Re: [gentoo-user] Re: What to do about openssl

2023-10-04 Thread Steve Wilson 

From https://www.php.net/manual/en/openssl.requirements.php

PHP 7.1-8.0 requires OpenSSL >= 1.0.1, < 3.0.
PHP >= 8.1 requires OpenSSL >= 1.0.2, < 4.0.

So it looks like you need to upgrade php to 8.1

I've a similar problem with my server requiring php 7.2 and trying to 
figure out the upgrade path for all php based sites/apps is a pain.


On 04/10/2023 18:15, John Covici wrote:

On Wed, 04 Oct 2023 11:53:46 -0400,
Grant Edwards wrote:

On 2023-10-04, John Covici  wrote:

Hi.  I just did a world update and found that my openssl-1.1.1v is
masked.  What can I do,

Use one of the stable versions.


I don't have any version that is not masked

Huh?  What architecture are you on? There are three versions of
openssl that are stable and not masked for amd64, x86, and most
others:

3.0.9-r1
3.0.9-r2
3.0.10

see

https://packages.gentoo.org/packages/dev-libs/openssl


and according to the message this version is EOL.

Indeed. OpenSSL 1.1.1 is dead. Support ended a few weeks ago.







Upon further investigation, I hadd masked them off myself , if I
unmask the 3.x I get the following:
Script started on 2023-10-04 13:10:40-04:00 [COMMAND="emerge -1
dev-libs/openssl" TERM="linux" TTY="/dev/tty1" COLUMNS="240"
LINES="67"]
^M
These are the packages that would be merged, in order:^M
^M
Calculating dependencies  .  ... done!^M
Dependency resolution took 38.07 s.^M
^M
[ebuild  r  U  ] dev-libs/openssl-3.1.3:0/3::gentoo
[1.1.1v:0/1.1::gentoo] USE="asm -fips% -ktls% -rfc3779 -sctp
-static-libs -test -tls-compression -vanilla -verify-sig
-weak-ssl-ciphers (-sslv3%) (-tls-heartbeat%)" ABI_X86="(64) -32
(-x3\2)" CPU_FLAGS_X86="(sse2)" 15,198 KiB^M
[ebuild  rR] sys-apps/coreutils-9.4::gentoo  USE="acl nls openssl
(split-usr) xattr -caps -gmp -hostname -kill -multicall (-selinux)
-static -test -vanilla -verify-sig" 0 KiB^M
[ebuild  rR] net-misc/rsync-3.2.7-r2::gentoo  USE="acl iconv ssl
xattr -examples -lz4 -rrsync -stunnel -system-zlib -verify-sig -xxhash
-zstd" PYTHON_SINGLE_TARGET="python3_11 -python3_10" 0 KiB^M
[ebuild  rR] net-misc/wget-1.21.4::gentoo  USE="ipv6 nls pcre
(ssl) zlib -cookie-check -debug -gnutls -idn -metalink -ntlm -static
-test -uuid -verify-sig" 0 KiB^M
[ebuild  rR] dev-lang/python-3.12.0_rc3_p1:3.12::gentoo
USE="ensurepip gdbm ncurses readline sqlite ssl -bluetooth -build
-debug -examples -libedit -lto -pgo -test -tk -valgrind -verify-sig" 0
KiB^M
[ebuild  rR] dev-libs/libtpms-0.9.6::gentoo  0 KiB^M
[ebuild  rR] www-client/w3m-0.5.3_p20230121::gentoo  USE="X gpm
nls ssl unicode -fbcon -gdk-pixbuf -imlib -lynxkeymap -nntp -xface"
L10N="-ja" 0 KiB^M
[ebuild  rR] dev-db/mysql-connector-c-8.0.32-r1:0/21::gentoo
USE="static-libs -ldap" ABI_X86="(64) -32 (-x32)" 0 KiB^M
[ebuild  rR] dev-lang/rust-1.72.0:stable/1.72::gentoo  USE="lto
(-big-endian) -clippy -debug -dist -doc (-llvm-libunwind) (-miri)
(-nightly) (-parallel-compiler) -profiler -rust-analyzer -rust-src
-rustfmt -system-bootstrap -system-llv\m -test -verify-sig -wasm"
ABI_X86="(64) -32 (-x32)" CPU_FLAGS_X86="sse2" LLVM_TARGETS="(X86)
