Re: [gentoo-user] Re: Heads up: Your system might be broken and/or insecure due to serious patch-2.6 bug
On 12/8/09, Alan McKinnon alan.mckin...@gmail.com wrote: Let me emphasise yet again: the way I do things has been successful on 2 machines for more than 6 years; it's others who have problems doing it their way regularly seek advice on this list as a result. Let me correct you there: The experienced old hands here almost uniformly do not have such problems. It's the n00bs who don't grok portage just yet, or don't know to look inside ebuilds when the ebuild goes wonky, who have such problems. The classic cause of problems is mixing stable and testing I think Mr. Webb might be running his gentoo systems like they were some Slackware boxes. I sure run mine like they were Windows/Red Hat/Ubuntu mongrels. Praise the FSM and his noodly appendages for live cds, for times when installs go bad! :) Dependency management is left up to the sysadmin, and that's the way we like it. [1] [1] http://www.slackbook.org/html/package-management.html Habits learned on other systems (Red Hat, Slackware, Ubuntu, OS X, MS Windows etc) are hard to un-learn if they don't break anything in your current system. You just keep on trucking like before. -- Arttu V.
Re: [gentoo-user] Re: Heads up: Your system might be broken and/or insecure due to serious patch-2.6 bug
On Sun, 6 Dec 2009 11:53:41 +0900, daid kahl wrote: On that note, I'd like to ask a question I was going to post or email about. Can I comment the world file. More interestingly, is there a way to pass portage a comment to stick in world above the package? This would be really damn useful. For example, sometimes I'm testing things, and I really do mean to install a package without oneshot. But I might be installing a bunch of things to try to get some third-party dependencies resolved, and later I don't need all them (or I'd like to know why I put it there!!). I use sets for that. Create a file in /etc/portage/sets containing the atom of the package(s) you want to install. You can either add comments to this file or give it an explanatory name (or both), then emerge @setname. I used to use --oneshot for testing, but testing something with a lot of dependencies made --depclean useless, so I use temporary sets now. -- Neil Bothwick I am Barry Norman of the Borg - you will be assimilated - and why not? signature.asc Description: PGP signature
Re: [gentoo-user] Re: Heads up: Your system might be broken and/or insecure due to serious patch-2.6 bug
On Sat, 05 Dec 2009 19:15:29 -0600, Dale wrote: Good catch Volker. I didn't notice that part. He needs to become very familiar with the -1 option but even that is not good in every case. If it is a package that needs to be in world, then that option shouldn't be used either otherwise a --depclean would remove it. He's updating, so packages that need to be in world are already there. If he is using the command he typed in, his world file is going to be huge. Read what he wrote again. He is doing the updates individually without a -u or a -1 or anything else. That means every time he updates, that package goes into the world file. I read, and understood, what he wrote, even if it turned out to be not wheat he meant. I was responding to your If it is a package that needs to be in world, then that option shouldn't be used either otherwise a --depclean would remove it. which is not true if the package is already in world. -- Neil Bothwick If Microsoft made cars: The airbag system would ask are you sure? before deploying. signature.asc Description: PGP signature
Re: [gentoo-user] Re: Heads up: Your system might be broken and/or insecure due to serious patch-2.6 bug
On Sun, 6 Dec 2009 14:49:44 -0500, Philip Webb wrote: I know that from my home-made list of pkgs which I have installed, where they are marked with 'W' system pkgs with 'S'. Yes, I do have to keep it upto-date as I do emerges. One of the major deficiencies of Gentoo is that it doesn't provide such a file automatically. emerge -p @system emerge -p @world -- Neil Bothwick Velilind's Laws of Experimentation: 1. If reproducibility may be a problem, conduct the test only once. 2. If a straight line fit is required, obtain only two data points. signature.asc Description: PGP signature
Re: [gentoo-user] Re: Heads up: Your system might be broken and/or insecure due to serious patch-2.6 bug
Neil Bothwick wrote: On Sat, 05 Dec 2009 19:15:29 -0600, Dale wrote: Good catch Volker. I didn't notice that part. He needs to become very familiar with the -1 option but even that is not good in every case. If it is a package that needs to be in world, then that option shouldn't be used either otherwise a --depclean would remove it. He's updating, so packages that need to be in world are already there. If he is using the command he typed in, his world file is going to be huge. Read what he wrote again. He is doing the updates individually without a -u or a -1 or anything else. That means every time he updates, that package goes into the world file. I read, and understood, what he wrote, even if it turned out to be not wheat he meant. I was responding to your If it is a package that needs to be in world, then that option shouldn't be used either otherwise a --depclean would remove it. which is not true if the package is already in world. I was making the point tho that if it is a new emerge and needs to be in world, then the -1 option would not add it. If a person them runs --depclean, it would them remove the package and its dependencies. I know for me at least, I rarely re-emerge the same package twice by hand. If I change the USE flags, I let -n catch that. If it is a update, I let -u catch that. Dale :-) :-)
Re: [gentoo-user] Re: Heads up: Your system might be broken and/or insecure due to serious patch-2.6 bug
091207 Neil Bothwick wrote: On Sun, 6 Dec 2009 14:49:44 -0500, Philip Webb wrote: I know that from my home-made list of pkgs which I have installed, where they are marked with 'W' system pkgs with 'S'. Yes, I do have to keep it upto-date as I do emerges. One of the major deficiencies of Gentoo is that it doesn't provide such a file automatically. emerge -p @system emerge -p @world root:501 ~ emerge -p @system !!! '@system' is not a valid package atom. !!! Please check ebuild(5) for full details. root:502 ~ emerge -p @world !!! '@world' is not a valid package atom. !!! Please check ebuild(5) for full details. 'man 5 ebuild' has nothing relevant to '@' 'system' 'world' '-p'. I'm using the latest stable Portage-2.1.6.3 . Any further advice ? Let me emphasise yet again: the way I do things has been successful on 2 machines for more than 6 years; it's others who have problems doing it their way regularly seek advice on this list as a result. -- ,, SUPPORT ___//___, Philip Webb ELECTRIC /] [] [] [] [] []| Cities Centre, University of Toronto TRANSIT`-O--O---' purslowatchassdotutorontodotca
