:45:18 +0100 tu...@posteo.de wrote: > Hi, > > The softclock is running UTC instead of UTC+1 (Europe/Berlin). > > I checked /etc/conf.d/hwclock, which sets hwclock to UTC. > Nothing changed here. > > /etc/timezone is Europe/Berlin, which is also fine. > > From /etc/conf.d/ntpd the option "-g" was removed, since > the updated version of ntpd doesn't like that one that much... > > ntpd is running and below /etc no configuration update is missing. > > The only thing I missing currentlu is the correct time display... What is exactly wrong with you time? How exactly it is not correct? Is it of by an hour or some random value or what? Is your kernel configured with CONFIG_RTC_HCTOSYS and CONFIG_RTC_SYSTOHC? Best regards, Andrew Savchenko pgpPDahfDwl0y.pgp Description: PGP signature
Re: [gentoo-user] libGL symlinks vs `eselect opengl`
Hi, Sorry, for delay, but maybe reply will be still useful. On Wed, 29 Aug 2018 20:20:29 +0200 Davyd McColl wrote: > Thanks for getting back to me. I'd really like to not make a useless bug > report, so please bear with me: > > 1. Am I correct that I should report here: > https://bugs.gentoo.org/enter_bug.cgi?product=Gentoo%20Linux Yes. > 2. I ask the above because I'm not entirely clear on how to CC opengl and > celestia at the above url. If that's the right place (and it looks to be > right), please let me know how to apply the correct CCs such that the right > people get eyes on this and I'm not spamming the wrong people (: Assign to celestia, CC opengl. This is not mandatory, since all new bugs are reviewed by bug wranglers and assigned as appropriate. Please be sure to provide emerge --info output and how celestia and opengl are configured on your system, e.g. eix output or emerge -pv output for corresponding packages. Best regards, Andrew Savchenko pgp6fHJitagF0.pgp Description: PGP signature
Re: [gentoo-user] Can't "emaint sync -A" successfully
On Mon, 10 Dec 2018 17:43:22 -0200 Francisco Ares wrote: > Hi guys. > > For some days now (can't say how many) I have been unable to get "emaint > sync -A". At the end, it says something like this: > > > sent 116.30K bytes received 23.70M bytes 266.06K bytes/sec > total size is 218.86M speedup is 9.19 > * Manifest timestamp: 2018-12-10 18:38:44 UTC > * Valid OpenPGP signature found: > * - primary key: DCD05B71EAB94199527F44ACDB6B8C1F96D8BF6D > * - subkey: E1D6ABB63BFCFB4BA02FDF1CEC590EEAC9189250 > * - timestamp: 2018-12-10 18:38:44 UTC > * Verifying /usr/portage/.tmp-unverified-download-quarantine ...!!! > Manifest verification failed: > Manifest mismatch for metadata/md5-cache/media-gfx/pdf2svg-0.2.3 > BLAKE2B: expected: > 10d29df75f139b4c2c0335a2fc179b656fddba63ce5eb744a357601e22ba8691d03837845e39c8a080657fa22e533321476ab66205cbd5318ec1cd9d7492fdd2, > have: > 98555069f2ba50b4820c4a86525e1c8a2d8789de76b7cc0ba353f8edafd8df28d02585bb175b010d234b9ce055ecfd977a824ed8a55036923e79396bb9eeaa5d > SHA512: expected: > 2f4c6dd0052d813dfd07620bd4222d840784b76b066ca4e4ec87e9fd4d0be329060a143f1392cc8a6925126f65d2ffccef92e873a734b61565fedd949a7ee353, > have: > a46ef274a60bce0ee5a08022f85c769121fe6dc7c83560c5a57a09cf74a2cbd29bd8fd41602ffba2b72ea473800a9e5fff57dc104931b0d773a3003b9a2500c0 > q: Updating ebuild cache in /usr/portage ... > q: Finished 35801 entries in 0.098986 seconds > > Action: sync for repo: gentoo, returned code = 1 > > > The manifest mismatch, for a few days, has been "pdf2svg", but it has > changed from a few days ago, it was another manifest mentioned at the error > message. > > So, I have had to update using /usr/bin/emerge-webrsync . > > That's not big deal, but I really would like to understand a bit more, > like, am I doing something wrong? Please show your repo configuration (in /etc/portage/repos.conf/). Try to switch to another mirror or use official git repo: git://anongit.gentoo.org/repo/sync/gentoo.git Best regards, Andrew Savchenko pgpeLStBdaSgf.pgp Description: PGP signature
Re: [gentoo-user] copy text file to clipboard on startup
On Thu, 22 Nov 2018 10:49:00 -0700 the...@sys-concept.com wrote: > On 11/22/2018 10:02 AM, Andrew Savchenko wrote: > > On Thu, 22 Nov 2018 09:35:42 -0700 the...@sys-concept.com wrote: > >> I have a simple text file (with few lines in it) and using XFCE. > >> > >> How do I copy text from that file to "clipboard" so that user can past > >> it with "ctrl-v" > >> I would like to that text to be in a clipboard after XFCE started. > > > > Use x11-misc/xclip: > > xclip -in filename_with_paste > > > > Add this script to you XFCE autostart. This can be done either by: > > > > 1) GUI: Settings -> Session and Startup -> Application Autostart > > https://docs.xfce.org/xfce/xfce4-session/preferences#application_autostart > > > > 2) Custom run hook: > > Edit ~/.config/xfce4/xinitrc properly (call xclip, then > > default xfce4 xinitrc) > > https://unix.stackexchange.com/a/267238 > > > > Best regards, > > Andrew Savchenko > > Hmm... I tried it from the command line and restarting the XFCE; nothing > in the clipboard, empty. Nothing to paste. I don't understand what you are meaning. Have you ran xclip and then restarted XFCE? O_o. Of course this will not work, because X server is being reset during restart. You need to run xclip after XFCE is started. The ways to automate this are described above. > xclip -in test.txt Best regards, Andrew Savchenko pgpBMDIvf08HU.pgp Description: PGP signature
Re: [gentoo-user] Something strange with use flags
On Thu, 22 Nov 2018 18:46:32 +0200 gevisz wrote: > чт, 22 нояб. 2018 г. в 17:55, Corentin “Nado” Pazdera : > > > > November 22, 2018 4:41 PM, "gevisz" wrote: > > > > > After recent bug with changed Xorg-server suid use flag, > > > I became very suspicious about spontanеous use flag > > > shanges during system update and check them all. > > > > > > Today, I noticed the following attemped to change use flags > > > in my Gentoo system during update: > > > > > > # emerge --update --deep --with-bdeps=y --newuse --backtrack=120 --ask > > > world > > > > > > These are the packages that would be merged, in order: > > > > > > Calculating dependencies... done! > > > [ebuild R ] dev-util/ninja-1.8.2 USE="(-zsh-completion%)" > > > [ebuild R ] media-video/ffmpeg-3.3.6 USE="(-celt%)" > > > [ebuild R ] media-video/vlc-3.0.4 USE="(-schroedinger%)" > > > > > > The problem is that > > > $ equery uses ffmpeg > > > and > > > $ equery uses vlc > > > commands show no celt and schroedinger use flags at all. > > > > > > Why? > > > > Because they are not in the ebuild IUSE anymore (hence the %). > > > > From man emerge > > > %suffix newly added or removed > > Ok. Why these packages should be rebuild then if the corresponding > use flags just do not exit? Because support for celt and shroedinger experimental codecs was removed. Best regards, Andrew Savchenko pgpF67lTe_HTC.pgp Description: PGP signature
Re: [gentoo-user] copy text file to clipboard on startup
On Thu, 22 Nov 2018 09:35:42 -0700 the...@sys-concept.com wrote: > I have a simple text file (with few lines in it) and using XFCE. > > How do I copy text from that file to "clipboard" so that user can past > it with "ctrl-v" > I would like to that text to be in a clipboard after XFCE started. Use x11-misc/xclip: xclip -in filename_with_paste Add this script to you XFCE autostart. This can be done either by: 1) GUI: Settings -> Session and Startup -> Application Autostart https://docs.xfce.org/xfce/xfce4-session/preferences#application_autostart 2) Custom run hook: Edit ~/.config/xfce4/xinitrc properly (call xclip, then default xfce4 xinitrc) https://unix.stackexchange.com/a/267238 Best regards, Andrew Savchenko pgprBByY5PtdG.pgp Description: PGP signature
Re: [gentoo-user] Android studio emulator without PulseAudio
On Mon, 5 Nov 2018 17:21:14 + Pouru Lasse wrote: > Andrew Savchenko writes: [...] > > You should run emulator as: > > $ apulse command_to_run_emulator > > > > Or install the latest apulse with USE=sdk. > > > > Best regards, > > Andrew Savchenko > > What exactly is the purpose of the sdk USE flag? To provide the files > required for development with PulseAudio? To install apulse as a (partial) replacement of PulseAudio: it installs header files, pkgconfig files and places libraries at standard system paths, so that apulse wrapper is no longer needed. However, apulse is not a full PA replacement by design, so this will work only with limited set of applications. Best regards, Andrew Savchenko pgpvAYzCWB2vv.pgp Description: PGP signature
Re: [gentoo-user] portage sandbox path-depth limit ?
On Thu, 1 Nov 2018 03:09:51 +0300 Andrew Savchenko wrote: > On Tue, 30 Oct 2018 13:29:59 +0100 Håkon Alstadheim wrote: > > > > Den 30. okt. 2018 10:01, skrev Mick: [...] > > Memory should not be a problem here. Fails with only that one emerge > > running, > > succeeds if run directly as root, or with FEATURES="-sandbox -usersandbox". > > > > Memory is >14GB: > > # vmstat > > procs ---memory-- ---swap-- -io -system-- > > --cpu- > > r b swpd free buff cache si so bi bo in cs us sy > > id wa st > > 3 4 28416 6904608 174112 4616144 0 0 65 266 13 4 10 > > 2 84 4 0 > > It is possible that you hit directory loop. What lstree says on > that dir? Anyway, report this to sandbox devs. Sorry, `tree -l | grep recursive`. Best regards, Andrew Savchenko pgp9Aq8W9_0U6.pgp Description: PGP signature
Re: [gentoo-user] glibc-2.27 is broken
On Tue, 30 Oct 2018 12:27:52 -0600 the wrote: > Hello, > > I have upgraded to sys-libs/glibc-2.27-r6 > and it broke the system. > > I can't even compile a hello world test program in c. > > I always get the following linking error: > > $ gcc main.c -o main.elf > /usr/lib/gcc/x86_64-pc-linux-gnu/7.3.0/../../../../x86_64-pc-linux-gnu/bin/ld: > /usr/lib/gcc/x86_64-pc-linux-gnu/7.3.0/../../../../lib64/crtn.o(a.debug_info+0x10003): > reloc against `*UND*': error 4 > /usr/lib/gcc/x86_64-pc-linux-gnu/7.3.0/../../../../x86_64-pc-linux-gnu/bin/ld: > final link failed: Nonrepresentable section on output > collect2: error: ld returned 1 exit status > > When I try to install something it fails during configuration at > compiler sanity check. Try to get binary glibc, binutils and gcc packages from a recent starge3 image, and then rebuild your @system set. Best regards, Andrew Savchenko pgpBJBBbhDwJU.pgp Description: PGP signature
Re: [gentoo-user] portage sandbox path-depth limit ?
On Tue, 30 Oct 2018 13:29:59 +0100 Håkon Alstadheim wrote: > > Den 30. okt. 2018 10:01, skrev Mick: > > On Tuesday, 30 October 2018 06:30:23 GMT Håkon Alstadheim wrote: > >> I'm having fun enabling "test" in FEATURES on my gentoo-desktop. One > >> interesting failure, that brings to mind build failures I have had in > >> the past: > >> > >> Building sys-apps/mlocate-0.26-r2, I get > >> > >> 43: updatedb: Very deep hierarchy FAILED > >> (updatedb.at:261) > >> > >> Trying to reproduce, as root I do "make check" in the work/mlocate-0.26/ > >> , and the test passes. > >> > >> 43: updatedb: Very deep hierarchy ok > >> > >> I'd really like to get to the bottom of this, as I believe it must have > >> the same root-cause as issues I have had compiling large packages such > >> as firefox. > >> > >> Re-running both the emerge and the make check, I get the same results. > >> emerge fails, make check succeeds. I made a local copy of the ebuild and > >> inserted a "ulimit -a" in pre_src_test. > >> > >> ulimit from root-shell: > >> > >> # ulimit -a > >> core file size (blocks, -c) unlimited > >> data seg size (kbytes, -d) unlimited > >> scheduling priority (-e) 0 > >> file size (blocks, -f) unlimited > >> pending signals (-i) 59958 > >> max locked memory (kbytes, -l) 16384 > >> max memory size (kbytes, -m) unlimited > >> open files (-n) 1024 > >> pipe size(512 bytes, -p) 8 > >> POSIX message queues (bytes, -q) 819200 > >> real-time priority (-r) 0 > >> stack size (kbytes, -s) 8192 > >> cpu time (seconds, -t) unlimited > >> max user processes (-u) 1 > >> virtual memory (kbytes, -v) unlimited > >> file locks (-x) unlimited > >> > >> ulimit from emerge: > >>>>> Source compiled. > >> core file size (blocks, -c) unlimited > >> data seg size (kbytes, -d) unlimited > >> scheduling priority (-e) 0 > >> file size (blocks, -f) unlimited > >> pending signals (-i) 59958 > >> max locked memory (kbytes, -l) 16384 > >> max memory size (kbytes, -m) unlimited > >> open files (-n) 1024 > >> pipe size(512 bytes, -p) 8 > >> POSIX message queues (bytes, -q) 819200 > >> real-time priority (-r) 0 > >> stack size (kbytes, -s) 9788 > >> cpu time (seconds, -t) unlimited > >> max user processes (-u) 1 > >> virtual memory (kbytes, -v) unlimited > >> file locks (-x) unlimited > >> > >>>>> Test phase: sys-apps/mlocate-0.26-r2 > >> I have plenty of space in my portage temp directory (/pt): > >> > >> # df -hT ./ > >> Filsystem Type Størrelse Brukt Tilgj. Bruk% Montert på > >> /dev/xvdc ext4 163G 8,0G 147G6% /pt > >> > >> Portage temp is at /pt due to the earlier mentioned issues with firefox. > >> > >> At my wits end here. Anyone ? > > I have not looked or used the test FEATURES of portage, but have also > > noticed > > over time certain packages fail to build on machines with low RAM. As low > > here I consider anything less than 4G. It seems each thread is now > > consuming > > so much memory they cumulatively use up all RAM available and then start > > swapping endlessly until the compilation invariably fails. Increasingly > > more > > and more packages have been suffering from this, the last two I noticed are > > qtwebkit and qtwebengine. > > > > My solution has been to create a package.env file in which I specify > > MAKEOPTS > > limiting the number of jobs and average load for any of these packages > > which > > chew up all the RAM. > Memory should not be a problem here. Fails with only that one emerge > running, > succeeds if run directly as root, or with FEATURES="-sandbox -usersandbox". > > Memory is >14GB: > # vmstat > procs ---memory-- ---swap-- -io -system-- > --cpu- > r b swpd free buff cache si so bi bo in cs us sy > id wa st > 3 4 28416 6904608 174112 4616144 0 0 65 266 13 4 10 > 2 84 4 0 It is possible that you hit directory loop. What lstree says on that dir? Anyway, report this to sandbox devs. Best regards, Andrew Savchenko pgpx97Wp8nVj1.pgp Description: PGP signature
Re: [gentoo-user] Android studio emulator without PulseAudio
On Tue, 30 Oct 2018 11:53:33 + Pouru Lasse wrote: > "Davyd McColl" writes: > > > Would apulse not do the trick? > > > > -d > > On 2018-10-30 11:15:14, Pouru Lasse wrote: > > > > Is it possible to run the emulator included with Android Studio without > > having PulseAudio installed? When I try to launch the emulator, it > > instantly crashes because it can't find libpulse.so.0. My QEMU package > > is compiled without PulseAudio, but Android SDK comes with its own > > version of QEMU. > > > > Setting QEMU_AUDIO_DRV=none, as instructed in Android Studio manual, > > seems to have no effect, and the Gentoo wiki page on Android Studio just > > tells you to install PulseAudio. > > > > I don't mind having no audio at all, I just don't want to install > > PulseAudio. Any options? > > > > - Lasse > > I already had apulse installed, but apparently the emulator doesn't look > for the library in the right directory. I copied all the libpulse.* > files under ~/Android/Sdk/emulator/lib/ and > ~/Android/Sdk/emulator/lib64/ and now it seems to work. You should run emulator as: $ apulse command_to_run_emulator Or install the latest apulse with USE=sdk. Best regards, Andrew Savchenko pgp9kbzOwhr51.pgp Description: PGP signature
Re: [gentoo-user] File conflict
Hi, On Sun, 9 Sep 2018 19:46:38 +0200 tu...@posteo.de wrote: > Hi, > > I tried to install platformio and got a file conflict: > > dev-embedded/sunxi-tools > > installs /usr/bin/pio > > as dev-embedded/platformio-3.6.0 > > tries also. > > The installation of platformio was aborted due to > the file conflict. Report this to bugzilla and CC both package maintainers. Best regards, Andrew Savchenko pgpNE0rYBq_dx.pgp Description: PGP signature
Re: [gentoo-user] app-shells/bash slotted?