-AArch64 -AMDGPU -ARM -AVR -BPF -Hexagon -Lanai -LoongArch -MSP430
-Mips -NVPTX -PowerPC -RISCV -Sparc -SystemZ -VE -WebAssembly -XCore"
0 KiB^M
[ebuild  rR] net-libs/libssh-0.10.5:0/4::gentoo  USE="sftp zlib
-debug -doc -examples -gcrypt -gssapi -mbedtls -pcap -server
-static-libs -test" ABI_X86="(64) -32 (-x32)" 0 KiB^M
[ebuild  rR] dev-db/mariadb-connector-c-3.3.4:0/3::gentoo
USE="curl ssl -gnutls -kerberos -static-libs -test" ABI_X86="(64) -32
(-x32)" 0 KiB^M
[ebuild  rR] app-crypt/swtpm-0.8.1-r2::gentoo  USE="seccomp -fuse
-test" 0 KiB^M
[ebuild  rR] dev-python/cryptography-41.0.4::gentoo  USE="-debug
-test" PYTHON_TARGETS="python3_11 -pypy3 -python3_10 -python3_12" 0
KiB^M
[ebuild  rR] dev-db/mariadb-10.11.5:10.11/18::gentoo  USE="backup
odbc pam perl server systemd xml -bindist -columnstore -cracklib
-debug -extraengine -galera -innodb-lz4 -innodb-lzo -innodb-snappy
-jdbc -jemalloc -kerberos -latin1 -mr\oonga -numa -oqgraph -profiling
-rocksdb -s3 (-selinux) -sphinx -sst-mariabackup -sst-rsync -static
-systemtap -tcmalloc -test -yassl" 0 KiB^M
[ebuild  rR] dev-db/postgresql-16.0:16::gentoo  USE="icu nls pam
readline server ssl systemd xml zlib -debug -doc -kerberos -ldap -llvm
-lz4 -perl -python (-selinux) -static-libs -tcl -uuid -zstd"
PYTHON_SINGLE_TARGET="python3_11 -pyth\on3_10 -python3_12" 0 KiB^M
[ebuild  rR] app-admin/syslog-ng-4.4.0::gentoo  USE="systemd -amqp
-caps -dbi -geoip2 -http -json -kafka -mongodb -pacct -python -redis
-smtp -snmp -spoof-source -tcpd -test"
PYTHON_SINGLE_TARGET="python3_11 -python3_10 -python3_12" 0 \KiB^M
[ebuild  rR] dev-db/postgresql-14.9:14::gentoo  USE="icu nls pam
readline server ssl systemd xml zlib -debug -doc -kerberos -ldap -llvm
-lz4 -perl -python (-selinux) -static-libs -tcl -uuid (-threads%)"
PYTHON_SINGLE_TARGET="python3_11\ -python3_10 -python3_12" 0 KiB^M
[ebuild  rR]

Re: [gentoo-user] Any way to automate login to host and su to root?

2022-07-14 Thread Steve Wilson 

Have you looked at dev-tcltk/expect?

There's possibly an example you could try at 
 
although you probably want to prompt for the password or retreive it 
programatically rather than putting it on the command line :o


Steve.

On 14/07/2022 07:35, J. Roeleveld wrote:

Hi All,

I am looking for a way to login to a host and automatically change to root
using a password provided by an external program.

The root passwords are stored in a vault and I can get passwords out using a
script after authenticating.

Currently, I need to do a lot of the steps manually:
ssh @
su -
(copy/paste password from vault)

I would like to change this to:
 

Does anyone have any hints on how to achieve this without adding a "NOPASSWD"
entry into /etc/sudoers ?

Thanks in advance,

Joost

Re: [gentoo-user] gentoo-sources-5.10.103 - will not boot

2022-03-14 Thread Steve Wilson 



On 13/03/2022 22:26, the...@sys-concept.com wrote:

On 3/13/22 14:34, Neil Bothwick wrote:

On Sun, 13 Mar 2022 14:04:59 -0600, the...@sys-concept.com wrote:


On 3/13/22 13:21, the...@sys-concept.com wrote:

Upgraded to: gentoo-sources-5.10.103
and kernel will not boot, not even recovery mode.