Re: [gentoo-user] Re: Heads up: Your system might be broken and/or insecure due to serious patch-2.6 bug
On Tuesday 08 December 2009 00:46:18 Philip Webb wrote: 091207 Neil Bothwick wrote: On Sun, 6 Dec 2009 14:49:44 -0500, Philip Webb wrote: I know that from my home-made list of pkgs which I have installed, where they are marked with 'W' system pkgs with 'S'. Yes, I do have to keep it upto-date as I do emerges. One of the major deficiencies of Gentoo is that it doesn't provide such a file automatically. emerge -p @system emerge -p @world root:501 ~ emerge -p @system !!! '@system' is not a valid package atom. !!! Please check ebuild(5) for full details. root:502 ~ emerge -p @world !!! '@world' is not a valid package atom. !!! Please check ebuild(5) for full details. 'man 5 ebuild' has nothing relevant to '@' 'system' 'world' '-p'. I'm using the latest stable Portage-2.1.6.3 . Your version of portage does not support sets. Any further advice ? Let me emphasise yet again: the way I do things has been successful on 2 machines for more than 6 years; it's others who have problems doing it their way regularly seek advice on this list as a result. Let me correct you there: The experienced old hands here almost uniformly do not have such problems. It's the n00bs who don't grok portage just yet, or don't know to look inside ebuilds when the ebuild goes wonky, who have such problems. The classic cause of problems is mixing stable and testing -- alan dot mckinnon at gmail dot com
Re: [gentoo-user] Re: Heads up: Your system might be broken and/or insecure due to serious patch-2.6 bug
Alan McKinnon wrote: On Tuesday 08 December 2009 00:46:18 Philip Webb wrote: 091207 Neil Bothwick wrote: On Sun, 6 Dec 2009 14:49:44 -0500, Philip Webb wrote: I know that from my home-made list of pkgs which I have installed, where they are marked with 'W' system pkgs with 'S'. Yes, I do have to keep it upto-date as I do emerges. One of the major deficiencies of Gentoo is that it doesn't provide such a file automatically. emerge -p @system emerge -p @world root:501 ~ emerge -p @system !!! '@system' is not a valid package atom. !!! Please check ebuild(5) for full details. root:502 ~ emerge -p @world !!! '@world' is not a valid package atom. !!! Please check ebuild(5) for full details. 'man 5 ebuild' has nothing relevant to '@' 'system' 'world' '-p'. I'm using the latest stable Portage-2.1.6.3 . Your version of portage does not support sets. Any further advice ? Let me emphasise yet again: the way I do things has been successful on 2 machines for more than 6 years; it's others who have problems doing it their way regularly seek advice on this list as a result. Let me correct you there: The experienced old hands here almost uniformly do not have such problems. It's the n00bs who don't grok portage just yet, or don't know to look inside ebuilds when the ebuild goes wonky, who have such problems. The classic cause of problems is mixing stable and testing OP, And I would like to mention that portage has changed a LOT in the last six years. The way you do things apparently has not. That alone could lead to problems. As software changes, we have to change the way we do things in order to react to those changes. If we don't, then we could run into problems. I first installed Gentoo from a 1.4 CD so I been around about the same amount of time you have. Portage has changed a whole lot since then. The way I do things has changed as well. I don't think revdep-rebuild even existed back then. I use it regularly now. Portage has a lot of options now that it didn't have back then. They are there because they are needed and useful in certain situations. Using Gentoo basically requires you to stay up to date. Getting behind can come back to bite you. That can be said about a lot of situations with Gentoo, both in updating the OS and updating ourselves as well. Dale :-) :-)
Re: [gentoo-user] Re: Heads up: Your system might be broken and/or insecure due to serious patch-2.6 bug
On Mon, 7 Dec 2009 17:46:18 -0500, Philip Webb wrote: One of the major deficiencies of Gentoo is that it doesn't provide such a file automatically. emerge -p @system emerge -p @world root:501 ~ emerge -p @system !!! '@system' is not a valid package atom. !!! Please check ebuild(5) for full details. root:502 ~ emerge -p @world !!! '@world' is not a valid package atom. !!! Please check ebuild(5) for full details. 'man 5 ebuild' has nothing relevant to '@' 'system' 'world' '-p'. I'm using the latest stable Portage-2.1.6.3 . Any further advice ? Sets are not available in stable portage but have been working well in testing for over a year. Let me emphasise yet again: the way I do things has been successful on 2 machines for more than 6 years; it's others who have problems doing it their way regularly seek advice on this list as a result. That doesn't mean it would work for others, especially if they followed your advice and messed up their world file. Your way basically consists of treating portage with a great deal of mistrust and keeping paper records of everything you permit it to do, after laboriously checking what it tells you it wants to do. Plenty of people let portage get on with the job it is supposed to do without any significant breakage. -- Neil Bothwick You are about to give someone a piece of your mind, something you can ill afford... signature.asc Description: PGP signature
Re: [gentoo-user] Re: Heads up: Your system might be broken and/or insecure due to serious patch-2.6 bug