On Sat, 06 Oct 2018 03:36:36 -0400 John Covici wrote: > Hi. I noticed when preparing to do my world update today that > app-shells/bash is now slotted. I wonder what the purpose of this is, > there seems to be no way to select the different versions and > upgrading bash broke dracut -- unless they fixed it recently. > > Any thoughts? Different bash versions may pose different behaviour on the same code. Since bash is heavily used within ebuilds and eclasses, we may have to use bash slot different from user installed in future. The same need may arises for users with complicated bash scripts which may/will not work correctly with other bash versions than a specific one. Best regards, Andrew Savchenko pgpkthPThEttM.pgp Description: PGP signature
Re: [gentoo-user] Why doesn't revdep-rebuild catch undefined symbol errors?
On Thu, 25 Oct 2018 09:30:00 +0300 Nikos Chantziaras wrote: > Trying to rebuild media-sound/pavucontrol or any other package that uses > dev-cpp/cairomm (like pulseeffects) will fail with: > > /usr/lib/gcc/x86_64-pc-linux-gnu/8.2.0/../../../../x86_64-pc-linux-gnu/bin/ld: > > /usr/lib/gcc/x86_64-pc-linux-gnu/8.2.0/../../../../lib64/libcairomm-1.0.so: > undefined reference to `cairo_script_create' > > and a bunch of other "undefined reference" errors in libcairomm-1.0.so. > I don't know what broke cairomm. But I thought revdep-rebuild would > catch this. It doesn't. > > Now this is a rebuild of pavucontrol, so if I run: > >ldd -r /usr/bin/pavucontrol > > I will get: > >undefined symbol: cairo_script_create_for_stream > (/usr/lib64/libcairomm-1.0.so.1) >undefined symbol: cairo_script_set_mode (/usr/lib64/libcairomm-1.0.so.1) >undefined symbol: cairo_script_surface_create > (/usr/lib64/libcairomm-1.0.so.1) >undefined symbol: cairo_script_from_recording_surface > (/usr/lib64/libcairomm-1.0.so.1) >undefined symbol: cairo_script_create (/usr/lib64/libcairomm-1.0.so.1) >undefined symbol: cairo_script_surface_create_for_target > (/usr/lib64/libcairomm-1.0.so.1) >undefined symbol: cairo_script_get_mode (/usr/lib64/libcairomm-1.0.so.1) >undefined symbol: cairo_script_write_comment > (/usr/lib64/libcairomm-1.0.so.1) > > If I rebuild dev-cpp/cairomm manually (emerge -1 dev-cpp/cairomm), the > error goes away, and the affected packages can now be emerged successfully. > > Shouldn't revdep-rebuild catch this problem? Shouldn't it check > installed binaries for "undefined symbol" errors? revdep-rebuild catches libraries from removed packages (including removed older versions) still in use by other packages. Though with proper subslot dependencies revdep-rebuild is rarely needed. If for some reason library containing required symbol was forcefully removed, revdep-rebuild cannot magically recreate that symbol. Best regards, Andrew Savchenko pgpAJrxuaNyXT.pgp Description: PGP signature
Re: [gentoo-user] Nouveau test : back to Nvidia
On Sun, 26 Aug 2018 03:48:04 -0400 Philip Webb wrote: > Following my recent request for info + replies, > I tried using Nouveau for a week & didn't have any basic problems, > but it couldn't handle the 3D Xscreensavers, eg Gears + Pipes, > so I've come back to Nvidia, which has always worked well enough, > but tends to create problems matching Nvidia/Kernel versions. > > Is there any prospect that Nouveau wb able to do 3D one day ? It depends very much on your chip. Some card already have good 3D support, some should have it in a while. See feature matrix for details: https://nouveau.freedesktop.org/wiki/FeatureMatrix/ In most cases 3D works, but slower than on the proprietary driver and some advanced features may be missing. > Are there any 3rd possibilities ? No, at least if you want 3D. Best regards, Andrew Savchenko pgp08d7Y9pTiP.pgp Description: PGP signature
Re: [gentoo-user] libGL symlinks vs `eselect opengl`
Hi! On Wed, 22 Aug 2018 20:33:00 +0200 Davyd McColl wrote: > The other day I installed Celestia for the entertainment of my son, who is > delighted with anything stellar / planetary. Celestia wouldn't start up, > and, long-story-short, I tracked down the issue to the symlinks: > > /usr/lib64/libGL.so > /usr/lib64/libGL.so.1 > > which ultimately point to > > /usr/lib64/libGL.so.1.2.0, > > provided by media-libs/mesa. Naturally, I assumed I'd made a mistake with > `eselect` at some point, so I checked with `eselect opengl list` and found > that, as expected, my selected opengl implementation was nvidia. Just in > case, I switched over to xorg-x11 (mesa) and back again, but this didn't > fix the problem. > > Manually redirecting these to /usr/lib64/opengl/nvidia/lib/libGL.so > (provided by x11-drivers/nvidia-drivers) works, however, of course, portage > doesn't know anything about this, so the update I received today for > media-libs/mesa reverted these symlinks back to pointing at mesa libs. > > So the questions I have are these: > 1) Am I reasonable in expecting `eselect opengl` to maintain these > symlinks? I feel like it's a reasonable expectation, but perhaps there's > just yet another thing I have to learn / understand. No, eselect opengl works differently. It uses /etc/env.d to alter LDPATH and OPENGL_PROFILE environment variables. It also changes xorg.conf. So you may need to restart your X server and source /etc/profile in active shells for changes to take effect. > 2) Should I be logging a bug (against eselect, or perhaps celestia, since > this is the only app which seems to have suffered this fate -- games like > Torchlight 2 and utils like glxgears work just fine; glxinfo reports NVIDIA > extensions), or is there just something I've fundamentally missed or messed > up here? If glxinfo reports correct data and glxgears works fine, then this may be a bug and please report it. You may CC both celestia and opengl since right now it is not obvious which is the culprit. Best regards, Andrew Savchenko pgpBED_xijwSA.pgp Description: PGP signature
Re: [gentoo-user] trying to use Nouveau
On Mon, 6 Aug 2018 02:38:28 -0400 Philip Webb wrote: > 180805 Philip Webb wrote: > > 180804 Andrew Savchenko wrote: > >> Your xorg.conf -- or a file from xorg.conf.d directory -- > >> must contain the following : > >> > >> Section "Device" > >> Identifier "Card1" > >> Driver "modesetting" > >> ... (some options may follow) > >> EndSection > > I've done that, as described in my previous msg, without success. > > Then I noticed that Wiki says the kernel needs recompiling > with 'Drivers->Graphics-><*>DirectRenderingManager > <*>NouveauCards' ; Well, that was too obvious to mention :) > I also unset the "<->Backlight ... " just below, as I don't need it. > The new kernel is noticeably bigger than the previous version ; > I copied it to /boot as usual, updated lilo.conf & ran Lilo ; > the new kernel (called 4.14.52b) booted successfully, > but neither Nouveau nor Nvidia would start ; > even worse, neither would start with the previous version 4.14.52 , > which had been working with Nvidia for some time. > > The kernel log stops after several repeats of the lines : > > kernel: nvidia: Unknown symbol backlight_device_unregister (err 0) > kernel: nvidia: Unknown symbol backlight_device_register (err 0) You need to rebuild nvidia-drivers. As a rule of thumb after each kernel update (or major config change) one must rebuild external kernel modules: emerge -av @module-rebuild > Finally, I booted into kernel 4.9.95 & Nvidia still starts there. > > This is turning into a nightmare. It all started when 4.14.52 > couldn't find my scanner, which 4.9.16 had no trouble with, > & then I found I couldn't test 4.9.16, as Nvidia no longer worked with it. > To test 4.9.16 it seems sensible to try Nouveau instead of Nvidia, > but that has led to a further tangle. > > I suspect the problem with the scanner is that the Epson driver > needs an update to work with the most recent kernels. > That's something I'll have to take up with Epson, if I can. What is your scanner model? Are you using sane-epson2 and the latest sane version? It really shouldn't depend on the kernel unless you are missing some crucial (e.g. usb) drivers. > However, the Nouveau/Nvidia mess is something I sb able to sort out. > Can anyone suggest what's gone wrong & how to put it right ? You have not stated what is wrong with your Nouveau + kernel 4.14.52 setup. Please provide Xorg logs. Best regards, Andrew Savchenko pgpm8mSm_712S.pgp Description: PGP signature
Re: [gentoo-user] trying to use Nouveau
On Sat, 4 Aug 2018 01:48:15 -0400 Philip Webb wrote:
> Last month, I sent in a query re Nouveau : thanks for the replies.
>
> I have emerged it :
>
> root:508 log> eix nouveau
> [I] x11-drivers/xf86-video-nouveau
> Available versions: 1.0.15 1.0.15-r1
> Installed versions: 1.0.15-r1([2018-07-26 15:39:37])
> Homepage:https://nouveau.freedesktop.org/wiki/
> Description: Accelerated Open Source driver for nVidia cards
>
> I have tried to switch to it with 'eselect opengl set xorg-x11' :
>
> root:507 log> eselect opengl list
> Available OpenGL implementations:
> [1] nvidia
> [2] xorg-x11 *
>
> I have renamed /lib/udev/rules.d/99-nvidia.rules by appending '.dft',
> as recommended in the Wiki.
>
> But when I 'startx' & then check /var/log/Xorg.0.log , I find :
>
> (II) Module glx: vendor="X.Org Foundation"
> compiled for 1.19.5, module version = 1.0.0
> ABI class: X.Org Server Extension, version 10.0
> (II) LoadModule: "nvidia"
> (II) Loading /usr/lib64/xorg/modules/drivers/nvidia_drv.so
> (II) Module nvidia: vendor="NVIDIA Corporation"
> compiled for 4.0.2, module version = 1.0.0
> Module class: X.Org Video Driver
> (II) NVIDIA dlloader X Driver 390.67 Fri Jun 1 02:45:19 PDT 2018
> (II) NVIDIA Unified Driver for all Supported NVIDIA GPUs
> (--) using VT number 7
>
> I suspect that I need to re-merge some pkgs ;
> I have added 'nouveau' to VIDEO_CARDS in make.conf ,
> but it won't have an effect until a pkg is re-merged.
>
> Can anyone offer advice what to try next ?
Your xorg.conf (or a file from xorg.conf.d directory) must contain
the following:
Section "Device"
Identifier "Card1"
Driver "modesetting"
... (some options may follow)
EndSection
You probably name `Driver "nvidia"` there right now.
Best regards,
Andrew Savchenko
pgpKEjFz0sR6X.pgp
Description: PGP signature
Re: [gentoo-user] net-misc/openssh-7.7_p1-r4 switched off hpn use flag
Hi! On Wed, 13 Jun 2018 09:21:45 +0100 Mick wrote: > Any idea why the latest openssh has set USE="-hpn"? > > PS. The multi-threaded AES-CTR is broken and disabled, which is OK, but the > larger buffer used by single threaded HPN can still be useful in some cases. It is enabled in openssh-7.7_p1-r6. Sometimes hpn becomes disabled for the latest openssh because hpn patch is not yet ready. So better stick to older or stable versions if you need hpn to be always available. Best regards, Andrew Savchenko pgpwUdv2q2goh.pgp Description: PGP signature
Re: [gentoo-user] iproute2 reference
On Sun, 10 Jun 2018 14:15:03 +0100 Peter Humphrey wrote: > Hello list, > > I'm trying to learn how to use the "ip" command to manage routing on one of > my > boxes, which has two Ethernet interfaces. > > Can anyone recommend suitable reading material? I don't mind paying for a > book, provided that it's reasonably up to date and won't bury me in a morass > of bit patterns, OSI transport layers and so on. Just the stuff that a > network > admin would need. The best howto on iproute I ever saw: https://www.tldp.org/HOWTO/Adv-Routing-HOWTO/ Best regards, Andrew Savchenko pgp0DOHxbcIuy.pgp Description: PGP signature
Re: [gentoo-user] Building kernel with floppy support
On Sun, 10 Jun 2018 05:01:51 -0400 Shea Alterio wrote: > Hi everybody > > I've got a mini form factor Pentium 4 I just acquired. I have a huge amount > of floppy disks to make backup images of as well as write to new floppies. > Yeah I know, floppies suck, but i thought i could use Gentoo on it to make > the process less painful. This is a plain internal floppy drive so not a > USB one. Do you need build any packages with floppy support or just make > sure it's in the kernel? Just enable it in the kernel: COFNIG_BLK_DEV_FD will be sufficient unless something rare like AMIGA/ATARI/MAC floppy is used, they have separate config opttions. If you want FAT tools, install sys-fs/dosfstools. > When i was doing some googling to see if i would > have issues trying to do floppy stuff with the latest kernels, it seemed > like that could be a potential issue. No, it works just fine. > I will do my main compiling on my main PC then send it to the P4 to keep it > from burning itself up. haha. Best regards, Andrew Savchenko pgpp89ew2ray1.pgp Description: PGP signature
Re: [gentoo-user] is anyone using Nouveau graphics driver ?