I'm getting some strange looping/scrolling message on the screen:

Kscan: watching read  1  fsk983s

I followed standard procedure:

emerge -avq =sys-kernel/gentoo-sources-5.10.103
cd /usr/src/
eselect kernel set 3  (this is: linux -> linux-5.10.103-gentoo)
cd linux
cp ../linux-old_kernel/.config .
mount /boot/

make oldconfig
make
make modules_prepare
make modules_install
make install

grub-mkconfig -o /boot/grub/grub.cfg
reboot

( did the same on my other boxes and this kernel is booting OK on
other installations)


Solved.


Please post the solution. Otherwise anyone with a similar problem
searching for an answer will find only the question and a tease that it
can be fixed but not telling how.


Simple human error :-/

When I did:
cd linux
cp ../linux-old_kernel/.config .
mount /boot/
make oldconfig

New entries showed up. Instead of pressing "enter" I made a mistake 
and press "Y" several times.
This enabled some feature in the new kernel that shouldn't be there; 
example: "CONFIG_KCSAN = y"


Redoing the process just by hitting "enter" soled the problem; new 
kernel boot as it should.


make olddefconfig will the same as oldconfig while picking the defaults, 
this will save on hitting enter each time.


Steve

Re: [gentoo-user] apache blocking access based country

2020-12-08 Thread Steve Wilson 



On 09/12/2020 00:01, Grant Taylor wrote:

On 12/8/20 4:44 PM, Steve Wilson wrote:
I use this as the first step to limit ssh access to one of my 
servers: `iptables -A INPUT -p tcp -m tcp --dport 22 -m geoip ! 
--src-cc GB -m comment --comment "Drop SSH from outside GB" -j DROP`


Has the geoip match extension been updated to take into account 
MaxMind discontinuing their GeoLite database and the need to support 
GeoLite2?


The xt_geoip_dl script grabs a csv from 
https://db-ip.com/db/download/ip-to-country-lite. I imagine there's a 
method for dealing with maxmind's new version and converting to csv if 
they don't already provide one for the paid service.


Steve

Re: [gentoo-user] apache blocking access based country

2020-12-08 Thread Steve Wilson 

On 08/12/2020 22:55, the...@sys-concept.com wrote:

What are my options apache blocking access based on country?
So fare I run onto something "geoip" or ACL (long list of IP's provided by eg:)
https://www.ip2location.com/free/visitor-blocker

We geoip I think I will need to install some module for apache (apache 2.2).  
It is using geoip.dat so it must be a long list of as well.  But they are not 
offering any free version.
wget 
http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz 
(doesn't work)
If you don't need to provide information in the browser to blocked 
users, you could look at net-firewall/xtables-addons with 
XTABLES_ADDONS="geoip". This will allow you to block access to apache at 
the network level.


I use this as the first step to limit ssh access to one of my servers:
`iptables -A INPUT -p tcp -m tcp --dport 22 -m geoip ! --src-cc GB -m 
comment --comment "Drop SSH from outside GB" -j DROP`


This has the advantage that apache doesn't need to process the request, 
but a possible downside that you won't be able to display a message if 
that's a requirement.


Steve

Re: [gentoo-user] rsyslog upstream have removed their template systemd service file

2020-12-02 Thread Steve Wilson 

On 27/11/2020 08:21, Alan J. Wylie wrote:

After updating to rsyslog 8.2008.0, I discovered that the systemd
service file no longer existed.

Upstream removed it from their tarball:

- 2020-08-12: systemd service file removed from project
   This was done as distros nowadays have very different service files and it no
   longer is useful to provide a "generic" (sic) example.
   see also: https://github.com/rsyslog/rsyslog/issues/4333

Please could Gentoo add it back in?


When I discovered the same I took the one from platform/redhat/centos* 
and dropped it into /etc/systemd/system to get up and running again. I 
did consider creating my own but decided to just keep an eye on future 
updates hoping it's there.