daid kahl wrote: I could take a whole day typing in exactly what I do, but I assumed the otherwise intelligent subscribers to the list would realise that I add '-1' to those pkgs which are not in 'world'. My 'world' file contains 112 entries, incl 28 'sys' + 35 'kde'. Really, does something like that need spelling out (tries to smile) ? It probably doesn't, but since this thread has gotten slightly hot, I'll only insult myself here. I forget to add 1 a lot more than I should, and as a result my world file is probably full of pollution. This isn't to say I don't clean it out from time to time, but in theory people are just posting reminders to be sure you weren't forgetting yourself -- I know I'm guilty of it sometimes. On that note, I'd like to ask a question I was going to post or email about. Can I comment the world file. More interestingly, is there a way to pass portage a comment to stick in world above the package? This would be really damn useful. For example, sometimes I'm testing things, and I really do mean to install a package without oneshot. But I might be installing a bunch of things to try to get some third-party dependencies resolved, and later I don't need all them (or I'd like to know why I put it there!!). Thoughts? Regards, daid I think there was a time when there was no -1 option. At least I didn't use it at first. Anyway, glad to hear you are using the option correctly, most of the time anyway. ;-) You have about the same size world file as me. Packages installed: 1205 Packages in world:106 Packages in system: 50 Required packages:1205 I haven't cleaned mine out in a while tho. It's possible a couple could have slipped in there. I to would like to know if comments are permitted in the world file. The only thing is, some geek has portage putting things in alphabetical order. I'm not sure how that would work. Would portage put them all in order or would they even be able to stay with the package the comment goes with? Interesting. Dale :-) :-)
Re: [gentoo-user] Re: Heads up: Your system might be broken and/or insecure due to serious patch-2.6 bug
On Saturday 05 December 2009 16:26:48 I wrote: * The current test system had a series of KDE-4 problems, which I thought must have been caused by the patch bug, but simply remerging everything installed since then hadn't fixed them. Not only has it not fixed the earlier problems - now I have no keyboard or mouse, and yes I did reinstall all the X drivers. So yesterday's nine hours of emerging is all for nothing. I think that whole system is going in the bin and I'll revert to my kde-sunset system. -- Rgds Peter
Re: [gentoo-user] Re: Heads up: Your system might be broken and/or insecure due to serious patch-2.6 bug
On Samstag 05 Dezember 2009, Peter Humphrey wrote: On 5/12/2009, Philip Webb purs...@ca.inter.net wrote: Anyway, don't do testing on the machine you use for everyday computing. If you want to get into testing, use a dedicated machine for it. I've been using a separate partition on an existing machine to run a ~amd64 system for evaluation, and yesterday I got my comeuppance. I wanted to go back to an earlier backup of the test system*, so I took a backup of my home directory with its e-mail history, wiped the partition and restored the old backup followed by the home directory. Wrong. I'd mixed the home directories of the two systems and so I lost the last five weeks' worth of e-mails. And no, I hadn't been drinking or getting over-tired. Just goes to show - you can't be too careful. * The current test system had a series of KDE-4 problems, which I thought must have been caused by the patch bug, but simply remerging everything installed since then hadn't fixed them. well, I had (1!) problem after updating to KDE 4.3.4. Konsole's fonts looked ugly and the cursor was misplaced to the right by one 'space'. Rebuilding everything emerged after patch-2.6 (which included kde, qt and a lot of other stuff), solved that problem.
Re: [gentoo-user] Re: Heads up: Your system might be broken and/or insecure due to serious patch-2.6 bug
091206 Alan McKinnon wrote: On Saturday 05 December 2009 21:09:50 Philip Webb wrote: Please read what I said hopefully think briefly before responding. If the pkg is already in 'world', it's 'emerge pkg'; if not -- the more frequent case -- , it's 'emerge -1 pkg'. That keeps everything in order (yes, you have to watch what you do). Rather *always* use -1, then you don't have to keep track in your head what is and isn't in world. I know that from my home-made list of pkgs which I have installed, where they are marked with 'W' system pkgs with 'S'. Yes, I do have to keep it upto-date as I do emerges. One of the major deficiencies of Gentoo is that it doesn't provide such a file automatically. You will likely finish your update session with -p --depclean anyway, I have never used 'depclean' for anything: reports suggest it's unreliable. I do regularly use 'equery d pkg' remove pkgs which are not required. I always move the entry to the 'removed' list in my installed-pkg index, where I can check for recent removals, if there is a problem (rare). Much easier than trying to keep world in your head and avoids world pollution when you will inevitably get it wrong, which requires you to examine all 128 entries in world hand-edit it. As I've tried to make clear, I'm careful when I do my weekly update. Also, 'eix-sync' output 'emerge -Dup' show world pkgs in bold type. Some things humans are exceptionally bad at and computers are exceptionally good at. Let portage do what portage does best. Portage has improved a lot, but it's still far from perfect. Machines are servants, humans remain their masters. As I've said twice already, I've been doing all this for 6 years have never run into the problems which are regularly reported by others. -- ,, SUPPORT ___//___, Philip Webb ELECTRIC /] [] [] [] [] []| Cities Centre, University of Toronto TRANSIT`-O--O---' purslowatchassdotutorontodotca
Re: [gentoo-user] Re: Heads up: Your system might be broken and/or insecure due to serious patch-2.6 bug
On Samstag 05 Dezember 2009, Philip Webb wrote: Also, I never do a bald 'emerge world'. I look thro' the output of 'eix-sync', write -- with a pencil+paper -- a list of installed pkgs which have changed, run 'emerge -Dup world' to see what order of emerging is recommended, then individually 'emerge -pv pkg' -- if all looks well -- 'emerge pkg'. Yes, it takes a bit longer for my weekly update session (tomorrow Sat), but I don't risk the nightmare of reducing my system to chaos with all the extra frantic labor which would result. which f*cks up world and is a very bad idea. Really, emmerging every single package? 'world' is useless for you and cleaning unused deps a nightmare. Congratulation, you crippled your system. The easy way to avoid problems are BINPKGs. Use it and a downgrade in case of problems only takes seconds.