On Mon, 23 Jul 2018 21:28:08 +0200 Davyd McColl wrote: > Thanks for taking the time to reply, Dr Valdés. > > Unfortunately, I would like to game now and then Whether nouveau is usable for games depends on a) game, b) your card, see [1] for a reference. For recent chip generations all 3D features are implemented, looks like the most troublesome part is power management. Usually you'll have lower FPS is nouveau compared to nvidia driver, but if your game is not top notch, it should be playable. [1] https://nouveau.freedesktop.org/wiki/FeatureMatrix/ Best regards, Andrew Savchenko pgpmD0byG8OcJ.pgp Description: PGP signature
Re: [gentoo-user] is anyone using Nouveau graphics driver ?
On Mon, 23 Jul 2018 06:17:40 -0400 Philip Webb wrote: > (1) What are people's experiences with Nouveau ? > -- does it work easily with various kernels ? Yes. > -- does it manage graphics stably & reliably ? Depends on your setup. For single monitor mode it is definitely yes. For multiple monitors in Xinerama mode it is usually yes. For multiple monitors with multiple X screens mode it is no (segfault), upstream right now is aware of the problem[1]. > -- I don't do much with video (a few newsreels) & don't use sound. > > (2) If I install it, how do I switch between Nouveau & Nvidia ? 1. You'll have two different Xorg configurations for nvidia and nouveau (at least in Driver option in Section "Device" at its settings). I usually switch between them using symlink. 2. eselect opengl set xorg-x11 | nvidia 3. I have to switch KMS on for nouveau and off for nvidia (to have normal VGA console): nomodeset vga=normal (for nvidia). > (3) Sadly, I didn't make a Quickpkg of the Nvidia version I was using > when my scanner was working with Gentoo (last time 180626). > I have the distfiles, but not the ebuilds : > is there anywhere I can find ebuilds for Nvidia-Drivers 390.42 390.48 ? Why you don't want to use the latest 390.77 (or 390.67) for stable? [1] https://bugs.freedesktop.org/show_bug.cgi?id=106772 Best regards, Andrew Savchenko pgpBZ1YjiyAkd.pgp Description: PGP signature
Re: [gentoo-user] emerge -e @world failed
On Tue, 5 Dec 2017 01:08:12 +0100 tu...@posteo.de wrote: > HHi, > > I did it, > > I started emerge -e @world --keep-going. > > And it failed while installing linux-gazette: > >>> Emerging (370 of 2114) app-doc/linux-gazette-117::gentoo > >>> Installing (360 of 2114) app-doc/linux-gazette-31::gentoo > >>> Emerging (371 of 2114) app-doc/linux-gazette-69::gentoo > >>> Installing (361 of 2114) app-doc/linux-gazette-74::gentoo > >>> Jobs: 341 of 2114 complete, 5 running Load avg: 1.48, 1.61, 1.82 > Traceback (most recent call last): > File "/usr/lib64/python3.5/site-packages/portage/dbapi/vartree.py", line > 740, in aux_get > mydir_stat = os.stat(mydir) > File "/usr/lib64/python3.5/site-packages/portage/__init__.py", line 250, in > __call__ > rval = self._func(*wrapped_args, **wrapped_kwargs) > FileNotFoundError: [Errno 2] No such file or directory: > b'/var/db/pkg/app-doc/linux-gazette-74' Apparently your /var/db/pkg database is broken. What bothers me here is that you have two likely parallel installs here. Maybe you just hit a race condition bug. Try to emerge required linux-gazette slots manually, one by one. If this helps, report the bug on portage to bugzilla. Best regards, Andrew Savchenko pgpjTVN5boSFh.pgp Description: PGP signature
Re: [gentoo-user] A portage nuisance
On Sat, 28 Oct 2017 22:59:26 +0100 Anthony Youngman wrote:
[...]
> All I'm asking is that as it progresses, it makes a list of those
> packages it can resolve the dependencies for. If it then gives up with
> the current list it's processing, eg "world", it then goes back to the
> list it thinks it can process, and has another go with them.
>
> Because that's exactly what I do, take the first few packages off the
> list that look fine, and emerge them. I then re-run the original emerge,
> rinse and repeat, but it takes absolutely ages, and worse I have to
> babysit the emerge because I'm *expecting* it to hit a problem.
[...]
> To give you a very clear example of what I'm thinking ...
>
> emerge -u world
> A will be emerged with options ...
> B will be emerged with options ...
> C will be emerged with options ...
> D is blocked by E
> F will be emerged with options ...
> G is blocked by H
> Giving up, too many circular dependencies
> emerge A B C F
Ah, man, this is where your mistake is. You are assuming that it
is possible to get a correct dependency subgraph without building
full correct dependency graph first. This is not possible and this
is math. While the approach you described abode may work in some
practical cases, it will be busted in general case.
The key moment here is that graph's root node may be changed during
dependency recalculation based on _how_ conflict is solved, the
same as all other nodes may be reordered. And dependencies which
appear to be valid before conflict is resolved may became invalid
after, consider the following dep tree:
A
/ \
B C
|
!{D,E}
- B and C depends on A;
- D conflicts with E and both depend on C;
You assume that !{D,E} conflict can be skipped and A, B, C canbe
emerged. But let's assume that you selected D later, but D depends
on F and F conflicts with A[some_flag]. So you'll have to choose
some alternative to A or change its USE flags, this may require to
rebuild the whole dependency tree (and build order may change as
well). In order to prevent dozens (sometimes hundreds or even
thousands) of useless rebuilds and to avoid leaving intermediate
tree in the utterly broken state emerge fails if it can't build the
dependency graph.
Maybe my example above is synthetic and not the best one, you
should understand that dependencies are very complex, may be
intricately interconnected and there is no way to tell which parts
are correct until all picture is seen.
Best regards,
Andrew Savchenko
pgpBVWkDHhpq1.pgp
Description: PGP signature
Re: [gentoo-user] Does Gentoo support more than 8 bits per color channel?
On Fri, 20 Oct 2017 16:17:37 - Helmut Jarausch wrote: > Hi, > I'm considering buying a new monitor (and graphics card) which supports > 10 bits per color channel. > Will Gimp on a Linux machine (X11) support this now or in the near future. > Or is it just waste of money to buy a monitor with more than 8 bits/color > channel? > Many thanks for some hints, > Helmut Linux and Gentoo in particular supports 10 and 12 bits per channel. But in order for this to work you need to have support from all chain, both hardware and software: application -> de/wm or rendering stack (gtk/qt) -> xorg (supports) -> video driver (see below) -> video card -> cable(! ) -> monitor You have not told us what is your video card, but at least Intel[1] and nVidia[2] products support 10/12 bits in Linux. Definitely not all application support deep colour (10/12 bpc), but most multimedia oriented do: gimp, ffmpeg, mplayer, mpv... You may encounter some problems with GTK apps, though the proof links I found[3,4] are quite old and situation may have improved. Also take a note that 10 bpc imposes some limitations on the screen resolution depending on your connectivity[5]. [1] https://communities.intel.com/thread/101627 [2] https://nvidia.custhelp.com/app/answers/detail/a_id/3050/~/how-to-enable-30-bit-color-on-linux [3] http://www.oyranos.org/tag/30-bit/ [4] http://darktable-users.narkive.com/ndONjycG/anyone-with-30-bit-color-depth [5] http://bilder.hifi-forum.de/medium/262100/hdmi-20-597x266_609346.jpg Best regards, Andrew Savchenko pgpmanGDHoNsB.pgp Description: PGP signature
Re: [gentoo-user] A portage nuisance
On Fri, 27 Oct 2017 14:58:13 +0100 Peter Humphrey wrote: > On Fri, 27 Oct 2017 12:52:54 - > Helmut Jarausch <jarau...@skynet.be> wrote: > > > I have a problem with emerge for a long time. > > Sometimes I need to (re-)emerge many packages like in an > > emerge --emptytree @world > > > > Because I use several overlays, there are problems with a lot of > > packages. > > Unfortunately, emerge shows me just the first problem (like a missing > > USE-flags) and then terminates. > > Is there any means to let emerge go and report several (all) problems > > which are independent of each other? > > EMERGE_DEFAULT_OPTS="--keep-going" ? No, --keep-going allows to continue as long as possible after a build failure. Helmut asks about dependecies resolution failures, e.g. in some package REQUIRED_USE is not met, or circular dependency occurs and so on. AFAIK there is no way to use keep-going like option for deps resolution, because first error may trigger a lot of others and there will be inevitably false errors, because the dependency tree was not fully built. Best regards, Andrew Savchenko pgp00OQ7zNaOM.pgp Description: PGP signature
Re: [gentoo-user] type keyboard problem
Hi, On Fri, 6 Oct 2017 08:31:27 +0800 Bill Kenworthy wrote: > Hi all, I have a laptop keyboard problem - it fails to reconnect the > keyboard on opening after closing. > > MS Surface pro 4 with type keyboard. > > The keyboard connects correctly on bootup or resume from hibernate (when > open). > > Close keyboard (removes power), open keyboard and it no longer works. > Requires a reboot (or hibernate/resume) for it it to work again. > > On opening the keyboard, the kernel detects it, it shows up in lsusb. > > Oct 6 05:57:15 bunyip kernel: usb 1-7: Product: Surface Type Cover > Oct 6 05:57:15 bunyip kernel: input: Microsoft Surface Type Cover > Keyboard as > /devices/pci:00/:00:14.0/usb1/1-7/1-7:1.0/0003:045E:07E8.0003/input/input29 > Oct 6 05:57:15 bunyip kernel: input: Microsoft Surface Type Cover > Consumer Control as > /devices/pci:00/:00:14.0/usb1/1-7/1-7:1.0/0003:045E:07E8.0003/input/input31 > Oct 6 05:57:15 bunyip kernel: input: Microsoft Surface Type Cover > Touchpad as > /devices/pci:00/:00:14.0/usb1/1-7/1-7:1.0/0003:045E:07E8.0003/input/input33 > Oct 6 05:57:15 bunyip kernel: hid-multitouch 0003:045E:07E8.0003: > input,hiddev96,hidraw0: USB HID v1.11 Keyboard [Microsoft Surface Type > Cover] on usb-:00:14.0-7/input0 > > It looks like it changes input when reopening but the event framework > fails to re-enumerate it. > > Ive tried restarting udev but no luck. Try to update your kernel to the latest one, preferably to vanilla one. Also try udevadm trigger. Best regards, Andrew Savchenko pgpN3ElF63trz.pgp Description: PGP signature
Re: [gentoo-user] Rename /dev/nvme0n1 to /dev/sda
On Fri, 1 Sep 2017 09:10:13 -0700 Grant wrote: > My new laptop uses /dev/nvme0n1 instead of /dev/sda which conflicts > with the script I use to manage about 12 similar laptops running > Gentoo. Is there a udev method for renaming the disk that will work > well with any USB disks that happen to also be attached? Yes, you can write an udev rule to create any names or symlinks you want on any events selected by triggers. See http://www.reactivated.net/writing_udev_rules.html and udev docs. Best regards, Andrew Savchenko pgpzaY5zG6AW0.pgp Description: PGP signature
Re: [gentoo-user] Easiest way to block domains?
On Tue, 29 Aug 2017 01:38:42 -0400 Walter Dnes wrote: > I'm running a Core2-duo desktop from 2008 with 3 gigs of ram. I want > to run it into the ground, not throw it away while it's still > functional. With Gentoo optimization, pluse using ICEWM, it's generally > snappy. But there are a few web pages that throw the kitchen sink of > 3rd-pary adservers+trackers. 178 unique servers for one web page will > peg the load from the web browser to 150% of 1 cpu core. On a 2-core > machine, that is bad. The browser is unresponsive for a few seconds at > a time. > > I'm building up a rather large hosts file, but the adservers have a > gazillion subnames for each domain, in a deliberate attempt to bypass > hosts files. It would be more effective block entire domains. Is there > a lightweight DNS server, or some iptables trick, or whatever, that'll > block specified domains? Use uBlock origin. Both firefox and chromium work perfectly fine for me on a Core2Duo host. Best regards, Andrew Savchenko pgp0mlyc7absR.pgp Description: PGP signature
Re: [gentoo-user] strange behaviour in quite special case
Hi, On Thu, 24 Aug 2017 18:27:22 -0300 Francisco Ares wrote: > Hi, All. > > This is a rather special case, so I don't expect much, but who knows? > > I've built a Gentoo x86-64 system for an embedded application. > > Just after a lot of updates, which I am unable to track, it stopped working > as usual. > > There is the development system, fully loaded of a lot of packages used for > development, and the production system, that don't need all of those. > > There is a line in both systems in /etc/iniitab responsible for auto-login > the production system user and the programs we need running (in its > ".bash_profile" and ".xinitrc"): > > c6:2345:respawn:/sbin/agetty -a production-user 38400 tty6 linux > > The development system starts a WindowMaker session, and the production > system starts a program that controls the rest of the hardware of this > embedded system, with an X11 graphical interface. That runs normally when > simulated at the development system. > > The development system runs smoothly. The production system, after > removing the files from undesirable packages and creating a squashfs image > of the ripped-off root partition behaves strangely at boot: > > It shows the initialization messages as expected, but when the auto-login > and the controller program start should take place, it completely stalls up > to I plug a USB keyboard and issue some times some of the key combinations > to change to a text console and back to X11 (Ctrl-Alt-F1 and Ctrl-Alt-F6); > only then the things resume as expected. > > As you might suspect, there is no keyboard for the production system ;-) . > > As a matter of fact, I don't know where the stall take place, as when I try > to switch to a text console to see the logs, it switches back to X11 and > starts our program. By the way, the logs just show that the events > occurred at latter times than expected. > > Although the squashfs is read-only, some main directories are arranged in a > way that, using tmpfs mounts and unionfs with the read-only directory to > the read-write tmpfs directory to that main directory provide a way of > creating temporary files that has been working for a few years now. > > For instance, in "/etc/fstab": > > tmpfs /.etc.rwtmpfs defaults,mode=755 > 0 0 > union /etcunionfs > default_permissions,allow_other,use_ino,nonempty,suid,cow,dirs=/. > etc.rw=rw:/.etc.ro=ro 0 0 > > And there is a "/.etc.ro" with a copy of all files present in regular > "/etc" , a "/.etc.rw" directory to be mounted tmpfs, and the original > "/etc" directory, that needs to be there at boot, even before mounting all > this. > > Does anyone have a clue? Try to dissect your problem. Start with removing squashfs and all tmpfs/unionfs manipulations. Create the same image, but on "normal" writable file system and see how it goes. It may be fs-related bug, may be you removed too many files and some "undesired" packages are actually mandatory. If you have some form on snapshots of your changes, you can try to bisect them in a git bisect way. Another approach is to run X server (or any other app suspected as a troublemaker) under strace (or attach strace to a running process) and see what is going on. You will have a lot of low level information and extensive filtering will be required; strace is capable of that, but you will need to dig into its documentation. Best regards, Andrew Savchenko pgpiwHTGCazGH.pgp Description: PGP signature
Re: [gentoo-user] app-eselect dependencies
On Thu, 24 Aug 2017 19:02:14 +0200 Helmut Jarausch wrote: > Hi > > some package (sci-libs/gsl) needs app-eselect/eselect-cblas > > Trying to emerge app-eselect/eselect-cblas portage says > app-eselect/eselect-cblas" is blocking sci-libs/scalapack-2.0.2-r1, > sci-libs/gotoblas2-1.13-r1 > > but in eselect-cblas-0.1.ebuild there are no such dependencies listed. > Where are these blocking messages coming from. Could you please post the full error message? OT: gotoblas2 is quite old, use openblas instead, it has better optimizations, especially for modern CPUs. Best regards, Andrew Savchenko pgpYN2ETdgYXe.pgp Description: PGP signature
Re: [gentoo-user] No beep.
