Re: [gentoo-user] Re: Change MAKEOPTS on the fly?
On 14/7/20 9:34 am, Sam Jorna (wraeth) wrote: > On 14/7/20 2:33 am, Neil Bothwick wrote: >> You have to consider the --jobs option passed to emerge at the same time. >> It's no use limiting each emerge to 2 processes if you then run multiple >> emerges in parallel. Setting --load in MAKEOPTS and --load-average in >> EMERGE_DEFAULT_OPTS is worthwhile on a constrained system. > > It's also worth pointing out that emerge's --load-average is only > evaluated when it's looking to start building a new package/job, as > opposed to MAKEOPTS' (ie. make's) --load which is evaluated every time > make wants to spawn a new thread. If your load average drops below the > threshold, emerge will start a new job with potentially -jN make threads > (though this is mitigated somewhat if also using --load in MAKEOPTS). Re-sending with (what should now be the) correct GPG signature. Sorry, new mail client, and it's trying to be "helpful". -- Sam Jorna (wraeth) signature.asc Description: OpenPGP digital signature
Re: [gentoo-user] Re: Change MAKEOPTS on the fly?
On 14/7/20 2:33 am, Neil Bothwick wrote: > You have to consider the --jobs option passed to emerge at the same time. > It's no use limiting each emerge to 2 processes if you then run multiple > emerges in parallel. Setting --load in MAKEOPTS and --load-average in > EMERGE_DEFAULT_OPTS is worthwhile on a constrained system. It's also worth pointing out that emerge's --load-average is only evaluated when it's looking to start building a new package/job, as opposed to MAKEOPTS' (ie. make's) --load which is evaluated every time make wants to spawn a new thread. If your load average drops below the threshold, emerge will start a new job with potentially -jN make threads (though this is mitigated somewhat if also using --load in MAKEOPTS). -- Sam Jorna (wraeth) signature.asc Description: OpenPGP digital signature
Re: [gentoo-user] Pick your hypothesis:
it encounters one for which it does not have > the files. See my above note about --keep-going. > I prefer to obey the server's admonition against updating more than once > a day, however this is an emergency and I have run sync against it maybe > a dozen times. I have no reason to expect that there is any discrepency > between the files I have and what's actually on the servers unless there > is an entirely different set of servers out there which actually do have > the files I need or a completely new and different way to sync them, > (WTF IS Eix? ) . =| Eix is primarily a search/indexing tool, that also wraps functions such as syncing. You don't need it, but it can be useful. See it's wiki page[1] for details. Yes tools have optional flags that change how they behave; but it's not in an attempt to confuse you as you seem to think. You just need to spend the time to learn the tools you're using, the same as any other tool you get anywhere, online or offline. Why not have a look at the man pages or wiki's for the tools you use before claiming everyone's out to get you? ;) [1] https://wiki.gentoo.org/wiki/Eix -- Sam Jorna (wraeth) GnuPG ID: 0xD6180C26 signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] Unhelpful dovecot upgrade help
On 9/2/18 7:43 PM, Peter Humphrey wrote:
> Hello list,
>
> Today I upgraded dovecot on my local server from 2.2.34 to 2.3.2.1. On
> restarting dovecot I got this:
>
> # /etc/init.d/dovecot restart
> doveconf: Warning: please set ssl_dh= doveconf: Warning: You can generate it with: dd
> if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dhparam -inform
> der > /etc/dovecot/dh.pem
>
> The second warning was spot-on, but what the first warning ought to have
> said is "Uncomment the line #ssl_dh = /etc/dovecot/conf.d/10-ssl.conf."
>
> It took a bit of head-scratching to work that out. i just wanted to help
> others doing this upgrade.
>
There was also at least one case mentioned on IRC where not setting
'postmaster_address' to a full valid address ("postmas...@domain.tld")
caused sieve filtering to fail. In this particular case it was set to
'postmaster@'.
Whether this was the extent of the symptom or not is unclear - it may
have halted the lda altogether.
--
Sam Jorna (wraeth)
GnuPG ID: D6180C26
signature.asc
Description: OpenPGP digital signature
Re: [gentoo-user] OT: Open source document management system
On 01/08/18 16:39, J. Roeleveld wrote:
> On Wednesday, August 1, 2018 8:19:50 AM CEST Bill Kenworthy wrote:
>> Hi all
>>
>> I have been looking for an opensource document management system ...