Re: [gentoo-user] Re: Heads up: Your system might be broken and/or insecure due to serious patch-2.6 bug
Volker Armin Hemmann wrote: On Samstag 05 Dezember 2009, Philip Webb wrote: Also, I never do a bald 'emerge world'. I look thro' the output of 'eix-sync', write -- with a pencil+paper -- a list of installed pkgs which have changed, run 'emerge -Dup world' to see what order of emerging is recommended, then individually 'emerge -pv pkg' -- if all looks well -- 'emerge pkg'. Yes, it takes a bit longer for my weekly update session (tomorrow Sat), but I don't risk the nightmare of reducing my system to chaos with all the extra frantic labor which would result. which f*cks up world and is a very bad idea. Really, emmerging every single package? 'world' is useless for you and cleaning unused deps a nightmare. Congratulation, you crippled your system. The easy way to avoid problems are BINPKGs. Use it and a downgrade in case of problems only takes seconds. Good catch Volker. I didn't notice that part. He needs to become very familiar with the -1 option but even that is not good in every case. If it is a package that needs to be in world, then that option shouldn't be used either otherwise a --depclean would remove it. Dale :-) :-)
Re: [gentoo-user] Re: Heads up: Your system might be broken and/or insecure due to serious patch-2.6 bug
On Sat, 5 Dec 2009 14:31:16 +0100, Volker Armin Hemmann wrote: The easy way to avoid problems are BINPKGs. Use it and a downgrade in case of problems only takes seconds. Install demerge too and you can roll back to pre-breakage very easily. -- Neil Bothwick Old hitchhikers never die-they just throw in the towel. signature.asc Description: PGP signature
Re: [gentoo-user] Re: Heads up: Your system might be broken and/or insecure due to serious patch-2.6 bug
2 pieces of advice to avoid such problems: (1) never use the 'testing' versions of system pkgs; (2) never run 'emerge world' without the '-p' flag. I kindly disagree. ~[arch] is testing for Gentoo ebuild. It's considered stable upstream. This was an upstream bug, not a Gentoo bug. Yes, my comments didn't respond exactly to the problem reported, but offered more general advice which might help avoid such problems. someone's got to be testing stuff and filing reports upstream. It doesn't mean you want to do it, but I really think considering ~ as a test of upstream is rather silly. The defective version of 'patch' had got into 'testing', where the only remaining problems are supposed to be in the ebuild; in fact in this case, there was still a serious problem upstream that version of 'patch' has been re-masked (I believe). Anyway, don't do testing on the machine you use for everyday computing. If you want to get into testing, use a dedicated machine for it. My point is that using things out of portage, stable or unstable, shouldn't be considered as testing, as they are upstream stable releases. Doing testing is getting the latest stuff out of git, etc. Of course, there will be bugs in upstream stable code as well, but that's life I suppose. I've been using Gentoo for more than 6 years it's never happened to me. I believe the reason is that I follow my own advice as above: I do install 'testing' versions of non-vital pkgs (eg 'eix') items which are well-supported upstream (eg KDE, kernel), but I am very cautious about installing testing versions of system pkgs whose collapse would do real damage to my everyday activities. Even when stuff is well-supported upstream, I give it a few weeks to see if there are reports anywhere of bad things happening. There's nothing wrong with running stable gentoo, but as others have commented, one ought to be careful about mixing and matching, for example, ~x86 and x86. Running a stable base system with unstable packages can also lead to a lot of problems, since the code is never really considered to run together on the same system. Although I've only been at Gentoo about half the amount of time, I've run full stable and unstable systems, and I can't say there is much difference in my experience. If I had to generalize, I'd say that on unstable I might hit more bugs, but figuring out what to do to fix the problem is usually much faster. I was planning to switch back soon, actually. One can think of ~arch as either bad because it's so-called unstable, or good because you don't wait 6 months to get something like Firefox 3.5. I use a similar approach to you, and run EMERGE_DEFAULT_OPTS=--ask --verbose If anything looks suspicious, not only will I take note with paper, but I'll likely be sure to get a fresh system backup first as well before proceeding. Regards, daid
Re: [gentoo-user] Re: Heads up: Your system might be broken and/or insecure due to serious patch-2.6 bug
On Samstag 05 Dezember 2009, Neil Bothwick wrote: On Sat, 5 Dec 2009 14:31:16 +0100, Volker Armin Hemmann wrote: The easy way to avoid problems are BINPKGs. Use it and a downgrade in case of problems only takes seconds. Install demerge too and you can roll back to pre-breakage very easily. of course
Re: [gentoo-user] Re: Heads up: Your system might be broken and/or insecure due to serious patch-2.6 bug
On 5/12/2009, Philip Webb purs...@ca.inter.net wrote: Anyway, don't do testing on the machine you use for everyday computing. If you want to get into testing, use a dedicated machine for it. I've been using a separate partition on an existing machine to run a ~amd64 system for evaluation, and yesterday I got my comeuppance. I wanted to go back to an earlier backup of the test system*, so I took a backup of my home directory with its e-mail history, wiped the partition and restored the old backup followed by the home directory. Wrong. I'd mixed the home directories of the two systems and so I lost the last five weeks' worth of e-mails. And no, I hadn't been drinking or getting over-tired. Just goes to show - you can't be too careful. * The current test system had a series of KDE-4 problems, which I thought must have been caused by the patch bug, but simply remerging everything installed since then hadn't fixed them.
Re: [gentoo-user] Re: Heads up: Your system might be broken and/or insecure due to serious patch-2.6 bug
On Sat, 05 Dec 2009 08:10:15 -0600, Dale wrote: Good catch Volker. I didn't notice that part. He needs to become very familiar with the -1 option but even that is not good in every case. If it is a package that needs to be in world, then that option shouldn't be used either otherwise a --depclean would remove it. He's updating, so packages that need to be in world are already there. -- Neil Bothwick I don't have any solution, but I certainly admire the problem. signature.asc Description: PGP signature
Re: [gentoo-user] Re: Heads up: Your system might be broken and/or insecure due to serious patch-2.6 bug