* 
https://github.com/rsyslog/rsyslog/blob/master/platform/redhat/centos/rsyslog.service


Steve.

ps.Seems it's a small world, I believe I had the pleasure in taking over 
from you at a common previous employer using rock linux.

Re: [gentoo-user] Strategies for testing an ebuild

2020-10-20 Thread Steve Wilson 
I've had my own overlay for a while, maintaining my own versions of 
plex, new relic and even some removed packages that I use.
Until the the other day I was just making sure they install and work for 
myself, I have now discovered repoman and have several issues which 
actually need tidying up.
On top of this I store this in a private gitlab install so am now 
looking at CI/CD to automate the testing, but at this point I'm at the 
point of creating my own gentoo docker image with various things 
pre-installed to start serious check/test/install of new ebuilds.


Steve.

On 20/10/2020 19:01, Anton wrote:

Hi there,

I am taking on maintaining a package in gentoo-sci overlay. What are 
good ways to test that my ebuild works before creating a pull request?


I am thinking to install a Gentoo Prefix, snapshot its "vanilla" 
state, and run `emerge $mypackage` in the vanilla Prefix as a test. 
Are there better strategies?


Thanks,
Anton

Re: [gentoo-user] Is gentoo-portage and gentoo-wiki offline?

2008-10-17 Thread Steve Wilson 
On Friday 17 October 2008 06:09:20 am Norberto Bensa wrote:
 On Friday October 17 2008 07:56:10 Dale wrote:
  Not sure what the problem is tho.

 They're compiling 2.6.27-gentoo with -j11 on the same box that runs wiki;
 which, btw, is a 386sx with 4MB of RAM. Please be patient, it will take a
 few weeks.

Is this computer (term used lightly), in the USA ?

Steve

--

Re: [gentoo-user] Re: iptables wiki

2006-07-05 Thread Steve Wilson 
Have you tried kmyfirewall ?
Steve
On Wednesday 05 July 2006 12:27, Dale wrote:
 James wrote:
  Dale teendale at vista-express.com writes:
  Now figuring out the iptables command is another matter.  It never has
  really made much sense to me.  I just searched for a good script and ran
  it.
 
  Well that I can help with.
 
  Get the book LINUX FIREWALLS
  Third Edition
  by Steve Suehring and Riboer L. Ziegler
 
  http://www.braingia.org/books/linuxfirewalls/ has some modern scripts
 
 
 
  Thanks for the information!
 
  James

 Yea, but I'm disabled and plus the bookstores around here don't carry
 anything Linux.  So between me not having the money and nothing
 available locally, I have to depend on the net for stuff.  I don't like
 to buy books online because I like to thumb through them first.

 Besides, I prefer finding someone's handy work and checking it out.  One
 day, my light bulb will go off.

 Dale

 :-)  :-)

-- 
Steve Wilson
HOBI International, Inc.
7601 Ambassador Row, suite 101
Dallas, TX 75247
ph 214.951.0143
fx 214.951.0144

This email is intended solely for the person or entity to which it is 
addressed and may contain confidential and/or privileged information. 
Copying, forwarding or distributing this message by persons or entities other 
than the addressee is prohibited. If you have received this email in error, 
please contact the sender immediately and delete the material from any 
computer.
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] remove suse, install gentoo

2006-01-27 Thread Steve Wilson 
On Wednesday 11 January 2006 08:04, Michael Kintzios wrote:
  -Original Message-
  From: Steve Wilson [mailto:[EMAIL PROTECTED]
  Sent: 11 January 2006 12:42
  To: gentoo-user@lists.gentoo.org
  Subject: [gentoo-user] remove suse, install gentoo
 
 
  box: Prostar 2.8Gig ProStar Laptop  w/60 Gig, 7200 rpm hard
  drive, 1 Gig Ram
  Current configuration:
  XP factory installed on 30gig partition
  Suse v9.0 installed on 20gig partition ext2,  1 Gig SWAP
 
  Goal:
  1. Remove Suse.
  2. Format 20 gig with Reisersf
  Leave Grub
  Install Gentoo
  Install VMware.
 
