Re: [gentoo-user] Re: What to do about openssl
From https://www.php.net/manual/en/openssl.requirements.php PHP 7.1-8.0 requires OpenSSL >= 1.0.1, < 3.0. PHP >= 8.1 requires OpenSSL >= 1.0.2, < 4.0. So it looks like you need to upgrade php to 8.1 I've a similar problem with my server requiring php 7.2 and trying to figure out the upgrade path for all php based sites/apps is a pain. On 04/10/2023 18:15, John Covici wrote: On Wed, 04 Oct 2023 11:53:46 -0400, Grant Edwards wrote: On 2023-10-04, John Covici wrote: Hi. I just did a world update and found that my openssl-1.1.1v is masked. What can I do, Use one of the stable versions. I don't have any version that is not masked Huh? What architecture are you on? There are three versions of openssl that are stable and not masked for amd64, x86, and most others: 3.0.9-r1 3.0.9-r2 3.0.10 see https://packages.gentoo.org/packages/dev-libs/openssl and according to the message this version is EOL. Indeed. OpenSSL 1.1.1 is dead. Support ended a few weeks ago. Upon further investigation, I hadd masked them off myself , if I unmask the 3.x I get the following: Script started on 2023-10-04 13:10:40-04:00 [COMMAND="emerge -1 dev-libs/openssl" TERM="linux" TTY="/dev/tty1" COLUMNS="240" LINES="67"] ^M These are the packages that would be merged, in order:^M ^M Calculating dependencies . ... done!^M Dependency resolution took 38.07 s.^M ^M [ebuild r U ] dev-libs/openssl-3.1.3:0/3::gentoo [1.1.1v:0/1.1::gentoo] USE="asm -fips% -ktls% -rfc3779 -sctp -static-libs -test -tls-compression -vanilla -verify-sig -weak-ssl-ciphers (-sslv3%) (-tls-heartbeat%)" ABI_X86="(64) -32 (-x3\2)" CPU_FLAGS_X86="(sse2)" 15,198 KiB^M [ebuild rR] sys-apps/coreutils-9.4::gentoo USE="acl nls openssl (split-usr) xattr -caps -gmp -hostname -kill -multicall (-selinux) -static -test -vanilla -verify-sig" 0 KiB^M [ebuild rR] net-misc/rsync-3.2.7-r2::gentoo USE="acl iconv ssl xattr -examples -lz4 -rrsync -stunnel -system-zlib -verify-sig -xxhash -zstd" PYTHON_SINGLE_TARGET="python3_11 -python3_10" 0 KiB^M [ebuild rR] net-misc/wget-1.21.4::gentoo USE="ipv6 nls pcre (ssl) zlib -cookie-check -debug -gnutls -idn -metalink -ntlm -static -test -uuid -verify-sig" 0 KiB^M [ebuild rR] dev-lang/python-3.12.0_rc3_p1:3.12::gentoo USE="ensurepip gdbm ncurses readline sqlite ssl -bluetooth -build -debug -examples -libedit -lto -pgo -test -tk -valgrind -verify-sig" 0 KiB^M [ebuild rR] dev-libs/libtpms-0.9.6::gentoo 0 KiB^M [ebuild rR] www-client/w3m-0.5.3_p20230121::gentoo USE="X gpm nls ssl unicode -fbcon -gdk-pixbuf -imlib -lynxkeymap -nntp -xface" L10N="-ja" 0 KiB^M [ebuild rR] dev-db/mysql-connector-c-8.0.32-r1:0/21::gentoo USE="static-libs -ldap" ABI_X86="(64) -32 (-x32)" 0 KiB^M [ebuild rR] dev-lang/rust-1.72.0:stable/1.72::gentoo USE="lto (-big-endian) -clippy -debug -dist -doc (-llvm-libunwind) (-miri) (-nightly) (-parallel-compiler) -profiler -rust-analyzer -rust-src -rustfmt -system-bootstrap -system-llv\m -test -verify-sig -wasm" ABI_X86="(64) -32 (-x32)" CPU_FLAGS_X86="sse2" LLVM_TARGETS="(X86) -AArch64 -AMDGPU -ARM -AVR -BPF -Hexagon -Lanai -LoongArch -MSP430 -Mips -NVPTX -PowerPC -RISCV -Sparc -SystemZ -VE -WebAssembly -XCore" 0 KiB^M [ebuild rR] net-libs/libssh-0.10.5:0/4::gentoo USE="sftp zlib -debug -doc -examples -gcrypt -gssapi -mbedtls -pcap -server -static-libs -test" ABI_X86="(64) -32 (-x32)" 0 KiB^M [ebuild rR] dev-db/mariadb-connector-c-3.3.4:0/3::gentoo USE="curl ssl -gnutls -kerberos -static-libs -test" ABI_X86="(64) -32 (-x32)" 0 KiB^M [ebuild rR] app-crypt/swtpm-0.8.1-r2::gentoo USE="seccomp -fuse -test" 0 KiB^M [ebuild rR] dev-python/cryptography-41.0.4::gentoo USE="-debug -test" PYTHON_TARGETS="python3_11 -pypy3 -python3_10 -python3_12" 0 KiB^M [ebuild rR] dev-db/mariadb-10.11.5:10.11/18::gentoo USE="backup odbc pam perl server systemd xml -bindist -columnstore -cracklib -debug -extraengine -galera -innodb-lz4 -innodb-lzo -innodb-snappy -jdbc -jemalloc -kerberos -latin1 -mr\oonga -numa -oqgraph -profiling -rocksdb -s3 (-selinux) -sphinx -sst-mariabackup -sst-rsync -static -systemtap -tcmalloc -test -yassl" 0 KiB^M [ebuild rR] dev-db/postgresql-16.0:16::gentoo USE="icu nls pam readline server ssl systemd xml zlib -debug -doc -kerberos -ldap -llvm -lz4 -perl -python (-selinux) -static-libs -tcl -uuid -zstd" PYTHON_SINGLE_TARGET="python3_11 -pyth\on3_10 -python3_12" 0 KiB^M [ebuild rR] app-admin/syslog-ng-4.4.0::gentoo USE="systemd -amqp -caps -dbi -geoip2 -http -json -kafka -mongodb -pacct -python -redis -smtp -snmp -spoof-source -tcpd -test" PYTHON_SINGLE_TARGET="python3_11 -python3_10 -python3_12" 0 \KiB^M [ebuild rR] dev-db/postgresql-14.9:14::gentoo USE="icu nls pam readline server ssl systemd xml zlib -debug -doc -kerberos -ldap -llvm -lz4 -perl -python (-selinux) -static-libs -tcl -uuid (-threads%)" PYTHON_SINGLE_TARGET="python3_11\ -python3_10 -python3_12" 0 KiB^M [ebuild rR]
Re: [gentoo-user] Any way to automate login to host and su to root?
Have you looked at dev-tcltk/expect? There's possibly an example you could try at <https://www.journaldev.com/1405/expect-script-ssh-example-tutorial> although you probably want to prompt for the password or retreive it programatically rather than putting it on the command line :o Steve. On 14/07/2022 07:35, J. Roeleveld wrote: Hi All, I am looking for a way to login to a host and automatically change to root using a password provided by an external program. The root passwords are stored in a vault and I can get passwords out using a script after authenticating. Currently, I need to do a lot of the steps manually: ssh @ su - (copy/paste password from vault) I would like to change this to: Does anyone have any hints on how to achieve this without adding a "NOPASSWD" entry into /etc/sudoers ? Thanks in advance, Joost
Re: [gentoo-user] gentoo-sources-5.10.103 - will not boot
On 13/03/2022 22:26, the...@sys-concept.com wrote: On 3/13/22 14:34, Neil Bothwick wrote: On Sun, 13 Mar 2022 14:04:59 -0600, the...@sys-concept.com wrote: On 3/13/22 13:21, the...@sys-concept.com wrote: Upgraded to: gentoo-sources-5.10.103 and kernel will not boot, not even recovery mode. I'm getting some strange looping/scrolling message on the screen: Kscan: watching read 1 fsk983s I followed standard procedure: emerge -avq =sys-kernel/gentoo-sources-5.10.103 cd /usr/src/ eselect kernel set 3 (this is: linux -> linux-5.10.103-gentoo) cd linux cp ../linux-old_kernel/.config . mount /boot/ make oldconfig make make modules_prepare make modules_install make install grub-mkconfig -o /boot/grub/grub.cfg reboot ( did the same on my other boxes and this kernel is booting OK on other installations) Solved. Please post the solution. Otherwise anyone with a similar problem searching for an answer will find only the question and a tease that it can be fixed but not telling how. Simple human error :-/ When I did: cd linux cp ../linux-old_kernel/.config . mount /boot/ make oldconfig New entries showed up. Instead of pressing "enter" I made a mistake and press "Y" several times. This enabled some feature in the new kernel that shouldn't be there; example: "CONFIG_KCSAN = y" Redoing the process just by hitting "enter" soled the problem; new kernel boot as it should. make olddefconfig will the same as oldconfig while picking the defaults, this will save on hitting enter each time. Steve
Re: [gentoo-user] KDE upgrade dependency problem
On Sat, 11 Dec 2021 12:14:23 +
Steve Evans wrote:
> On Fri, 10 Dec 2021 20:09:19 -0500
> Jack wrote:
>
> > Good evening all, calling on the accumulated wisdom here.
> >
> > kde-frameworks 5.88 has been marked stable, but my upgrade is
> > blocked because kwin (5.22.5 is stable, 5.23.4 is still marked
> > testing) is somehow stuck on kde-frameworks/kglobalaccel-5.85.
> >
> > The line from portage is:
> >(kde-frameworks/kglobalaccel-5.85.0-r1:5/5.85::gentoo,
> > installed) USE="-debug -doc -nls -test" ABI_X86="(64)" pulled in by
> > >=kde-frameworks/kglobalaccel-5.82.0:5/5.85= required by
> > (kde-plasma/kwin-5.22.5:5/5::gentoo, installed) USE="caps handbook
> > plasma -accessibility -debug -gles2-only -multimedia -screencast
> > -test" ABI_X86="(64)"
> >
> > The actual line in the kwin ebuild is
> > >=kde-frameworks/kglobalaccel-${KFMIN}:5=
> > so I'm assuming that trailing "=" is the culprit, although I don't
> > really follow the syntax.
> >
> > Is there any easy way around this, or does it just mean I can't
> > upgrade any of kde-frameworks from 5.85 to 5.88 until kde-plasma
> > 5.24.something is marked stable or I unmask it? I'm not in any
> > great rush, but it means emerge @world always fails, and I've got to
> > individually pick out those packages I CAN upgrade.
> >
> > Jack
> >
>
> I am having the same problem. It appears as though kde-frameworks 5.88
> depends on a matching upgrade to kde-plasma to version 5.23.4.
> Frameworks has been marked stable, but plasma has not yet :-(
>
> See these bugs:
>
> - https://bugs.gentoo.org/816042 "KDE Frameworks 5.88 stabilisation"
> which has a status of IN_PROGRESS
>
> - https://bugs.gentoo.org/826898 "KDE Plasma 5.23.4 stabilisation"
> which has a status of CONFIRMED
>
> So I think we are just going to have to wait for kde-plasma to be
> marked stable.
>
> Steve
A bug has been opened for this problem https://bugs.gentoo.org/828963.
It suggested emerging with --backtrack=200. That solved the problem for
me.
Steve
--
Steve EvansE-mail: mailto:ste...@gorbag.com
Registered Linux user #217906: http://counter.li.org
Public Encryption Key: http://www.gorbag.com/public-key.html
5.10.76-gentoo-r1 Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz GNU/Linux
09:13:59 up 35 days, 19:12, 5 users, load average: 3.05, 2.13, 1.37
Science and religion are in full accord but science and faith are in
complete discord.
Re: [gentoo-user] KDE upgrade dependency problem
On Fri, 10 Dec 2021 20:09:19 -0500
Jack wrote:
> Good evening all, calling on the accumulated wisdom here.
>
> kde-frameworks 5.88 has been marked stable, but my upgrade is blocked
> because kwin (5.22.5 is stable, 5.23.4 is still marked testing) is
> somehow stuck on kde-frameworks/kglobalaccel-5.85.
>
> The line from portage is:
>(kde-frameworks/kglobalaccel-5.85.0-r1:5/5.85::gentoo, installed)
> USE="-debug -doc -nls -test" ABI_X86="(64)" pulled in by
> >=kde-frameworks/kglobalaccel-5.82.0:5/5.85= required by
> (kde-plasma/kwin-5.22.5:5/5::gentoo, installed) USE="caps handbook
> plasma -accessibility -debug -gles2-only -multimedia -screencast
> -test" ABI_X86="(64)"
>
> The actual line in the kwin ebuild is
> >=kde-frameworks/kglobalaccel-${KFMIN}:5=
> so I'm assuming that trailing "=" is the culprit, although I don't
> really follow the syntax.
>
> Is there any easy way around this, or does it just mean I can't
> upgrade any of kde-frameworks from 5.85 to 5.88 until kde-plasma
> 5.24.something is marked stable or I unmask it? I'm not in any great
> rush, but it means emerge @world always fails, and I've got to
> individually pick out those packages I CAN upgrade.
>
> Jack
>
I am having the same problem. It appears as though kde-frameworks 5.88
depends on a matching upgrade to kde-plasma to version 5.23.4.
Frameworks has been marked stable, but plasma has not yet :-(
See these bugs:
- https://bugs.gentoo.org/816042 "KDE Frameworks 5.88 stabilisation"
which has a status of IN_PROGRESS
- https://bugs.gentoo.org/826898 "KDE Plasma 5.23.4 stabilisation"
which has a status of CONFIRMED
So I think we are just going to have to wait for kde-plasma to be
marked stable.
Steve
--
Steve EvansE-mail: mailto:ste...@gorbag.com
Registered Linux user #217906: http://counter.li.org
Public Encryption Key: http://www.gorbag.com/public-key.html
5.10.76-gentoo-r1 Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz GNU/Linux
12:08:12 up 34 days, 22:07, 5 users, load average: 0.70, 1.16, 0.78
Re: [gentoo-user] tor-browser does not start any more
On 2021-11-28 05:20, Poncho wrote: On 28.11.21 12:09, gevisz wrote: I have just noticed that the tor-browser I downloaded from its official site does not start any more. :( However, it started just a few weeks ago, before a few previous updates. Downloading its latest version has not changed anything in this respect. do you get any error message if you launch torbrowser from your terminal? just a guess... but you probably need to enable wayland for x11-libs/gtk+:3 see https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40693 Sorry, Poncho. I didn't see your message when I replied. However your solution works for me. I figured that getting wayland support would have required a lot more rebuilding, or I would have tried it days ago. I switched on the wayland flag for gtk+ (portage required it for mesa as well) and I was good to go. Thanks much. -Steve Freeman
Re: [gentoo-user] tor-browser does not start any more
On 2021-11-28 05:09, gevisz wrote: I have just noticed that the tor-browser I downloaded from its official site does not start any more. :( However, it started just a few weeks ago, before a few previous updates. Downloading its latest version has not changed anything in this respect. I has something to do with Wayland dependencies in the latest Firefox. Seems to affect Gentoo and Slackware the most. I cannot run the latest 11.0.1. I am not using Wayland. I've rolled back to version 10.5.6 in the meantime. https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40693
Re: [gentoo-user] Package management, depclean and new installs
On Mon, 4 Oct 2021 19:09:22 +0100 Neil Bothwick wrote: > On Mon, 4 Oct 2021 10:33:58 +0200, Arve Barsnes wrote: > > I picked up this tip some years ago to avoid depcleaning kernel > sources. > > % cat /etc/portage/sets.conf > [kernels] > class = portage.sets.dbapi.OwnerSet > world-candidate = False > files = /usr/src > > and emerge -n @kernels > > I also have this in the file to allow multiple GCC versions. > > [gcc] > class = portage.sets.dbapi.OwnerSet > world-candidate = False > files = /usr/x86_64-pc-linux-gnu/gcc-bin > > I use an alias for depclean to achieve the same result: alias depclean='emerge -va --depclean --exclude gentoo-sources --exclude gcc --exclude mythweb --exclude php --exclude owncloud' Steve -- ____ Steve EvansE-mail: mailto:ste...@gorbag.com Registered Linux user #217906: http://counter.li.org Public Encryption Key: http://www.gorbag.com/public-key.html 5.10.61-gentoo Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz GNU/Linux 22:46:01 up 14 days, 12:25, 5 users, load average: 1.25, 0.68, 0.65 "I remember when I was a kid I used to come home from Sunday School and my mother would get drunk and try to make pancakes." -- George Carlin pgpESdylfYp0E.pgp Description: OpenPGP digital signature
Re: [gentoo-user] Chrome - no system title bar or boarders
On Thu, 23 Sep 2021 09:53:57 -0700 Mark Knecht wrote: > Sorry to cross post. I put this on the KDE list yesterday but no > responses. As I run Kubuntu I thought that it would be a better place > to start. > > Starting yesterday morning both of my KDE machines no longer show a > system title bar or border for Chrome, and only Chrome. All other > apps are fine. Right clicking the Chrome tab area has a checkbox for > 'Use system title bar and borders' but it does nothing. Chrome > version 94.0.4606.54. > > Losing the title bar means losing (as far as I know) the ability to > pin an instance of Chrome to all virtual desktops which I use for > browser streamed media - YouTube, Netflix, etc. I've switched that > window to Firefox for the time being. > > As Gentoo is usually a bit further forward I wondered if anyone here > using Chrome and KDE has seen this issue? > Mine is also missing the title bar. However the "Use system title bar and borders" /does/ restore the normal title bar for me. This is also version 94.0.4606.54 on KDE. Steve -- ____ Steve EvansE-mail: mailto:ste...@gorbag.com Registered Linux user #217906: http://counter.li.org Public Encryption Key: http://www.gorbag.com/public-key.html 5.10.61-gentoo Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz GNU/Linux 19:04:28 up 3 days, 8:44, 5 users, load average: 3.91, 2.21, 1.25 No matter how cynical you get, it's impossible to keep up.