091205 Volker Armin Hemmann wrote: On Samstag 05 Dezember 2009, Philip Webb wrote: Also, I never do a bald 'emerge world'. I look thro' the output of 'eix-sync', write -- with a pencil+paper -- a list of installed pkgs which have changed, run 'emerge -Dup world' to see what order of emerging is recommended, then individually 'emerge -pv pkg' -- if all looks well -- 'emerge pkg'. Yes, it takes a bit longer for my weekly update session (tomorrow Sat), but I don't risk the nightmare of reducing my system to chaos with all the extra frantic labor which would result. which f*cks up world and is a very bad idea. Really, emerging every single package? 'world' is useless for you and cleaning unused deps a nightmare. Please read what I said hopefully think briefly before responding. If the pkg is already in 'world', it's 'emerge pkg'; if not -- the more frequent case -- , it's 'emerge -1 pkg'. That keeps everything in order (yes, you have to watch what you do). The easy way to avoid problems are BINPKGs. Use it and a downgrade in case of problems only takes seconds. Yes, I do have 'FEATURES=buildsyspkg' in 'make.conf', of course, but I've never needed to make use of those emergency files. My general point is that Gentoo is about managing your own system rather than relying on someone out there to do it for you; IMO binary distros are closer to using M$ or Apple than they are to Gentoo relying on 'emerge world' is closer to binary distros than to true Gentoo. 'world' is a less important part of Gentoo than many users believe: IIRC it was imitated from FreeBSD by Gentoo's founder in the early days. My recommendation is to put a bit more time into regular updates thereby reduce the chance that you'll need to fix a major breakdown; also as said, if you want to do real testing, use a dedicated system on another partition or (safest) another machine altogether. Otherwise, thanks for the thoughtful comments by others. -- ,, SUPPORT ___//___, Philip Webb ELECTRIC /] [] [] [] [] []| Cities Centre, University of Toronto TRANSIT`-O--O---' purslowatchassdotutorontodotca
Re: [gentoo-user] Re: Heads up: Your system might be broken and/or insecure due to serious patch-2.6 bug
On Samstag 05 Dezember 2009, Philip Webb wrote: 091205 Volker Armin Hemmann wrote: On Samstag 05 Dezember 2009, Philip Webb wrote: Also, I never do a bald 'emerge world'. I look thro' the output of 'eix-sync', write -- with a pencil+paper -- a list of installed pkgs which have changed, run 'emerge -Dup world' to see what order of emerging is recommended, then individually 'emerge -pv pkg' -- if all looks well -- 'emerge pkg'. Yes, it takes a bit longer for my weekly update session (tomorrow Sat), but I don't risk the nightmare of reducing my system to chaos with all the extra frantic labor which would result. which f*cks up world and is a very bad idea. Really, emerging every single package? 'world' is useless for you and cleaning unused deps a nightmare. Please read what I said hopefully think briefly before responding. If the pkg is already in 'world', it's 'emerge pkg'; if not -- the more frequent case -- , it's 'emerge -1 pkg'. That keeps everything in order (yes, you have to watch what you do). no, it isn't. you are adding deps to world file. Deps aren't there until you emerge them manually. Look up how world works. Yes, I do have 'FEATURES=buildsyspkg' in 'make.conf', of course, but I've never needed to make use of those emergency files. buildsyspkg is not enough. My general point is that Gentoo is about managing your own system rather than relying on someone out there to do it for you; there are smart ways to do so and there are stupid ways. IMO binary distros are closer to using M$ or Apple than they are to Gentoo relying on 'emerge world' is closer to binary distros than to true Gentoo. 'world' is a less important part of Gentoo than many users believe wrong in all counts. Gentoo is about 'giving good tools to get the desired result'. You are not using the tools. Instead you are working against the tools and make your life and the work of the tools a lot harder. And world is important. world is the difference between 'installed manually' and 'just a dependency'. What you are doing fucks this up. Result: portage can not figure which package was installed because you want it and which one is just a dependency that can be removed by depclean. : IIRC it was imitated from FreeBSD by Gentoo's founder in the early days. My recommendation is to put a bit more time into regular updates no, your advise is to do something stupid that results in a lot more work for no (!) reward. You gain nothing doing it your way. You just screw up your system. thereby reduce the chance that you'll need to fix a major breakdown; no. You don't reduce anything. In fact, your way increases the chances of an epic fuckup. I hope nobody is following your advise.
Re: [gentoo-user] Re: Heads up: Your system might be broken and/or insecure due to serious patch-2.6 bug
Neil Bothwick wrote: On Sat, 05 Dec 2009 08:10:15 -0600, Dale wrote: Good catch Volker. I didn't notice that part. He needs to become very familiar with the -1 option but even that is not good in every case. If it is a package that needs to be in world, then that option shouldn't be used either otherwise a --depclean would remove it. He's updating, so packages that need to be in world are already there. If he is using the command he typed in, his world file is going to be huge. Read what he wrote again. He is doing the updates individually without a -u or a -1 or anything else. That means every time he updates, that package goes into the world file. I'm hoping he typed that in wrong. Dale :-) :-)
Re: [gentoo-user] Re: Heads up: Your system might be broken and/or insecure due to serious patch-2.6 bug
091205 Dale wrote: Neil Bothwick wrote: He's updating, so packages that need to be in world are already there. If he is using the command he typed in, his world file is going to be huge. He is doing the updates individually without a -u or a -1 or anything else. That means every time he updates, that package goes into the world file. I'm hoping he typed that in wrong. I could take a whole day typing in exactly what I do, but I assumed the otherwise intelligent subscribers to the list would realise that I add '-1' to those pkgs which are not in 'world'. My 'world' file contains 112 entries, incl 28 'sys' + 35 'kde'. Really, does something like that need spelling out (tries to smile) ? -- ,, SUPPORT ___//___, Philip Webb ELECTRIC /] [] [] [] [] []| Cities Centre, University of Toronto TRANSIT`-O--O---' purslowatchassdotutorontodotca
Re: [gentoo-user] Re: Heads up: Your system might be broken and/or insecure due to serious patch-2.6 bug
I could take a whole day typing in exactly what I do, but I assumed the otherwise intelligent subscribers to the list would realise that I add '-1' to those pkgs which are not in 'world'. My 'world' file contains 112 entries, incl 28 'sys' + 35 'kde'. Really, does something like that need spelling out (tries to smile) ? It probably doesn't, but since this thread has gotten slightly hot, I'll only insult myself here. I forget to add 1 a lot more than I should, and as a result my world file is probably full of pollution. This isn't to say I don't clean it out from time to time, but in theory people are just posting reminders to be sure you weren't forgetting yourself -- I know I'm guilty of it sometimes. On that note, I'd like to ask a question I was going to post or email about. Can I comment the world file. More interestingly, is there a way to pass portage a comment to stick in world above the package? This would be really damn useful. For example, sometimes I'm testing things, and I really do mean to install a package without oneshot. But I might be installing a bunch of things to try to get some third-party dependencies resolved, and later I don't need all them (or I'd like to know why I put it there!!). Thoughts? Regards, daid
Re: [gentoo-user] Re: Heads up: Your system might be broken and/or insecure due to serious patch-2.6 bug