On Mon, 14 Aug 2017 18:22:54 + Alan Mackenzie wrote: > Hello, Gentoo. > > I've almost got my new(ish) machine up and running. In particular, I've > got an email server (s/qmail) running on it, the most difficult part of > bringing up a new box. > > However, during the building, I discovered to my disgust that there was > no loudspeaker in my new case. So, none of the helpful booting beeps > that the motherboard uses to tell us that something's wrong. Still, I > got past that stage. > > But just typing into a virtual tty, sometimes the system (should) beep. > It doesn't. It should. > > It should, because I compiled the kernel with CONFIG_SND_HDA_INPUT_BEEP > and CONFIG_SND_HDA_INPUT_BEEP_MODE set to 1. > > My loudspeakers are working, as shown by running speaker-test. I'm > using the kernel I think I am, verified by checking those two config > settings in /proc/config.gz. > > Would somebody please suggest to me where I am going wrong, here? If you are using ALSA (I suppose you are), run alsamixer and check the settings of the "beep" channel, it can be muted or set to 0. Best regards, Andrew Savchenko pgpz9OvoPw0U0.pgp Description: PGP signature
Re: [gentoo-user] Warnings on shutting down bcache: WARNING: CPU: 1 PID: 4378 at lib/idr.c:383
193] task: 880216b24240 task.stack: c900431e4000 > [140398.382197] RIP: e030:ida_remove+0xde/0xef > [140398.382199] RSP: e02b:c900431e7db0 EFLAGS: 00010082 > [140398.382202] RAX: 0033 RBX: 0012 RCX: > > [140398.382204] RDX: 880249654450 RSI: 88024964dc08 RDI: > 88024964dc08 > [140398.382205] RBP: c900431e7e10 R08: R09: > 000448da > [140398.382207] R10: 1668 R11: 81f1dad0 R12: > c08114c8 > [140398.382209] R13: c08114c0 R14: 00fa R15: > 0010 > [140398.382223] FS: () GS:88024964() > knlGS:88024964 > [140398.382225] CS: e033 DS: ES: CR0: 80050033 > [140398.382227] CR2: 7fb681059eb0 CR3: 00020a7b9000 CR4: > 00042660 > [140398.382230] Call Trace: > [140398.382238] ida_simple_remove+0x2f/0x45 > [140398.382247] bcache_device_free+0x8c/0xc4 [bcache] > [140398.382255] cached_dev_free+0x6b/0xe1 [bcache] > [140398.382261] process_one_work+0x16f/0x281 > [140398.382265] ? rescuer_thread+0x24e/0x24e > [140398.382268] worker_thread+0x1a4/0x257 > [140398.382272] ? rescuer_thread+0x24e/0x24e > [140398.382275] kthread+0xfc/0x101 > [140398.382278] ? init_completion+0x24/0x24 > [140398.382284] ret_from_fork+0x25/0x30 > [140398.382287] Code: 00 75 2a 4c 89 f7 e8 79 52 d5 ff 48 8d 75 b0 4c 89 > e2 4c 89 ef e8 03 3a 00 00 eb 11 44 89 fe 48 c7 c7 0a a1 a0 81 e8 c9 79 > d0 ff <0f> ff 48 83 c4 38 5b 41 5c 41 5d 41 5e 41 5f 5d c3 85 f6 79 02 > [140398.382341] ---[ end trace 279bbc0d0aae56cc ]--- Looks like a kernel bug, try the latest vanilla kernel. Best regards, Andrew Savchenko pgpj5uKfEIyVD.pgp Description: PGP signature
Re: [gentoo-user] Re: Something started muting the sound
On Sat, 12 Aug 2017 11:43:24 -0700 Ian Zimmerman wrote: > On 2017-08-12 13:21, John Covici wrote: > > > How about checking the various volumes rather than muting maybe some > > of them are 0 or rather some negative number or something? Also, you > > might delete the asound.state and let the system start over. Last > > resort, there is an alsa users mailing list. > > > > One other thought, get pulse audio out of the way and see if alsa is > > working. > > To clarify: it works for me (TM), I don't need a solution. I am just > curious because I don't heed the warning and it still works. The warning is about old days when alsa init script loaded required kernel modules for your audio to work. These days kernel does the job well and it can autoload modules based on device IDs. So loading modules by alsa init script is no longer needed in general case and was removed. The warning is here is for the people with special setups (e.g. out of the tree modules) updating from very old systems. Best regards, Andrew Savchenko pgp88LkgWGSge.pgp Description: PGP signature
Re: [gentoo-user] Problem with printer after system update
On Sat, 29 Jul 2017 13:36:55 -0300 Raphael MD wrote: > Hi! > > After a system update, my printer only print documents from internet like > sites. > When a send .pdf to print, cups return this error: No Pages Found. > > Did anyone see this error? Look into cups logs, you may increase log verbosity in cupsd.conf. Best regards, Andrew Savchenko pgpbUgvm0Q5T0.pgp Description: PGP signature
Re: [gentoo-user] On making customized profile again.
On Wed, 19 Jul 2017 16:41:26 +0700 Ста Деюс wrote: > Hi. > > > Trying to remove several packages from the "common" profile, i did copy > mine to the same directory w/ that difference, that mine is located in > /usr/local/portage > > instead of "common's" > /usr/portage > > Then i copied > /usr/portage/profiles/profiles.desc > > to > /usr/local/portage/profiles/profiles.desc > > In the "local" file, i copied, in the corresponding section (x86), line > x86 default/linux/x86/13.0/desktop stable > > pasted it right after it, and changed just its name: > x86 default/linux/x86/13.0/customized stable > > But, when i run > eselect profile list > > i don't see mine profile enlisted. > > So, where did i make mistake? Use /etc/portage/profile/ directory for profile customization. Best regards, Andrew Savchenko pgptku9AWkkdL.pgp Description: PGP signature
Re: [gentoo-user] Something wrong when emerging librime
Hi, On Mon, 17 Jul 2017 16:38:00 + IceAmber wrote: > Hi, everyone > > There is an error when I emerging the fcitx-rime. > Here is the build.log > <https://github.com/IceAmber/Error/blob/master/librime_build.log> > Is it the bug of c++ 11 ABI? This is not a C++11 ABI bug, see https://bugs.gentoo.org/show_bug.cgi?id=624370 Just another compilation failure. I had not studied close what is wrong there, but likely some unhandled API change. Best regards, Andrew Savchenko pgpnmtkE_hnSc.pgp Description: PGP signature
[gentoo-user] Don't miss the 1 500 000 000 Unix second!
Hi all! I'd like to remind you that $ date -d @15 is drawing close! Don't miss the moment :) Best regards, Andrew Savchenko pgpRdAwlWh1Fd.pgp Description: PGP signature
Re: [gentoo-user] Re: tmp on tmpfs
On Wed, 24 May 2017 12:30:36 -0700 Rich Freeman wrote: > On Wed, May 24, 2017 at 11:34 AM, Ian Zimmerman <i...@primate.net> wrote: > > On 2017-05-24 08:00, Kai Krakow wrote: > > > >> Unix semantics suggest that /tmp is not expected to survive reboots > >> anyways (in contrast, /var/tmp is expected to survive reboots), so > >> tmpfs is a logical consequence to use for /tmp. > > > > /tmp is wiped by the bootmisc init job anyway. > > > > In general I haven't found anything that is bothered by /var/tmp being > lost on reboot, but obviously that is something you need to be > prepared for if you put it on tmpfs. > > One thing that wasn't mentioned is that having /tmp in tmpfs might > also have security benefits depending on what is stored there, since > it won't be written to disk. If you have a filesystem on tmpfs and > your swap is encrypted (which you should consider setting up since it > is essentially "free") then /tmp also becomes a useful dumping ground > for stuff that is decrypted for temporary processing. For example, if > you keep your passwords in a gpg-encrypted file you could copy it to > /tmp, decrypt it there, do what you need to, and then delete it. That > wouldn't leave any recoverable traces of the file. > > There are lots of guides about encrypted swap. It is the sort of > thing that is convenient to set up since there is no value in > preserving a swap file across reboots, so you can just generate a > random key on each boot. I suspect that would break down if you're > using hibernation / suspend to disk. It is easy to use both encrypted swap and encrypted hibernation image (I do this on my laptop). Just before s2disk call disable swap completely, then create empty unencrypted swap and run s2disk (swappiness may be disabled to protect from accidental write of unencrypted data before fresh swap creation and s2disk call). Afterwards s2disk may be used to create encrypted memory image and store it in the swap partition. On resume just reverse actions. Apparently it is pointless to encrypt swap if unencrypted hibernation image is used, because all memory is accessible through that image (and even if it is deleted later, it can be restored from hdd and in some cases from ssd). Best regards, Andrew Savchenko pgpHK8m7gAlj4.pgp Description: PGP signature
Re: [gentoo-user] tmp on tmpfs
Hi, On Wed, 24 May 2017 05:34:09 -0400 Rich Freeman wrote: > On Wed, May 24, 2017 at 1:16 AM, Ian Zimmerman <i...@primate.net> wrote: > > > > I have long been in the camp that thinks tmpfs for /tmp has no > > advantages (and may have disadvantages) over a normal filesystem like > > ext3, because the files there are normally so small that they will stay > > in the page cache 100% of the time. > > > > The file being in the page cache only speeds up reads of the file. On > a conventional filesystem the file will still be forced to be > committed to disk within 30 seconds, or whatever you've set your max > writeback delay to. That means guaranteed disk write IO. If the > drive is mostly idle it will have no impact on performance, but if the > disk is fairly busy then it will, especially for spinning disks. For > an SSD /tmp would be a source of erase cycles (which also have > performance implications, but there it is more of a wear issue). When > the file is removed that would also generate write IO. > > The flip side is that on most systems /tmp probably doesn't get THAT much IO. > > On Gentoo doing your builds in tmpfs definitely has a large > performance impact, because there are a lot of files created during > the build process that are sizable but which don't end up getting > installed (object files mostly). Plus you have the extraction of the > source itself. For a typical build that is many MB of data being > extracted and then deleted after maybe a minute, which is a lot of > useless IO, especially when the actual install is probably creating a > fairly sizable IO queue on its own. > > To avoid a reply, I'll also note that tmpfs does NOT require swap to > work. It does of course require plenty of memory, and as with any > situation where lots of memory is required swap may be useful, but it > is not a requirement. > > Others have mentioned zram. I've used it, but unless something has > changed one of its limitations is that it can't give up memory. That > is less of an issue if you're using swap since it can be swapped out > if idle. However, if you're not using swap then you're potentially > giving up a chunk of RAM to do it, though less RAM than a tmpfs if it > is full most of the time (which I doubt is typically the case). For similar needs I found zswap the most suitable, it's so much better than zram: - smaller CPU overhead: not every i/o is being compressed, e.g. if there is sill enough RAM available it is used without compression overhead as usual, but if memory is not enough, swapped out pages are being compressed instead of swapping out to disk; - no size limitation: if zswap pool is full, data is being pulled to swap, the same happens with non-compressible pages; - pool size and compression type can be dynamically adjusted, I prefer z3fold. So I have normal tmpfs on /tmp (and /var/tmp on hosts with lots or RAM), but both tmpfs and running daemons/apps can benefit from compressed memory for rarely used pages while enjoing full RAM speed for frequently accessed ones. Best regards, Andrew Savchenko pgpr8SXNUHm1t.pgp Description: PGP signature
Re: [gentoo-user] libreoffice and java.
Hi, On Thu, 18 May 2017 14:46:56 +0800 Bill Kenworthy wrote: > Hi, > I am trying use some java based plugins with libreoffice. > > libreoffice is compiled with the java use flag, both the oracle JDK and > JRE are installed and the user and system VM's are set and JAVA_HOME is > set in the environment. In the libreoffice jre selection dialog the jre > is showing an selected but I still get this error: > > $ lowriter > javaldx: Could not find a Java Runtime Environment! > Warning: failed to read path from javaldx > > > What have I missed? eselect java-vm? Best regards, Andrew Savchenko pgpRjkc2TshNj.pgp Description: PGP signature
Re: [gentoo-user] gcc 6 PIE use flag
On Tue, 9 May 2017 14:36:09 +1000 Adam Carter wrote:
> Shared objects often need -fPIC for proper relocations when
>
> > linking, just add it when you're told to. It allows COW strategy
> > for DLOs but at the cost of extra CPU register and some slowdown.
> >
> >
> Shouldn't this be in the ebuilds? eg.
> if gcc:6[pie];
> then CFLAGS=${CFLAGS} -fPIC
I'm not so sure. Whether -fPIC is required or not depends on too
many factors and adding it when not needed will bring harm.
Are you using hardened?