Re: [gentoo-user] Anyone using extract_url with mutt?
On Tue, Apr 27, 2021 at 09:18:14PM -0400, Walter Dnes wrote: > On Sat, Apr 24, 2021 at 07:40:35AM +, Nils Freydank wrote > > Hi Walter, > > > > in case your problem isn't already solved net-mail/urlscan[1] might > > be an alternative. Currently I maintain it in my overlay[2]. I just > > use it with xdg-open or KDE's URL-click-behaviour, but according to > > the urlscan readme you can "Run a command with the selected URL as > > the argument or pipe the selected URL to a command." which sounds > > to me as your workflow. > > Thanks. I simply want a list of URLs that I can select to open in > Pale Moon. If I can copy URLs into the paste buffer, even better. It's > been a long while since I last used an overlay. What are the steps to > setting up "urlscan" in an overlay? Even more basic, what are the steps > to setting up an overlay? My /etc/portage/repos.conf/ > > ll /etc/portage/repos.conf/ > total 20 > drwxr-xr-x 2 root root 4096 Dec 14 12:31 . > drwxr-xr-x 9 root root 4096 Mar 5 20:41 .. > -rw-r--r-- 1 root root 291 Dec 14 12:31 gentoo.conf > -rw-r--r-- 1 root root 74 Oct 26 2017 local.conf > -rw-r--r-- 1 root root 42 Oct 26 2017 localrepo.conf > > = > > cat /etc/portage/repos.conf/gentoo.conf > [DEFAULT] > main-repo = gentoo > > [gentoo] > location = /usr/portage > sync-type = rsync > sync-uri = rsync://rsync.gentoo.org/gentoo-portage > auto-sync = yes > sync-rsync-verify-metamanifest = no > > # for daily squashfs snapshots > #sync-type = squashdelta > #sync-uri = mirror://gentoo/../snapshots/squashfs > > = > > cat /etc/portage/repos.conf/local.conf > [localrepo] > location = /usr/local/portage > masters = gentoo > auto-sync = no > > = > > cat /etc/portage/repos.conf/localrepo.conf > [localrepo] > location = /usr/local/portage > > -- > Walter Dnes > I don't run "desktop environments"; I run useful applications > Hi Walter, I'd be interested to see how this integrates in your workflow, I'm looking for a similar solution myself. The current functionality of mutt/neomutt leaves a bit to be desired when using it as described. P.S thank you Nils for introducing this to me, I will likely take the plunge in the near future. - Steve
Re: [gentoo-user] Kodi 19 stabilization
On Sun, 14 Mar 2021 14:57:22 -0700 Daniel Frey wrote: > Does anyone know if Kodi 19 is planning to be stabilized soon? I > haven't been able to update TV frontends since October. > > (Before you say remove Kodi, don't bother - these are TV frontends > and their only purpose is to run Kodi!) > > I'm also not interested in unmasking a ton of things to get it to > install... > I have been running Kodi 19 since it was added to Gentoo and only had to unmask dev-libs/libudfread to get it to build. It has worked well other than some (non official) add ons not working because they have not been upgraded to Python 3. Steve -- ____ Steve EvansE-mail: mailto:ste...@gorbag.com Registered Linux user #217906: http://counter.li.org Public Encryption Key: http://www.gorbag.com/public-key.html 5.4.97-gentoo Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz GNU/Linux 22:43:54 up 1 day, 14:28, 5 users, load average: 0.44, 0.29, 0.24
Re: [gentoo-user] apache blocking access based country
On 09/12/2020 00:01, Grant Taylor wrote: On 12/8/20 4:44 PM, Steve Wilson wrote: I use this as the first step to limit ssh access to one of my servers: `iptables -A INPUT -p tcp -m tcp --dport 22 -m geoip ! --src-cc GB -m comment --comment "Drop SSH from outside GB" -j DROP` Has the geoip match extension been updated to take into account MaxMind discontinuing their GeoLite database and the need to support GeoLite2? The xt_geoip_dl script grabs a csv from https://db-ip.com/db/download/ip-to-country-lite. I imagine there's a method for dealing with maxmind's new version and converting to csv if they don't already provide one for the paid service. Steve
Re: [gentoo-user] apache blocking access based country
On 08/12/2020 22:55, the...@sys-concept.com wrote: What are my options apache blocking access based on country? So fare I run onto something "geoip" or ACL (long list of IP's provided by eg:) https://www.ip2location.com/free/visitor-blocker We geoip I think I will need to install some module for apache (apache 2.2). It is using geoip.dat so it must be a long list of as well. But they are not offering any free version. wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz (doesn't work) If you don't need to provide information in the browser to blocked users, you could look at net-firewall/xtables-addons with XTABLES_ADDONS="geoip". This will allow you to block access to apache at the network level. I use this as the first step to limit ssh access to one of my servers: `iptables -A INPUT -p tcp -m tcp --dport 22 -m geoip ! --src-cc GB -m comment --comment "Drop SSH from outside GB" -j DROP` This has the advantage that apache doesn't need to process the request, but a possible downside that you won't be able to display a message if that's a requirement. Steve
Re: [gentoo-user] rsyslog upstream have removed their template systemd service file
On 27/11/2020 08:21, Alan J. Wylie wrote: After updating to rsyslog 8.2008.0, I discovered that the systemd service file no longer existed. Upstream removed it from their tarball: - 2020-08-12: systemd service file removed from project This was done as distros nowadays have very different service files and it no longer is useful to provide a "generic" (sic) example. see also: https://github.com/rsyslog/rsyslog/issues/4333 Please could Gentoo add it back in? When I discovered the same I took the one from platform/redhat/centos* and dropped it into /etc/systemd/system to get up and running again. I did consider creating my own but decided to just keep an eye on future updates hoping it's there. * https://github.com/rsyslog/rsyslog/blob/master/platform/redhat/centos/rsyslog.service Steve. ps.Seems it's a small world, I believe I had the pleasure in taking over from you at a common previous employer using rock linux.
Re: [gentoo-user] Strategies for testing an ebuild
I've had my own overlay for a while, maintaining my own versions of plex, new relic and even some removed packages that I use. Until the the other day I was just making sure they install and work for myself, I have now discovered repoman and have several issues which actually need tidying up. On top of this I store this in a private gitlab install so am now looking at CI/CD to automate the testing, but at this point I'm at the point of creating my own gentoo docker image with various things pre-installed to start serious check/test/install of new ebuilds. Steve. On 20/10/2020 19:01, Anton wrote: Hi there, I am taking on maintaining a package in gentoo-sci overlay. What are good ways to test that my ebuild works before creating a pull request? I am thinking to install a Gentoo Prefix, snapshot its "vanilla" state, and run `emerge $mypackage` in the vanilla Prefix as a test. Are there better strategies? Thanks, Anton
Re: [gentoo-user] [SOLVED] Upgrade to rsync-3.2.0-r1 results in "didn't get server startup line"
On 2020-06-30 20:35, Steve Freeman wrote: I have a local gentoo repo mirror that has been running well for years. It is essentially the same setup as described at https://wiki.gentoo.org/wiki/Local_Mirror except that it runs on a non-default port. After upgrading to net-misc/rsync-3.2.0-r1 (from rsync-3.1.3), I can no longer emerge --sync from my clients. I receive messages such as: # emerge --sync >>> Syncing repository 'gentoo' into '/var/db/repos/gentoo'... >>> Starting rsync with rsync://10.10.10.10:5873/gentoo-portage... >>> Checking server timestamp ... opening tcp connection to 10.10.10.10 port 5873 Connected to 10.10.10.10 msg checking charset: UTF-8 sending daemon args: --server --sender -lWtprze.iLsfxCIv --timeout=180 --safe-links --inplace . gentoo-portage/metadata/timestamp.chk (8 args) rsync: didn't get server startup line [Receiver] _exit_cleanup(code=5, file=main.c, line=1777): entered rsync error: error starting client-server protocol (code 5) at main.c(1777) [Receiver=3.2.0] [Receiver] _exit_cleanup(code=5, file=main.c, line=1777): about to call exit(5) [SNIPPED] According to this page: https://www.lagerhaus128.ch/?p=1281 there appears to be a bug in rsync 3.2.0 and 3.2.1 involving transfer logging. He provides two workarounds in /etc/rsyncd.conf. Both worked for me. 1) Disable transfer logging (commenting out "transfer logging = yes" fixed my issue). 2) Set a log format, for example "log format = %t %a %m %f %b". This is the option I chose. I wanted to pass this on in case someone else runs into the problem. Cheers. -Steve Freeman
[gentoo-user] Upgrade to rsync-3.2.0-r1 results in "didn't get server startup line"
I have a local gentoo repo mirror that has been running well for years. It is essentially the same setup as described at https://wiki.gentoo.org/wiki/Local_Mirror except that it runs on a non-default port. After upgrading to net-misc/rsync-3.2.0-r1 (from rsync-3.1.3), I can no longer emerge --sync from my clients. I receive messages such as: # emerge --sync >>> Syncing repository 'gentoo' into '/var/db/repos/gentoo'... >>> Starting rsync with rsync://10.10.10.10:5873/gentoo-portage... >>> Checking server timestamp ... opening tcp connection to 10.10.10.10 port 5873 Connected to 10.10.10.10 msg checking charset: UTF-8 sending daemon args: --server --sender -lWtprze.iLsfxCIv --timeout=180 --safe-links --inplace . gentoo-portage/metadata/timestamp.chk (8 args) rsync: didn't get server startup line [Receiver] _exit_cleanup(code=5, file=main.c, line=1777): entered rsync error: error starting client-server protocol (code 5) at main.c(1777) [Receiver=3.2.0] [Receiver] _exit_cleanup(code=5, file=main.c, line=1777): about to call exit(5) The rsyncd server shows a successful connection in the logs, and it even logs "rsync allowed access on module gentoo-portage". I've tried turning up the verbosity on both the server and client, but it doesn't really change much. Googlies such as "rsync didn't get server startup line" have turned up nothing useful at all. The rsync 3.2.0 changelog didn't help me either ( https://download.samba.org/pub/rsync/NEWS#3.2.0 ), but I suspect there must be a clue here. If I roll the server version back to rsync-3.1.3, it performs normally. Upgrading the server again to rsync-3.2.0-r1 causes it to break again. Client version appears to be irrelevant. Running rsync as a non-daemon appears to work fine regardless of server/client versions; it's only rsyncd that fails. With no useful logs or output, I'm finding this impossible to diagnose. Does anyone have any ideas? Thanks, Steve Freeman
Re: [gentoo-user] Update Gentoo recently is becoming difficult
On Tue, 12 May 2020 20:54:58 +0300 Joachim Gwoke wrote: > Been having trouble with mainly calibre 4.9.1-r2 and have since kept > it out of any emerges. Otherwise everything is alright with python > 3.7 on my side > calibre 4.9.1-r2 works fine for me with Python 3.7. What trouble have you been having? Steve
Re: [gentoo-user] USB sound
On Fri, 1 May 2020 19:42:54 +0100 Steve Evans wrote: > On Fri, 1 May 2020 09:34:56 -0700 > Mark Knecht wrote: > > > On Fri, May 1, 2020 at 12:33 AM Peter Humphrey > > wrote: > > > > > > On Wednesday, 29 April 2020 20:37:23 BST Michael wrote: > > > > On Wednesday, 29 April 2020 16:24:31 BST Peter Humphrey wrote: > > > > > > > > Have I to go the PulseAudio route after all? > > > > > > > > You do not *have to*, but if you find the PulseAudio server and > > > > > > associated > > > > GUI/CLI tools are convenient for you, then you can set up > > USE=pulseaudio and > > > > use that to mix your sound sinks and sources devices with. > > > > > > > > As Canek has already posted in most cases it just works. > > > > However, I > > must > > > > confess I had a spate of pa processes racing up to 100% CPU and > > > > > > annoyingly > > > > respawning each time I tried to kill it. An update eventually > > > > fixed > > this > > > > problem and it worked fine ever since. > > > > > > Well, after setting USE=pulseaudio and emerging uaDvN @world, > > > sound has reappeared. I haven't tried multiple sources yet, but - > > > one thing at a > > time. > > > Web-cam next, in between recommissioning other boxes with my new > > display-port > > > KVM. I'm getting too old and stiff for this. :( > > > > > > > I'm glad you made forward progress! > > > > QUESTION: I'm curious as to whether your Gentoo and my Kubuntu > > systemsettings are more similar. Did adding the pulseaudio flag > > create the Sound->Multimedia section with an 'Audio volume' area? If > > so that area, if working like mine, would show where you can send > > sound, allow you to enable/disable individual devices and set > > relative volumes, etc. Also, did it build pavucontrol or some > > version of it? If so that app is almost identical to my Multimedia > > section but adds VU meters so you can watch multiple apps > > generating audio, etc. I find it helpful when things don't go > > exactly as I expected. > > > > On my Gentoo system the KDE System Settings->Multimedia used to have > the device priority section, but no longer does. However a search > found another application called "Phonon Audio and Video" which > displays the device priority. So maybe it has been moved from the > System Settings in a recent version of KDE. This is with Plasma > version 5.17.5. > > Further investigation reveals that Kmix has an option "Audio Setup..." > that does nothing, but examining xorg-session.log it outputs the > error > >Could not find module 'kcm_phonon'. See kcmshell5 --list for the >full list of modules. > > which suggests a bug where either kcm_phonon should exist or kmix > should not use it. > I found some more information. The Phonon KCM module was removed on July 21st 2019, see https://phabricator.kde.org/D22616. It is replaced by plasma-pa, which is a pulseaudio applet. Documentation at https://docs.kde.org/trunk5/en/kde-workspace/kcontrol/plasma-pa/index.html#plasmoid suggests that it supplies a control module that has devices in it. So I suspect that rebuilding KDE with pulseaudio enabled will result in the resurrection of the ability to select devices in KDE. Steve -- Steve EvansE-mail: mailto:ste...@gorbag.com Registered Linux user #217906: http://counter.li.org Public Encryption Key: http://www.gorbag.com/public-key.html 5.4.28-gentoo Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz GNU/Linux 20:48:55 up 7 days, 12:07, 4 users, load average: 0.10, 0.48, 0.43 You have a tendency to feel you are superior to most computers.
