Re: [gentoo-user] Loading Issue
MIME-Version: 1.0 Content-Type: text/plain; format=flowed Dr Rainer, Dr Rainer Woitok writes: > So instead of pressing the "1" key umpteen times (plus one time > too oft- > en, ARGH :-) it's probably really easier to boot from a live CD. I certainly agree with you on this, I was really just posing a quick fix for OP. I actually have a sysrescue disk in my boot partition, which I can choose from the GRUB menu when things break at home. > And the privileged shell offered here is also restricted in > that it is > only usable for the minority of 330 million people using a US > keyboard > layout, while the vast majority of 7.4 billion people NOT > using a US > keyboard layout will most probably not even manage to enter > their pass- > word :-( Personally, if I was debugging my openrc, I would probably try out rc_interactive for options 1, 2 and 3; if I was thinking of doing anything like 4, I would rather drop to a LiveCD. When things go bad, go with what you know works. ;) On another note, I don't see the "keymaps" rc-service when I use rc-status. Is there any chance it is loaded before the other services? Or alternatively, is there any way to set it as the first service that starts? Does anyone listening know? I'm just curious now. -- Regards, Roger Welsh
Re: [gentoo-user] Loading Issue
MIME-Version: 1.0 Content-Type: text/plain; format=flowed Hi Jack, I just looked at the comments in my /etc/rc.conf. `less /etc/rc.conf` Jack writes: > I'm not the OP, but I recently had a similar situation - total > freeze > early during the boot process. What I wanted was a way to get > that > rc_interactive="YES" behavior - but by doing something at boot > time. rc_interactive means I can press "I" or "i" during boot and INTERRUPT the boot process; *otherwise* it will boot as per normal. Is that not the behaviour you are seeking? OR is that not the behaviour you get? Also to note: rc_parallel="yes" may cause the boot process to lock up. (I wonder if that has been causing some of these boot freezes.) rc_interactive="yes" is DISABLED (automatically), if rc_parallel is set to "yes". -- Best of luck Roger
Re: [gentoo-user] Coming up with a password that is very strong.
Hi Dale, On Sun, Feb 03, 2019 at 11:47:35PM -0600 , Dale wrote: > How do you, especially those who admin systems that are always being > hacked at, generate strong passwords that meet the above? I have a script for generating passwords the way I like (basically diceware on bash). Something like: FACTOR=$[ 2**(4*8)/$(cat "$WORDLIST"|wc -l) ] cat "$WORDLIST" | head -n "$[ $(od -vAn -N4 -tu4 < /dev/random ) / $FACTOR ]" | tail -1 I use this in conjunction with https://github.com/dwyl/english-words/blob/master/words.txt As far as I understand, if you have about 96 bits of entropy you are golden. 256 bits is unbruteforceable (at least within the realms of physics apparently). 5 words = 94 bits (which is good enough for me) 14 words = 256 bits (which seems like a lot of typing) I also have a messy spreadsheet for checking passwords. https://github.com/rjhwelsh/gpg-tutorial/blob/master/password_checker.ods I provide no warranty for my working. ;) -- Roger Welsh fpr: 2FCB 9E31 EA77 CDEC A3AE 5DD7 D54C C777 553A 180D
Re: [gentoo-user] Persistence of ZFS /dev/zvol/rpool/swap
Hi, I followed fearedbliss's guide a couple years back. Here are my 2 cents. On Sun, Nov 25, 2018 at 04:36:35PM -0500 , Pariksheet Nanda wrote: > I'm actually surprised my system boots at all, because /etc/fstab looks for > that partition to be the swap: I don't think swap is required for booting. > My best guesses at the problem are either that it's udev related or that > the various ZFS services need to be better configured to expose the zvol. > I read the "Admin Documentation" links on the zfsonlinux.org website > looking for mentions on "zvol" and the only relevant section seems to be > the `zpool import` should apply `zfs share -a` to zvols [2]. Maybe I need > to run `zfs share`? But that doesn't seem to help: > It does seem to be a udev issue on your end. This is what your udev rule should look like. https://github.com/zfsonlinux/zfs/blob/master/udev/rules.d/60-zvol.rules.in Check it exists. # cat /lib/udev/rules.d/60-zvol.rules Reload udev rules. # rc-service udev reload I think you also have to re-trigger the rules, which is beyond the scope of my knowledge. # man udevadm If it exists on `zfs list`, your swap partition is in there somewhere. This command will show you any swap partitions in use. # swapon --show Good luck! -- Roger Welsh fpr: 2FCB 9E31 EA77 CDEC A3AE 5DD7 D54C C777 553A 180D