Best regards,
Andrew Savchenko
pgp8oPjdoXM85.pgp
Description: PGP signature
Re: [gentoo-user] gcc 6 PIE use flag
On Mon, 8 May 2017 08:46:54 +1000 Adam Carter wrote: > Since an update to the default USE flags on gcc 6 turned on PIE and SSP, > i'm getting these errors; > > /usr/lib/gcc/x86_64-pc-linux-gnu/6.3.0/../../../../x86_64-pc-linux-gnu/bin/ld: > atof-generic.o: relocation R_X86_64_32 against `.rodata' can not be used > when making a shared object; recompile with -fPIC > /usr/lib/gcc/x86_64-pc-linux-gnu/6.3.0/../../../../x86_64-pc-linux-gnu/bin/ld: > dw2gencfi.o: relocation R_X86_64_32 against `.rodata.str1.8' can not be > used when making a shared object; recompile with -fPIC > /usr/lib/gcc/x86_64-pc-linux-gnu/6.3.0/../../../../x86_64-pc-linux-gnu/bin/ld: > frags.o: relocation R_X86_64_32 against `.rodata.str1.8' can not be used > when making a shared object; recompile with -fPIC > /usr/lib/gcc/x86_64-pc-linux-gnu/6.3.0/../../../../x86_64-pc-linux-gnu/bin/ld: > messages.o: relocation R_X86_64_32 against `.rodata.str1.1' can not be used > when making a shared object; recompile with -fPIC > /usr/lib/gcc/x86_64-pc-linux-gnu/6.3.0/../../../../x86_64-pc-linux-gnu/bin/ld: > subsegs.o: relocation R_X86_64_32 against `.rodata' can not be used when > making a shared object; recompile with -fPIC > /usr/lib/gcc/x86_64-pc-linux-gnu/6.3.0/../../../../x86_64-pc-linux-gnu/bin/ld: > symbols.o: relocation R_X86_64_32S against symbol `_sch_toupper' can not be > used when making a shared object; recompile with -fPIC > /usr/lib/gcc/x86_64-pc-linux-gnu/6.3.0/../../../../x86_64-pc-linux-gnu/bin/ld: > atof-ieee.o: relocation R_X86_64_32S against `.rodata' can not be used when > making a shared object; recompile with -fPIC > /usr/lib/gcc/x86_64-pc-linux-gnu/6.3.0/../../../../x86_64-pc-linux-gnu/bin/ld: > symbols.o: warning: relocation against `strlen@@GLIBC_2.2.5' in readonly > section `.text' > /usr/lib/gcc/x86_64-pc-linux-gnu/6.3.0/../../../../x86_64-pc-linux-gnu/bin/ld: > final link failed: Nonrepresentable section on output > collect2: error: ld returned 1 exit status > > If I add -fPIC to CFLAGS it will compile. Interestingly some packages (eg > PHP) will compile without the -fPIC. Also the man page says; "This option > makes a difference on AArch64, m68k, PowerPC and SPARC:, whereas i'm > running amd64. > > What's going on here? Shared objects often need -fPIC for proper relocations when linking, just add it when you're told to. It allows COW strategy for DLOs but at the cost of extra CPU register and some slowdown. Best regards, Andrew Savchenko pgp_7cjU5i50K.pgp Description: PGP signature
Re: [gentoo-user] Re: htop wants cgroups
On Wed, 3 May 2017 15:11:33 -0700 Daniel Campbell wrote: > cgroups are not being pushed in this case. Portage threw up a warning, > letting you know that some features of htop may not be available without > the CONFIG_CGROUPS flag on in the kernel. htop should work to your > liking as it is right now. Go try it out! > > I'm having a little trouble understanding why this particular package > has you worried when there are dozens of others that spit out similar > "heads up" warnings, like qemu, anything relating to graphics and > virtualization... they're helpful messages that let you know that, if > something doesn't work as you expect, it's probably due to something you > have disabled. That's it. > > Perfect example: I use an AMD processor, but still get 'warning' > messages about checking CONFIG_KVM_INTEL and other variables. qemu still > works, because my kernel is built to virtualize with my CPU. Someone > with an Intel CPU might really want that warning message, though. The problem is that this warning is too severe: it suggests that package may not work properly without feature: "may cause unexpected problems" instead of saying "some additional features will be disabled" Hey, this is _very_ different to have some extra stuff off and to have core stuff with "unexpected problems". Best regards, Andrew Savchenko pgpwXnme3Sqty.pgp Description: PGP signature
Re: [gentoo-user] Re: htop wants cgroups
On Mon, 1 May 2017 09:46:38 -0400 Rich Freeman wrote: > On Sun, Apr 30, 2017 at 4:17 PM, Kai Krakow <hurikha...@gmail.com> wrote: > > Am Sun, 30 Apr 2017 10:33:05 -0700 > > schrieb Jorge Almeida <jjalme...@gmail.com>: > > > >> It makes sense that the kernel has it. Should it be enabled? For a > >> server, probably. For a single-user workstation? Maybe. > > > > Maybe I don't have the ordinary workstation, but I use it to limit > > memory of sometimes-run-away services (memory-wise) and to control > > resource usage of container machines I'm using during development. > > Probably not the ordinary use-case... > > > > Honestly, I can't think of why you wouldn't want to use it. It is an additional attack surface. If there is no use for some $feature on some system, it must be disabled. Also this subsystem is still new in the kernel and there were many related vulnerabilities in the past. Best regards, Andrew Savchenko pgp2TMZZ4xXFn.pgp Description: PGP signature
Re: [gentoo-user] replacement for ftp?
On Tue, 25 Apr 2017 15:29:18 +0100 lee wrote: > > Hi, > > since the usage of FTP seems to be declining, what is a replacement > which is at least as good as FTP? I fail to see why FTP needs to be replaced: it works, it is supported, it is secure when used with care, it is damn fast. Best regards, Andrew Savchenko pgpH4meGDETra.pgp Description: PGP signature
Re: [gentoo-user] vim colorschemes: A question regarding terminal capabilities
On Mon, 10 Apr 2017 05:00:26 + tu...@posteo.de wrote: > I am playing around with colorschemes in vim and came across a problem: It > seems impossible to change the fore-/background color of the cursor itself. > $TERM is xterm-256color and vim itself offers settings for the color of the > cursor. Different colortests for terminals validate that the terminal is able > to display 256 colors. > > Is there something special terminal-wise when setting cursor colors ? > Why does it fail? Cursor colour has its own control sequence: http://rcr.io/words/dynamic-xterm-colors.html e.g. echo -ne "\033]12;#DD3123\007" will change your cursor to red (colour DD3123) without affecting normal text foreground and background colors. Best regards, Andrew Savchenko pgpF2WZYsRDLk.pgp Description: PGP signature
Re: [gentoo-user] Ryzen initial results.
On Tue, 4 Apr 2017 14:45:44 -0700 Daniel Frey wrote: > On 04/04/2017 10:37 PM, Alan Grimes wrote: > > I installed my Ryzen system today, using a mATX b350 mobo. > > > > My existing kernel mostly works, > > > > > > > > .00] Linux version 4.6.7 (root@tortoise) (gcc version 5.4.0 (Gentoo > > 5.4.0-r3 p1.3, pie-0.6.5) ) #6 SMP Tue Apr 4 22:34:38 EDT 2017 > > From what I've been reading, Ryzen support wasn't added until 4.10, with > partial support in 4.9. So you probably won't get everything out of your > new hardware. > > I am using 4.9.16 on my laptop with binary nvidia drivers, I haven't had > issues yet. Although, it is one of those dual-gpu models, intel and > nvidia - but the nvidia kernel module loads with no erroneous messages. > > If you have bleeding edge hardware you really need to use a newer kernel > for proper support. I didn't even try my new laptop with an old kernel > (most of my other machines are on 4.1 LTS still.) Ditto. With a bleeding edge hardware one needs a bleeding edge software, at least kernel, drivers/firmware and @system. Best regards, Andrew Savchenko pgpJRkj_YZJsv.pgp Description: PGP signature
Re: [gentoo-user] Mysterious encodig problem...
On Sun, 2 Apr 2017 09:23:49 +0200 tu...@posteo.de wrote:
> Hi,
>
> it seems, that I have an encoding problem...which is triggered
> (only???) somewhere in the chain fetchmail=>procmail=>neomutt with vim.
>
> ...and it only effects single and double quotes.
>
> I am living in Non-Ascii-land (germany). Therefore I have
> some "strange" ;) characters on my keyboard...the "Umlauts"
> und the sharp S.
>
> All those are displayed nicely...in neomutt/vim also (which I use for
> mailing).
>
> When I receive an email with single quotes (') or double
> quotes ("), they will be changed to "???".
>
> My settings (settings to English language are for displaying -- for
> example -- manpages in their original version - not the translated ones):
Try to set LANG=de_DE.UTF-8. For manual you can set LANG=en_US, or
change LANG only for neomutt/vim, e.g.:
#/bin/sh
LANG=de_DE.UTF-8 vim ...
Best regards,
Andrew Savchenko
pgpMsOl9GU91R.pgp
Description: PGP signature
Re: [gentoo-user] Strange IPv6 behaviour
On Sat, 25 Mar 2017 12:36:04 +0100 Alarig Le Lay wrote: > Hi, > > On one of my machines, I have two public IPv6 from two different > providers (one natively, another by VPN). I use ip -6 rule to make both > pingable. > > I see some strange things on the native one. It stops responding from > time to time. Here are some examples of mtr: > https://paste.swordarmor.fr/raw/mXVT > > At this time, the other IPv6 (bulbizarre.swordarmor.fr) works normally. > > And if I do the same test on another machine in the same LAN, no loss: > https://paste.swordarmor.fr/raw/XGbK > > I have this routing table: > alarig@bulbizarre ~ $ ip -6 rule list > 0:from all lookup local > 31010:from 2a01:cb08:898c:fc00:9913:b7a:b9bf:d30c lookup 3215 > 31100:from all lookup 51083 > 32766:from all lookup main > alarig@bulbizarre ~ $ ip -6 route show > 2a00:5881:4008:400::/64 dev tun0 proto kernel metric 256 pref medium > 2a01:cb08:898c:fc00::/64 dev eth0 proto kernel metric 4 pref medium > fe80::/64 dev eth0 proto kernel metric 256 pref medium > fe80::/64 dev tun0 proto kernel metric 256 pref medium > fe80::/64 dev tun-mysql proto kernel metric 256 pref medium > default via fe80::20d:b9ff:fe3a:1fa1 dev eth0 metric 4 pref medium > alarig@bulbizarre ~ $ ip -6 route show table 3215 > 2a01:cb08:898c:fc00::/64 dev eth0 metric 1024 pref medium > default via fe80::20d:b9ff:fe3a:1fa1 dev eth0 metric 1024 pref medium > alarig@bulbizarre ~ $ ip -6 route show table 51083 > default dev tun0 metric 1024 pref medium > > I’m using the kernel 4.9.16-gentoo. > > I’m running out of ideas, so I ask for your help :) Run tcpdump -w on both sides. Compare dumps when connection stalls and when it works fine. Many reasons are possible, it's hard to guess from data you provided. But it makes me wonder why you have default via VPN and given address via eth0. This may lead to undesirable consequences like VPN carrier (or some aux request) trying to go through its own VPN tunnel. Best regards, Andrew Savchenko pgp3fIREW1JZ4.pgp Description: PGP signature
Re: [gentoo-user] SHA-1 has just been broken
On Fri, 3 Mar 2017 08:48:30 -0500 taii...@gmx.com wrote: > Of course, as I stated you have to bootstrap the crypto from the > motherboard EEPROM chip. > >> One way is to use a blob-free coreboot IOMMU supporting board and > >> bootstrap the crypto/kernel off of the board firmware EEPROM chip to > >> load the initial kernel thus no plaintext touches the disk and thus > >> nothing can mess with it. > >> > >> The IOMMU (theoretically) protects the CPU and memory from rogue > >> devices, such as the hard drive. > > No. Any DMA capable device can bypass IOMMU. IOMMU was not > > designed to protect OS from device. > That isn't true, it was designed for exactly that and of course for > assigning devices to VM's. > > I get an AMD-Vi IOMMU IO_PAGE_FAULT alert in dmesg whenever a device > tries to do something it shouldn't and the remapping hardware blocks it. > > In linux the kernel/drivers configure which memory locations the devices > are allowed to access. This can be easily bypassed. See my reply to Rich in this thread. It may protect you from accidental errors, it will not protect you from malicious action. > >> In terms of ethics IBM *for now* is a way better company than Intel/AMD, > >> their POWER servers are owner controlled as there isn't any boot > >> guard/secure boot/management engine/platform "security" processor (amd's > >> ME) to stop you from re-writing the firmware as you please. They also > >> have an getting-there-almost-reasonable open source effort (OpenPOWER) > > Indeed they are. But that boxes are quite expensive and hard to get. > Hard to get? You can buy them from IBM's website like any other computer. > http://www-03.ibm.com/systems/power/hardware/linux-lc.html There is no way to import them into my country now. In a year or two maybe, but not now :/ Best regards, Andrew Savchenko pgpncblckJVCz.pgp Description: PGP signature
Re: [gentoo-user] SHA-1 has just been broken
On Thu, 2 Mar 2017 19:04:06 -0500 Rich Freeman wrote: > On Thu, Mar 2, 2017 at 6:26 PM, Andrew Savchenko <birc...@gentoo.org> wrote: > > On Thu, 2 Mar 2017 03:42:24 -0500 taii...@gmx.com wrote: > >> > >> The IOMMU (theoretically) protects the CPU and memory from rogue > >> devices, such as the hard drive. > > > > No. Any DMA capable device can bypass IOMMU. IOMMU was not > > designed to protect OS from device. > > > > Huh? I thought protection against DMA attacks was half the reason for > an IOMMU in the first place. > > https://en.wikipedia.org/wiki/Input%E2%80%93output_memory_management_unit Even the page you cited contains: ``Some units also provide memory protection from faulty or malicious devices.'' Please note the word "some" here. IOMMU was created to restrict OS access to devices (and bring desired guest VM direct hw access when needed). While it may be used the other way around — to protect OS from device — it usually don't work this way, not every IOMMU even supports this. If we'll look further, IOMMU bypass is a part of normal operation of many device drivers: https://lists.gt.net/linux/kernel/365102 Just some real world examples, one can search the web or grep kernel sources for more: https://lwn.net/Articles/144207/ https://lists.ozlabs.org/pipermail/linuxppc-dev/2014-February/115239.html And the funniest stuff: even if IOMMU can be and is configured to sandbox malicious devices, it can be easily bypassed in most real world implementations: https://hal.archives-ouvertes.fr/hal-01419962/document So relying on IOMMU to protect from malicious devices is even more naive than relying on SHA1 for crypto integrity needs. Best regards, Andrew Savchenko pgpuiLIUE2qve.pgp Description: PGP signature
Re: [gentoo-user] SHA-1 has just been broken
On Tue, 28 Feb 2017 18:05:29 +0100 Miroslav Rovis wrote: [...] > Gentoo Keys > --- > > ### About > > Gentoo Keys is a Python based project that aims to manage the GPG keys used > for validation on users and Gentoo's infrastracutre servers. Gentoo Keys > will be able > to verify GPG keys used for Gentoo's release media, such as installation > CD's, > Live DVD's, packages and other GPG signed documents. It will also be used by > Gentoo infrastructure to achieve GPG signed git commits in the forthcoming > git > migration of the main CVS tree. > > ### License > > Gentoo Keys is under GPL-2 License > # > > But do I read this correctly?: > > ...Gentoo Keys will be able > to verify GPG keys used for Gentoo's release media, such as installation > CD's, > Live DVD's, packages and other GPG signed documents. > > Again, about this (syntactical) object (in the sentence), with other > objects removed: > > ...Gentoo Keys will be able > to verify GPG keys used for ... > ... packages... > > Does that mean what I read? That with gkeys any user will be able to get > packages via git, and somehow automatically gpg -verify the signature of > each package that (s)he got when (s)he, say: Yes and no. AFAIK gkeys is not yet fully implemented. Right now it can be used to verify dev keys, but I'm not aware about a way to verity git tree using gkeys. Probably this should be done at the end of emaint sync process. Best regards, Andrew Savchenko pgpprJPSHYH3u.pgp Description: PGP signature
Re: [gentoo-user] SHA-1 has just been broken
On Thu, 2 Mar 2017 03:42:24 -0500 taii...@gmx.com wrote: > It is possible to have a reasonably secure system where the hard drive > firmware (or any other devices) can't fuck around with the stuff on > disk, although I highly doubt that the gentoo infrastructure (and > kernel.org, and all the source repos for all the other software) does this Hard drive's firmware is a drive's micro OS, it can manipulate data on the disk as it pleases. The only way to protect privacy of the data is to write it already encrypted, so it still can be mangled and become unusable, but privacy will be kept. But see below about DMA. > One way is to use a blob-free coreboot IOMMU supporting board and > bootstrap the crypto/kernel off of the board firmware EEPROM chip to > load the initial kernel thus no plaintext touches the disk and thus > nothing can mess with it. > > The IOMMU (theoretically) protects the CPU and memory from rogue > devices, such as the hard drive. No. Any DMA capable device can bypass IOMMU. IOMMU was not designed to protect OS from device. > In terms of ethics IBM *for now* is a way better company than Intel/AMD, > their POWER servers are owner controlled as there isn't any boot > guard/secure boot/management engine/platform "security" processor (amd's > ME) to stop you from re-writing the firmware as you please. They also > have an getting-there-almost-reasonable open source effort (OpenPOWER) Indeed they are. But that boxes are quite expensive and hard to get. Best regards, Andrew Savchenko pgpwYnzvVK92P.pgp Description: PGP signature
Re: [gentoo-user] Its ground hog day... how to escape the syndrome?