On Saturday 05 December 2009 21:09:50 Philip Webb wrote: Please read what I said hopefully think briefly before responding. If the pkg is already in 'world', it's 'emerge pkg'; if not -- the more frequent case -- , it's 'emerge -1 pkg'. That keeps everything in order (yes, you have to watch what you do). Rather *always* use -1, then you don't have to keep track in your head what is and isn't in world. You will likely finish your update session with -p --depclean anyway, so anything that should have gone into world can be fixed with a quick -n followed by a --depclean for real Much easier than trying to keep world in your head and avoids world pollution when you will inevitably get it wrong, which requires you to examine all 128 entries in world and hand-edit the file. Some things in this world humans are exceptionally bad at and computers are exceptionally good at. Let portage do what portage does best. -- alan dot mckinnon at gmail dot com
Re: [gentoo-user] Re: Heads up: Your system might be broken and/or insecure due to serious patch-2.6 bug
On Saturday 05 December 2009 22:14:48 Volker Armin Hemmann wrote: And world is important. world is the difference between 'installed manually' and 'just a dependency'. What you are doing fucks this up. Result: portage can not figure which package was installed because you want it and which one is just a dependency that can be removed by depclean. It also removes portage's ability to manually resolve b blockers -- alan dot mckinnon at gmail dot com
Re: [gentoo-user] Re: Heads up: Your system might be broken and/or insecure due to serious patch-2.6 bug
2 pieces of advice to avoid such problems: (1) never use the 'testing' versions of system pkgs; (2) never run 'emerge world' without the '-p' flag. I kindly disagree. ~[arch] is testing for Gentoo ebuild. It's considered stable upstream. This was an upstream bug, not a Gentoo bug. And, as others mentioned, someone's got to be testing stuff and filing reports upstream. It doesn't mean you want to do it, but I really think considering ~ as a test of upstream is rather silly. If this is your idea, run hardened or like slackware. ~daid
Re: [gentoo-user] Re: Heads up: Your system might be broken and/or insecure due to serious patch-2.6 bug
091205 daid kahl wrote: 2 pieces of advice to avoid such problems: (1) never use the 'testing' versions of system pkgs; (2) never run 'emerge world' without the '-p' flag. I kindly disagree. Thanks for the kindly: I thought I'd walked into a high-school locker room. ~[arch] is testing for Gentoo ebuild. It's considered stable upstream. This was an upstream bug, not a Gentoo bug. Yes, my comments didn't respond exactly to the problem reported, but offered more general advice which might help avoid such problems. someone's got to be testing stuff and filing reports upstream. It doesn't mean you want to do it, but I really think considering ~ as a test of upstream is rather silly. The defective version of 'patch' had got into 'testing', where the only remaining problems are supposed to be in the ebuild; in fact in this case, there was still a serious problem upstream that version of 'patch' has been re-masked (I believe). Anyway, don't do testing on the machine you use for everyday computing. If you want to get into testing, use a dedicated machine for it. It's late Friday, so let me stick my neck out again (grins, sighs gets another beer out of the fridge). At least once/month, if not once/week, someone reports on Gentoo User: I did an emerge sync, installed the latest blahblah-1.2.3, did 'emerge world' something dreadful has happened to my system. I've been using Gentoo for more than 6 years it's never happened to me. I believe the reason is that I follow my own advice as above: I do install 'testing' versions of non-vital pkgs (eg 'eix') items which are well-supported upstream (eg KDE, kernel), but I am very cautious about installing testing versions of system pkgs whose collapse would do real damage to my everyday activities. Even when stuff is well-supported upstream, I give it a few weeks to see if there are reports anywhere of bad things happening. Eg I have not moved upto the testing 'eix-0.18.3', because it requires that I replace 'lzma-utils' with 'xz-utils': it's not worth the risk of doing real damage elsewhere simply to get the latest version of 'eix', which is useful but non-essential. When 'xz-utils' reaches 'stable' (and has a less frightening version number), I will happily make the upgrade. Also, I never do a bald 'emerge world'. I look thro' the output of 'eix-sync', write -- with a pencil+paper -- a list of installed pkgs which have changed, run 'emerge -Dup world' to see what order of emerging is recommended, then individually 'emerge -pv pkg' -- if all looks well -- 'emerge pkg'. Yes, it takes a bit longer for my weekly update session (tomorrow Sat), but I don't risk the nightmare of reducing my system to chaos with all the extra frantic labor which would result. Again, I've been doing this for 6 years with Gentoo on 2 machines haven't run into any major setbacks. By all means, ignore my advice do it your own ways (smile). -- ,, SUPPORT ___//___, Philip Webb ELECTRIC /] [] [] [] [] []| Cities Centre, University of Toronto TRANSIT`-O--O---' purslowatchassdotutorontodotca
Re: [gentoo-user] Re: Heads up: Your system might be broken and/or insecure due to serious patch-2.6 bug
Philip Webb wrote: The defective version of 'patch' had got into 'testing', where the only remaining problems are supposed to be in the ebuild; in fact in this case, there was still a serious problem upstream that version of 'patch' has been re-masked (I believe). Anyway, don't do testing on the machine you use for everyday computing. If you want to get into testing, use a dedicated machine for it. It's late Friday, so let me stick my neck out again (grins, sighs gets another beer out of the fridge). At least once/month, if not once/week, someone reports on Gentoo User: I did an emerge sync, installed the latest blahblah-1.2.3, did 'emerge world' something dreadful has happened to my system. I've been using Gentoo for more than 6 years it's never happened to me. I believe the reason is that I follow my own advice as above: I do install 'testing' versions of non-vital pkgs (eg 'eix') items which are well-supported upstream (eg KDE, kernel), but I am very cautious about installing testing versions of system pkgs whose collapse would do real damage to my everyday activities. Even when stuff is well-supported upstream, I give it a few weeks to see if there are reports anywhere of bad things happening. Eg I have not moved upto the testing 'eix-0.18.3', because it requires that I replace 'lzma-utils' with 'xz-utils': it's not worth the risk of doing real damage elsewhere simply to get the latest version of 'eix', which is useful but non-essential. When 'xz-utils' reaches 'stable' (and has a less frightening version number), I will happily make the upgrade. Also, I never do a bald 'emerge world'. I look thro' the output of 'eix-sync', write -- with a pencil+paper -- a list of installed pkgs which have changed, run 'emerge -Dup world' to see what order of emerging is recommended, then individually 'emerge -pv pkg' -- if all looks well -- 'emerge pkg'. Yes, it takes a bit longer for my weekly update session (tomorrow Sat), but I don't risk the nightmare of reducing my system to chaos with all the extra frantic labor which would result. Again, I've been doing this for 6 years with Gentoo on 2 machines haven't run into any major setbacks. By all means, ignore my advice do it your own ways (smile). I do somewhat similar to you. I just use the -a option instead and I don't write things down. I just do a emerge -uvDNa world and give it all a once over, USE flags, what gets updated and if I want it etc etc. I also run latest on eix, portage and some of its utils. I try to stay away from unstable system packages as it seems you do as well. I'm still on baselayout 1 and not planning on the openrc thingy yet either. May want to get ready tho, it is coming. I did my first install from a Gentoo 1.4 CD. That was quite a while ago. Dale :-) :-)