>> there are a few but none of the ones I have come across are in portage.
>
> I haven't found many good ones.
> I used "OpenKM" for a while as it is closest to my requirements.
Here's an ebuild I wrote a while ago for openKM Community. It's binary
only and I haven't updated or tested it for some time so may need some
hacking at.
Cheers
wraeth
# Copyright 1999-2016 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
EAPI=5
CHECKREQS_DISK_BUILD="1G"
inherit check-reqs eutils
MY_PN="${PN/-community-bin/}"
MY_PNF="${PN/-bin/}"
MY_FILE_64="${MY_PN}-${PV}-community-linux-x64-installer.run"
MY_FILE_86="${MY_PN}-${PV}-community-linux-installer.run"
DESCRIPTION="An electronic document and records management system (EDRMS)."
HOMEPAGE="http://www.openkm.org;
SRC_URI="amd64? ( mirror://sourceforge/${MY_PN}/${MY_FILE_64} )
x86? ( mirror://sourceforge/${MY_PN}/${MY_FILE_86} )"
LICENSE="GPL-2"
SLOT="0"
KEYWORDS="~amd64 ~x86"
DEPEND=""
RDEPEND="${DEPEND}"
QA_PREBUILT="opt/${MY_PNF}/*"
S="${WORKDIR}"
src_unpack() {
cp -v ${DISTDIR}/"${A}" "${WORKDIR}" || die
chmod +x "${WORKDIR}/${A}" || die
}
src_install() {
local runfile
use amd64 && runfile="${MY_FILE_64}"
use x86 && runfile="${MY_FILE_86}"
einfo "Ignore warnings of failure - it's just because it can't set menu
entries"
./${runfile} --mode unattended --prefix "${ED}/opt/${MY_PNF}"
pushd "${ED}/opt/${MY_PNF}" || die
# fix paths
sed -e "s:${ED}::" -i openkm_stop.desktop -i openkm_start.desktop \
-i tomcat/bin/setenv.sh || die
# fix desktop files
sed -e ':^Version:d' -i openkm_stop.desktop -i openkm_start.desktop ||
die
sed -e 's:Office:&;:' -i openkm_stop.desktop -i openkm_start.desktop ||
die
doicon --size 48 "${MY_PN}_48x48.png" || die "failed installing
${MY_PN}_48x48.png"
domenu "${MY_PN}_start.desktop" || die "failed installing
${MY_PN}_start.desktop"
domenu "${MY_PN}_stop.desktop" || die "failed installing
${MY_PN}_stop.desktop"
popd || die
}
signature.asc
Description: OpenPGP digital signature
Re: [gentoo-user] Dual booting with Windows 10
On Wed, Sep 13, 2017 at 11:43:42PM -0500, R0b0t1 wrote: > On Wed, Sep 13, 2017 at 11:36 PM, Sam Jorna <wra...@gentoo.org> wrote: > > On Wed, Sep 13, 2017 at 11:09:14PM -0500, R0b0t1 wrote: > >> It should just work if you create space for it. There are admonitions > >> to install Windows first as people claim it will destroy a disk, but > >> I'm not sure if it ever did this, and it seems to work well with > >> whatever you give it. > > > > It may not destroy any existing partitions, but it will overwrite any > > bootloader you had installed (and/or reset boot order) on the install > > disk. > > > > If you perform an EFI installation it can't delete your bootloader > (unless you modify the partition it's on). > > The second one I didn't think of. Indeed, it won't necessarily destroy the entire ESP, but it will reset the boot order to point to the Windows booloader, and I suspect it will overwrite anything at ESP:EFI\Boot. -- Sam Jorna (wraeth) GnuPG Key: D6180C26 signature.asc Description: Digital signature
Re: [gentoo-user] Dual booting with Windows 10
On Wed, Sep 13, 2017 at 11:09:14PM -0500, R0b0t1 wrote: > It should just work if you create space for it. There are admonitions > to install Windows first as people claim it will destroy a disk, but > I'm not sure if it ever did this, and it seems to work well with > whatever you give it. It may not destroy any existing partitions, but it will overwrite any bootloader you had installed (and/or reset boot order) on the install disk. -- Sam Jorna (wraeth) GnuPG Key: D6180C26 signature.asc Description: Digital signature
Re: [gentoo-user] x11-misc/slop: strict_multilib ?