Re: [gentoo-user] USB sound
On Fri, 1 May 2020 09:34:56 -0700 Mark Knecht wrote: > On Fri, May 1, 2020 at 12:33 AM Peter Humphrey > wrote: > > > > On Wednesday, 29 April 2020 20:37:23 BST Michael wrote: > > > On Wednesday, 29 April 2020 16:24:31 BST Peter Humphrey wrote: > > > > > > Have I to go the PulseAudio route after all? > > > > > > You do not *have to*, but if you find the PulseAudio server and > associated > > > GUI/CLI tools are convenient for you, then you can set up > USE=pulseaudio and > > > use that to mix your sound sinks and sources devices with. > > > > > > As Canek has already posted in most cases it just works. > > > However, I > must > > > confess I had a spate of pa processes racing up to 100% CPU and > annoyingly > > > respawning each time I tried to kill it. An update eventually > > > fixed > this > > > problem and it worked fine ever since. > > > > Well, after setting USE=pulseaudio and emerging uaDvN @world, sound > > has reappeared. I haven't tried multiple sources yet, but - one > > thing at a > time. > > Web-cam next, in between recommissioning other boxes with my new > display-port > > KVM. I'm getting too old and stiff for this. :( > > > > I'm glad you made forward progress! > > QUESTION: I'm curious as to whether your Gentoo and my Kubuntu > systemsettings are more similar. Did adding the pulseaudio flag > create the Sound->Multimedia section with an 'Audio volume' area? If > so that area, if working like mine, would show where you can send > sound, allow you to enable/disable individual devices and set > relative volumes, etc. Also, did it build pavucontrol or some version > of it? If so that app is almost identical to my Multimedia section > but adds VU meters so you can watch multiple apps generating audio, > etc. I find it helpful when things don't go exactly as I expected. > On my Gentoo system the KDE System Settings->Multimedia used to have the device priority section, but no longer does. However a search found another application called "Phonon Audio and Video" which displays the device priority. So maybe it has been moved from the System Settings in a recent version of KDE. This is with Plasma version 5.17.5. Further investigation reveals that Kmix has an option "Audio Setup..." that does nothing, but examining xorg-session.log it outputs the error Could not find module 'kcm_phonon'. See kcmshell5 --list for the full list of modules. which suggests a bug where either kcm_phonon should exist or kmix should not use it. Steve -- Steve EvansE-mail: mailto:ste...@gorbag.com Registered Linux user #217906: http://counter.li.org Public Encryption Key: http://www.gorbag.com/public-key.html 5.4.28-gentoo Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz GNU/Linux 19:28:29 up 7 days, 10:47, 4 users, load average: 0.17, 0.39, 0.35
Re: [gentoo-user] PHP 7.4 and dev-php/pecl-apcu-5.1.18
On 2020-04-18 22:01, Ashley Dixon wrote:
On Sat, Apr 18, 2020 at 09:45:44PM -0500, Dale wrote:
I seem to have been on the right track but couldn't figure out where
to
go with the next step. At times, I just have to ask for help. The
output of emerge is cryptic for sure. Of course, I know nothing about
PHP since I don't use it here.
The output of emerge isn't necessarily cryptic; it's just concise,
and the
documentation describing its output is phenomenal. `man emerge` has
a rather
intuitive table of all symbols relating to USE flags:
Symbol LocationMeaning
──
-prefix not enabled (either disabled or removed)
*suffix transition to or from the enabled state
%suffix newly added or removed
() circumfix forced, masked, or removed
{} circumfix state is bound to FEATURES settings
On Sat, Apr 18, 2020 at 09:17:01PM -0500, Steve Freeman wrote:
I did not see anything in my output that made think "~amd64". How on
earth
did you figure that out? I would love to know. :-)
In Steve's case, the `(php7-4)`, as he suspected, indicates that the
`php7-4`
flag was "forced, masked, or removed". It clearly wasn't forced or
removed, so I
checked the base profile package.use.stable.mask to find the following
addition
from Brian Evans, made 27/02/2020, referencing bugs #706180 and
#710942 (the
former of which explicitly refers to pecl-apcu).
# Brian Evans (2020-02-27)
# Two packages are delayed during stable of PHP 7.4
# arm, arm64 and hppa necessary to not disruput consistency
# but this will allow all other packages to be used
# Bug 706180, 710942
dev-php/pecl-apcu php_targets_php7-4
dev-php/pecl-yaz php_targets_php7-4
The commit can be viewed on-line at [1].
Hope this helps,
Ashley.
[1]
https://gitweb.gentoo.org/repo/gentoo.git/commit/profiles/base/package.use.stable.mask?id=4b3ffbad63031773ffbc04eff329c6986fb194a3
Thank you very much for taking time to explain. I have learned
something today. :-) Much obliged for the help.
Steve
Re: [gentoo-user] PHP 7.4 and dev-php/pecl-apcu-5.1.18
On 2020-04-18 20:42, Dale wrote: Steve Freeman wrote: I am trying to eliminate PHP 7.3 from my system. But I am having trouble building dev-php/pecl-apcu-5.1.18 with support for PHP 7.4. I am getting confusing output regarding whether pecl-apcu can be built with PHP 7.4 support. It is working just fine with PHP 7.3 (until I changed eselect php to 7.4, which broke things as I expected). Currently installed are: # equery l php pecl-apcu * Searching for php ... [IP-] [ ] dev-lang/php-7.3.17:7.3 [IP-] [ ] dev-lang/php-7.4.5:7.4 * Searching for pecl-apcu ... [IP-] [ ] dev-php/pecl-apcu-5.1.18:7 # grep PHP_TARGETS /etc/portage/make.conf PHP_TARGETS="php7-4" # eselect php list cli [1] php7.3 [2] php7.4 * # eselect php list apache2 [1] php7.3 [2] php7.4 * The other eselect PHP modules are not set. When I try to re-emerge pecl-apcu, I get output which confuses me: # emerge -pv pecl-apcu These are the packages that would be merged, in order: Calculating dependencies / !!! Problem resolving dependencies for dev-php/pecl-apcu ... done! !!! The ebuild selected to satisfy "pecl-apcu" has unmet requirements. - dev-php/pecl-apcu-5.1.18::gentoo USE="lock-pthreadrw mmap -lock-pthreadmutex -lock-semaphore -lock-spinlock" PHP_TARGETS="(-php7-1) -php7-2 -php7-3 (-php7-4)" The following REQUIRED_USE flag constraints are unsatisfied: any-of ( php_targets_php7-1 php_targets_php7-2 php_targets_php7-3 php_targets_php7-4 ) The above constraints are a subset of the following complete expression: exactly-one-of ( lock-pthreadmutex lock-pthreadrw lock-spinlock lock-semaphore ) any-of ( php_targets_php7-1 php_targets_php7-2 php_targets_php7-3 php_targets_php7-4 ) If I understand correctly, PHP_TARGETS="(-php7-1) -php7-2 -php7-3 (-php7-4)" above means that I cannot use 7.1 nor 7.4 (correct me if I'm wrong). But I do not understand why, since all four versions of PHP are listed in the REQUIRED_USE line underneath. Another thing that confuses me is that PHP 7.4 isn't even listed in the output below (neither enabled nor disabled, but missing entirely): # equery u pecl-apcu [ Legend : U - final flag setting for installation] [ : I - package is installed with flag ] [ Colors : set, unset ] * Found these USE flags for dev-php/pecl-apcu-5.1.18: U I - - lock-pthreadmutex : Enable pthread mutex locking + + lock-pthreadrw : Enable pthread read/write locking - - lock-semaphore : Enable semaphore locks instead of fcntl - - lock-spinlock : Enable spin locks (EXPERIMENTAL) + + mmap : Add mmap (memory map) support - - php_targets_php7-2 : Build against PHP 7.2 - + php_targets_php7-3 : Build against PHP 7.3 However, all four PHP versions seem to be supported by the ebuild, dev-php/pecl-apcu-5.1.18.ebuild: USE_PHP="php7-1 php7-2 php7-3 php7-4" Can anyone explain why php7-4 is either disallowed or missing, when the ebuild seems to allow it? Thanks. First, my emerge output decoder ring isn't that great. There are a few on this list that can decode it pretty well, I'm not one of them but I try. ;-) This is the interesting bit to me. !!! The ebuild selected to satisfy "pecl-apcu" has unmet requirements. - dev-php/pecl-apcu-5.1.18::gentoo USE="lock-pthreadrw mmap -lock-pthreadmutex -lock-semaphore -lock-spinlock" PHP_TARGETS="(-php7-1) -php7-2 -php7-3 (-php7-4)" The following REQUIRED_USE flag constraints are unsatisfied: any-of ( php_targets_php7-1 php_targets_php7-2 php_targets_php7-3 php_targets_php7-4 ) The above constraints are a subset of the following complete expression: exactly-one-of ( lock-pthreadmutex lock-pthreadrw lock-spinlock lock-semaphore ) any-of ( php_targets_php7-1 php_targets_php7-2 php_targets_php7-3 php_targets_php7-4 ) Note in the first part it has PHPTARGETS= and that php7-4 is shown as disabled. Why is that? Is it disabled in package.use or do you have to manually enable it in package.use? Since the others are also disabled, is that setting correct somehow?? The way it shows it, all PHP is disabled which doesn't make sense to me. I'd do a grep -r php /etc/portage/ and see if it shows some old entry that needs to be changed or even removed, or possibly one added. One thing I've done and seen other post about, double entries. You add a entry at the top of a file and there is a older entry further down. Whichever emerge reads last is the one it uses. It tends to ignore the previous entry. If you forget the old one is there, it makes your brain go wonky. It doesn't help emerge either. Also, equery list -p may prove helpful if this reply or someone with a better decoder ring doesn't come up with a hint. Hope that helps, given my decoder ring is not great. lol Dale :-) :-) Good suggestion. I didn't have anything like that. Over the years, I've
Re: [gentoo-user] PHP 7.4 and dev-php/pecl-apcu-5.1.18
On 2020-04-18 20:36, Ashley Dixon wrote: On Sat, Apr 18, 2020 at 08:22:26PM -0500, Steve Freeman wrote: Can anyone explain why php7-4 is either disallowed or missing, when the ebuild seems to allow it? You need to allow the ~amd64 keyword (assuming that is your architecture) and explicitly define the value of the PHP_TARGETS symbol. Try the following line, and amend your package.accept_keywords and make.conf if it works as expected. ACCEPT_KEYWORDS="~amd64" PHP_TARGETS="php7-4" emerge -atv dev-php/pecl-apcu Based on your suggestion, I simply added the following line to /etc/portage/package.accept_keywords: =dev-php/pecl-apcu-5.1.18 ~amd64 It worked like a champ. Thank you very much! I did not see anything in my output that made think "~amd64". How on earth did you figure that out? I would love to know. :-)
[gentoo-user] PHP 7.4 and dev-php/pecl-apcu-5.1.18
I am trying to eliminate PHP 7.3 from my system. But I am having trouble building dev-php/pecl-apcu-5.1.18 with support for PHP 7.4. I am getting confusing output regarding whether pecl-apcu can be built with PHP 7.4 support. It is working just fine with PHP 7.3 (until I changed eselect php to 7.4, which broke things as I expected). Currently installed are: # equery l php pecl-apcu * Searching for php ... [IP-] [ ] dev-lang/php-7.3.17:7.3 [IP-] [ ] dev-lang/php-7.4.5:7.4 * Searching for pecl-apcu ... [IP-] [ ] dev-php/pecl-apcu-5.1.18:7 # grep PHP_TARGETS /etc/portage/make.conf PHP_TARGETS="php7-4" # eselect php list cli [1] php7.3 [2] php7.4 * # eselect php list apache2 [1] php7.3 [2] php7.4 * The other eselect PHP modules are not set. When I try to re-emerge pecl-apcu, I get output which confuses me: # emerge -pv pecl-apcu These are the packages that would be merged, in order: Calculating dependencies / !!! Problem resolving dependencies for dev-php/pecl-apcu ... done! !!! The ebuild selected to satisfy "pecl-apcu" has unmet requirements. - dev-php/pecl-apcu-5.1.18::gentoo USE="lock-pthreadrw mmap -lock-pthreadmutex -lock-semaphore -lock-spinlock" PHP_TARGETS="(-php7-1) -php7-2 -php7-3 (-php7-4)" The following REQUIRED_USE flag constraints are unsatisfied: any-of ( php_targets_php7-1 php_targets_php7-2 php_targets_php7-3 php_targets_php7-4 ) The above constraints are a subset of the following complete expression: exactly-one-of ( lock-pthreadmutex lock-pthreadrw lock-spinlock lock-semaphore ) any-of ( php_targets_php7-1 php_targets_php7-2 php_targets_php7-3 php_targets_php7-4 ) If I understand correctly, PHP_TARGETS="(-php7-1) -php7-2 -php7-3 (-php7-4)" above means that I cannot use 7.1 nor 7.4 (correct me if I'm wrong). But I do not understand why, since all four versions of PHP are listed in the REQUIRED_USE line underneath. Another thing that confuses me is that PHP 7.4 isn't even listed in the output below (neither enabled nor disabled, but missing entirely): # equery u pecl-apcu [ Legend : U - final flag setting for installation] [: I - package is installed with flag ] [ Colors : set, unset ] * Found these USE flags for dev-php/pecl-apcu-5.1.18: U I - - lock-pthreadmutex : Enable pthread mutex locking + + lock-pthreadrw : Enable pthread read/write locking - - lock-semaphore : Enable semaphore locks instead of fcntl - - lock-spinlock : Enable spin locks (EXPERIMENTAL) + + mmap : Add mmap (memory map) support - - php_targets_php7-2 : Build against PHP 7.2 - + php_targets_php7-3 : Build against PHP 7.3 However, all four PHP versions seem to be supported by the ebuild, dev-php/pecl-apcu-5.1.18.ebuild: USE_PHP="php7-1 php7-2 php7-3 php7-4" Can anyone explain why php7-4 is either disallowed or missing, when the ebuild seems to allow it? Thanks.
Re: [gentoo-user] Software for checking CDs and DVDs for errors?
On 12/4/18 3:31 AM, Joerg Schilling wrote: Dale wrote: So as usual, they are not very Linux friendly. Figures. I was hoping The main problem with Linux is that the drivers at SCSI level in the kernel are worse than they could be, so if you like to get better results, you should encourage the kernel people to do their homework. One of the biggest problem on Linux is e.g. that the SCSI drivers only return 16 bytes of error information, but the standard says that the error information contains at least 18 bytes. That's good to know. Are there any open source OSes that do it properly? I'd love to look at their code.
Re: [gentoo-user] Software for checking CDs and DVDs for errors?
On 12/14/18 3:31 AM, Joerg Schilling wrote: Steve Dibb wrote: On 12/3/18 9:27 AM, Pouru Lasse wrote: I've got a bunch of scratched disc-based games (PS2, Xbox 360) that I'd like to check for errors. Is there any program for Linux that does this? I found and tried dvdisaster, but it only works for CDs, not DVDs. Everything else seems to be Windows-only. - Lasse For DVDs, I use ddrescue. Keep a log of it as well in case you want to do a second pass or just see where it's puking. Use its blocksize of 2048: ddrescue -b 2048 /dev/sr0 dvd.iso ddrescue.log readcd is better for any optical media as it is able to directly send SCSI commands. Note that readcd implements the error recovery from sdd(1), that exists since 35 years and I also prefer for normal disks. That's way cool to know. MakeMKV does the same thing - it rips stuff directly using SCSI commands, and you have to have SCSI generic driver support (/dev/sg*) enabled in the kernel for it to work. With software that operates at block driver level, you depend on the error recovery features from the OS driver. OS driver, do you mean for SCSI in Linux or the driver for that ATA chipset?
Re: [gentoo-user] Software for checking CDs and DVDs for errors?
On 12/3/18 9:27 AM, Pouru Lasse wrote: I've got a bunch of scratched disc-based games (PS2, Xbox 360) that I'd like to check for errors. Is there any program for Linux that does this? I found and tried dvdisaster, but it only works for CDs, not DVDs. Everything else seems to be Windows-only. - Lasse For DVDs, I use ddrescue. Keep a log of it as well in case you want to do a second pass or just see where it's puking. Use its blocksize of 2048: ddrescue -b 2048 /dev/sr0 dvd.iso ddrescue.log dvdbackup comes with some error handling on reads as well where it can skip blocks, see its help output. For blurays I'd try ddrescue as well. Blocksize for those is 65536. I think. Based on your physical drive / the disc, it might whine or break because of DRM, or you can get weird read errors as well. That's why dvdbackup is best imo since it will auth the drive as well. MakeMKV can do its best to backup a disc, but I don't know how well it does at error handling: makemkvcon --minlength=0 -r backup --decrypt disc:0 . I've got plenty of broken DVDs so I've managed to rescue those okay. If you're trying to encode stuff off of them, there are cases where the encoder can handle it best and read from the disc directly and skip over bad blocks as well. Good luck.