On Thu, 2 Mar 2017 09:44:20 +0200 Alan McKinnon wrote: > On 02/03/2017 06:33, Harry Putnam wrote: > > Setup: VBox vm running gentoo(amd64) guest on a win-10 (64bit) host > > Hardware: HP xw8600 - 2x Xeon CPU X5450 @ 3.00GHz - 32 GB ram > > > > I've seen a few other mentions of the phenomena I'm about to describe. > > It is not clear to me why something like this would happen. Or what is > > to be done to prevent it. > > > > After going thru install and bulding of X based lxde desktop gentoo > > OS, I'm at the stage where I would do another emerge world followed by > > --depclean or something similar. > > > > Decided to take the @world in the two available bites; @system then > > @world > > > > My cmdline was `emerge -vaDt @system' > > Add -u to the options, it activates update behaviour > > Without it, emerge takes you literally at your word and emerges > everything in the system set. Also add -N, otherwise USE flags changes will be ignored if no update or rebuild, and add --with-bdeps y if you don't want to miss updates for packages pulled an build-only deps, so use `-DNuavt --with-bdeps y'. "vt" here is optional and affects only on-screen output. Best regards, Andrew Savchenko pgpyvddSFDcaV.pgp Description: PGP signature
Re: [gentoo-user] SHA-1 has just been broken
On Sun, 26 Feb 2017 12:00:50 +0100 Miroslav Rovis wrote: > But, when we talk crypto being broken, Git is not in the immediate threat due to SHA1 collision being practical. See Linux blog about this: https://plus.google.com/+LinusTorvalds/posts/7tp2gYWQugL Note that git devs are working on moving to a more secure hash function. Also note that git can handle several files in the repo with the same hash function. While this doesn't protect from the possible repo forgery, it protects from accidental file collision where subversion fails badly: https://www.bleepingcomputer.com/news/security/sha1-collision-attack-makes-its-first-victim-subversion-repositories/ I do not want to offence subversion devs, but they haven't even considered the possibility that hash function may collide. Huge blunder on their side. > I can help thinking of other > threats to Gentoo and other FOSS GNU Linux that I fear are perfectly > feasible (for the resourceful subjects) > > Gentoo distro is increasingly served the insecure way, IMO, that is: via > git, without the repositories being, for end users, PGP-verifiable. It is verifiable for end users, but not in an easy way. You can either use web rsync or verify git commits yourself using gpupg and gkeys. > And via a new private big business, the Github. Giving over all users to > big Github brother. ??? Github is entirely optional and is only for those who want to use it (we have both users and devs willing so), but in no way anyone demands its usage. If you want to have sync-friendly git repo, Gentoo infra provides one for you: https://gitweb.gentoo.org/repo/sync/gentoo.git/ > And, in the trasition all the history got lost. Git started remembering > only from 2015. No, it isn't. Full historical git repo is available: https://gitweb.gentoo.org/repo/gentoo/historical.git/ One may use git graft to join historical and actual repo together. > I have asked a question about getting git-served repository verifiable > for end users, but I didn't get any replies: Do not forget that all devs are volunteers. User-transparent GnuPG tree verification is indeed important. You can help! Join gkeys project, get in touch with infra, discuss what needs to be done. Don't just rattle about how insecure data is provided, help to make it secure! (And as I shown above actual state is not that bad and some options are already available.) Best regards, Andrew Savchenko pgp2DzXAJ_N32.pgp Description: PGP signature
Re: [gentoo-user] SHA-1 has just been broken
On Sat, 25 Feb 2017 22:12:10 +0100 Miroslav Rovis wrote: > https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html > > ( you know I hate the Schmoog, and didn't take their cookies, and so > they didn't show me their page in my Palemoon --working great here!, an > Angel of Honesty in comparison to Firefox --and if anybody else don't > want Schmoog prying in his machine, likely: Mass generation of collisions is much easier if document structure is taken into account, e.g. for PDF it is sufficient to compute collision block once and it is possible to generate different PDFs with the same SHA1 hash. On-line service is available together with detailed description: https://alf.nu/SHA1 So danger of SHA1 collision is much closer than 9,223,372,036,854,775,808 SHA1 computations or 1 110-GPU year. Best regards, Andrew Savchenko pgpdZdRXx8Qdq.pgp Description: PGP signature
Re: [gentoo-user] SSH rekeying straight after authentication
On Thu, 23 Feb 2017 20:10:05 + Mick wrote: > I am trying to understand why an ssh server keeps dropping the connection > when > using openssh on Linux straight after a successful authentication, but it > works fine with Filezilla in MSWindows. [...] > I am guessing all this respawning probably triggers some DDoS protection > limit > on the server and it disconnects the client. Have you observed anything > similar and would you know why Linux fails, but MSWindows works as it should? I use HPN for years and connect to hundreds of servers, most of them are without HPN support. I have no problems so far. But HPN is unofficial and it may trigger problems. Maybe this is a bug in HPN, maybe a server's custom protection. Try to report this on bugzilla for openssh maintainers. Best regards, Andrew Savchenko pgpEM5hBjqNZP.pgp Description: PGP signature
Re: [gentoo-user] Cross-compiling for an unstable architecture.
On Thu, 23 Feb 2017 16:21:04 -0600 R0b0t1 wrote: > Hello, > > So apparently I am single-handedly attempting to stabilize arm64 (at > least, it feels that way). Per the "Gentoo on Alternative > Architectures" subforum > (https://forums.gentoo.org/viewforum-f-32.html) two users have gotten > almost everything working, in some cases having to resort to building > packages not in @system on-device. Ideally I want to be able to build > every package I make use of from my desktop but in some cases this > will involve bug reports to the projects to see if they will change > their build process. > > However it's gotten to the point where not even building on-device > works. I'm experiencing breakage in a lot of core packages that may or > may not be related to portage. What is the best way to ask for help? > The users on the forums and IRC do not seem to really know how to go > about solving some of the problems or do not have the time, and I'm > not sure it's polite to open up a bunch of bug reports on > https://bugs.gentoo.org. What seems to complicate this is solving some > of the issues looks like it will take knowledge only the developers of > the corresponding software have. Get in touch with the arm Gentoo team. If you sure your fix is correct, open bugs on bugzilla. There is nothing wrong in opening tons of good bug reports with patches :) Best regards, Andrew Savchenko pgpfTa_N6QIrm.pgp Description: PGP signature
Re: [gentoo-user] Is this a dependency bug?
On Mon, 20 Feb 2017 17:45:28 + (UTC) Grant Edwards wrote: > I installed weasyprint-0.29, but it won't run: > > $ weasyprint > Traceback (most recent call last): > File "/usr/lib/python-exec/python2.7/weasyprint", line 6, in > from pkg_resources import load_entry_point > [...] > File "/usr/lib64/python2.7/site-packages/pkg_resources/__init__.py", line > 849, in resolve > raise DistributionNotFound(req, requirers) > pkg_resources.DistributionNotFound: The 'CairoSVG<2,>=1.0.20' distribution > was not found and is required by WeasyPrint > > I have cairosvg installed, but apparently it's not recent enough (1.07 vs. > 1.20)? > > $ emerge --search cairosvg > > > * media-gfx/cairosvg > Latest version available: 1.0.7 > Latest version installed: 1.0.7 > Size of files: 29 KiB > Homepage: http://cairosvg.org/ > Description: A simple cairo based SVG converter with support for PDF, > PostScript and PNG formats > License: LGPL-3 > > Is this a dependency bug in the weasyprint ebuild? Yes, please report on bugzilla. Best regards, Andrew Savchenko pgpbd1PsZ_M4e.pgp Description: PGP signature
Re: [gentoo-user] How to keep my system from (nearly) freezing?
Hi,
On Sun, 19 Feb 2017 13:53:49 +0100 Helmut Jarausch wrote:
> Hi,
>
> sometime I have some memory hungry ebuilds in the background, when I
> start (e.g.) Chromium which needs very much memory if you have a lot of
> open tabs.
>
> In that case my system nearly freezes. I cannot even kill chrome.
> What can I do in that case. (Remote login doesn't work either)
>
> Can I have any additional program (like Chromium) die if there is not
> enough memory.
1. Use reasonable -j and -l options in MAKEOPTS. A good start will
be -j N and -l 2*N, where N is a number of your logical cores.
2. Set the lowest CPU and I/O priorities for emerge:
PORTAGE_NICENESS=19 and run emerge as `ionice -c3 emerge ...`,
you have to use CFQ scheduler to be able to use ionice.
3. Use zswap with z3fold allocator. It helps me well on my laptop
with 2GB RAM.
4. If everything above doesn't help:
a) reduce -j to a value where memory usage is suitable for you;
b) consider using -Os in your {C,CXX,F,FC}FLAGS, since such system
is certainly short of memory.
5. If even 4. doesn't help, consider using more powerful host to
build binary packages for this one.
Best regards,
Andrew Savchenko
pgpfJpZXTRw2Y.pgp
Description: PGP signature
Re: [gentoo-user] how to control firefox input and output?
On Thu, 2 Feb 2017 23:40:25 +0330 behrouz khosravi wrote: > Hello everyone. I was wondering is any method to force firefox to render > its output to a off-screen buffer? another app should be able to monitor > its video output and send mouse and keyboard events to the browser. any > suggestion would be greatly appreciated. Try Xnest or Xvfb. Best regards, Andrew Savchenko pgp64Rk3v7PFv.pgp Description: PGP signature
Re: [gentoo-user] To do or not to do...
On Wed, 11 Jan 2017 18:00:11 +0100 meino.cra...@gmx.de wrote: > Hi, > > > After fcron updateing, I got this informations as the last > stepsand cant decide, whether this has already be done > while emerge was running or whether it is something I have > to do. > > > <<< dir /usr/share/doc/fcron-3.1.2-r2/html > <<< dir /usr/share/doc/fcron-3.1.2-r2 > >>> Regenerating /etc/ld.so.cache... > >>> Original instance of package unmerged safely. > * fcron's default systab was updated since your last installation. > * You can use > * > * # emerge --config sys-process/fcron > * > * to re-install systab (do not call this command before you > * have merged your configuration files). > >>> sys-process/fcron-3.2.1-r1 merged. > >>> Auto-cleaning packages... > > >>> No outdated packages were found on your system. > > * GNU info directory index is up-to-date. > * After world updates, it is important to remove obsolete packages with > * emerge --depclean. Refer to `man emerge` for more information. > > > By the way...cfg-update -l prints nothing to merge... Verify manually that there is no related ._cfg* file in your /etc. cfg-update -l may return nothing because nothing changed since your manual update. If everything is ok, run # emerge --config sys-process/fcron as you were asked. > HELP! I need somebody... HELP! not just anybodu, HELP! > I need just GENTOOO UH!H!... > > Thanks in advance! > > Cheers > Meino > > > > > Best regards, Andrew Savchenko pgpdy_PFvy3hw.pgp Description: PGP signature
Re: [gentoo-user] Compiling maim fails...
On Thu, 5 Jan 2017 04:45:33 +0100 meino.cra...@gmx.de wrote:
> Hi,
>
> this morning I tried to compile
> * media-gfx/maim
> Available versions: ~3.4.47
> Homepage:https://github.com/naelstrof/maim
> Description: Commandline tool to take screenshots of the desktop
>
> which needs
> * x11-misc/slop
> Available versions: (~)4.3.21 {opengl}
> Homepage:https://github.com/naelstrof/slop
> Description: An application that queries the user for a
> selection for printing
Go to https://bugs.gentoo.org and report a bug there.
Please select title correctly, since bug you are reporting is
x11-misc/slop-4.3.21 compilation failure. It has nothing to do with
media-gfx/maim aside from being its dependency.