On Thu, Sep 14, 2017 at 05:10:47AM +0200, tu...@posteo.de wrote: > Hi, > > while updateing maim/slop I got an error for slop: > > > Files matching a file type that is not allowed: >usr/lib/libslopy.so > * ERROR: x11-misc/slop-6.3.46::gentoo failed: > * multilib-strict check failed! > > > Previous versions of slop build just fine on my 64-bit only box...now > it seems to want multilib mandantory... > > Is it just an glitch in The Matrix ... or ,,, ? FEATURES=multilib-strict ensures packages install files into arch-specific lib directories rather than relying on just "lib/". Basically it means that, in order to satisfy multilib-strict, packages must install only to either lib32/ or lib64/. You can get around this yourself by (temporarily) disabling the restriction: FEATURES=-multilib-strict emerge -1a =x11-misc/slop-6.3.46 This has also be logged as bug 629440[1] so you could just wait for it to be resolved. [1] https://bugs.gentoo.org/show_bug.cgi?id=629440 -- Sam Jorna (wraeth) GnuPG Key: D6180C26 signature.asc Description: Digital signature
Re: [gentoo-user] conflict with same package, same USE
On 03/06/17 00:39, Rich Freeman wrote: > On Fri, Jun 2, 2017 at 9:17 AM, Sam Jorna <wra...@gentoo.org> wrote: >> On 02/06/17 23:09, Rich Freeman wrote: >>> The stage3 make.conf shouldn't include this. Now, if you copied your >>> make.conf from some other source like a LiveCD then that could explain >>> where it came from. The flag was actually invented mainly for things >>> like LiveCDs, and these are all built using USE=bindist (we couldn't >>> legally distribute them otherwise). >> >> The stage3 make.conf does include USE=bindist by default, as it includes >> packages affected by this flag (specifically openssh and openssl). It's >> required, as I understand, because the stage3 does distribute binaries >> of these packages, thus must have the patent-encumbered parts disabled. >> > > Interesting. It looks like we do set that in make.conf by default now > - that might be a change from the last time I did an install as I > didn't have to remove this in the past. Indeed. I'm not sure when it changed, though it's been this way for a while. How long that is as compared to your last build... :) > There is no legal requirement to set bindist in the make.conf > installed by the stage3. > > There absolutely is a legal requirement to set bindist in the > make.conf used to BUILD the stage3. The two do not need to be the > same. This is a good point - it's a reasonably common question in #gentoo (or, more commonly, the conflict it can generate). I think it finds its way into the stage3's make.conf because it's essentially just the make.conf used by catalyst, and there's no other significant pressure to change it since it's bare-bones already, but it might be useful to get it changed. -- Sam Jorna (wraeth) <wra...@gentoo.org> GnuPG Key: D6180C26 signature.asc Description: OpenPGP digital signature
Re: [gentoo-user] conflict with same package, same USE
On 02/06/17 23:09, Rich Freeman wrote: > The stage3 make.conf shouldn't include this. Now, if you copied your > make.conf from some other source like a LiveCD then that could explain > where it came from. The flag was actually invented mainly for things > like LiveCDs, and these are all built using USE=bindist (we couldn't > legally distribute them otherwise). The stage3 make.conf does include USE=bindist by default, as it includes packages affected by this flag (specifically openssh and openssl). It's required, as I understand, because the stage3 does distribute binaries of these packages, thus must have the patent-encumbered parts disabled. -- Sam Jorna (wraeth) <wra...@gentoo.org> GnuPG Key: D6180C26 signature.asc Description: OpenPGP digital signature
Re: [gentoo-user] ...doubled updates?