  Question:
  Can I install Gentoo over Suse or should I start over on a
  clean hard drive.
 
  Option I am considering:
  Start with a new hard drive, install Gentoo, VMware and then
  run XP as a
  virtual machine.
  Please advise.
 
  Background:
  I have installed Gentoo from Stage1 on a P3 600 Compaq Deskpro EN and
  Kubuntu on another Compaq Deskpro EN.
  But consider myself a Gentoo novice.
 
  This is my first email to the list.
  Thanks in advance for any help,

 Welcome to the list Steve!  :-)

 As you probably know there's more than one ways to skin a cat, so I only
 express my preferences here;  yours could be entirely different.  I
 would leave the factory installed WinXP alone.  Back up and thereafter
 remove all personal files and data from My Documents/Music/etc.  Use
 Qtparted or Partition Magic, or whatever to shrink it down to 10-12G.
 Make sure that you defrag it a few times (before each successive
 shrinking).

 Then install Gentoo in the remaining space - preferably in primary
 partitions (it may give you an infinitesimally small increase in drive
 access/read/write speed).  Assuming you are using the default three
 partition installation, then have swap first, root second, then an
 extended partition and in logical partition(s) you can fit home if you
 want it separately and boot last.  Bringing Grub up could take an extra
 second but running the rest of the system should benefit
 proportionately.

 You can also create a vfat partition (personally I would put it on the
 second drive) and map all applications in WinXP to use that to save My
 Docs/Music/etc.- This would be your shared partitions to be able to
 access files from all OS'.

 With 1G RAM I would not have a swap partition any larger than 120M.  As
 a matter of fact even that could be an overkill, but you never know.  A
 single swap partition would do nicely for both Linuxes (change your
 /fstab accordingly).   Size:  a lot depends on what you use your system
 for, how often you reboot/flush your swap, logs and how many buggy
 applications you're running.  Just as an indication on a 256M RAM box I
 am using a 145M swap partition which I have never seen filling up more
 than 75M.  Even that only happened when Opera was caching all sort of
 chinese type fonts like mad and OOo was compiling at the same time.
 Otherwise even large compiles (KDE monolithic) struggle to use more than
 65M.  For reasons mentioned above your mileage may vary.

 Of course if you want to go multi-partition insane you could do what
 I've done and install Gentoo spread across multiple partitions on two
 drives/separate controllers to allow parallel access/processing by the
 CPU.  A pain to back up but entertaining all the same if you like that
 sort of thing!  8-D

 Good luck,
 --
 Regards,
 Mick
Thanks for the help.
The route I took was;
1. purchased another hd of same mfg/mdl
2. install gentoo (stage1 install).
3. install vmware 5.5
4. install win2k  as a virtual machine.
Had some wonderful help from someone in our Chicago office that guided me 
along via ssh and later vnd.
Things are working fine EXCEPT FOR:
1. Printing: from Linux (win2k is ok)
2. Mounting USB drive and flash card reader.
Will post to list as a separate questions if I do not figure it out.
-- 
Steve 
-- 
gentoo-user@gentoo.org mailing list

[gentoo-user] remove suse, install gentoo

2006-01-11 Thread Steve Wilson 

box: Prostar 2.8Gig ProStar Laptop  w/60 Gig, 7200 rpm hard drive, 1 Gig Ram
Current configuration:
XP factory installed on 30gig partition
Suse v9.0 installed on 20gig partition ext2,  1 Gig SWAP

Goal:
1. Remove Suse.
2. Format 20 gig with Reisersf
Leave Grub
Install Gentoo
Install VMware.

Question:
Can I install Gentoo over Suse or should I start over on a clean hard drive.

Option I am considering:
Start with a new hard drive, install Gentoo, VMware and then run XP as a 
virtual machine.

Please advise.

Background:
I have installed Gentoo from Stage1 on a P3 600 Compaq Deskpro EN and 
Kubuntu on another Compaq Deskpro EN.

But consider myself a Gentoo novice.

This is my first email to the list.
Thanks in advance for any help,

---
Steve Wilson



--
gentoo-user@gentoo.org mailing list