Re: [gentoo-user] Re: Heads up: Your system might be broken and/or insecure due to serious patch-2.6 bug
On Wed, 02 Dec 2009 15:45:21 +0200, Nikos Chantziaras wrote: Yep, this bug was a major annoyance for me too. I emerged patch-2.6 on November 15 and since then, being on ~amd64, a *lot* of other packages. After downgrading, I needed to rebuild about 300 packages, including all of KDE4, Qt, Firefox and OpenOffice. KDE 4.3.4 went into ~amd64 today, so that had to be merged anyway (unless you're using kde-testing). I did an emerge -e world on my netbook at the weekend, so that needs a rebuild now :( -- Neil Bothwick Do you steal taglines too? signature.asc Description: PGP signature
Re: [gentoo-user] Re: Heads up: Your system might be broken and/or insecure due to serious patch-2.6 bug
On Wed, Dec 2, 2009 at 5:45 AM, Nikos Chantziaras rea...@arcor.de wrote: On 12/02/2009 12:51 PM, Alan McKinnon wrote: On Tuesday 01 December 2009 18:02:48 Nikos Chantziaras wrote: Everyone should read the following and follow the advice given: http://blog.flameeyes.eu/2009/12/01/gentoo-service-announcement-keep-clear- of-gnu-patch-2-6 sigh I emerged patch-2.60 when it hit ~amd64 then downgraded it 10 days later when a report on b.g.o. showed it was affecting OOo. Right in the middle of those 10 days, I ran this: emerge -e world /sigh Yep, this bug was a major annoyance for me too. I emerged patch-2.6 on November 15 and since then, being on ~amd64, a *lot* of other packages. After downgrading, I needed to rebuild about 300 packages, including all of KDE4, Qt, Firefox and OpenOffice. Quite amazing how much damage a bug in a small package like this can have on a source-based distro... For which reason I'm quite happy to be running stable except for specific package releases that I put in package.unmask. Patch-2.6 has been ~x86 all along, so I've been running 2.5.9 continuously since March of 2008. -- Kevin O'Gorman, PhD
Re: [gentoo-user] Re: Heads up: Your system might be broken and/or insecure due to serious patch-2.6 bug
091202 Nikos Chantziaras wrote: On 12/02/2009 12:51 PM, Alan McKinnon wrote: On Tuesday 01 December 2009 18:02:48 Nikos Chantziaras wrote: Everyone should read the following and follow the advice given: http://blog.flameeyes.eu/2009/12/01/gentoo-service-announcement-keep-clear-of-gnu-patch-2-6 I emerged patch-2.60 when it hit ~amd64 then downgraded it 10 days later when a report on b.g.o. showed it was affecting OOo. Right in the middle of those 10 days, I ran 'emerge -e world' /sigh Yep, this bug was a major annoyance for me too. I emerged patch-2.6 on November 15 and since then, being on ~amd64, a *lot* of other packages. After downgrading, I needed to rebuild about 300 packages, including all of KDE4, Qt, Firefox and OpenOffice. Quite amazing how much damage a bug in a small package like this can have on a source-based distro... 2 pieces of advice to avoid such problems: (1) never use the 'testing' versions of system pkgs; (2) never run 'emerge world' without the '-p' flag. -- ,, SUPPORT ___//___, Philip Webb ELECTRIC /] [] [] [] [] []| Cities Centre, University of Toronto TRANSIT`-O--O---' purslowatchassdotutorontodotca
Re: [gentoo-user] Re: Heads up: Your system might be broken and/or insecure due to serious patch-2.6 bug
On Wednesday 02 December 2009 16:48:16 Philip Webb wrote: 091202 Nikos Chantziaras wrote: On 12/02/2009 12:51 PM, Alan McKinnon wrote: On Tuesday 01 December 2009 18:02:48 Nikos Chantziaras wrote: Everyone should read the following and follow the advice given: http://blog.flameeyes.eu/2009/12/01/gentoo-service-announcement-keep-cl ear-of-gnu-patch-2-6 I emerged patch-2.60 when it hit ~amd64 then downgraded it 10 days later when a report on b.g.o. showed it was affecting OOo. Right in the middle of those 10 days, I ran 'emerge -e world' /sigh Yep, this bug was a major annoyance for me too. I emerged patch-2.6 on November 15 and since then, being on ~amd64, a *lot* of other packages. After downgrading, I needed to rebuild about 300 packages, including all of KDE4, Qt, Firefox and OpenOffice. Quite amazing how much damage a bug in a small package like this can have on a source-based distro... 2 pieces of advice to avoid such problems: (1) never use the 'testing' versions of system pkgs; (2) never run 'emerge world' without the '-p' flag. Balls. Neither of those will fix anything and they are not even feasible for this. I run ~amd64 for a reason, I want it that way. There is no known way to run amd64 for @system and ~amd64 for @world and still retain one's sanity. Of course I ran emerge -p. Well actually I run emerge -a but the effect is the same - see what's going to be installed before it's installed. Until a week ago no-one knew the effects patch-2.6.0 would have so when it appears in the list there's no reason to not proceed. Running amd64 isn't an option for me - this isn't one of my critical servers, it's my bleeding edge notebook and I like it the way it is. If I wanted to avoid problems like this I'd be using Ubuntu LTS instead. I'm not whinging about patch. I run ~amd64 precisely to help detect such things. I'm miffed at my own bad luck - the first emerge -e world I've had to do in two years and I just happen to have done it in the two week window about this package. Most folk now have to rebuild 70 - 300 packages, I'm stuck with potentially 1472 sigh -- alan dot mckinnon at gmail dot com
Re: [gentoo-user] Re: Heads up: Your system might be broken and/or insecure due to serious patch-2.6 bug
On Wed, 2 Dec 2009 17:30:37 +0200, Alan McKinnon alan.mckin...@gmail.com wrote: Of course I ran emerge -p. Well actually I run emerge -a but the effect is the same - see what's going to be installed before it's installed. Until a week ago no-one knew the effects patch-2.6.0 would have so when it appears in the list there's no reason to not proceed. Yup. If it was known, the package would have been hard masked or not added to portage at all, to start with. -- Jesús Guerrero
Re: [gentoo-user] Re: Heads up: Your system might be broken and/or insecure due to serious patch-2.6 bug
On Mittwoch 02 Dezember 2009, Neil Bothwick wrote: On Wed, 02 Dec 2009 15:45:21 +0200, Nikos Chantziaras wrote: Yep, this bug was a major annoyance for me too. I emerged patch-2.6 on November 15 and since then, being on ~amd64, a *lot* of other packages. After downgrading, I needed to rebuild about 300 packages, including all of KDE4, Qt, Firefox and OpenOffice. KDE 4.3.4 went into ~amd64 today, so that had to be merged anyway (unless you're using kde-testing). I did an emerge -e world on my netbook at the weekend, so that needs a rebuild now :( and somewhere in between updating kde it downgraded patch.. 404 packages to go (hmm.. interessting number). Thanks for the warning, Nikos.