On 25/05/17 12:36, tu...@posteo.de wrote: > Emerging (8 of 10) sys-apps/collectl-4.1.3::gentoo > Emerging (9 of 10) dev-libs/nss-3.30.2-r1::gentoo > Installing (8 of 10) sys-apps/collectl-4.1.3::gentoo > Installing (9 of 10) dev-libs/nss-3.30.2-r1::gentoo Looks like one is Emerging, the other is Installing. This is normal behaviour. -- Sam Jorna (wraeth) GnuPG ID: D6180C26 signature.asc Description: OpenPGP digital signature
Re: [gentoo-user] OT: webmail for mobile devices
On Thu, Feb 09, 2017 at 09:31:49AM +0800, Bill Kenworthy wrote: > Hi all, > > I needed webmail access to the home mailserver for a family member > on holiday yesterday whose VPN couldn't connect and so successfully > installed roundcube - works but the user experience on phone screen is > "poor". > > > Is there a better webmail for mobile devices? - roundcube has a mobile > theme but its a manual install outside of emerge (easy enough though I > have not tested it.) I ve tried squirrelmail in the past but that is > very poor on a mobile phone. This might be a bit of overkill, but ownCloud has a mail module that might be used - it just uses IMAP and SMTP to connect to whichever specified mail hosts. It also has "responsive" design (mobile-friendly). It does require some additional setup though. There are probably better, more use-specific solutions available, but thought I'd mention this. -- Sam Jorna (wraeth) GnuPG Key: D6180C26 signature.asc Description: Digital signature
Re: [gentoo-user] openVPN
On Mon, Feb 06, 2017 at 08:03:21PM -0700, the...@sys-concept.com wrote: > and try to re-emerge it, it is not taking any effect. > emerge -avq easy-rsa > > [ebuild R ] app-crypt/easy-rsa-3.0.1-r1 USE="(-libressl)" > > why isn't the package enclosing the libressl in emerge? The parentheses "()" around the libressl flag indicates that it's forced by your profile. In this case, the libressl USE flag is masked for most architectures/platforms for stable arch because there's no stable libressl package: /usr/portage/profiles/base/use.stable.mask: # Justin Lecher <j...@gentoo.org> (30 Sep 2015) # No stable libressl yet # Addendum: also mask the USE_EXPAND flag, # Anthony G. Basile <bluen...@gentoo.org> (26 Nov 2015) curl_ssl_libressl libressl -- Sam Jorna (wraeth) GnuPG Key: D6180C26 signature.asc Description: Digital signature
Re: [gentoo-user] gnupg 2.1: mutt asks for the passphrase twice
On Fri, Nov 18, 2016 at 08:20:17AM +1100, Sam Jorna wrote: > On Thu, Nov 17, 2016 at 10:08:08PM +0100, Frank Steinmetzger wrote: > > Hey fellows, > > > > apparently, gnupg 2.1 does not recognise my passphrase anymore if I enter it > > in mutt’s terminal: I compose a signed mail in mutt and send it off. Thus I > > am asked for the passphrase first on the terminal (as it has always been), > > and then a second time in a graphical pinentry window. > > > > The latter did not happen with gnupg 2.0 (double-checked by downgrading). > > Does anyone have a hint what’s wrong here and how I can fix this? > > I just recently resolved this myself. You need to add > > --pinentry-mode loopback > > to the relevant commands in your muttrc: > > set pgp_decode_command="gpg --pinentry-mode loopback %?p?--passphrase-fd 0? > --no-verbose --batch --output - %f" > set pgp_verify_command="gpg --pinentry-mode loopback --no-verbose --batch > --output - --verify %s %f" > set pgp_decrypt_command="gpg --pinentry-mode loopback --passphrase-fd 0 > --no-verbose --batch --output - %f" Just re-read this and realised it sounds like I meant the only ones you needed it on were those three. I believe the option needs to be added to those three plus "pgp_sign_command" and "pgp_clearsign_command". Others I believe won't ask for a passphrase and so shouldn't need the option. -- Sam Jorna GnuPG Key: D6180C26 signature.asc Description: Digital signature
Re: [gentoo-user] gnupg 2.1: mutt asks for the passphrase twice
On Thu, Nov 17, 2016 at 10:08:08PM +0100, Frank Steinmetzger wrote: > Hey fellows, > > apparently, gnupg 2.1 does not recognise my passphrase anymore if I enter it > in mutt’s terminal: I compose a signed mail in mutt and send it off. Thus I > am asked for the passphrase first on the terminal (as it has always been), > and then a second time in a graphical pinentry window. > > The latter did not happen with gnupg 2.0 (double-checked by downgrading). > Does anyone have a hint what’s wrong here and how I can fix this? I just recently resolved this myself. You need to add --pinentry-mode loopback to the relevant commands in your muttrc: set pgp_decode_command="gpg --pinentry-mode loopback %?p?--passphrase-fd 0? --no-verbose --batch --output - %f" set pgp_verify_command="gpg --pinentry-mode loopback --no-verbose --batch --output - --verify %s %f" set pgp_decrypt_command="gpg --pinentry-mode loopback --passphrase-fd 0 --no-verbose --batch --output - %f" -- Sam Jorna (wraeth) GnuPG Key: D6180C26 signature.asc Description: Digital signature