Re: [gentoo-user] dm-crypt + ext4 = where will the journal go?
The journal is generally located on the partition in question. If the partition is encrypted the journal should also be encrypted. You can use `tune2fs -l` to list the contents of the partition's superblock which will have details on the partition such as journal location, etc... On Mon, Sep 3, 2012 at 4:20 PM, Roland Häder r.hae...@web.de wrote: Hi all, I'm currently testing dm-crypt to encrypt my whole hard drive. So far I followed this [1] guide and have to wait for the randomization part of the hard drive. In the wiki, ext4 is being used. Since ext3 a journal has been added. From my times with loop-aes I know that I have to store the journal through an encrypted loop device else it might be written on the hard drive. As of I'm new to dm-crypt and Gentoo, where will that journal now go? Any help is welcomed. :) Regards, Roland -- Sincerely, Steve Buzonas Jr.
Re: [gentoo-user] Two openvpn tunnels... and /etc/init.d et al.
On 06/07/10 06:25, Eray Aslan wrote: i.e. make a soft link to openvpn init script and make a seperate conf file with the same name as the new init script in your config directory (usually /etc/openvpn). Init script starts openvpn with the correct config file. Many thanks, works perfectly... All I need to work out now is how to get my iproute2 config for my new tunnel to come up automatically... it works from the command line. Are there any documents about migrating explicit iproute2 routing done at the command line (i,e, calling ip cmd ... several times after logging in as root) to scripts that are run at boot time (after my tunnels are up)?
Re: [gentoo-user] Two openvpn tunnels... and /etc/init.d et al.
On 06/07/10 06:25, Eray Aslan wrote: i.e. make a soft link to openvpn init script and make a seperate conf file with the same name as the new init script in your config directory (usually /etc/openvpn). Init script starts openvpn with the correct config file. Many thanks, works perfectly... All I need to work out now is how to get my iproute2 config for my new tunnel to come up automatically... it works from the command line. Are there any documents about migrating explicit iproute2 routing done at the command line (i,e, calling ip cmd ... several times after logging in as root) to scripts that are run at boot time (after my tunnels are up)?
[gentoo-user] Two openvpn tunnels... and /etc/init.d et al.
I already have one openvpn tunnel - and I need another. I've established configuration launching the second tunnel (tun1, while tun0 is launched at boot) using the command line to explicitly start openvpn. I'd really like both tunnels to start at boot time. In case it is relevant, tun0 (currently launched automatically at boot time) acts in 'server mode' (i.e. clients connect to it over TCP establishing a new tunnel) - whereas tun1 acts in 'client mode' - well, as much as that makes sense for UDP, establishing a single tunnel to a remote server. What's the recommended gentoo way to launch two openvpn instances? (I assume that's what's required...)
Re: [gentoo-user] Routing with gentoo...
On 17/06/2010 08:26, Rod wrote: Check out iproute * sys-apps/iproute2 Latest version available: 2.6.31 Latest version installed: 2.6.31 Size of files: 363 kB Homepage: http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2 Description: kernel routing and traffic control utilities License: GPL-2 It certainly looks relevant - though I've not previously come across this... This will allow you to control the flow of packets, so packets from Interface 1 will go back out the same interface. I'm less clear about this bit... I don't suppose you can point me at a how-to for the configuration of this? This is used in conjunction with iptables, as iptables is the firewall, and iproute is the packet classifyer/handler While rusty, I think I can do the iptables stuff... I've definitely done similar things with it before. I was using this when I had 2 Internet accounts, a slow speed ADSL with static IP, and a cable BB one for the usual stuff (dynamic IP) My situation is vaguely similar... I've one high-speed link at home with only dynamic IP - and I've got rack-mounted server with multiple static IPs, one of which I want to use from home in order to run a mail-server, revision control service and various web-services... keeping all the data on hardware I physically control... access is always encrypted - so I retain my privacy, no matter what happens to my remotely hosted service (including packet-sniffing etc.) and the worst case scenario is denial of service - which is an acceptable risk. While I've established the tunnel, I'm tearing my hair out trying to configure routing so that only remote access to services on my home box (and not my home box's web-browsing etc.) are routed over the VPN. I'm sure it has to be more straightforward than it appears. :-S
[gentoo-user] Routing with gentoo...
OK, I admit it, this is more of a Linux networking challenge, but it's one I want to resolve under gentoo. I have two network interfaces - eth0 and tun0 - and both are (somehow) connected to the internet. When I have eth0's IP address as my default route, all my traffic is sent out via my NAT enabled router and is associated with its dynamic IP address... however, while I can receive packets on the tun0 interface, replies are sent via eth0, and that means ping doesn't work and TCP connections to tun0's publicly accessible IP address fail. When I have tun0's IP address as my default route, all my traffic (inbound and outbound TCP connections) are routed over tun0... enabling the previously precluded inbound connections on tun0's publicly accessible IP address, but which is an unnecessarily inefficient use of the (more expensive) tun0 interface for outbound connections. What I really want is for eth0 to be used all the time, except for packets associated with TCP streams that connected from remote hosts to tun0's public facing IP address - when tun0 must be used. I don't need/want to support UDP or other protocols communicating via tun0 - and TCP connections to tun0 will only arrive on a handful of ports which I can determine up front. Should I be using IPTables for this, and - if so - is there a howto addressing this scenario? Is there a better approach than IPTables?
Re: [gentoo-user] Postfix question about auth and blocklists...
On 26/05/2010 20:32, Brandon Vargo wrote:
I hope the above helps.
Thank you very much... that was very informative. Unfortunately, I now
discover I fibbed when I said I had SASL auth set up - I only thought I
had... When I correctly configure thunderbird, I get the following
postfix messages in the log:
May 27 17:06:20 ken postfix/smtpd[19973]: connect from
ur.shic.co.uk[10.0.1.253]
May 27 17:06:20 ken postfix/smtpd[19973]: warning: SASL authentication
failure: Could not open /etc/sasl2/sasldb2: gdbm_errno=5
May 27 17:06:20 ken postfix/smtpd[19973]: warning: SASL authentication
failure: Could not open /etc/sasl2/sasldb2: gdbm_errno=5
May 27 17:06:20 ken postfix/smtpd[19973]: warning: SASL authentication
failure: no secret in database
May 27 17:06:20 ken postfix/smtpd[19973]: warning:
ur.shic.co.uk[10.0.1.253]: SASL CRAM-MD5 authentication failed:
authentication failure
May 27 17:06:20 ken postfix/smtpd[19973]: NTLM server step 1
May 27 17:06:20 ken postfix/smtpd[19973]: client flags: 8207
May 27 17:06:20 ken postfix/smtpd[19973]: NTLM server step 2
May 27 17:06:20 ken postfix/smtpd[19973]: client user: myusername
May 27 17:06:20 ken postfix/smtpd[19973]: warning: SASL authentication
failure: Could not open /etc/sasl2/sasldb2: gdbm_errno=5
May 27 17:06:20 ken postfix/smtpd[19973]: warning: SASL authentication
failure: Could not open /etc/sasl2/sasldb2: gdbm_errno=5
May 27 17:06:20 ken postfix/smtpd[19973]: warning: SASL authentication
failure: no secret in database
May 27 17:06:20 ken postfix/smtpd[19973]: warning:
ur.shic.co.uk[10.0.1.253]: SASL NTLM authentication failed:
authentication failure
I'm sure I'm doing something silly - because googling the first warning
just gives me this bug http://bugs.gentoo.org/show_bug.cgi?id=299390,
which doesn't seem to fit. I have this installed:
$ eix mail-mta/postfix
[I] mail-mta/postfix
Available versions: 2.6.5 ~2.6.6 {cdb dovecot-sasl hardened ipv6
ldap mbox mysql nis pam postgres sasl selinux ssl vda}
Installed versions: 2.6.5(09:08:29 05/27/10)(ipv6 pam sasl ssl
-cdb -dovecot-sasl -hardened -ldap -mbox -mysql -nis -postgres
-selinux -vda)
Homepage:http://www.postfix.org/
Description: A fast and secure drop-in replacement for
sendmail.
If I alter thunderbird to not use secure authentication, I get the
following instead.
May 27 17:14:26 ken postfix/smtpd[20115]: connect from
ur.shic.co.uk[10.0.1.253]
May 27 17:14:26 ken postfix/smtpd[20115]: warning: SASL authentication
problem: unknown password verifier
May 27 17:14:26 ken postfix/smtpd[20115]: warning: SASL authentication
failure: Password verification failed
May 27 17:14:26 ken postfix/smtpd[20115]: warning:
ur.shic.co.uk[10.0.1.253]: SASL PLAIN authentication failed: no
mechanism available
May 27 17:14:26 ken postfix/smtpd[20115]: warning: SASL authentication
problem: unknown password verifier
May 27 17:14:26 ken postfix/smtpd[20115]: warning:
ur.shic.co.uk[10.0.1.253]: SASL LOGIN authentication failed: no
mechanism available
Which seems quite strange.
My /etc/sasl2/smtpd.conf is the default for gentoo - i.e. it contains
the single config line:
pwcheck_method:pam
I don't care if I use PAM or something else - as long as it lets me
authenticate. In the medium term, it would be best if neither IMAP nor
SMTP passwords had any relation to my system password (not that I allow
remote logins unsing it) - but, for the time being, I just want it to
let me authenticate and send from my phone.
By any chance can anyone give me any further clues?
[gentoo-user] Postfix question about auth and blocklists...
On a gentoo mailserver, I'm running Postfix 2.6.5 - and, having followed some howto or other, quite a long time ago, I have this section at the end of my main.cf: -- smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_non_fqdn_sender, reject_rbl_client sbl-xbl.spamhaus.org, reject_rbl_client list.dsbl.org, reject_rbl_client bl.spamcop.net, reject_unknown_sender_domain, reject_rhsbl_sender bogusmx.rfc-ignorant.org -- While it might not be optimal, it worked extremely well for a long time. The block lists were a godsend as I receive(d) quite a lot of spam which had threatened to bog down spamassassin. For ages, I just used my ISP's SMTP server to send, and only received on my own. I've bought a smart phone (an HTC HD2 on Windows Mobile 6.5) and need to use it to access my email on this server - both via mobile and Wi-Fi connectivity. The IMAP(s) side works OK for my inbox (after a few dovecot tweaks) - and, after a setting up SASL, I can now send email from my phone via my own SMTP server, which gateways this to my ISP... all secured by a complex password. So far, so good - and I can send email from home over Wi-Fi from my phone. The problem arises elsewhere... where I'm not connected to my local (W)LAN (i.e. where I'm not in permit_mynetworks) - where the phone reports: -- The server returned the following error message: 554 5.7.1 Service unavailable; Client host 149.254.48.170 blocked using sbl-xbl.spamhouse.org; http://www.spamhous.org/query/bl?ip=149.254.48.170 -- The block comes as no surprise as 149.254.48.170 isn't exclusively under my control - and, likely, is a vector for lots of spam - now mobile data services are cheap and difficult to trace. What I didn't expect is for my connection to be rejected even though I had the right username and password. So... the questions: * How can I alter the configuration to process email from blocked locations if and only if the client authenticates? * How can I verify that SMTP auth has been done (when connecting from my LAN) - it would be a disaster if I inadvertently created an open relay. (I don't think I have - but better safe than sorry, etc.) Thanks in advance for any replies...
Re: [gentoo-user] Problem with script calling OOCalc on amd64
On Friday 19 March 2010 19:14:21 Mick wrote: I also tried /usr/bin/oocalc, but it didn't work. :-( Try: oocalc -no-oosplash :-)
Re: [gentoo-user] Problem with script calling OOCalc on amd64
On Tuesday 23 March 2010 16:04:04 Mick wrote: Do you know why it behaves differently with -no- oosplash, when the binary installation does not seem to be bothered either way? It seems the binary package doesn't install the optional oosplash.bin program. The code responsible for the differing results lies in the last 25 lines of /usr/lib64/openoffice/program/soffice. Cheers, Steve
Re: [gentoo-user] Strategy for using SAN/NAS for storage with Gentoo...
Keith Dart wrote: I recommend setting up your server hardware on a decent mini-PC with server grade disks and installing openfiler. The openfiler uses XFS for local storage and exports NFS and CIFS (and iSCSI if you want that). http://www.openfiler.com/ It is based on rpath linux and uses a different package management system than you may be used to. But it's relatively easy to configure and maintain. Both Openfiler and FreeNas look promising from a software perspective. Conversely, I'm drawing a bit of a blank trying to find suitable hardware to run that software on. Given that all I need is iSCSI to SATA and back... for 1 drive at 100Mbps everything I can find seems massive overkill. I've been toying with the idea of abandoning being able to fire-up a vmware image to stand in for my server... and shifting to accessing raid storage over USB. It seems a lot less elegant - but it does eliminate the need for hardware to run multiple kernels... When I thought 'iscsi' - I'd hoped that I'd find a cheap external drive that supported it out-of-the-box for a pittance more than a bare drive. Was I was being hugely overly optimistic?
Re: [gentoo-user] Re: Strategy for using SAN/NAS for storage with Gentoo...
On 15/03/2010 22:29, Andrea Conti wrote: This IMHO pretty much rules out any kind of server-class hardware, which tends to be both costly and power-hungry. If you're thinking about buying used stuff, be sure to factor in the cost and difficulty of finding spares in some years' time. I'm considering neither used equipment nor 'server-class' - the workload simply doesn't demand it. Given the point above I would also stick with software RAID. ... If reliability is your primary concern, I would go for a simple RAID1 setup; Absolutely. Software raid is cheaper and implies less hardware to fail. Similarly, RAID1 minimises the total number of disks required to survive a failure. It's the only way for me to go. If you do not need data sharing (i.e. if your volumes are only mounted by one client at a time), the simplest solution is to completely avoid having a FS on the storage server side -- just export the raw block device via iSCSI, and do everything on the client. This idea is on my wavelength. Has anyone on this tried this? My concerns are: 1. Are there reliability issues surrounding this technology in Gentoo? 2. Are there any howtos about putting as much of the file-system as possible onto an iSCSI device. 3. What's the best (most lightweight) way to expose the disk as a block device. I don't want to manage three fully-fledged Linux boxes. Can (cheap) NAS devices be used to export iSCSI to Gentoo? 4. What would be the strategy to 'secure' this iSCSI device... it would be a disaster if my WiFi were cracked and my data corrupted from a non-authorised host. In my experience this also works very well with Windows clients using the free MS iSCSI initiator. That's fantastic - I had no idea that such software existed. Now, I wonder, what's the most lightweight solution to get a couple of iSCSI devices? Does it help that MS supports attaching devices this way? File systems: avoid complexity. As technically superior as it might be, in this kind of setup ZFS is only going to be resource hog and a maintenance headache; your priority should be having a rock-solid implementation and a reliable set of diagnostic/repair tools in case disaster strikes. Yes. Separate arguments for snapshot support are compelling... but there are alternatives without tackling the additional complexity. That said, the iSCSI approach would work as well with ZFS as something mundane. Snap-shots, of course, are only really valuable for non-archive data... so, in future, I could add a ZFS volume using the same iSCSI strategy.
Re: [gentoo-user] Re: Strategy for using SAN/NAS for storage with Gentoo...
On 16/03/2010 19:57, Stroller wrote: How does your system boot if your RAID1 system volume fails? The one you have grub on? I think you mentioned a flash drive, which I've seen mentioned before. This seems sound, but just to point out that's another, different, single point of failure. Well, at the moment, I don't have a RAID system... A flash drive (USB key) seems a reasonable strategy - I could even have two containing identical data - so, if the first were to fail then the second would kick in - if not automatically - then after the duff flash-drive is removed. A neat side effect of this would be to eliminate a moving part on the server - making it quieter... and the drives themselves can be located at two physically remote places on my LAN. by one client at a time), the simplest solution is to completely avoid having a FS on the storage server side -- just export the raw block device via iSCSI, and do everything on the client. ... Snap-shots, of course, are only really valuable for non-archive data... so, in future, I could add a ZFS volume using the same iSCSI strategy. If you do not need data sharing (i.e. if your volumes are only mounted Yes - I don't think I'd need sharing. It strikes me that it should be possible to have a 'live' backup server which just reads until fail-over... with a different /var/* - of course. I have wondered if it might be possible to create a large file (`dd if=/dev/zero of=/path/to/large/file` constrain at a size of 20gig or 100gig or whatever) and treat it as a loopback device for stuff like this. It's not true snapshotting (in the ZFS / BTFS sense), but you can unmount it and make a copy quite quickly. You could, but the advantage of ZFS is the efficiency of snap-shots. With your strategy I'd need to process all of the large file every time I want to make a snapshot... which, even for a mere 100gig, won't be quick.