Best regards,
Andrew Savchenko
pgpMci7Fi6dXL.pgp
Description: PGP signature
Re: [gentoo-user] xterm menu
On Sun, 18 Dec 2016 02:48:28 -0800 Jorge Almeida wrote: > I tried Ctrl+click (any button) on an xterm window, to bring up the > menu (which I never used before; after reading a recent thread about X > (in)security, I was trying to access the secure mode for password > entering). > > This crashes xterm. The logs: On xterm-325 "secure keyboard" mode works perfectly fine for me. Try to change font used by xterm, there are many ways to do this, I prefer to put in ~/.Xresources: xterm*faceName: DejaVu Sans Mono:style=Bold xterm*faceSize: 15 Anyway, application should not crash, so if your system is up-to-date (not only xterm, but Xorg, freetype and friends as well, so better update all system) and bug is still here, please report it on bugzilla. Best regards, Andrew Savchenko pgpAI9MsI8JDF.pgp Description: PGP signature
Re: [gentoo-user] procps: mysterious option
On Thu, 15 Dec 2016 04:43:56 +0100 meino.cra...@gmx.de wrote: > Andrew Savchenko <birc...@gentoo.org> [16-12-14 17:07]: > > On Sat, 10 Dec 2016 05:06:54 +0100 meino.cra...@gmx.de wrote: > > > Hi > > > > > > for the options "-nN" and "-d" the manpage of procps mentions > > > the option "-f" is implied. > > > > > > For SYNOPSIS all possible options are summarized as: > > > procinfo [ -dDSbrhv ] [ -nN ]. > > > > > > Furthermore the option "-f" isn't explained anywhere. > > > > > > What I don't understand here ? ;) > > > > Is your man page out of date? From my man procinfo: > > > > SYNOPSIS > >procinfo [ -fsmadiDSbrChv ] [ -nN ] [ -Ffile ] > > ... > > OPTIONS > >-f Run procinfo continuously full-screen. > > > > =procinfo-18-r2 is installed here. > > > > Best regards, > > Andrew Savchenko > > Hi Andrew, > > This is, what I have: > > * app-admin/procinfo > Available versions: 18-r2 > Homepage:http://www.kozmix.org/src/ > Description: Displays some kernel stats and info on a running > Linux system > > [I] app-admin/procinfo-ng > Available versions: 2.0.304-r1 > Installed versions: 2.0.304-r1(05:40:40 01/10/15) > Homepage:https://sourceforge.net/projects/procinfo-ng/ > Description: Completely rewrite of the old system monitoring app > procinfo > > Found 2 matches > > So, the *-ng seems not to match the installed manpage? > Something is wrong here... procinfo-ng indeed have incorrect man page, feel free to report upstream, though it is inactive as well for ages. Best regards, Andrew Savchenko pgpDJUdJwtIBv.pgp Description: PGP signature
Re: [gentoo-user] procps: mysterious option
On Sat, 10 Dec 2016 05:06:54 +0100 meino.cra...@gmx.de wrote: > Hi > > for the options "-nN" and "-d" the manpage of procps mentions > the option "-f" is implied. > > For SYNOPSIS all possible options are summarized as: > procinfo [ -dDSbrhv ] [ -nN ]. > > Furthermore the option "-f" isn't explained anywhere. > > What I don't understand here ? ;) Is your man page out of date? From my man procinfo: SYNOPSIS procinfo [ -fsmadiDSbrChv ] [ -nN ] [ -Ffile ] ... OPTIONS -f Run procinfo continuously full-screen. =procinfo-18-r2 is installed here. Best regards, Andrew Savchenko pgpKuXis1wZtR.pgp Description: PGP signature
Re: [gentoo-user] perl-cleaner output
On Fri, 7 Oct 2016 09:30:01 -0700 Daniel Frey wrote: > So, I was upgrading several machines, and as a habit I always run > perl-cleaner. Every machine gave me an output like so with somewhat > different package lists: > > > * > * It seems like perl-cleaner had to rebuild some packages. > * > * If you have just updated your major Perl version (e.g. from 5.20.2 to > 5.22.0) >, > * and have run perl-cleaner _after_ that update, then this means most likely > * that these packages are buggy. Please file a bug on > http://bugs.gentoo.org/ and > * report that perl-cleaner needed to reinstall the following list: > *sys-apps/texinfo:0 > dev-perl/libintl-perl:0 > dev-perl/Text-Unidecode:0 > dev-perl/Locale-gettext:0 > dev-perl/Unicode-EastAsianWidth:0 > dev-perl/XML-Parser:0 > > > > I'm happy to file a bug but what should I file it against? perl-cleaner? > perl itself? All of these were triggered after the upgrade to 5.22.0. No, bugs should be file for each package listed: dev-perl/libintl-perl:0 dev-perl/Text-Unidecode:0 dev-perl/Locale-gettext:0 dev-perl/Unicode-EastAsianWidth:0 dev-perl/XML-Parser:0 Of course, you should check if such bugs already exist or packages are already fixed. Best regards, Andrew Savchenko pgpVIbg6LeIfK.pgp Description: PGP signature
Re: [gentoo-user] cross-compile attempt
On Sun, 31 Jul 2016 19:40:37 +0100 Mick wrote: > Hi All, > > I am dipping my toe into cross-compile territory, in order to build i686 > binaries for a 32bit box, which is too old to do its own emerges. I am using > an amd64 box which is significantly faster to do all the heavy lifting and > started applying this page: > > https://wiki.gentoo.org/wiki/Embedded_Handbook/General/Creating_a_cross-compiler > > which I followed up with: > > https://wiki.gentoo.org/wiki/Cross_build_environment And here comes this misconception again... Please, tell me, why on the earth cross-compiling is needed for amd64 to produce i686 binaries?! amd64 CPU _natively_ supports x86 instructions, amd64 kernel natively supports x86 code (this can be disabled during kernel config, but usually it isn't), amd64 gcc *can* produce x86 binaries. There are two ways to help older x86 boxes to build packages faster: 1. Set up distcc to produce x86 code on your amd64 processors. Just add -m32 to your *FLAGS. 2. Copy old box system to a chroot dir on amd64. Run setarch i686 and chroot to that directory, and build 32-bit packages as usual! There are two ways to deliver them: 2.a. Generate binary packages on new box and install them on old boxes. 2.b. Instead of copying old box's root, mount it over NFS. I'm currently using 1, but planning to switch to 2.a, because distcc can't help with everything (execution of java, python, autotools and other stuff can't be helped with distcc). I used 2.b earlier on very old box (it is dead now). 3. Well, one can do full cross-compilation as you proposed, but this is ridiculous. Cross-compilation is always a pain and if it can be avoided, it should be avoided. Best regards, Andrew Savchenko pgpBOHdczNQK1.pgp Description: PGP signature
Re: [gentoo-user] Opera-12 license mask warning
On Sun, 31 Jul 2016 10:45:55 +0100 Mick wrote: > On Sunday 31 Jul 2016 11:09:36 Alan McKinnon wrote: > > On 31/07/2016 09:56, Mick wrote: > > > I got this after an update yesterday and was left puzzled as to what I am > > > meant to do ... > > > > > > !!! The following installed packages are masked: > > > - www-client/opera-12.16_p1860-r1::gentoo (masked by: OPERA-12 license(s)) > > > A copy of the 'OPERA-12' license is located at > > > '/usr/portage/licenses/OPERA-12'. > > > > > > Is it a matter of adding in /etc/portage/make.conf: > > > ACCEPT_LICENSE="OPERA-12" > > > > > > or am I supposed to go through some other ritual? Either way, couldn't > > > the > > > above message be more informative to do away with any guessing? > > > > echo $category/$package $license > /etc/portage/package.license > > > > I guess it's not listed explicitly in every ebuild with a non-free > > license because you are supposed to know how to unmask stuff on your on > > Gentoo system. > > > > The info is in the portage man pages > > Ahh! Yes, I had forgotten about that file. Thank you Alan. > > I was following http://www.gentoo.org/proj/en/glep/glep-0023.html and the > ACCEPT_LICENSE directive in make.conf as a way of managing licenses, but then > I found an entry about skype in package.license. Hmm ... I wonder who put > that in there ... :-) > > I think this warning confused me because it installed the package and *then* > it issued a warning about the license. Usually the warning comes before, > requiring user input before it continues with the installation. This warning was added just recently per bug 573050. Both Opera licenses are clear EULA and thus were added to @EULA license group, which requires explicit user approval if default ACCEPT_LICENSE is used. That's why you have not seen the message during opera installation. For fresh install it will appear unless EULA is allowed in ACCEPT_LICENSE (I'm not recommending this, since EULA licenses are not supposed to be implicitly accepted.). Best regards, Andrew Savchenko pgpBb6VJcp3dD.pgp Description: PGP signature
Re: [gentoo-user] Re: Missing CPU options in make menuconfig
On Thu, 21 Jul 2016 08:20:18 +0100 Neil Bothwick wrote: > On Wed, 20 Jul 2016 18:29:48 + (UTC), Holger Hoffstätte wrote: > > > https://github.com/graysky2/kernel_gcc_patch > > > > is what's missing in mainline but part of -gentoo. > > Now I understand, and can apply that patch separately, thanks for the > pointer. Be careful with MNATIVE optimization. In some cases it results in broken kernel: random userspace segfaults. See https://github.com/graysky2/kernel_gcc_patch/issues/15 Best regards, Andrew Savchenko pgpzPNjAwM98H.pgp Description: PGP signature
Re: [gentoo-user] Is "-fomit-frame-pointer" a gcc default?
Hi, On Mon, 11 Jul 2016 16:27:42 -0400 waltd...@waltdnes.org wrote: > I put it into CFLAGS/CCFLAGS years ago, and left it there. During a > discussion on the Pale Moon forum about build options, the opinion seems > to be that "-fomit-frame-pointer" is now the default. Is that o? > I'd like to simplify my CFLAGS/CCFLAGS both in Gentoo and the Pale Moon > build process. gcc-5.3.0 manual says: The default setting (when not optimizing for size) for 32-bit GNU/Linux x86 and 32-bit Darwin x86 targets is -fomit-frame-pointer. You can configure GCC with the --enable-frame-pointer configure option to change the default. So it depends not only on the arch, but also on how gcc was compiled. Strange, but here Gentoo x86 I have -fomit-frame-pointer disabled by default, so either gcc manpage is wrong or Gentoo disables frame pointer during gcc configuration (I can't confirm the latter after digging into toolchain eclass). This flag is yummy on amd64 and very important on x86, since x86 has only 8 "general purpose" CPU registers, 4 of which have special use, so only 4 are available for general computations and 1 of them is wasted on frame-pointer, not nice. The cost of extra register is that profiling is no longer possible and debugging may be mangled a bit. Looks like -fpic disables -fomit-frame-pointer at least for some pieces of the code: hand-written 4-registers assembly makes -fpic fail in some cases on x86 (e.g. ffmpeg). Best regards, Andrew Savchenko pgpR2ZOUwzOdB.pgp Description: PGP signature
Re: [gentoo-user] Konsole
Hi,
On Sat, 9 Jul 2016 15:44:45 -0400 Philip Webb wrote:
> What has happened to Konsole:4/4.14 ?
>
> root:508 ~> eix konsole
> [U?] kde-apps/konsole
> Available versions: (5) 15.12.3 ~16.04.2 {X debug +handbook test}
> Installed versions: 4.14.3(4/4.14)^t([2015-10-07 13:08:42])(handbook
> -aqua -debug -minimal -test)
> Description: KDE's terminal emulator
>
> Are we going to be forced to install the whole of KDE 5
> if we want to go on using some very useful KDE apps ?
>
> Or was it dropped by mistake ?
I suppose kde:4 was purged from the tree.
Best regards,
Andrew Savchenko
pgpFecspTueZk.pgp
Description: PGP signature
Re: [gentoo-user] Xcdroast users : alert
Hi, On Fri, 08 Jul 2016 14:01:45 +0200 Helmut Jarausch wrote: > On 07/07/2016 08:59:59 PM, Andrew Savchenko wrote: > > Hi all, > > > > I revbumped xcdroast to fix this and other issues. > > > > xcdroast users, please test that xcdroast-0.98_alpha16-r2.ebuild > > works for you (you can burn some CD/DVD as a non-root user after > > usual setup). I don't have a hardware right now to test it. > > > > After confirmation I'll keep p.mask only for older revisions and > > will request stabilization of this revision. Afterwards all old > > versions will be dropped. > > > Many thanks, Andrew > it works just fine. > > I had to remove the folders $HOME/.xcdroast for each users. > Furthermore, the version check is obsolete. > I have add the attached tiny patch Thanks, patch applied in -r3 (as well as other fixes). Note for the future: please align patches to offset -p1, this way they are much easier to use in EAPI=6 (can be included in PATCHES array without modification). I've taken this package for now, so feel free to open bugs for other issues or patches. Though I can't promise I'll support this package forever. Best regards, Andrew Savchenko pgpQbG3n9FtqL.pgp Description: PGP signature
Re: [gentoo-user] Xcdroast users : alert
Hi all, On Wed, 6 Jul 2016 14:13:09 -0400 Philip Webb wrote: > If anyone else uses Xcdroast to write CDs or DVDs, > I suggest they read Bug 345337 & submit appropriate comments. > > There seems to be no problem on single-user systems, > but a 6-year-old bug which applies to multi-user systems > is being used as an excuse to remove Xcdroast from the tree. > There was a similar issue with Nethack recently too. > > PS I am not receiving e-alerts re comments added to the bug : > can anyone explain why that mb happening & advise me how to get them ? I revbumped xcdroast to fix this and other issues. xcdroast users, please test that xcdroast-0.98_alpha16-r2.ebuild works for you (you can burn some CD/DVD as a non-root user after usual setup). I don't have a hardware right now to test it. After confirmation I'll keep p.mask only for older revisions and will request stabilization of this revision. Afterwards all old versions will be dropped. Best regards, Andrew Savchenko pgptILCAFfr_b.pgp Description: PGP signature
Re: [gentoo-user] Wrong SHA512 checksum for 20160630 amd64 minimal installation medium
Hi, On Tue, 5 Jul 2016 09:57:02 +0200 Marvin Gülker wrote: > Hi everyone, > > I was wanting to give Gentoo a try today, but failed to verify the > current minimal installation medium for amd64[1]. The .iso file does > not match the SHA512 checksum provided in the .DIGESTS.ASC file[2]. The > wrong checksum was confirmed by a user in the #gentoo IRC channel on > freenode.net as well. > > FYI, the wrong checksum is: > > f04f987f5e94a1aa8c9ffc8a08c3bdbed0afd44f680342738d504b7149b9e6bbc49ee1fad851d7eef89103e43fefacaa57e6c7f768d164c3c4e77612e6847a35 > install-amd64-minimal-20160630.iso > > Can this please be fixed? > Thanks! Checksums are indeed wrong, whirlpool one too. Thanks for noticing, I opened a bug for this: https://bugs.gentoo.org/show_bug.cgi?id=588062 In future please file bugs for similar issues right ahead. Best regards, Andrew Savchenko pgpW5TvIkDsQz.pgp Description: PGP signature
Re: [gentoo-user] fsck inode warnings
Hi, On Tue, 28 Jun 2016 00:56:17 -0400 Zhu Sha Zang wrote: > Helo there, since a while, every time that i use something like "shutdown -Fr > now" i receive messages like that: > > > /dev/sda3: Inode 655658 extent tree (at level 2) could be narrower. IGNORED. > /dev/sda3: Inode 660107 extent tree (at level 1) could be narrower. IGNORED. > /dev/sda3: Inode 661292 extent tree (at level 2) could be narrower. IGNORED. > /dev/sda3: Inode 661848 extent tree (at level 2) could be narrower. IGNORED. > /dev/sda3: Inode 662317 extent tree (at level 2) could be narrower. IGNORED. > /dev/sda3: Inode 662337 extent tree (at level 1) could be narrower. IGNORED. > /dev/sda3: Inode 662648 extent tree (at level 1) could be narrower. IGNORED. > /dev/sda3: Inode 664488 extent tree (at level 1) could be narrower. IGNORED. > /dev/sda3: Inode 666102 extent tree (at level 1) could be narrower. IGNORED. > /dev/sda3: Inode 671956 extent tree (at level 2) could be narrower. IGNORED. > > What the meaning of this. I was unable to find something useful > to explain these "errors". I already boot with systemrescuecd and > run fsck -f manually, but the warning still appearing. These are not errors, but hints that your fs can be optimized. Extent trees can be compacted with: e2fsck -fpDv -E bmap2extent /dev/sda3 Best regards, Andrew Savchenko pgp64xwk1zDyC.pgp Description: PGP signature
Re: [gentoo-user] how to upgrade perl
Hi, On Mon, 20 Jun 2016 18:27:36 +0200 lee wrote: > how do you do an update despite perl blocking it? > > > emerge -a --update --newuse --deep --with-bdeps=y --keep-going @world > [...] > dev-lang/perl:0 > > (dev-lang/perl-5.22.2:0/5.22::gentoo, ebuild scheduled for merge) pulled in > by > =dev-lang/perl-5.22* required by > (virtual/perl-IO-Zlib-1.100.0-r6:0/0::gentoo, installed) > ^ ^ > > (and 8 more with the same problem) > > (dev-lang/perl-5.20.2:0/5.20::gentoo, installed) pulled in by > dev-lang/perl:0/5.20=[-build(-)] required by > (dev-perl/Encode-Locale-1.30.0-r1:0/0::gentoo, installed) > > > =dev-lang/perl-5.20* required by > (virtual/perl-Pod-Parser-1.620.0:0/0::gentoo, installed) > ^ ^ > > (and 56 more with the same problems) > [...] Your problem is likely not in perl itself, but in subslot deps resolution. Looks like you have other unresolved dependencies, but they can't be seen because of subslots. To solve this one needs to temporary disable subslots, fix all issues, then enable subslots back. First run emerge with subslots ignored: emerge -DNuav --with-bdeps=y --ignore-built-slot-operator-deps y --backtrack 10 @world After this command you will see other blockers than listed in your mail. Fix them until the command above will build dep tree without errors. Afterwards run your usual emerge command with subslots enabled, e.g.: emerge -DNuav --with-bdeps=y --backtrack 10 @world and you should be fine. See also bug 540562: https://bugs.gentoo.org/show_bug.cgi?id=540562 This problem may be solved with huge backtrack value, but in my case --backtrack=100 was not enough and 1000 was not possible to check, because even 100 took about 3 hours(!!) to run. Best regards, Andrew Savchenko pgpKr7TFbKBqi.pgp Description: PGP signature
Re: [gentoo-user] Re: Gentoo is supporting officially Snap packages?