Re: [gentoo-user] Fwd: [gentoo-dev] Package up for grabs: sys-boot/gummiboot
On 26/05/16 08:19, Michael Orlitzky wrote: > On 05/25/2016 06:09 PM, Peter Humphrey wrote: >> >> Well, considering the importance of gummiboot to some of us, I might be >> willing to take it on - if I just knew a bit more about package maintenance. >> As I've said many times in recent years, my days of coding expired about 25 >> years ago, and then it was in very different systems from Linux. >> > > These days it's a lot easier to get practice because you don't have to > deal with CVS. If you clone our git repo as your $PORTDIR, then you can > make your changes and `repoman commit` just like the rest of us. If > you're okay with Github, you can create pull requests there from that > same clone. > > You should probably read through the entire devmanual once, but there's > no substitute for practice and asking questions. > > There are a lot of easy bugs open on bugs.gentoo.org that you could fix > to get experience. If you fix something in a maintainer-needed package > and post a pull request, I don't see why we couldn't just merge it. > You'll get good feedback that way. In fact, in the worst case, if > gummiboot drops to maintainer-needed, you could fix bugs and make > version bumps that way without the commitment of being the maintainer. I'll also mention the Proxy Maintainers project[0] here. Yes this is intended to facilitate people taking maintainership of a package, but my point is that there is a project dedicated to facilitating contributors without push access both in offering ebuilding support and committing package changes. If anyone is interested in becoming the nominal maintainer of this, let us know. :) [0] https://wiki.gentoo.org/wiki/Project:Proxy_Maintainers Cheers; -- Sam Jorna (wraeth) <wra...@gentoo.org> GnuPG Key: D6180C26 signature.asc Description: OpenPGP digital signature
Re: [gentoo-user] backing up linux to azure storage
On Sun, May 01, 2016 at 10:02:30AM -0400, cov...@ccs.covici.com wrote: > Hi. I want to backup linux to Microsoft azure storage and could only > find duplicity to do this. However, the gentoo version is obsolete, so > how can I get an ebuild for the current version -- or is there any other > program I could use to backup to this kind of storage? I'm not sure about other programs, but duplicity-0.7.06 appears to be in the rinaldus-overlay (in layman). There is also a version-bump bug [0] currently filed, so you could note newer versions there or provide an ebuild. [0] https://bugs.gentoo.org/539674 -- Sam Jorna (wraeth) GnuPG Key: D6180C26 signature.asc Description: Digital signature
Re: [gentoo-user] Re: CDEPEND
On Tue, Apr 26, 2016 at 02:41:23AM +, James wrote:
> Do you have a definition of exactly what a CDEPEND is?
CDEPEND is a commonly used name for COMMON_DEPEND - dependencies shared between
DEPEND and RDEPEND (and, potentially, PDEPEND). In cases where you have a fair
number of shared dependencies, and one or two in only DEPEND or RDEPEND, you
could enter the common ones in a variable (commonly CDEPEND) and add that to
your {,R}DEPEND definition.
Use of CDEPEND is common, but not policy. You can find other examples of it's
usage with `qgrep -H CDEPEND` (qgrep is provided by app-portage/portage-utils).
> Those (2) aforemention docs do not show CDEPEND in the local search, as
> they (occurences of "CDEPEND") are found in non-text parts of the documents.
>
>
> Is there way to globally search doc indexs like: [3] ?
>
> [3] https://devmanual.gentoo.org/eclass-reference/index.html
You could always use a Google search of "CDEPEND site:devmanual.gentoo.org" (or
similar), but otherwise there isn't that I'm aware of.
There is, however, a definition of CDEPEND in the Java Developer Guide[0] on the
wiki (as found with Googling "CDEPEND site:wiki.gentoo.org"). Note that the wiki
*does* have native built-in searching, though).
[0] https://wiki.gentoo.org/wiki/Java_Developer_Guide#JDK.2FJRE
--
Sam Jorna (wraeth)
GnuPG Key: D6180C26
signature.asc
Description: Digital signature
Re: [gentoo-user] How to contribute ebuilds?