[gentoo-user] Strategy for using SAN/NAS for storage with Gentoo...
I have recently started looking at server resilience and availability in the context of a hardware failure or hardware upgrade. I've come to the conclusion that it would be very desirable if terrabyte-scale data did not need to be restored from backup. This isn't a commercial server - so I'm interested in minimum cost approaches. With this in mind, I'm interested to discover what represents state-of-the-art from the perspective of the OS and its configuration. Issues I envisage are: * With NAS, it would be desirable to have a Linux filesystem rather than access files over CIFS - this raises further questions about protocol... is NFS as hopelessly outdated as it seems? Are there any products that offer NFS access? Are any of them secure? * With a SAN, questions of filesystem features are diminished - but questions of access protocol remain. What is best supported by gentoo? * Do any gentooists have any inexpensive hardware configurations that work especially well? Any hints or tips?
Re: [gentoo-user] Re: Strategy for using SAN/NAS for storage with Gentoo...
On 15/03/2010 15:49, Kyle Bader wrote: +1 on zfs w/ solaris for storage, just don't go cheap and get desktop disks. I have to admit, I do like the idea of ZFS, though not quite enough to justify maintaining Solaris in addition to my other infrastructure. I was thinking about something rather different entirely. I was thinking about bunging disk on my LAN and shifting as much data from local storage on my server as possible. This would mean that the server could be swapped out with minimum effort. If 'disk on the net' allowed mirroring etc. then storage could be expanded and contracted as necessary without any downtime... essentially, only my hub would then be a single-point-of-failure. I'd love to be able to run a VM on my desktop, for example, and use that as a 'stand-in' while I take-down my main server for maintenance. For this to work, I'd need to access the same file system and be able to switch responsibility for services between the two 'servers' quickly. From ages ago, I remember iSCSI being bandied about. Did that ever go anywhere (i.e. is this easy to do from Gentoo?)
Re: [gentoo-user] Re: Strategy for using SAN/NAS for storage with Gentoo...
On 15/03/2010 18:21, Stroller wrote: It's hard to be more specific without knowing your usage. Yes... I was deliberately vague to see what options came up... but I can be more specific. The budget is miniscule - and the performance demands (bandwidth and latency) are completely non-challenging. It's in this context that I'm looking for reliability and availability... and I'd like to have unix permissions working properly. Security is a moderate concern - the physical network is secured - but there is a broadband connection which exposes various services. For storage of a mere terabyte you can buy a networked storage enclosure which will accommodate two drives. These are cheap, do mirroring, will accommodate standard 1TB, 1.5TB, 2TB drives, but are probably not too fast. A cheap NAS enclosure is a definite possibility - there'd be no performance issue - though this leaves three key questions: 1) Will it support unix file-permissions and can I be (fairly sure) it will be secure if someone hacks my Wi-Fi? 2) Will I be able to put the (majority of the) gentoo filesystem on it - or will I need to have a fully booted system to connect? 3) Can I use two entirely separate devices and mirror to both? (I expect the failure of the enclosure to be at least as likely as the failure of a drive.) If you build your own server you can use software or hardware RAID. Hmmm... building my own server - I've done that in the past, but my plan is to minimize DIY with a view to minimizing the number of components that might fail. Ideally, I'd have four devices - one with a CPU and memory (the server)... booting from Flash or CD or whatever (+a replacement in the cupboard); two separate boxes with drives in them (mirrored storage); one (wired) Ethernet hub and broadband gateway. I'd connect to the network from a separate desktop/laptop to interact with it - either locally or remotely. I wouldn't get too het up about Samba / CIFS vs NFS. Samba / CIFS can be faster than NFS, even in an all-Linux environment. Other times it's not. This seems pretty much random, depending upon whom is doing the benchmarking. On an intellectual level, at least, I find neither wholly satisfying - it would be really nice to have a Linux-native network filesystem that does authentication / permissions properly. But both do work. Well the 'server' will be running Samba - and it's the back-end storage for that I'm trying to resolve. CIFS definitely looks problematic - since Unix permissions for server data are one valuable separation between publicly accessible services and my private data. NFS might be OK (it doesn't feel great) - though I *really* don't want to move from one server to two when I'm aiming for reliability. I looked at ZFS, but decided that Solaris, from a look at the HCL, was too picky over hardware. I think ZFS is great, I no longer think it's the future. My selection of cheap hardware is far wider under Linux, I can install Gentoo and just `emerge mediatomb` and stream movies to my PS3. I like ZFS, conceptually, though I don't like Solaris. I'm aware that Apple have toyed with adopting ZFS and that it is available for BSD... A *really* neat solution would be a (pair of) cheap NAS devices running an appliance distribution of BSD with ZFS - exporting a NFS mount... possibly over a VPN? Hmmm - I'm trying to avoid complexity, too. Hmmm.
Re: [gentoo-user] Apache SSL configuration gone AWOL...
Steve wrote: Firefox under Windows and Ubuntu : Secure Connection Failed An error occurred during a connection to server. Peer's certificate has an invalid signature. (Error code: sec_error_bad_signature) Weirder and weirder... when I switch to lynx, it works! Lynx remotely gives these two warnings: SSL error:no issuer was found-Continue? (y) SSL error:host(shost.shic.co.uk)!=cert(CNlocalhost)-Continue? (y) This is odd, because the CN for the certificate is shost.shic.co.uk (the same as the site name) not localhost... On gentoo, addressing the server as https://localhost/ I only get the first warning - which is absolutely true. I've tried adding certificates explicitly to Firefox and to Windows - but this doesn't make any difference. It looks very much like an Apache problem... though I've no idea what... nothing useful arises in the logs... no warnings or errors only successful page accesses from lynx are to be found. Am I the only one who's had this go wonky?
Re: [gentoo-user] Apache SSL configuration gone AWOL...
Mick wrote: I'd take that as a big broad hint that it is looking somewhere else for certificates in this release and it found default certs. +1 Check in your default apache (most likely) or vhosts configuration files that you have SSLCertificateFile and SSLCertificateKeyFile paths pointing to where your certs and private key are stored. It may be that you were not very careful with etc-update and it restored default settings? Many thanks!!! While I remain sceptical that it was etc-update that spannered my configuration, stating the obvious to me overcame this... I've still no idea what did cause this to go wrong - but... essentially, my config was looking for /etc/ssl/apache2/server.crt, while the certificates I was checking were /etc/apache2/ssl/server.crt - and similarly for the key. I'm still a little baffled about how it appeared to work previously... but I now see what is wrong - even if I'm puzzled about how I got here... I guess, one might ask if default certificates are a good idea - and, if they are - maybe we should ask why they don't work. For my purposes, however... solved! Thanks again.
[gentoo-user] Apache SSL configuration gone AWOL...
After a recent update, I restarted Apache... I host a number of trivial development servers (using named virtual hosts) and also support access to one of them over SSL. While I can access all my data over http, access by https has stopped working. I wondered if an update had made apache fussy that my old self-signed certificate didn't match the domains it was serving - so re-created new certificates to no avail. No illuminating information is written to the log files in /var/log/apache2 - but if I attempt to access the https services (which worked with my configuration prior to re-starting apache) I get various errors: Firefox under Windows and Ubuntu : Secure Connection Failed An error occurred during a connection to server. Peer's certificate has an invalid signature. (Error code: sec_error_bad_signature) IE 7: Navigation to the webpage was canceled I didn't intend to change my configuration... the only /etc/conf.d/apache2 (as far as I recall) was altered - and the APACHE2_OPTS setting is now APACHE2_OPTS=-D DEFAULT_VHOST -D PHP5 -D DAV -D INFO -D SSL -D SSL_DEFAULT_VHOST -D LANGUAGE Any ideas?
Re: [gentoo-user] Gentoo falling apart for me after either abandoning trying to install Kolab as overlay - or after upgrading to default/linux/x86/10.0
Volker Armin Hemmann wrote: yes, don't use locate. Also check the symlinks. Reset them with eselect gcc if you have to. Then try all your emerges with --tree you get a lot more helpfull output. Also, when a dependency is missing revdep-rebuilt loves to fail. You can hunt that down with --tree or just re--emerging the stuff. Thanks very much, it looks as if eselect gcc was where I needed to start. I've had to re-build gcc and then revdep-rebuild worked, and I'm working through emerge -uDNav world - which seems to be running more smoothly. I was surprised that I managed to get into such a mess so easily... but I seem to be back on track now. Thanks.
[gentoo-user] SOGo on Gentoo
I've come across SOGo [ http://www.scalableogo.org/ ] and am interested to try it... though it doesn't seem to have an ebuild in portage. Does anyone use SOGo on Gentoo, or should I consider using a different distro to trial this suite?
Re: [gentoo-user] SOGo on Gentoo
Neil Bothwick wrote:
On Mon, 28 Sep 2009 12:57:36 +0100, Steve wrote:
I've come across SOGo [ http://www.scalableogo.org/ ] and am interested
to try it... though it doesn't seem to have an ebuild in portage.
It's in the gnustep overlay.
% eix sogo
* gnustep-apps/sogo [1]
Available versions: ~*1.0_rc6 ~*1.0_rc7 ~*1.0_rc8 {debug doc}
Homepage:http://sogo.opengroupware.org/
Description: groupware server built around OpenGroupware.org
and the SOPE application server
Hmm - perhaps ignorance on my part, but I get:
% eix sogo
No matches found.
% ls -d /usr/portage/gnustep-apps/s*
/usr/portage/gnustep-apps/simpleagenda
/usr/portage/gnustep-apps/stepulator
/usr/portage/gnustep-apps/stshell
/usr/portage/gnustep-apps/sudoku
/usr/portage/gnustep-apps/systempreferences
% locate sogo
%
I guess I need to do something special to get the 'gnustep overlay'...
I've recently done my eix-sync, so that's not it.
Re: [gentoo-user] SOGo on Gentoo
Neil Bothwick wrote: On Mon, 28 Sep 2009 13:23:24 +0100, Steve wrote: I guess I need to do something special to get the 'gnustep overlay'... I've recently done my eix-sync, so that's not it. emerge layman and run eix-remote update Many thanks, I now get the same eix response as you posted... unfortunately: % emerge sogo Calculating dependencies... done! Verifying ebuild manifests !!! A file listed in the Manifest could not be found: /usr/local/portage/layman/gnustep/gnustep-libs/sope/sope-4.7_pre20090616.ebuild % ls /usr/local/portage/layman/gnustep/gnustep-libs/sope Manifest files sope-4.7_pre20080521.ebuild % It looks, at first glance, as if there's a good reason for the packages to be masked... I added gnustep-apps/sogo and gnustep-libs/sope with a ~x86 keyword, and added objc to my package.use... but had hoped to be able to try sogo without having to do too much grunging about with installation details... At the moment, I don't even know if it is suitable for my project... :)
[gentoo-user] Insane load on gentoo server - possibly clamassassin related?
Today my gentoo server that has sat happily churning my mundane (and lightweight) tasks froze and I noticed when it stopped serving DNS queries... and the server was even unresponsive from the command prompt. I rebooted and was a bit taken aback at what I found. The server currently runs, but has a load of over 60, where I'd expect a load of below 0.1. Investigations using top did not suggest that a single process was using vast amounts of processing time... but there were significantly more clamascan processes than I'd expect... and even more procmail processes -- $ ps auwx | grep clamscan | grep -v grep | wc -l 42 $ ps auwx | grep procmail | grep -v grep | wc -l 94 $ ps auwx | grep clamassassin | grep -v grep | wc -l 55 -- The first few lines from top say: -- PID USER PR NI VIRT RES SHR S %CPU %MEMTIME+ COMMAND 15451 usr 20 0 35944 33m 872 D 2.7 3.3 0:00.60 clamscan 216 root 15 -5 000 S 0.7 0.0 0:03.80 kswapd0 15116 usr 20 0 76136 15m 668 D 0.7 1.6 0:03.30 clamscan 15299 usr 20 0 2584 1224 840 R 0.7 0.1 0:04.36 top 15428 usr 20 0 61288 57m 872 D 0.7 5.7 0:01.38 clamscan 1 root 20 0 1648 196 172 S 0.0 0.0 0:00.64 init 2 root 15 -5 000 S 0.0 0.0 0:00.00 kthreadd -- The procmail configuration I've adopted hasn't changed in years... -- DEFAULT=$HOME/.maildir/ SHELL=/bin/sh MAILDIR=$HOME/.maildir :0fw * 1024000 | /usr/bin/clamassassin | /usr/bin/spamc -f -- I'm assuming that my suddenly starting to have problems with this is something to do with an update to clamd/clamassassin... I've a vague recollection that one or the other of them might have been updated when I last synchronised and emerged updates... but I can't remember. Any ideas? This isn't a heavily loaded server usually - I've more procmail processes than I usually receive in emails in an hour. Something's wrong - can anyone offer any hints? Has anyone else run into this problem? Is there a known 'quick fix'?
Re: [gentoo-user] Insane load on gentoo server - possibly clamassassin related?
Alan McKinnon wrote: Looks like you have 200 processes sitting there blocking I/O. Is there anything related in the logs? Not sure - as I'm not sure where to look, or what to look for. Your best bet is to examine emerge.log (better still - genlop) and find all recent upgrades that might affect this. Then roll them back one by one till the problem goes away. Once you know the errant package, we can start to examine diffs and see why it might behave like that. The only relevant package seems to be clamav... my emerge.log shows that I upgraded 8 packages yesterday just before 5pm - and the second of these was app-antivirus/clamav-0.95.2 - I think I simply chose to use the new configurations after issuing a dispatch-config... I didn't do anything 'adventurous'. Perhaps this might be something to do with a long-forgotten hack for clamassassin to work with clamd that might have been overwritten... (changing CLAMSCAN=/usr/bin/clamscan to CLAMSCAN=/usr/bin/clamdscan in /usr/bin/clamassassin) but this seems odd - since the date on clamassassin is 7 September 2008... and this problem with my server is very recent - it was working fine yesterday... and clamassassin hasn't been re-installed since everything worked fine - only clamav was emerged. As an interim hack, I've removed /usr/bin/clamassassin from my global procmailrc; stopped spamd; killed all the procmail and clamscan processes - and restarted postfix. This has left me with an operational server with which I can interact. It would seem very strange if I'm the only person having trouble with clamscan... in the context of what (I think) is a fairly standard postfix install.
Re: [gentoo-user] Insane load on gentoo server - possibly clamassassin related?
Jarry wrote: Might be bug in clamd/spamassassin. But it could also be you are being mail-bombed (e.g. infinite depth of compressed-in-compressed attachements). I thought about that - but I can't find an offending email with a bogus attachment if I am. I recommend to include some limit for number of clamd/spamassassin instances. Don't know if procmail has such a capability, but it is easy to control it with wrappers like amavisd-new or MailScanner... I'd assumed that clamassassin would take care of this with some sensible defaults for me... My default clamd.conf says: -- # Maximum depth directories are scanned at. # Default: 15 #MaxDirectoryRecursion 20 -- So, I'd imagine that would take care of this... conversely - it did seem a bit strange that clamassassin was configured to use clamscan not clamdscan (which would have made more sense to me) but it had been configured that way for a very long time according to the file-dates and it's only recently that things went awry for me... My procmailrc is simply how I wire in my mail delivery filters. I'd expect the filters themselves to behave sensibly... Though it came as a bit of a shock to see that my postfix user had as many processes spawned as it did... I'd always thought that the purpose of postfix was to queue mail in order that it could be processed sequentially in order to avoid this sort of problem...
Re: [gentoo-user] Web application for contact management...