On Thu, 16 Jun 2016 19:30:49 -0400 José Maldonado wrote: > > > El 16/06/16 a las 11:27, James escribió: > > One word SECURITY? Trust but verify does come to mind. > > > > The snaps come to "replace" a lack of security that is in Linux, in > addition to facilitating the installation of all applications from the > user-space without root privileges. Replace lack of security, really? It will create it in the long run due to outdated unmaintained third-party bundled software. Best regards, Andrew Savchenko pgpoy4EWTrn3I.pgp Description: PGP signature
Re: [gentoo-user] Re: Gentoo is supporting officially Snap packages?
On Thu, 16 Jun 2016 22:35:24 -0400 waltd...@waltdnes.org wrote: > On Thu, Jun 16, 2016 at 04:33:12PM -0400, Rich Freeman wrote > > On Thu, Jun 16, 2016 at 4:11 PM, Alan McKinnon <alan.mckin...@gmail.com> > > wrote: > > > > > > I don't see the part where all these latest fancy container thingymagicies > > > are not really just "embed everything in everything" > > > > > > We've known for years the dangers of embedding stuff in packages (it > > > hardly > > > ever gets updated properly) > > > > > > > Well, that strikes me as being true of these self-contained packages, > > but it isn't necessarily true of containers in general. > > > > I run most of my services in containers, and they're just Gentoo > > installations with a really small world file. Things are just as > > up-to-date as they would be if I ran it all in a single host. > > > > Now, if you're the sort of person who just grabs some random docker > > image from who knows where, then sure you're getting a big bundle of > > stuff that may or may not be maintained for security. This is no > > different. > > I don't follow this stuff, so this may be a stupid question... how > does a "container" or "docker" differ from a chroot or a QEMU VM with a > minimal set of applications? There is one common misconception, that chroot is security measure. This is wrong! Chroot is not a security function at all. It is extremely easy to exit chroot [1] if you have root access inside chroot (AFAIK with PAX/GRSecurity it is possible to deny this, but this is another story.) So if you are using chroot for security, forget about security, you have no security at all. This syscall was designed for another needs. Tl;dr; Inside chroot do as a root: mkdir foo; chroot foo; cd .. QEMU VM (as well as other VM) can provide you some degree of security at the cost of performance and system resources. Inside VM you have independent (fully or paravirtualized) kernel and environment. But it is still possible to exit it using hypervisor bugs or hardware-based attacks like L3 cache attack[2]. Yes, if one have modern Intel or AMD CPU with SSE2 and L3 cache enabled, forget about tight security too. Due to reasons above I prefer container solutions like LXC over VM for security: they give approximately the same level of protection as VM, but resources cost is much lower. Of course it is still possible to break any container through L3 cache or some kernel bugs, so for really tight security independent hardware and OS must be used. [1] https://lwn.net/Articles/252794/ [2] https://www.usenix.org/node/184416 Best regards, Andrew Savchenko pgpqsUrMrvX2K.pgp Description: PGP signature
Re: [gentoo-user] Re: Gentoo is supporting officially Snap packages?
On Thu, 16 Jun 2016 15:27:29 + (UTC) James wrote: > José Maldonado gmail.com> writes: > > > > The last days, ArsTechnica publish this new: > > > > http://arstechnica.com/information-technology/2016/06/goodbye-apt-and-yum-ubuntus-snap-apps-are-coming-to-distros-everywhere/ > > > > "Snaps now work natively on Arch, Debian, Fedora, Kubuntu, Lubuntu, > > Ubuntu GNOME, Ubuntu Kylin, Ubuntu MATE, Ubuntu Unity, and Xubuntu," > > Canonical's announcement says. "They are currently being validated on > > CentOS, Elementary, Gentoo, Mint, OpenSUSE, OpenWrt and RHEL, and are > > easy to enable on other Linux distributions." (Ubuntu will continue to > > support deb packages, but developers can choose to package applications > > as snaps instead of or in addition to debs.)" > > > > Gentoo is supporting officially Snap packages? Why not Flatpak? >> >> Thank you very much for your responses! Bye! :) >> > > One word SECURITY? Trust but verify does come to mind. +1 It looks like C:/Program Files/ for Linux to me. It is a complete bundle with all dependency libs, thus vulnerabilities can't be fixed by a regular emerge and users will need to update _each_ snap separately. If updates will be available, but likely they will not be, at least not in time. I'm not talking about tremendous RAM waste (due to shared objects duplication) and disk space waste as well. Both of them can be mitigated by deduplication of RAM and disk pages, but this will eat lots of CPU and users should be quite advanced to do that. > Containers are not exactly the most secure apparatus, imho. > "Clair is an open source project for the static analysis of vulnerabilities > in appc and docker containers." [1]. So, I want to hear about the robustness > of the security on these 'self containerd packages. There is a security audit of the snap already available: http://kmkeen.com/maintainers-matter/2016-06-15-11-51-16-472.html It is quite lengthy, but worth reading. Tl;dr: if you care about security of your box, stay away of this stuff. Best regards, Andrew Savchenko pgpoD77neN2b_.pgp Description: PGP signature
Re: [gentoo-user] basic grub question
On Wed, 15 Jun 2016 12:55:39 -0400 cov...@ccs.covici.com wrote: > Andrew Savchenko <birc...@gentoo.org> wrote: > > > On Wed, 15 Jun 2016 09:41:07 -0400 cov...@ccs.covici.com wrote: > > > Neil Bothwick <n...@digimed.co.uk> wrote: > > > > > > > On Wed, 15 Jun 2016 08:42:45 -0400, cov...@ccs.covici.com wrote: > > > > > > > > > > > But the manual and the html pages constantly talk about the grub > > > > > > > command or rather the grub interactive command, and they usually > > > > > > > call it grub, maybe it has a different name. > > > > > > > > > > > > That's the GRUB interactive shell, that you get to from the boot > > > > > > menu > > > > > > (press c) or get dropped into it if there is no grub.cfg file. > > > > > > > > > > > > > > > > hmmm, I thought you could do it from the console as well, for certain > > > > > commands. > > > > > > > > The commands that show up in "qlist grub" can be run from a standard > > > > shell. The GRUB interactive shell is different, with its own set of > > > > commands. You really need to read the online manual or the info pages > > > > again. The man pages explain the individual commands, but only the full > > > > manual shows how it all fits together. > > > > > > > > Why are you looking to switch from Lilo to GRUB now? If Lilo works, > > > > stick > > > > with it. If it is because you have EFI hardware, I'd skip GRUB and go > > > > straight to Gummiboot or systemd-boot. > > > > > > Well, I am trying to use the nvidia driver which conflicts with uvesafb > > > frame buffer, so it seems. It used to work fine, but not it does not > > > work anymore and the only solutions I have found was a couple of grub > > > parameters which gives you a higher resolution and passes it on to > > > linux. It would not be as good as the uvesafb, but at least it would be > > > better than 80x25. I use the console a lot and only use gnome > > > sometimes, but I don't want to have to reboot into a different kernel > > > just to use gnome. > > > > You can pass any kernel parameters using lilo as well. > > > > Also it should be possible to use uvesafb and nvidia driver without > > kernel switch, at least this is possible with fbcon: as described > > in [1], it is possible to unbind framebuffer console and use text > > vga console, then you should be able to unload uvesafb module and > > load nvidia propietary blob. > > > > [1] https://www.kernel.org/doc/Documentation/fb/fbcon.txt > > But, if I compile uvesafb as a module, as opposed to having it built > into the kernel, I can never activate the frame buffer, I always get > /dev/fb0 no such file or directory when trying to use fbset. If I could > do that, and get the correct mode, that would also solve my problem. Have you tried to load uvesafb module with desired parameters before running fbset? You can setup modules init script to do that automatically. Best regards, Andrew Savchenko pgpTR6jztHNJO.pgp Description: PGP signature
Re: [gentoo-user] basic grub question
On Wed, 15 Jun 2016 11:52:57 -0400 cov...@ccs.covici.com wrote: > Peter Humphrey <pe...@prh.myzen.co.uk> wrote: > > > On Wednesday 15 Jun 2016 11:05:13 cov...@ccs.covici.com wrote: > > > > > You can't use the nouveau drivers and the nvidia driver at the same > > > time, so this is the problem. I did try that once, but at the time > > > which was quite a while ago, it didn't work. > > > > Perhaps I've missed it, but is there any reason you must have > > nvidia-drivers > > rather than nouveau? > > I have a nvidia card, so I need the nvidia drivers, unless I am missinng > something? It is possible to use nouveau driver instead of nvidia drivers. nouveau is a free software, it is also compatible with linux framebuffer drivers (if I remember this correctly), but 3D acceleration will be poor to broken compared to the propietary nvidia drivers, as well as some other features (like advance power management, cooling states and so on). Results vary depending on a hardware used, but usually nouveau is sufficient when user needs only office, web or video and is unacceptable when user needs 3D-related stuff (gaming, modeling, etc). Best regards, Andrew Savchenko pgpqWrVe_3RlJ.pgp Description: PGP signature
Re: [gentoo-user] basic grub question
On Wed, 15 Jun 2016 09:41:07 -0400 cov...@ccs.covici.com wrote: > Neil Bothwick <n...@digimed.co.uk> wrote: > > > On Wed, 15 Jun 2016 08:42:45 -0400, cov...@ccs.covici.com wrote: > > > > > > > But the manual and the html pages constantly talk about the grub > > > > > command or rather the grub interactive command, and they usually > > > > > call it grub, maybe it has a different name. > > > > > > > > That's the GRUB interactive shell, that you get to from the boot menu > > > > (press c) or get dropped into it if there is no grub.cfg file. > > > > > > > > > > hmmm, I thought you could do it from the console as well, for certain > > > commands. > > > > The commands that show up in "qlist grub" can be run from a standard > > shell. The GRUB interactive shell is different, with its own set of > > commands. You really need to read the online manual or the info pages > > again. The man pages explain the individual commands, but only the full > > manual shows how it all fits together. > > > > Why are you looking to switch from Lilo to GRUB now? If Lilo works, stick > > with it. If it is because you have EFI hardware, I'd skip GRUB and go > > straight to Gummiboot or systemd-boot. > > Well, I am trying to use the nvidia driver which conflicts with uvesafb > frame buffer, so it seems. It used to work fine, but not it does not > work anymore and the only solutions I have found was a couple of grub > parameters which gives you a higher resolution and passes it on to > linux. It would not be as good as the uvesafb, but at least it would be > better than 80x25. I use the console a lot and only use gnome > sometimes, but I don't want to have to reboot into a different kernel > just to use gnome. You can pass any kernel parameters using lilo as well. Also it should be possible to use uvesafb and nvidia driver without kernel switch, at least this is possible with fbcon: as described in [1], it is possible to unbind framebuffer console and use text vga console, then you should be able to unload uvesafb module and load nvidia propietary blob. [1] https://www.kernel.org/doc/Documentation/fb/fbcon.txt Best regards, Andrew Savchenko pgpFvb0f1VF4r.pgp Description: PGP signature
Re: [gentoo-user] How to try custom-optimization in firefox
On Tue, 14 Jun 2016 18:39:54 +1000 Adam Carter wrote:
> You missed another flag: USE="custom-cflags". You should really
>
> > read USE flag descriptions (/usr/portage/use.{,local.}desc):
> >
> > custom-cflags - Build with user-specified CFLAGS (unsupported)
> > www-client/firefox:custom-optimization - Fine-tune custom compiler
> > optimizations (-Os, -O0, -O1, -O2, -O3)
> >
> > So custom-optimization will only get -O[0123s] option from your
> > CFLAGS,
>
>
> That's all I want. However, the -O2 was still filtered even though i have
> custom-optimization on.
Yes, -O* are removed from CFLAGS, because firefox uses
special .mozconfig option for -O* flags:
mozconfig_annotate "Gentoo's default optimization" --enable-optimize=-O2
emerge --info is not accurate here, as it can't handle non-trivial
stuff like mozconfig.
Actually -O2 is default and if you want only this option, you may
do nothing, since it is enabled by default.
If you have any further doubts, please provide a full build.log
(compress it or place somewhere outside of the list and provide
a link). Though you should see -O2 yourself there:
==
Building firefox-47.0 with the following configuration
--enable-application=browsermozilla.org default
--enable-optimize=-O2 Gentoo's default optimization
as well as in gcc commands below.
Best regards,
Andrew Savchenko
pgpUQoGHe4GN_.pgp
Description: PGP signature
Re: [gentoo-user] How to try custom-optimization in firefox
On Tue, 14 Jun 2016 14:55:08 +1000 Adam Carter wrote:
> I have enabled this use flag and the output of emerge --info shows it has
> been recognised in USE but not in FCFLAGs/CFLAGs;
>
> grep USE.*custom ff*
> ffafter-cust-opt.txt:USE="custom-optimization dbus gmp-autoupdate gtk2
> hwaccel jemalloc3 jit pulseaudio -bindist -custom-cflags -debug -hardened
> (-neon) (-pgo) (-selinux) -startup-notification (-system-cairo)
> -system-harfbuzz -system-icu -system-jpeg -system-libevent -system-libvpx
> -system-sqlite -test -wifi"
> ffbefore-cust-opt.txt:USE="dbus gmp-autoupdate gtk2 hwaccel jemalloc3 jit
> pulseaudio -bindist -custom-cflags -custom-optimization -debug -hardened
> (-neon) (-pgo) (-selinux) -startup-notification (-system-cairo)
> -system-harfbuzz -system-icu -system-jpeg -system-libevent -system-libvpx
> -system-sqlite -test -wifi"
>
> grep CFLAGS ff*
> ffafter-cust-opt.txt:CFLAGS="-march=amdfam10 -mcx16 -msahf -mpopcnt -mabm
> -O2 -pipe"
> ffafter-cust-opt.txt:FCFLAGS="-O2 -pipe"
> ffafter-cust-opt.txt:CFLAGS="-march=amdfam10 -pipe"
> ffbefore-cust-opt.txt:CFLAGS="-march=amdfam10 -mcx16 -msahf -mpopcnt -mabm
> -O2 -pipe"
> ffbefore-cust-opt.txt:FCFLAGS="-O2 -pipe"
> ffbefore-cust-opt.txt:CFLAGS="-march=amdfam10 -pipe"
>
> I assumed that enabling custom-optimization would let the optimization
> setting from CFLAGS in make.conf pass through unfiltered, but that's not
> the case. What else do i need to do to make it work?
You missed another flag: USE="custom-cflags". You should really
read USE flag descriptions (/usr/portage/use.{,local.}desc):
custom-cflags - Build with user-specified CFLAGS (unsupported)
www-client/firefox:custom-optimization - Fine-tune custom compiler
optimizations (-Os, -O0, -O1, -O2, -O3)
So custom-optimization will only get -O[0123s] option from your
CFLAGS, if you need another options, use custom-cflags. If you need
both (-O* and other options), set both USE flags (as can be seen
from mozcoreconf-v4.eclass).
Best regards,
Andrew Savchenko
pgpUZ666RMISS.pgp
Description: PGP signature