On Sun, Apr 24, 2016 at 09:50:57PM +1000, Sam Jorna wrote: > On Sun, Apr 24, 2016 at 02:42:52PM +0300, Victor wrote: > > What is the preferred way to contribute them without becoming a Gentoo > > Developer? > > > > Should I post them to bugzilla or maybe send to `python' and `emacs' > > overlays (if so, how?), or `sunrise' overlay? Or create my own overlay? > > Hi! > > You can file a "New Ebuild" request on Bugzilla (go to "New" -> "Gentoo > Linux" and select the component "New Ebuilds"), or you can fork the > Portage tree on GitHub[0] and submit a Pull Request. > > If you're interested, you can also become a proxy-maintainer for the > package - you would be responsible for bugs and version-bumps, and while > you wouldn't have commit/push access to the development Portage tree, > the members of the Proxy Maintainers project[1] are there to help > prepare and commit ebuilds and patches. > > Thanks in advance for the contribution! One day I will remember to include my references the first time around... Today is not that day... 0: https://github.com/gentoo/gentoo/ 1: https://wiki.gentoo.org/wiki/Project:Proxy_Maintainers -- Sam Jorna (wraeth) GnuPG Key: D6180C26 signature.asc Description: Digital signature
Re: [gentoo-user] How to contribute ebuilds?
On Sun, Apr 24, 2016 at 02:42:52PM +0300, Victor wrote: > What is the preferred way to contribute them without becoming a Gentoo > Developer? > > Should I post them to bugzilla or maybe send to `python' and `emacs' > overlays (if so, how?), or `sunrise' overlay? Or create my own overlay? Hi! You can file a "New Ebuild" request on Bugzilla (go to "New" -> "Gentoo Linux" and select the component "New Ebuilds"), or you can fork the Portage tree on GitHub[0] and submit a Pull Request. If you're interested, you can also become a proxy-maintainer for the package - you would be responsible for bugs and version-bumps, and while you wouldn't have commit/push access to the development Portage tree, the members of the Proxy Maintainers project[1] are there to help prepare and commit ebuilds and patches. Thanks in advance for the contribution! -- Sam Jorna (wraeth) GnuPG Key: D6180C26 signature.asc Description: Digital signature
Re: [gentoo-user] SOLVED: NVMe drive and grub
On Mon, Apr 11, 2016 at 10:31:42PM -0400, Poison BL. wrote: > The file 'bootx64.efi' is the default that uefi looks for when booting > a 'disk' in a quasi-bios-style fallback (if there's not a real 'boot > this particular thing' like the windows boot manager adds), which also > makes the efibootmgr example that sets up a boot entry for it a little > redundant (though using efibootmgr, one could add an entry for grub to > fix the whole mess). It should be noted that this is very firmware-specific - some implementations use this only as a fallback, some use it as an override to the "default" menu selection, and some only use it if no other alternatives exist. -- Sam Jorna (wraeth) GnuPG Key: D6180C26 signature.asc Description: Digital signature
Re: [gentoo-user] Digest verification failed:
On Thu, Apr 07, 2016 at 06:52:20PM -0400, Valmor de Almeida wrote: >Hello, >I have done several >emerge --sync >today but the digest verification problem below does not go away. >Any thoughts? >Thank you. This has been reported in Bug 579204 [0] and, as far as I am aware, was either caused by bad timing between commits and rsync metadata generation or some other factor in generating the metadata being pushed out to rsync servers; though from what I've seen it seems to only affect some mirrors. 0: https://bugs.gentoo.org/579204 -- Sam Jorna (wraeth) GnuPG Key: D6180C26 signature.asc Description: Digital signature
Re: [gentoo-user] The Project Begins!
On 27/03/16 16:10, Hunter Jozwiak wrote: > Okay. Thanks for that information. Is there a more descriptive version of > the twenty USE flags I should use for Apache, because the index is rather > vague. I pulled up the wiki page, clicked on a link that was attached to one > of the USE flags, which in turn opened up another three hundred plus USE > opportunities. Depends on what you mean by the index. `equery uses www-servers/apache` (from app-portage/gentoolkit) provides a brief description of each flag, but beyond that the wiki and Google (and/or the forums and IRC) are your friends. You can also check out the gentoo-server mailing list[0]. 0: https://www.gentoo.org/get-involved/mailing-lists/all-lists.html Cheers; -- Sam Jorna (wraeth) <wra...@gentoo.org> GnuPG Key: D6180C26 signature.asc Description: OpenPGP digital signature
Re: [gentoo-user] The Project Begins!