Mick wrote: On Tuesday 16 June 2009, Steve wrote: So far I've not got far with either Groupware suite... they're both close - I wonder how hard it would be to tailor them... Hmmm. Have a quick look at InfoLog of eGroupware. I think that either on its own, or as it integrates with AddressBook/ProjectManager/Calendar will do more than what you want. I'll be surprised if you need to customise it at all. I have not installed this application, but from a little reading I did, it seems simply a matter of running apache/MySQL/PHP and unpacking the filesystem of egroupware under your /var/www/htdocs/egroupware or what have you. The process is similar to drupal, or any other php based website/CMS that I have come across. Gentoo helps you do this by emerging egroupware and I suspect you will then run webapp-config to configure it. I'm glad I persevered with eGroupware - it looks as if it should be superb. While I'm still only beginning the learning curve, its features do seem to be just what I was looking for. One (of many) problems I'm having, however, relate to configuration/email... At the setup phase, I get this rather un-nerving warning: Checking PEAR::Auth_SASL is installed: False PEAR::Auth_SASL is needed by: EMailAdmin, felamimail. You can install it by running: pear install Auth_SASL However, I've installed PEAR::Auth_SASL - and running the command gives me: $ pear install Auth_SASL Ignoring installed package pear/Auth_SASL Nothing to install $ pear -V PEAR Version: 1.6.2 PHP Version: 5.2.9-pl2-gentoo Zend Engine Version: 2.2.0 Running on: Linux svr 2.6.23-gentoo-r3 #5 SMP Tue Jan 8 22:41:42 GMT 2008 i686 $ I've included the pear version info because all the problems I've found via google have related to a Pear version of below 1.6.1. Stumped by why the installation test for SASL failed, I ploughed on to see where it took me. The answer to this, is as far as trying to access my (working) IMAP server... eGroupware reports: The connection to the IMAP Server failed!! NO, Authentication failed. I'm stumped as to quite what is wrong - it might be that SASL isn't working; it might be that eGroupware is having a strop that my SSL Cert for my IMAP server doesn't match the FQDN I'm using... or it might mean that I've been bamboozled about how to configure eGroupware and it needs me to configure usernames/passwords somewhere I've not found. Any hints about this would be much appreciated. On a more positive note, the address book (once I've got the hang of it) combined with Infolog (assuming it continues to behave as it appears to at the moment) are exactly what I was looking for. What's more, I'm loving the integrated document management, issue tracker - and might even make use of the timesheet facility in future. eGroupware is an excellent find... Thanks... (all I need to do now is overcome the configuration glitches...) Steve
Re: [gentoo-user] Web application for contact management...
Steve wrote: Stumped by why the installation test for SASL failed, I ploughed on to see where it took me. The answer to this, is as far as trying to access my (working) IMAP server... eGroupware reports: *The connection to the IMAP Server failed!!* NO, Authentication failed. Erm, update... having changed nothing - except using another email client to write the above email... it's started working. I'm not sure what the glitch was - as far as I'm aware I changed nothing and it suddenly started working. Next step: conquer the InfoLog... at the moment any log entry I enter seems to disappear from address-book entries. I suspect this is due to how I've tried to use it, rather than being a bug, however.
Re: [gentoo-user] Web application for contact management...
Mick wrote: Ah, may have missed it in the original post that you want multi-client access. Probably my fault... my post was mainly wild hand-waving hoping that someone would guess what I meant. :) http://www.simplecustomer.com/ No idea if it's any good, though. This is definitely looking as if it is heading in the right direction. Features I hoped I would find, but seem to be missing are: * Tagging of contacts - something a bit like a taxonomy in Drupal So, for example, I could tag Fred Bloggs as having UK residency; Occupation: Plumber - etc. and so that I could, at a later date search my contacts for a UK resident Plumber. (OK, it's a contrived example, but, hopefully, it illustrates the idea.) * Flexible search for contacts... perhaps by name, perhaps by email address; perhaps just search notes. * Good support for multiple communications technologies... including non-US addresses; skype - etc. :) * Good support for ageing data on a field-by-field basis... by this I mean that it is relevant, for example, when addresses were established, because people move home... Many thanks for the suggestions so far - they've, at the very least, helped me refine my ideas about what I want... Have you looked at egroupware/phpgroupware and even open-exchange products? As long as you are happy to run a server at home and store your social/professional networking contacts into either mysql or LDAP, one of these front ends should do what you want. No, I hadn't looked that these. I've messed about with Outlook on a corporate exchange server - and it definitely wasn't what I want... it's got a working address book - and it integrates (sort-of) with email - but falls far short of what I require as an aide memoir about people I've met... many of whom will have been introduced in person - not online, by phone or email. I think I'm going to dismiss open-exchange as pursuing the same objectives as MS exchange (that's my current perception of it...) leaving the other two systems - neither of which I'd discovered previously. Both E-Groupware and PHPgroupware look like fantastic tools - and E-Groupware looks especially slick. On the down-side, they both seem to have relatively steep learning curves relative to my primary objective... i.e. keeping notes about communications with infrequent contracts... so, for example, if I were about to meet someone from Acme Corp next week, and I remembered having met an Acme Corp director last year (but had forgotten the date; where we met; and his name...) then I'd want to be able to find this information from my contracts management system. SimpleCustomer is heading in the right direction - but I think its interface falls short of my requirements. I suspect I need to play with those groupware systems... perhaps read a book about them - if one has been written. I'm very happy to run my own server at home - in fact, I'd be worried about doing it any other way... I wouldn't want to risk contributing to a massive centralised database of personal information... :) Thanks, and - of course - I'm still interested in anecdotal hints/tips from anyone who has attempted something similar. Steve
Re: [gentoo-user] Web application for contact management...
Steve wrote: On the down-side, they both seem to have relatively steep learning curves relative to my primary objective... i.e. keeping notes about communications with infrequent contracts... so, for example, if I were about to meet someone from Acme Corp next week, and I remembered having met an Acme Corp director last year (but had forgotten the date; where we met; and his name...) then I'd want to be able to find this information from my contracts management system. SimpleCustomer is heading in the right direction - but I think its interface falls short of my requirements. Erm - freaky, I meant contacts, I think, even though I typed contracts - and that still made sense. Weird... I was definitely thinking contacts - but I guess this would be useful for establishing business contracts... :-\ So far I've not got far with either Groupware suite... they're both close - I wonder how hard it would be to tailor them... Hmmm.
Re: [gentoo-user] Web application for contact management...
Mick wrote: Have a look at sugar-crm, or any other CRM application. Of course a corporate database to manage customer info may be an overkill, but that's what you're describing, if only at a personal rather than corporate level. I agree with both of these observations. I didn't get very far looking at Sugar-CRM last time I thought about this problem... I found it rather too cumbersome and seemed to make too many assumptions about the sort of relationships I had with my contacts. For example integrated invoicing or marketing would be inappropriate for my purposes. I'm trying to manage diverse quasi-personal relationships - essentially I'm looking for a tool to help me with 'social networking' in the real world... where my biggest enemy is forgetting details about people I might only speak to annually - or less often. If running mysql, or postgresql is too much, check out the address book features of most mail clients - they usually have space for notes. You can write in there all trivia and non-trivia for each contact. I am using kmail and its address book also has custom fields that you can create as you need them. An address book search will pick up words from within any notes and custom fields too. That should hopefully do what you need. Running a DB is no hassle - I already run both MySQL and Postgres... Various unrelated requirements leave me with Windows on my desktop at the moment - so kmail isn't an ideal tool for me... I've fiddled with Thunderbird's address book but I found it rather lacking with respect to annotating contacts... it has a lack-lustre search... and it isn't client server - making it klunky if I intend to access the same data from my windows desktop; ubuntu netbook and Symbian internet-enabled mobile phone. I like the idea that a contacts management package should allow me to initiate contact - so integration with email programs - using LDAP, perhaps - would be desirable... though not necessarily essential. Joshua Murphy wrote: Well, most tools that handle that functionality I know of are full fledged CRMs, which are overkill for what you're after. You might take a look at Simple Customer though, PHP MySQL, and seems to take a less 'enterprise' centric approach. http://www.simplecustomer.com/ No idea if it's any good, though. This is definitely looking as if it is heading in the right direction. Features I hoped I would find, but seem to be missing are: * Tagging of contacts - something a bit like a taxonomy in Drupal So, for example, I could tag Fred Bloggs as having UK residency; Occupation: Plumber - etc. and so that I could, at a later date search my contacts for a UK resident Plumber. (OK, it's a contrived example, but, hopefully, it illustrates the idea.) * Flexible search for contacts... perhaps by name, perhaps by email address; perhaps just search notes. * Good support for multiple communications technologies... including non-US addresses; skype - etc. :) * Good support for ageing data on a field-by-field basis... by this I mean that it is relevant, for example, when addresses were established, because people move home... Many thanks for the suggestions so far - they've, at the very least, helped me refine my ideas about what I want... Steve
[gentoo-user] Web application for contact management...
I am looking for a web-application to manage contacts... but I'm not looking for just an address book... I guess this isn't especially gentoo, but I'd ideally like to run a server on my gentoo box, so I hope I can be forgiven for asking here. Personally, I'm absolutely awful at remembering people's names or dates... I'm not so bad at remembering their jobs; where I met them; their opinions about cuisine or cars etc. etc. The snag I find is that I tend to forget the details that would be most useful to remember - while I remember all the trivia. I forget when I last spoke to occasional acquaintances - and about details that don't mean much to me at the time... for example, about spouses or partners if I meet in a work environment. What I'm looking for is some software to help me to collate details about my occasional contacts... the idea being that if I expect to meet someone I've not met for a while, I've an aide memoir about whom introduced me - and the last time we spoke. Does anyone know of any application to do this? An open-source web-application would be perfect as it would allow me to run a private server - hence eliminating potential security and privacy concerns - while making the information available independent of the kit I have on my desk. Key features would include some sort of standard form to help jog my memory to enter details I might forget - while being flexible enough not to try and pigeon-hole the people I meet. Any suggestions? Any good experiences? I guess I could even pay for an application like this - if it was good... though not a lot, of course, since this would be a personal purchase. Ideas?
Re: [gentoo-user] A networking question...
Mick wrote: An adaptor can have more than one public IP address (multi-homing) and you can use something like: ifconfig eth0:0 192.168.0.2 netmask 255.255.255.0 up to set them up (increment eth0:1, eth0:2, etc accordingly). However, if your SSL vhost is listening on a random port you don't need binding of many addresses to one NIC. You can use the same ip address. This is the essential bit I was missing, I think. I knew it was possible to set up multi-homing (as I'd seen it on other systems) but I'd forgotten what it was called... and that made searching for documentation, erm, hard... though even knowing the term hasn't given me a slam-dunk search result through google. I presume I need to fiddle with /etc/conf.d/net - somehow - in order to convince /etc/init.d/net.eth0 to do what I need. Other than vhost I guest you can run a second instance by reading section 5 here (but I'm not sure you need to do that anyway): http://www.gentoo.org/proj/en/php/php4-php5-configuration.xml That's all helpful material - suggesting, at least, that there's no neat gentoo-specific one-liner to achieve the two instances I need... plus it highlights specific problems I might have with interactions between PHP in my two instances. Hmmm... I hadn't anticipated that... frustrating. I guess the other route I could consider would be virtualisation - establishing a completely separate installation... at least that way I could be sure that no aspect of my 'alive' system could impact the configuation of my development system... allowing me maximum confidence that I know what's needed when I come to deploy. Somewhat frustratingly, this seems to be morphing into a considerably more involved problem than I'd envisaged. ;)
Re: [gentoo-user] A networking question...
Anthony Metcalf wrote: *That* depends on the exact specifics of what he is/isn't allowed to be showing.They may not even want the service to show as existing at that address for whatever reason. Thanks for all your discussion... I'll try to clarify - the PPP over SSH approach does seem to offer the best compromise. I've a development site which hosts https and http services for existing applications both remotely and locally. I'm developing an entirely new https service under Apache and want to be absolutely sure that I get no unexpected interactions between configurations for live services and the experimental in-development service - and I definitely don't want a random member of the public stumbling across the in-development site - which might expose unacceptable vulnerabilities as rough-cuts of code are trialled. It is entirely acceptable for any host on my LAN to access the in-development service. I want to allow collaborators to access the in-development service remotely over a SSH tunnel from their LAN, too (where I'm also not concerned about abuse...) The snag I'm finding at the moment I'm sure I'll overcome... and relates to access from my LAN. While I can sort-of see how to establish a new device with a new IP address on the remote LAN (with SSH and pppd) I'm not sure how to establish a second IP address for my single Ethernet adaptor to make this work on my LAN (though I'm sure it is do-able...) I'm also curious to discover if there is a neat Gentooish way to establish my two instances of Apache. I'm broadly familiar to doing this a hackish way - but I'd prefer it plays nicely with any emerge updates.
[gentoo-user] A networking question...
I've a gentoo box sat behind a firewall - it runs a apache and sshd with holes punched through NAT to allow remote access. It runs DHCP and DNS services for my LAN. I would like to run a second instance of apache on a fresh IP address - to simulate a hosted environment supporting https. I need to be able to access my second apache locally by URL on my LAN (which I can map however I chose using my DNS config.) I also need to be able to access this second apache from a remote site (assume gentoo again, for simplicity) over an SSL tunnel - even if the remote server already runs apache doing something else again. It isn't acceptable for the second apache to be accessible publicly. It's also unacceptable I'm think I probably want a VPN (or similar) - or maybe some sort of virtual network interface similar to those employed by VMWare for virtualisation... coupled with PPP over my ssh tunnel. Can anyone give me any hints - or, ideally, a link to a how-to? Thanks... Steve
Re: [gentoo-user] A networking question...
Sascha Hlusiak wrote: The easiest thing would probably be to just use ssh port forwarding because you already have all the pieces running anyway. Wouldn't a simple ssh -L 12345:secondapache:https u...@remotessh and the browsing to https://localhost:12345 do the trick? Or you could use a pppd over ssh vpn, yes, but that is a bit more complex. - Sascha I really want to avoid having to access a non-standard port from the URLs - I want to use the final URLs exactly as they will be once the in-development website is eventually deployed. Can you recommend a 'how-to' for the pppd over ssh approach?
[gentoo-user] Syslog-ng using a spectacular amount of CPU time... (I'm using sshguard)
Has anyone any ideas? The syslog-ng is the usually the first line
reported by top:
4097 root 20 0 3120 1060 708 R 48.3 0.1 677:46.38 syslog-ng
The files in /var/log seem to be growing at an expected slow pace and
aren't reporting anything unexpected. I followed a 'howto' and have
sshguard running. This (comments stripped) is what I have in
/etc/syslog-ng/syslog-ng.conf
options {
chain_hostnames(off);
sync(0);
stats(43200);
};
source src {
unix-stream(/dev/log max-connections(256));
internal();
file(/proc/kmsg);
};
destination messages { file(/var/log/messages); };
destination console_all { file(/dev/tty12); };
log { source(src); destination(messages); };
log { source(src); destination(console_all); };
destination authlog { file(/var/log/auth.log); };
destination authlog { file(/var/log/auth.log); };
filter f_authpriv { facility(auth, authpriv); };
log { source(src); filter(f_authpriv); destination(authlog); };
filter sshlogs { facility(auth, authpriv) and match(sshd); };
destination sshguardproc {
program(/usr/local/sbin/sshguard
template($DATE $FULLHOST $MESSAGE\n));
};
log { source(src); filter(sshlogs); destination(sshguardproc); };
Re: [gentoo-user] Syslog-ng using a spectacular amount of CPU time... (I'm using sshguard)
Steve wrote: Do others get this behaviour - is this a bug in syslog-ng? Sorry for the multiple posts... a slight error on my part. The sshguard process wasn't running - a /bin/sh process trying to spawn it was running (there was no link from /usr/local... to the binary) and when the binary failed to execute - syslog-ng got itself into a tiz. Everything seems to work fine when I correct the path to the program. Problem solved - but, I guess, this is a flaw in syslog-ng... I'd have hoped it would generate an error message rather than behave as it did.
Re: [gentoo-user] Syslog-ng using a spectacular amount of CPU time... (I'm using sshguard)
Sebastian Günther wrote: program() only takes 1 argument: the programname. There aren't two arguments (no comma) - and, yes, the syntax is odd - but it is exactly what is given by the sshguard man page - and seems to be confirmed by the syslog-ng manual, too. BTW: Just curious: you do not use the sshguard from portage, or why is it a /usr/local/sbin? That was my error (a really dumb one!) I'd assumed that the binary from portage was running - whereas my process list showed /bin/sh failing to run a non-existent program. I guess the man page could be improved for gentoo by giving an example using the default install location for sshguard - but that's a very minor issue. I'd expected better error reporting by syslog-ng for a faulty configuration - ho-hum.