Re: [gentoo-user] Re: Heads up: Your system might be broken and/or insecure due to serious patch-2.6 bug
On Wed, 2 Dec 2009 09:48:16 -0500, Philip Webb wrote: 2 pieces of advice to avoid such problems: (1) never use the 'testing' versions of system pkgs; Then how do they get tested? (2) never run 'emerge world' without the '-p' flag. What difference does this make? It shows an update for which there are no known problems. -- Neil Bothwick Every morning is the dawn of a new error... signature.asc Description: PGP signature
Re: [gentoo-user] Re: Heads up: Your system might be broken and/or insecure due to serious patch-2.6 bug
On Wed, Dec 02, 2009 at 09:48:16AM -0500, Philip Webb wrote: 2 pieces of advice to avoid such problems: (1) never use the 'testing' versions of system pkgs; (2) never run 'emerge world' without the '-p' flag. (0) Never speak on that which you know not. -- ... _._. ._ ._. . _._. ._. ___ .__ ._. . .__. ._ .. ._. Felix Finch: scarecrow repairman rocket surgeon / fe...@crowfix.com GPG = E987 4493 C860 246C 3B1E 6477 7838 76E9 182E 8151 ITAR license #4933 I've found a solution to Fermat's Last Theorem but I see I've run out of room o
Re: [gentoo-user] Re: Heads up: Your system might be broken and/or insecure due to serious patch-2.6 bug
Alan McKinnon schrieb: Most folk now have to rebuild 70 - 300 packages, I'm stuck with potentially 1472 sigh I feel with you ... fortunately the cpus should do it on their own, accompanied by some fans ;-) - Any idea how to elegantly split that job into some digestible chunks? The various qlop/genlop/awk/grep/sed-scripts posted so far simply give me the whole list of packages emerged since patch-2.6 and today while they don't care about what I rebuilt already. Seems as if I have to simply manage that to-rebuild-list myself .. Greets, Stefan ps: *maybe* my X11-crashing-issue is somehow related to this as well. I first posted that issue on nov,15th ... on the same day patch-2.6 hit ~amd64 AFAIK ...
Re: [gentoo-user] Re: Heads up: Your system might be broken and/or insecure due to serious patch-2.6 bug
On Wednesday 02 December 2009 19:59:35 Stefan G. Weichinger wrote: Alan McKinnon schrieb: Most folk now have to rebuild 70 - 300 packages, I'm stuck with potentially 1472 sigh I feel with you ... fortunately the cpus should do it on their own, accompanied by some fans ;-) - Any idea how to elegantly split that job into some digestible chunks? The various qlop/genlop/awk/grep/sed-scripts posted so far simply give me the whole list of packages emerged since patch-2.6 and today while they don't care about what I rebuilt already. flameeyes is the fellow making all the fuss about this. On his blog http://blog.flameeyes.eu/2009/12/01/gentoo-service-announcement-keep-clear-of- gnu-patch-2-6 he gives a way to build a decent list that removes packages re-emerged since patch was downgraded again. The trouble with a bug like this is that it gets used everywhere and affects very basic packages which are then used by other packages (that may or may not have been patched meanwhile) potentially affecting their behaviour too. The effects are complex and never fully determined. Consider this: rebuilding world on a modern desktop will take around 24 to 36 hours. You could spend more time than that figuring out how to build a full list :-) Seems as if I have to simply manage that to-rebuild-list myself .. Greets, Stefan ps: *maybe* my X11-crashing-issue is somehow related to this as well. I first posted that issue on nov,15th ... on the same day patch-2.6 hit ~amd64 AFAIK ... It's certainly possible, the times certainly coincide. And you do have symptoms that no-one else is having (sorta the kind of thing you'd expect from a patch that should have been applied and wasn't). It's worth downgrading patch and rebuilding X even if only to see what happens -- alan dot mckinnon at gmail dot com
Re: [gentoo-user] Re: Heads up: Your system might be broken and/or insecure due to serious patch-2.6 bug
Stefan G. Weichinger schrieb: Seems as if I have to simply manage that to-rebuild-list myself .. my rebuild-list crashed at kde-misc/kdnssd-avahi, interesting on a gnome-system ... k3b depends on kdelibs and I have useflag avahi for that, hmmm ... I removed it from my list and emerge the rest, I will look at that kde-misc/kdnssd-avahi-topic later ...