On 27/03/16 12:51, 80x24 wrote: > Hunter Jozwiak wrote: >> Hello, >> >> I am going to now host my web site on a Gentoo server. Firstly, is there >> a recommended profile for this, or will the default amd64 profile It depends on your use-case and preference, but hardened is often a good choice for something that will offer external services (as in over the Internet). >> suffice? Or would it be better to use a hardened profile for this task? >> Secondly, does Linode offer the requisite information for things you >> MUST have while building a kernel? The Linode configurations, last time I checked, were significantly out of date (including their Gentoo deployment image). Depending on your level of paranoia, it may be reasonable for you to boot your Linode using their rescue environment and perform a stage-3 install that way. Otherwise, you can simply deploy their Gentoo image and update/harden as necessary. As for kernel configuration, I don't recall seeing anything specifically, however they do include their default kernel configuration in either /boot/config* or /proc/config.gz, so you can use that as a base. >> And finally, I am going to have >> multiple servers. Is there a package that I can use to distribute my >> built kernels? There isn't a package, however depending on how you configure the kernel, you can either just copy the .config from one host or another, or the kernel make program has options to build archives of the built kernel - see `make help` for details. >> Thanks, you guys are awesome, and keep up the good work, >> >> Hunter >> > As far as you know how to hardened security of your servers. Normal > profile will be good (Though I still recommend hardened if you're > familiar with GRsecurity and other ``hardeded'' stuff). > > If you go with the hardened version, you will also need to build custom > kernel and set kernel to pygrub in Linode profile settings (which > selects proper generic kernel by default). And yes you will need a > bootloader. Hardened is not one be-all solution - you can use some hardened features and not others. For example, you can convert to the hardened profile and do not necessarily need to use hardened-sources. Similarly, if you *do* use hardened-sources, you do not need to enable an RBAC (such as GRSecurity or SELinux). If you do use PaX in the kernel, though, you will need to also be on a hardened profile to have binaries marked appropriately. Cheers; -- Sam Jorna (wraeth) <wra...@gentoo.org> GnuPG Key: D6180C26 signature.asc Description: OpenPGP digital signature
Re: [gentoo-user] Upcoming Apache 2.2 _> 2.4 upgrade
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 07/02/16 08:17, Dan Johansson wrote: > According to the news item from 2016-01-27 Apache 2.4 is soon about > to be "stabilized". In portage we have to versions, 2.4.16 & > 2.4.18, of Apache 2.4 available. Can someone say which one of those > two that will be "stabilized"? Reason for my question is quite > simple: I want to unmask that version on my development server to > do some tests. In addition to what mjo said, you can also follow bug 468302 [0] to keep up to date with how the stabilization is going. 0: https://bugs.gentoo.org/show_bug.cgi?id=468302 - -- Sam Jorna (wraeth) <wra...@wraeth.id.au> GnuPG Key: B2D9F759 -BEGIN PGP SIGNATURE- Version: GnuPG v2.1 iL4EAREKAGYFAla2fhpfFIAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldEI0ODI1MTUwNDU0NjE5MTg0MzNCODcxNzVE QzQ0QTdBQjJEOUY3NTkACgkQXcRKerLZ91lk8AD/b4EFdobso0jIt+oe3MCcIma7 jQOJc4dCgdrTqlUH8KwA/3Ev3eyLycT9MvBKX/mYELAsxzq+RP9ZJq1XVNmDfOUX =DYFD -END PGP SIGNATURE-
Re: [gentoo-user] difficulties with lvm2+systemd+grub2