Re: [gentoo-user] Syslog-ng using a spectacular amount of CPU time... (I'm using sshguard)
Alan McKinnon wrote: In short: top lies, On this occasion, top was telling the truth. ;)
[gentoo-user] Solid state disks...
I'm playing around with an application that requires me to manage a large (multi-gigabyte to terabyte), bespoke, frequently-updating data structure in real-time... key concerns are for durability and efficiency. While a traditional approach might be to employ an expensive DBMS on expensive hardware... I'm looking to be more innovative. I want to achieve big-iron beating performance on a shoestring budget... and I'm optimistic since the problem domain doesn't translate well to traditional RDBMS approaches. An obvious alternative to a DBMS is to use the file-system directly... in principle this could work - but it would be a laborious process fraught with potential pitfalls with respect to atomicity of updates, transactional recovery (in case of a fail-stop while processing a large update) etc. Another issue is that in order to establish an efficient and reliable implementation, it becomes necessary to second guess details about the implementation of file-systems... this vastly complicates any implementation and might render it unacceptably fragile (subject to unexpected deviations in behaviour as the implementation is moved between hardware/OS-versions etc. I've recently discovered that SSDs are becoming more affordable... and this might present new options. There were major hurdles in attempting to establish a strategy to interact with hard-disk block devices... including, but not limited to, a significant difficulty in establishing the extent to which locality of reference affected performance. Another worry was that it might be difficult to establish that a write had actually completed (i.e. the data reliably and durably stored - not just that the responsibility for recording the data was now exclusively with the drive.) My hope is that SSD technology simplifies some of these concerns - allowing a clear model for access performance that should allow an efficient and reliable implementation. I'd like to hear about anyone who has experience with configuring SSDs for use with (Gentoo) Linux - and especially from anyone who's investigated performance issues. I've read that SSDs typically have a 64Kib block size... this would work fine for me (though I understand that it is a significant impediment for high performance with existing file systems. I'd be interested to know if anyone has done performance analysis of SSDs at the device level under Linux... and am intrigued if there is more to interacting with them than establishing the block size from manufacturer data - then reading/writing appropriately many bytes from block devices... and/or flushing appropriately aligned and sized blocks of memory mapped data. For example, is there an interface to quiz an SSD about its block-size? I'm intrigued to establish if I can rely upon my data being durably stored on an SSD when a flush/write returns. In a practical sense, I'd like to experiment with some SSD hardware - but there seems to be a lot to chose from. For development purposes, I'd not need more than, say, 32GB - and I'm not all that fussed about absolute performance - as long as the relative performance of various interactions will increase proportionally were I to move to more expensive SSDs in future. I'm interested to establish any practical anecdotes (or hard statistical data) about the relative merits of various interfaces for SSDs - and to establish if RAID needs to be taken into account when establishing a performance model. Any feedback would be appreciated... especially from any gentooist who is interested in SSD performance/reliability/configuration.
[gentoo-user] Oracle 10 or 11...
I am interested in the possibility of running a small-scale oracle server for some experimental development work. Ideally, I'd install on gentoo - as this is my server box... though I guess there may be hoops through which I must jump... I found this: http://en.gentoo-wiki.com/wiki/HOWTO_Install_Oracle_10g But it isn't in English... or, I think, up to date. Is there a howto for a currently available oracle download I can follow? Does anyone on this list run oracle on their Gentoo install?
Re: [gentoo-user] Curious pattern in log files from ssh...
Alan McKinnon wrote: On Thursday 04 December 2008 21:03:17 Christian Franke wrote: I just don't see what blocking ssh-bruteforce attempts should be good for, at least on a server where few _users_ are active. Two reasons: a. Maybe, just maybe, you overlooked something. Belts, braces and a drawstring for good measure is not a bad thing. b. You probably want to get all that crap out of your log files off into some other place where you can cope with it. Parsing auth log files that are 95% brute force attempts is no fun. I like to have the crap in place A and the real stuff in place B, makes my job so much easier I agree 100% with the above - another issue is that I'd like to block all traffic from malicious hosts - I realise that the traffic is low at the moment, but that need not be the case in future. Also, things like fail2ban add new attack-possibilities to a system, I remember the old DoS for fail2ban, resulting from a wrong regex in log file parsing, but I think at least this is fixed now. Whereas that is true enough in itself, the actual risk of such is rather low in comparison to the gains. Hence it is not a valid reason to not use fail2ban and such-like apps. The issue for me is that the cost of a DOS is far, far lower than the cost of a break-in. The cost of a DOS that prevents access from new hosts is orders of magnitude lower than the cost of a DOS. Everyone's risk profiles are different - but, for me, keeping out intruders is critical (they may result in unrecoverable data loss) and my accessibility objective is that it be the 'norm' that I can log in with an unusual-username and complex password from a trustworthy PC whose IP address can not be determined in advance... using only bog-standard tools and no non-remembered personal data. I'm coming around to the idea of port-knocking, but my gut instinct is that it is a bit baroque and has potential for me to louse-up its implementation... It definitely adversely affects usability - though, I admit, less than I first suspected. I'm still quite interested in the idea of identifying botnets where used to subvert the tactics used by fail2ban; blacklist.py, etc. and using these to, in turn, block access to any service... including, for example, hosted web-services which are, potentially, in spite of taking all the obvious precautions, more vulnerable to attack - IMHO. I'm definitely thinking that it would be a good idea if there were a way to publish botnet lists... such that they could be collated and turned into a DNSBL style resource. If such a resource existed, I'd definitely chose to use it (overridden by a few whitelist entries of my own - just-in-case...) and I'd be very happy to report back to it in order to help keeping this problem under control. Incidentally, I'd also consider it useful to monitor this block list for any occurrence of my own IP address - since that would be an early indication that one of my hosts may be compromised.
Re: [gentoo-user] Curious pattern in log files from ssh...
Simon wrote: Since it is very unlikely that the attacker is targeting you specifically, changing the port number (and removing root access) will very likely stop the attack forever. Though, if the attacker did target you, then you will need some more security tools (intrusion detection, etc...). I recognise that this doesn't seem to be a targeted attack - but it is still frustrating to find that someone has evaded my IP blocking strategy... even though they pose only a slightly elevated risk by having done so. (Of course, I don't permit root login - that would be madness... and, as far as I'm aware, no-one has guessed even a valid user name... they're all obscure!) The thing that strikes me is that, in evading my blocking strategy, they clearly identified a bot-net of compromised hosts. With this in mind, ideally, I'd like to: 1. Automatically detect and block all future attacks on all ports from all hosts which are involved in this coordinated attack. These hosts can't be trusted not to be malicious. 2. Somehow inform the administrator of the hosts attacking me (in a respectful way) since, I presume, they are unaware that their host is involved in the attack. 3. Ideally, share this kind of information so that myself and others are better protected from bot-net attacks in future. It's the sort of thing I imagine has already been done - and there's no point in re-inventing the wheel.
[gentoo-user] Curious pattern in log files from ssh...
I've recently discovered a curious pattern emerging in my system log with failed login attempts via ssh. Previously, I noticed dictionary attacks launched - which were easy to detect... and I've a process to block the IP address of any host that repeatedly fails to authenticate. What I see now is quite different... I'm seeing a dictionary attack originating from a wide range of IP addresses - testing user-names in sequence... it has been in progress since 22nd November 2008 and has tried 7195 user names in alphabetical order from 521 distinct hosts - with no successive two attempts from the same host. I'm not particularly concerned - since I'm confident that all my users have strong passwords... but it strikes me that this data identifies a bot-net that is clearly malicious attempting to break passwords. Sure, I could use IPtables to block all these bad ports... or... I could disable password authentication entirely... but I keep thinking that there has to be something better I can do... any suggestions? Is there a simple way to integrate a block-list of known-compromised hosts into IPtables - rather like my postfix is configured to drop connections from known spam sources from the sbl-xbl.spamhaus.org DNS block list, for example. Break in attempts today (attempted username/IP address): -- huck 190.60.41.82 huckleberry 81.196.122.2 huckleberry 58.39.145.213 huckleberry 60.230.184.143 hue 58.196.4.2 hue 83.228.92.228 huela 193.41.235.225 huela 193.41.235.225 huey 201.21.216.198 huey 81.149.101.27 hugh 200.123.174.145 hugh 83.228.92.228 hugh 212.46.24.146 hugo 195.234.169.138 hugo 193.86.111.6 hugo 201.224.199.201 hume 69.217.30.214 hume 80.118.132.88 hummer 71.166.159.177 hummer 200.126.119.91 hummer 61.4.210.33 humphrey 80.34.55.88 humphrey 213.163.19.158 humvee 85.222.53.48 humvee 80.24.4.23 hung 61.47.31.130 hung 70.46.140.187 hunter 67.40.86.204 hunter 83.228.92.228 hunter 200.60.156.90 huong 207.250.220.196 huong 125.63.77.3 huong 200.62.142.212 huslu 219.93.187.38 huslu 121.223.228.249 huslu 200.29.135.50 hussein 200.60.156.90 hussein 200.6.220.46 hussein 125.63.77.3 huy 60.191.111.234 huy 200.79.25.39 huyen 213.136.105.130 huyen 190.144.61.58 huyen 121.33.199.37 hy 121.33.199.37 hy 90.190.96.46 hyacinth 81.196.122.2 hyacinth 189.43.21.244 hyacinth 99.242.205.242 hyman 201.21.216.198 hypatia 218.28.143.246 hypatia 195.234.169.138 iain 200.118.119.48 iain 124.42.124.87 iain 194.224.118.61 ian 189.56.92.42 ian 201.28.119.60 ian 210.187.18.199 ianna 211.154.254.120 ianna 84.242.66.10 ianna 193.41.235.225 ianthe 81.246.26.179 ibtesam 87.30.163.87 ichabod 201.251.61.108 ida 62.61.141.93 ida 80.24.4.23 idalee 85.222.53.48 idalee 190.144.61.58 --
Re: [gentoo-user] Curious pattern in log files from ssh...
Thanks for all the replies so far... I'll reply once to these... (Oh, and when I said ports in my original post, I meant addresses - my typing fingers just ignored my brain...) I'm against a 'novel port' approach - as I am against port-knocking (for my server) because these may prove challenging for the environments from which I may want to log on. I want to retain a 'standard' service to make it easiest for me to connect to my server from a remote site without requiring reconfiguration of firewalls etc. I have, in the past, used DSA only keys - but this was frustrating on several occasions when I wanted access to my server and didn't have my SSH keys available to me... I almost always connect using a key pair rather than a password - but the password option is very useful to allow me to get hold of my SSH keys in the first place in some environments. If I found a distributed attack on a valid user name, for example, I'd consider this a critical change - however inconvenient. I previously used denyhosts - but (I can't remember why) it became preferable to block with IPtables rather than with tcpwrappers... which prompted me to dump it in favour of a bespoke script based upon blacklist.py (http://blinkeye.ch/mediawiki/index.php/SSH_Blocking) - though, now, I'm tempted by the more professional looking sshguard - thanks for the tip. Of course, this doesn't really address the problem I posted about - because I'm now faced with a highly distributed dictionary attack... It strikes me that, given the conclusive nature of this attack (which, by virtue of the fact that the usernames are attempted in alphabetical order proves it to be a single coordinated attack) I can create a list of a large number of IP addresses - which, likely, correspond to compromised hosts. It strikes me that this would be a perfect source of information to set up a block list... and, if others' logs show similar attacks, it should be easy enough to combine this data to provide distributed protection from a distributed attack. I don't think for one second that this attack is targeted - neither my hardware or the information on my server is particularly interesting to anyone but me. It would be extremely interesting to me, however, if it were to transpire that my IP address originated login attempts such as these - as this would clearly demonstrate it to be compromised... I suspect, too, the ISPs should be interested to inform their subscribers in the interest of security... though, of course, I recognise that this is being optimistic. When I exposed my server to internet SSH logins, I carefully considered security... though I also had to consider convenience - since that was the only reason for doing so in the first place. If I could block all IPs suspected of being in a bot-net - then this would be an improvement in security without a great cost in terms of lost convenience. Right now, in the context of this attack which circumvents my earlier blocking strategy, I'm looking for a viable blacklist solution in order to avoid white-listing. A potential solution for me would be to have sshd be far more choosy about source IPs when using password authentication... for example, restricting it to hosts in the UK... but still allowing remote access wherever I've propagated DSA keys... but I think this would be tricky to set up. A shared block-list, I suspect, would be the most effective response to this attack... and the response most likely to minimise others' exposure, too. Steve
Re: [gentoo-user] Curious pattern in log files from ssh...
Dmitry S. Makovey wrote: P.S. I actually don't do any of the above. It was just a surge of creative paranoia in response to initial request :) All good ideas - except selling the blacklist... I'd be happiest to share my blacklist for free... my objective is to minimise exposure to botnets - rather than to accept another level of complexity with legitimate use.
Re: [gentoo-user] Curious pattern in log files from ssh...
Paul Hartman wrote: I think using Dmitry's idea of rejecting the first 2 connections, but then allowing it as normal on the third attempt would satisfy your requirements for being on the normal port, allowing all IPs and requiring no special setup on the client end (other than knowing they have to to retry twice). Erm - surely I either need to set up my client to port-knock... which is a faff I'd rather avoid... in order to use the technique. Port knocking would be especially infuriating from trusted clients where I'd like to use standard software like WinSCP; Putty; Symbian Putty - etc. While I recognise port knocking as a valuable strategy in some circumstances, it seems a very bad fit for my needs. GEO-IP blocking would be fairly good... if I could limit this to password authentication only - as would blacklisting known bot-net participants. While these exotic ideas are interesting - a better way to identify malicious hosts is, by far, my preferred solution.
Re: [gentoo-user] Curious pattern in log files from ssh...
Dmitry S. Makovey wrote: Erm - surely I either need to set up my client to port-knock... which is a faff I'd rather avoid... in order to use the technique. nope. just start connection. wait a minute. cancel. start another one. wait a minute. cancel. start new one - voila! :) Eeew... especially as this would apply to all connections - even the ones where I have a DSA key. I might be able to cope with this if it only applied to my initial connection, from which I could grab a copy of the DSA key. well. Nobody but you knows your requiremens and specifics - we're just listing options. It's up to you to either take 'em or leave 'em ;) Fair enough - but I've still not found an option for sharing/using shared block lists for bot-nets.
Re: [gentoo-user] Is gentoo-portage and gentoo-wiki offline?
On Friday 17 October 2008 06:09:20 am Norberto Bensa wrote: On Friday October 17 2008 07:56:10 Dale wrote: Not sure what the problem is tho. They're compiling 2.6.27-gentoo with -j11 on the same box that runs wiki; which, btw, is a 386sx with 4MB of RAM. Please be patient, it will take a few weeks. Is this computer (term used lightly), in the USA ? Steve --
[gentoo-user] A question about Wikis... (A bit off topic...)
I'm trying to establish a shared repository for semi-structured data... This could be interpreted in many ways, so I'll try to illustrate with an example. Say I'm researching a new topic - for example, the Oil Industry... and I'm looking to establish a shared resource detailing relevant information. From the outset, I recognise that a completely free-form approach isn't appropriate... there are a number of 'key entities' - for example, Oil Companies; Oil Executives; Oil Fields; Oil Consultancies - etc. Hence, I know that I will be interested to develop a coherent profile of all the Oil Companies in a similar format. If I were to establish the market capitalisation for one oil company, I'd want to make it clear that this information is 'unknown' for other companies rather than simply not mention it. Similarly, for CEO; tax status - etc. When it comes to the directors, perhaps I want to establish who's who style information on them... where I'd collect their educational backgrounds; URLs for appearances in the press etc. I imagine that software that supports the development of such flexibly structured information would be of great value to a wide range of applications. For example, it would be a fantastic resource for journalists; with other data, it might serve as a great way for business oriented research; it could be used to support networking (in a business/social sense) - and a whole lot of applications I can't imagine myself, I'm sure. Is there any existing software that does this sort of thing? A wiki goes part-way, but I'd want to be able to establish 'type' for pages... so that, for example, every record of a company has standard fields into which various statistics can be filled-in... and where URLs to external data is prompted... Any ideas?
Re: [gentoo-user] Rate limiting TCP connections...