Re: [gentoo-user] Notification of ebuild status
On Mon, Jul 23, 2018 at 01:26:36PM +0800 , Andrew Lowe wrote: > Hi all, > Yonks ago, literally four years ago, 14/7/14, I posted something here > about the whole emerge process being able to make a noise when the > emerge process either succeeded or failed. Success, play some decent > music, fail, play some crap music. I got some good relies and then > promptly put that task on to the "I'll have to get around to that" list. > > I'm now in the process of building a machine from scratch and thought I > would revisit this. Last night I worked it out but before I tidy it up > and post what I did here, for everyones edification, I though I would > ask if anyone knows if the emerge system has implemented anything in the > last four years that automagically does this? > > Any thoughts? > > Andrew > There is the `--alert, -A` option for sending a terminal bell when emerge needs some interaction. I presume that you are looking at something on a per-ebuild basis, and not something as simple as : `emerge -avuDN @world && aplay success.flac || aplay fail.flac` I'm curious to see what you have come up with. -- Roger Welsh fpr: 2FCB 9E31 EA77 CDEC A3AE 5DD7 D54C C777 553A 180D signature.asc Description: PGP signature
Re: [gentoo-user] Dhclient and buggy ISP
On Fri, Jul 20, 2018 at 11:41:22PM +0100 , Mick wrote: > On Friday, 20 July 2018 08:58:53 BST Matti Nykyri wrote: > > Hey > > > > I have a following with Telia ISP and their dhcp-server... I'm using > > dhclient to get dynamic IP from ISP and also to update DDNS. When > I am not familiar with dhclient, although whenever I used it in various > distros it just worked. Have you tried using dhcpcd instead? > -- > Regards, > Mick I second Mick's suggestion. I use dhcpcd (with ddclient for dynamic dns) on my home server, which seems to work well enough. -- Roger Welsh fpr: 2FCB 9E31 EA77 CDEC A3AE 5DD7 D54C C777 553A 180D signature.asc Description: PGP signature
Re: [gentoo-user] newuse vs changed-use (and python3_6)
> emerge --pretend --newuse ... @world > shows 15 rebuilds while --changed-use shows none. --changed-use prevents your system from remerging packages due to USE flag changes upstream (not made by you). >eselect python show > indicates python3.4, which I realize has end of life next year. > > Any advice would be appreciated. Note that, portage will want to use the new python targets immediately. Set for portage, for your next upgrade: PYTHON_TARGETS="python2_7 python3_4 python3_6" PYTHON_SINGLE_TARGET="python3_4" Set for portage, for your next upgrade after that: PYTHON_TARGETS="python2_7 python3_6" PYTHON_SINGLE_TARGET="python3_6" Migrate via, `emerge --ask --depclean && emerge -1vUD @world && emerge --ask --depclean` And you should be good to go. NOTES: `man emerge` `/changed-use` "Unlike --newuse, the --changed-use option does not trigger reinstallation when flags that the user has not enabled are added or removed." `emerge --newuse @world` should fix you up here. From the news item, `eselect news read` `2018-05-22-python3-6` On *2018-06-22*, Python 3.6 will replace Python 3.5 in the default Python targets for Gentoo systems. The new default targets will be: PYTHON_TARGETS="python2_7 python3_6" PYTHON_SINGLE_TARGET="python3_6" Hope this helps. -- Roger Welsh fpr: 2FCB 9E31 EA77 CDEC A3AE 5DD7 D54C C777 553A 180D signature.asc Description: PGP signature
Re: [gentoo-user] NeoMutt and GnuPG
On Wed, Jan 31, 2018 at 05:17:45AM +0100 , Floyd Anderson wrote:
> I would not do that. The topic itself is complex enough and sourcing of 14 !
> long and cryptic command lines doesn’t make it better. Also note that gpg.rc
> defines the deprecated ‘pgp_clearsign_command’ variable.