On Wed, Nov 12, 2014 at 10:42:28AM +0100, Michael Mair-Keimberger wrote: On Wed, Nov 12, 2014 at 12:03:04PM +1100, wra...@wraeth.id.au wrote: On Tue, Nov 11, 2014 at 09:56:09PM +0100, Michael Mair-Keimberger wrote: snip systemd. Maybe i could adopt that to my custom one as well. /snip Working examples are always nice :-) The other point I might add is that my system, which uses dracut, has systemd launched with some specific arguments: ps -fp 1 UIDPID PPID C STIME TTY TIME CMD root 1 0 0 11:31 ?00:00:00 /usr/lib/systemd/systemd --switched-root --system --deserialize 18 This may be relevant when creating your own initramfs. Thanks, thats something i could try as well :) I'm not sure of the relevancy (it was just an observation), and I'm not sure how the options (specifically --deserialize NN) is determined since another of my machines has /usr/lib/systemd/systemd --switched-root --system --deserialize 19 First of all, with systemd installed I can't install lvm2 with the static use flag anymore, which is mandatory for being able using it for a initramfs. Why isn't that possible? How can I use the lvm binaries for my initramfs? Again, as I think has been mentioned, the 'static' use flag is typically a shortcut for easily building an initrd. Provided you include all the dependencies of a given binary (as seen with `ldd /path/to/binary`) you don't need static binaries. Yeah, now i was digging a bit further into static binaries. If I insert the relevant libaries it should work too. :) However i was wondering why lvm2 shouldn't be able to build with the static flag on systemd. However that's not important any more, i'm just curious :) This *is* odd, but without a build log we can't really tell (unless someone else has encountered the issue too). Well, at the wiki it's written you should run: genkernel --udev --lvm in order to generate the initramfs. But, you already mentioned it, you need a target in order generate anything, but it isn't mentioned at the wiki. As i'm not familar with genkernel i was a bit confused about the command. I would suggest following for example: genkernel --udev --lvm [target] Fixed :-) Cheers. -- wraeth wra...@wraeth.id.au GnuPG Key: B2D9F759 signature.asc Description: Digital signature
Re: [gentoo-user] Re: [systemd] lvm.service running too early? [HACKED--]
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/12/13 09:36, walt wrote:
On 12/08/2013 10:39 AM, Neil Bothwick wrote:
On Sun, 8 Dec 2013 11:12:23 -0600, Canek Peláez Valdés wrote:
It has the same problem. I looked more carefully at the systemd logs
and found that lvm was running before the xhci kernel module was
loaded, hence the usb3 drive was not visible yet.
I fixed the problem by adding After=basic to the lvm.service
file, and now it works as expected. (Expected by me, anyway :)
Well, at least is working, however is kinda an ugly fix. Could you
create the file /etc/modules-load.d/usb3.conf, with the line xhci in
it, reboot, and see if your little hack is not needed then? Also, if
you are using an initramfs, could you rebuild it before trying?
Alternatively, build xhci into the kernel, since you need it at every
boot.
Both of the suggestions above reversed the order of the journalctl
messages so that the usb3 drive appears before lvm.service is run,
but pvscan still finds no volumes and the volume group is not active
after bootup :(
I changed After=basic.target to After=sysinit.target, which still
gets it working well enough for my primitive needs. IMHO that fix
allows me to decrement ${HACKED} by one :)
Just a thought, but isn't there a unit file for autoloading modules
(therefore making it usable as a After= target)?
- --
Sam Jorna
sam.t.jo...@gmail.com
GnuPG Key ID: 12D3EE0C
Fingerprint:
6D14 8366 16F5 638E 3A29
1FED 5D5C 62D9 12D3 EE0C
Secure your E-mail:
http://www.gnupg.org
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.15 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQGcBAEBAgAGBQJSpQM3AAoJEF1cYtkS0+4MrI8MAKGdzdY5GLDwk1+1JF+DGMiC
RzHrrEVS/+bf8q/z8VSjFPvsIaML9x2yu/Iw2ucvFoFpk4D3n3DGBZrpRhEJiH5a
rj/caeoSH6Hs3qId+AAPfCLMl2cnAT1SdbmKnL1B+kHDdi3fPVgbIlJPjOIVUJ4J
JOh6/56iSSGo3xlwvRwii3su3xHFYYqs9YpTrJzFxaLL/sNIreiUDzA6wkB/BNEX
WvSXAXE7LLt7xo2CvMSU5uGhiCp0rR2iEUbGvZ08fkLLqZn4EGU97fzB7OQ5J6km
70yty45f4Sx55zwYTd7ekpTC0prl8dn8xlwARchmVaByBvIrbu1u+zeEYhvKf7G+
cYWKQ3y1VRCVBDWkLRrn6S2tUwDTCLGyzpLWMcl26oc9rguJ0ZUT7BL0zN0p5cfd
gJ6VZ9MsiXGgv1U3bduBGV7AQUREHQpItdM7z9kjKcEjqaILJX9FLluDDwhTHfcr
bIcRDPj+m8kdZvtznY7MWjoSp1RhOJlhaDbSpVXz+g==
=PWbf
-END PGP SIGNATURE-