Norberto Bensa wrote: Is there a straightforward way to make my Gentoo box 'play fair' and not hog 100% of the bandwidth? If your router doesn't give you bandwidth and/or traffic shaping control, you can drop some packets. For example, the following rule will accept up to 50 packets per second and drop the rest. The TCP protocol will retry and slow down. iptables -I INPUT -p tcp -m limit --limit 50/sec -j ACCEPT iptables -I INPUT -p tcp -j DROP Hmmm - that would likely be rather aggressive - I use the router to shift data between the two PCs at 100mbps - it is only the traffic eventually routed over ADSL which poses a problem. Does anyone else have this problem? Yes, everyone using TCP :) You can read Linux Advanced Routing and Traffic Control for more info (http://lartc.org/). Snappy answer... but I'm pretty sure I've never seen this before - on a wide range of OS and network topologies. I didn't have the same problem with two Windows PCs connected to the same router - and it is always the Gentoo box that wins in the landgrab-war for bandwidth. It might also be worth mentioning that the Gentoo box serves DNS for my LAN - so, the DNS request will get from my Windows PC to my Gentoo box without any problem... so, it is actually a fight between bind on gentoo and the download of packages during emerge that pose my annoyance. I wonder, is it likely relevant that named is running as an ordinary user - while emerge is run as root? I also noticed that incoming emails to my postfix mail server timed out during this period... timeout after RCPT from extern.server.org... It seems odd to me.
[gentoo-user] iFolder server...
Has anyone else played with iFolder on Gentoo? I followed these links: http://gentoo-wiki.com/HOWTO_iFolder http://www.ifolder.com/index.php/HowTos http://www.ifolder.com/index.php/HowTo:Building_iFolder_Enterprise_Server_on_Gentoo http://www.ifolder.com/index.php/HowTo:Building_Simple_Server_on_Gentoo I get as far as issuing: # rsync -rtv --delete ultra.hivalley.com::ifolder-overlay ifolder-overlay rsync error: error in socket IO (code 10) at clientserver.c(122) [receiver=3.0.2] I wonder, does this work? If so, what I am I missing? If not, what competing technologies might I consider (assuming there are better ideas than regularly scheduling rsync)? I am attracted to the idea of automatically shadowing my 'home dir' on each of the machines I use... I'd only ever use one at a time - and each would come into network connectivity with my gentoo server before I put down the keyboard of one and start to use another. Aside from disconnected operation, I'm also keen on the idea of having multiple physical copies (in case of disk failures) and the idea that I'd have low latency access to all my files. In the past I fiddled with OpenAFS - but found it too complex for my purposes... especially on a network of heterogeneous OS. Hints? -- gentoo-user@lists.gentoo.org mailing list
[gentoo-user] Slightly off-topic... is there a web app in portage for....
I want to be able to manage a sizeable number of reference manuals I have in various ebook formats - CHM; PDF etc. scattered around various PCs; on CDs etc. - and I'm looking for a web-app to help me organise them as a virtual reference library. I want to be able to tag the files by 'subject area' - since most span more than one... and almost however they are arranged hierarchically - the most unfortunate categorisation seems to have been previously chosen as as the file-system location. By tagging every file with all its relevant subjects, I should be better able to browse for my reference work of interest. I would also love to be able to index the text in my various ebooks - and then search my reference library by keyword... then filter by classification. It seems unlikely that I'm the first person to want this kind of facility... can anyone recommend something which either implements this solution - or could be modified so to do? -- gentoo-user@lists.gentoo.org mailing list
[gentoo-user] [Probably off-topic] How do I find out what is consuming the bandwidth?
Situation: There's a LAN with a Netgear ADSL router... heterogenous OS, including Gentoo, are installed on various PCs on the LAN. I'd like to know what communicating IPs are consuming most bandwidth, and to quantify how much bandwidth they are using... Ideally, I'd like to see a real-time list of the main bandwidth consuming communicators... Has anyone any suggestions? netstat is rather more basic than I need... and wireshark is somewhat more substantial than I'd like to get involved with. Are there any simple solutions? -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] [Probably off-topic] How do I find out what is consuming the bandwidth?
Alan wrote: Give iftop a look. great tool... unfortunately, even in promiscuous mode, it doesn't track TCP data except to/from the host on which it is running. I presume this means that my Netgear DSL router implements a switch as as opposed to a hub... Nice try though... -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Re: SSH brute force attacks and blacklist.py
Thanks for all your suggestions... I will look into fail2ban... that might be what I need... While I could crank BLOCKING_PERIOD for blacklist.py to an absurdly high value, this (AFAIK) will not persist blocks when the server is powered down or rebooted. I need to retain port 22 and can't easily do port-knocking - since some of the clients I require to connect to my server are in restrictive environments. I've another idea too... I'm happy to entirely cut off all services from any IP that attempts to brute-force SSH passwords... as it is an unequivocal act of aggression that would not arise with any legitimate clients... Another aside is that in some restrictive environments it is hard to securely obtain my private key without first obtaining a secure off-site connection. For this reason, I prefer to have the facility to log in using username/password - my compromise is to make my password extremely complex... plus using a non-obvious user-id, which again hampers attackers. While interesting, I don't think the connection rate limiter is for me... I may want to legitimately make rapid connections at some time or other. :-) -- gentoo-user@lists.gentoo.org mailing list
[gentoo-user] SSH brute force attacks and blacklist.py
I can't believe that I'm the only person with this, so it's probably worth asking. I'm one of the (many) people who has opportunists trying usernames and passwords against SSH... while every effort has been made to secure this service by configuration; strong passwords; no root login remotely etc. I would still prefer to block sites using obvious dictionary attacks against me. I used to use DenyHosts - but that became annoying as it used rather a lot of resources (and relied upon tcp wrappers... which, I'm informed are somewhat old-fashioned) I migrated to try using iptables as my firewall and using blacklist.py - which I got working after some minor config-tweaking. I'm aware that there is configuration in the blacklist.py script for BLOCKING_PERIOD - but what I really miss the blocked forever nature of the DenyHosts alternative though I prefer every other aspect of the iptables/blacklist.py approach. Has anyone else resolved this? As far as I'm concerned, once I detect someone has attempted a brute force (which blaclist.py does fantastically well) what I want is for no further communication to be accepted from the IP address - even after I reboot etc. While I don't know which sites I want to be accessible from in advance, I can be sure none of them would launch a brute force attack against me. :-) Recommendations? I'm looking for the neatest Gentoo way to do this... rather than recommendations for how to write something to do what I want from scratch... Steve -- gentoo-user@lists.gentoo.org mailing list
[gentoo-user] Horribly off-topic linux distro question...
In the context of online banking, where Windows of some flavour is the desktop OS, I see a substantial risk arising through spyware and/or viruses. I suspect that a neat way to mitigate this would be to run an OS from a CD which offers nothing more fancy than a basic web-browser. Is there anything like this already available? -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] net-wireless/zd1211
On Feb 7, 2008 3:19 AM, Arnau Bria [EMAIL PROTECTED] wrote: On Wed, 6 Feb 2008 20:37:56 -0500 Steve Buzonas wrote: Hi! Hello, reading more about the driver it says that that driver is no longer maintained and it recommends zd1211rw which is included in the kernel. You should be able to find the driver in your kernel configuration by going to 'Device Drivers Network Device Support Wireless LAN ZyDAS ZD1211/ZD1211B USB-wireless support '. I forgot to mention that I already found: USB ZD1201 based Wireless device support (NEW) but notice it's ZD1201, not zd1211. This is a 2.6.22 (at work). gonna download newest kernel and try again. Hope it helps. Steve Buzonas Jr. Thanks for your help Steve! Cheers, -- Arnau Bria http://blog.emergetux.net Bombing for peace is like fucking for virginity -- gentoo-user@lists.gentoo.org mailing list What sources are you using? That was in gentoo-sources-2.6.23-r3 that I found. -- Steve Buzonas Jr.
Re: [gentoo-user] To x86_64 or not to x86_64
I have been thinking of going to x86_64 mode but I'm wondering if it's worth the trouble with multilib, chroot'ing, firefox-bin and other compromises (admittedly some minor). I realize I should see some speed increase but probably only in certain areas such as compiling. I just switched back to the amd64 profile and it has changed significantly since my last attempt. I only needed to use the multilib profile when I used the hardened profile. Hardened is still a little bit of a pain, but the standard profile and the desktop and server subprofiles work great.
Re: [gentoo-user] Re: Manifest question
Digests in the portage tree are an old obsolete feature that has just recently finally been removed from the tree. Now gentoo uses a much better Manifest scheme. 'ebuild ebuild-name digest has done nothing for quite some time now (at least a full year maybe?), and the manifest option is the one that works. There's interesting information about this on the font page of gentoo.org right now -- Alan McKinnon alan dot mckinnon at gmail dot com -- gentoo-user@lists.gentoo.org mailing list I didn't realize that. I just used digest for my local overlay yesterday. Does it still allow it, or do I have an outdated version of portage? Steve Buzonas Jr.
Re: [gentoo-user] net-wireless/zd1211
On Feb 6, 2008 9:13 AM, Arnau Bria [EMAIL PROTECTED] wrote: Hi, I'm trying to comoile zd1211 and it always complain about CONFIG_NET_RADIO: * Checking for suitable kernel configuration options... * zd1211-85 requires support for Wireless LAN drivers (non-hamradio) Wireless Extensions (CONFIG_NET_RADIO). * Please check to make sure these options are set correctly. Hello, reading more about the driver it says that that driver is no longer maintained and it recommends zd1211rw which is included in the kernel. You should be able to find the driver in your kernel configuration by going to 'Device Drivers Network Device Support Wireless LAN ZyDAS ZD1211/ZD1211B USB-wireless support '. Hope it helps. Steve Buzonas Jr.
Re: [gentoo-user] Gentoo on Dell PowerEdge 2600 / 2800? AMI / LSI MegaRAID driver?
On Thursday 20 December 2007, Stroller wrote: ... I was expecting something similar to when I've hotplugged SATA drives on my desktop machine. What controller is in that, please? Does it do hardware RAID, or is it just a regular SATA controller? I've done it using both the onboard controllers: nVidia nForce4 CK804 SATA, and Silicon Image SiI 3114. They both claim RAID but I'm sure it's done by the driver in both cases. stated that SATA controllers are not _required_ to support hot- plugging, either. This makes choosing an SATA more complicated, of Eek! Maybe I'm just lucky, but I've swapped the SATA drive from my laptop to my desktop and back quite a few times without an issue. Friends have hotplugged their drives into this machine too many times with no ill effects. We plug the power into the drive first, then once it's spun up insert the SATA data cable. -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Gentoo on Dell PowerEdge 2600 / 2800? AMI / LSI MegaRAID driver?
On Thursday 20 December 2007, Stroller wrote: I haven't done much digging yet, but thought a quick show of hands here might save some time. It looks like the SCSI hot-swap / RAID controller uses an AMI / LSI MegaRAID driver which is (?) part of the main kernel - anyone know if that does status updates (dead-hard drives c) to the syslog? Does it depend on any userland utilities that are only available as RPM or whatever? I maintain a few Poweredges, I think mostly 2950. Just yesterday we swapped a drive on the Fusion MPT SAS controller. We were prompted to take the drive out of service by an email from 'smartd'. I couldn't find any evidence of bad sectors or I/O timeouts in /var/log/messages, so this must be the SMART prefailure it purported to be in the email. In /etc/smartd.conf I use: DEVICESCAN -H -l error -l selftest -t -I 194 -W 5,45,48 -R 5 -R 194 -R 231 -m [EMAIL PROTECTED] After failing and removing the drive from the array using 'mdadm', we tried hotswapping the drive, and whilst nothing untoward happened when we pulled the drive there were no kernel messages either. I was expecting something similar to when I've hotplugged SATA drives on my desktop machine. We had to reboot the server to get it to see the replacement drive. Perhaps there's some /proc/ or /sys/ setting to trigger a rescan of the SCSI bus, but I couldn't find it. Other than those oddities the drive swap went well. Cheers, Steve. signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] rsync via ssh
On Sunday 04 November 2007, Roger Mason wrote: Thanks for the reply. Unfortunately that did not work, the same error ocurs. This may not be applicable, but I run rdiff-backup from cron on many machine with no problems at all. It uses librsync, so may be of interest to you. http://rdiff-backup.nongnu.org/ If you ignore the 'rdiff-backup-data' folder it creates then it's more or less identical to using rsync alone. HTH, Steve. -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] rsync via ssh
On Sunday 04 November 2007, Roger Mason wrote: Did you have to do anything special to make it work from cron? No, but then the crontab entry is simply: 47 4 * * * /root/backup.sh The backup.sh is essentially: rdiff-backup \ --print-statistics \ --exclude /mnt \ --exclude /dev \ --exclude /proc \ --exclude /tmp \ --exclude /var/tmp \ --exclude /var/cache/squid/ \ --exclude /var/lib/mysql/ \ --exclude /var/lib/postgresql/data/base/ \ --exclude /var/lib/postgresql/data/global/ \ --exclude /var/lib/postgresql/data/pg_clog/ \ --exclude /var/lib/postgresql/data/pg_subtrans/ \ --exclude /var/lib/postgresql/data/pg_tblspc/ \ --exclude /var/lib/postgresql/data/pg_xlog/ \ --exclude /sys \ --exclude /usr/portage \ --exclude /usr/portage/distfiles \ --exclude /var/run \ / [EMAIL PROTECTED]::/home/backups/hostname/ -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] rsync via ssh
On Sunday 04 November 2007, Shawn Haggett wrote: Roger Mason wrote: How have you setup the passwordless ssh? If your using keys with the ssh keyagent, then when the command is run in cron it wouldn't know where to find your ssh-agent... Shawn I use a use a key with no password without ssh-agent. -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] {OT} Video encoder
On Saturday 03 November 2007, Grant wrote: I'm looking for an easy way to encode the video files I acquire into a single format and level of quality. It would also be nice to be able to easily burn a DVD of the resultant file that will play on a home DVD player. I'm sure there are at least several choices in portage and probably sunrise, but does anyone use one they are happy with and would heartily recommend? - Grant qdvdauthor I haven't yet used it in its v1.0.0rc1 incarnation, but I previously enjoyed very good results with v0.1.4. -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Vixie Cron
On Friday 02 November 2007, sean wrote: How is vixie-cron setup to accept remote connections? Eh? Why would a cron daemon need to accept connections, what does that even mean in the context of cron? -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] apache: Directory index forbidden by Options directive
On Monday 08 October 2007, Arnau Bria wrote: My apache2 worked fine until lasta Friday I update it to 2.2.6. Now, when I try to access my drupal site, I see this error in firefox: I'm just guessing, but Apache 2.2.6 removed index.htm from the list of default index files. It may be possible to restore the use of your site by following the advice in /etc/apache2/modules.d/00_default_settings.conf in the DirectoryIndex setting. Personally I just symlinked index.html to index.htm. -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] apache: Directory index forbidden by Options directive
On Monday 08 October 2007, Arnau Bria wrote: You're right, I needed index.php... but now php does not work!!! Have you run revdep-rebuild, or even simply manually re-emerged PHP after updating Apache? not sure if all those dir should be empty... could you please confirm? I have only php.ini, as do you. Why so many changes in this upgrade?¿? You'd best ask the Apache devs. I thought the changelog for 2.2.6 was quite short myself. -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] X.Org 1.4 with Nvidia?
On Tuesday 02 October 2007, Alexander Skwar wrote: Hello. When X.Org 1.4 first hit the portage tree, I masked it, as I had quite some problems getting it to work work with my Nvidia graphics card. I decided to stay with 1.3.0.0 for the time being. Now x11-base/xorg-server-1.4-r2 is in the tree. And also a new version of nvidia-drivers (nvidia-drivers-100.14.19). Does anyone know, if it's now safe to use xorg 1.4 with nvidia-drivers? Thanks, Alexander Skwar I run a ~x86 system on which I had quite some troubles with 1.4.0 when I tried it shortly after the new nVidia drivers shipped. I haven't tried 1.4.0-r1 yet. I'm sure the problems I was seeing were unrelated to the nVidia driver. I had symptoms very similar to this guy: http://archives.gentoo.org/gentoo-user-de/msg_38486.xml To revert to a working system (on ~x86) I added the following to packages.mask: =x11-base/xorg-server-1.3.9 ~x11-base/xorg-x11-7.3 =x11-proto/renderproto-0.9.3 ~x11-libs/libXrender-0.9.4 ~x11-drivers/xf86-input-keyboard-1.2.2 I wish you luck. -- [EMAIL PROTECTED] mailing list