Right.
> BTW. as we‘re talking about NeoMutt here, I use:
> ${XDG_CONFIG_HOME:-${HOME}/.}${XDG_CONFIG_HOME:+/}neomutt/neomuttrc
> so I can run a parallel Mutt installation when things get broken.
That is a very good point.
> Instead I suggest to set ‘gpgme’ USE-flag and *only that* – no ‘crypt’,
> ‘gpg’, ‘pgp_classic’, ‘smime’, ‘smime_classic’. Look at the ebuild and
> especially the comments. This way I only need to set one ! variable to get
> the stuff working:
>
> set crypt_use_gpgme = yes
>
>
> To be sure you may also set:
> # ensure deprecated options are disabled or disarmed
> set pgp_autoinline = no
> set pgp_clearsign_command = ''
> set pgp_mime_auto = ask-yes
> set pgp_replyinline = no
>
> And if one like:
> # semi-automated encrypted reply to encrypted messages
> # Notes:
> #- this can always be disabled by PGP-menu ('p')
> #- crypt_autoencrypt or crypt_replyencrypt (if set) disables
> crypt_opportunistic_encrypt
> set crypt_opportunistic_encrypt = yes
> set crypt_autoencrypt = no
> set crypt_replyencrypt = no
>
> # whether or not display unusable (revoked, expired, disabled) keys
> set pgp_show_unusable = yes
> set crypt_timestamp = no
>
>
> With more than one mail address I suggest:
> send2-hook . 'set pgp_sign_as = ""'
> send2-hook '~f "1st@example\.net$"' 'set pgp_sign_as =
> "0x0123456789ABCDEF0123456789ABCDEF01234567"'
> send2-hook '~f "2nd@example\.net$"' 'set pgp_sign_as =
> "0xABCDEF0123456789ABCDEF0123456789ABCDEF01"'
Thanks for the above, I will certainly revisit this email when I update
my config in the next month or so. :)
>
> > On my neomutt, when I press "v" to view attachments, all I can
> > see is text/plain. I think my neomutt does something automatic to
> > decrypt the messages.
> >
>
> Indeed, viewing attachments encrypted would break many functions otherwise,
> e.g. piping, printing, saving.
So Lucas's original problem sounds like an issue with this, I can only
imagine it is some sort of lack of pgp support.
> > My source docs I used when setting my gpg up with mutt were:
> > https://gitlab.com/muttmua/mutt/wikis/MuttGuide/UseGPG
> > http://codesorcery.net/old/mutt/mutt-gnupg-howto
> >
>
> In the meantime NeoMutt != Mutt, so not to forget to mention
>
Re: [gentoo-user] NeoMutt and GnuPG
Hi Lucas, > Here is my muttrc on github: > https://github.com/lramage94/dotfiles/blob/master/.mutt/muttrc It looks like you are using gpgme, I personally have not set this up for my neomutt, instead I use a gpg.rc file from the samples provided. For example; bzcat /usr/share/doc/neomutt-*/samples/gpg.rc.bz2 > ~/.mutt/gpg.rc echo "source ~/.mutt/gpg.rc" >> ~/.mutt/muttrc There are a few other samples in ls /usr/share/doc/neomutt-*/samples Maybe there is something there that will fix your issue. > When I send an encrypted message I see two files: > > - noname (1kb) > - msg.asc (10kb) # <-- this one changes size depending on my message. Whenever I see an encrypted message on my gmail account, which was encrypted on my PC, I see the exact same thing. These are the raw PGP/MIME type files for PGP, as opposed to inline PGP which is embedded in the plain text. https://security.stackexchange.com/questions/128368/is-using-pgp-mime-or-pgp-inline-more-secure On my neomutt, when I press "v" to view attachments, all I can see is text/plain. I think my neomutt does something automatic to decrypt the messages. My source docs I used when setting my gpg up with mutt were: https://gitlab.com/muttmua/mutt/wikis/MuttGuide/UseGPG http://codesorcery.net/old/mutt/mutt-gnupg-howto I remember in particular reading the codesorcery one pretty closely. Hope this helps. -- Roger Welsh fpr: 2FCB 9E31 EA77 CDEC A3AE 5DD7 D54C C777 553A 180D signature.asc Description: PGP signature
