On 170113-23:50+0100, Miroslav Rovis wrote: > I made it! > > See: > http://www.croatiafidelis.hr/foss/cap/cap-170113_tails/ > or open: > $ <your-browser> \ > http://www.croatiafidelis.hr/foss/cap/cap-170113_tails/Screen_170113_2102_g0n_1.webm > > (and also Screen_170113_2102_g0n_2.webm and Screen_170113_2102_g0n_3.webm ) >
Just the end result of how it worked, you can see at, not much there, at this time. > But there are stories to tell, along with patches to share, and a place > for a nice bug report, coming. > Main story, or tip, that I hope might be useful to others, in this email. --- This was the successful command that started the domain "tails" (pls. note that I will be converting any commands in this email to fit withing 72 char lines, but they were without those "\" at end, and were one long line each; I'll also be wrapping pastes such as from /var/log/messages): [So this was the successful command that started the domain "tails"]: $ virt-install --name tails --disk tails.img --graphics spice --memory 1024 \ --cdrom tails-i386-2.9.1.iso --livecd --debug |& tee \ virt-install_$(date +%y%m%d_%H%M)_g0n Also note that the |& tee virt-install_$(date +%y%m%d_%H%M)_g0n is not needed, but allows me to reconstruct the procedure, to find it in the logs, and of course that redirection (along with the --debug of course) produced the debugging log named: virt-install_170113_0701_g0n (find it gunzip'ed in the attachment) However, that command didn't start any GUI, since the no-dbus virt-manager has no GUI whatsoever. But, as you can see from that log virt-install_170113_0701_g0n: [Fri, 13 Jan 2017 07:01:37 virt-install 5357] DEBUG (virt-install:732) Domain state after install: 1 was there made notice of in bottom, and I take it that it means the domain was created and started. And it also gave advice as to what can be done about it (on a previous line): [Fri, 13 Jan 2017 07:01:36 virt-install 5357] WARNING (cli:487) Unable to connect to graphical console: virt-viewer not installed. Please install the 'virt-viewer' package. Which I went about installing, which wasn't easy at all, as you can read below. During all those 14 hours the VM was running, pretty quietly, it didn't leave much in the logs... During most of which time thereof I made many unsuccessful attempts at installing virt-viewer, and eventually I made it to install it, and ran: $ virt-viewer tails which shows in the syslog as: Jan 13 21:02:53 g0n kernel: [270966.343875] grsec: exec of /usr/bin/virt-viewer (virt-viewer tails ) by /usr/bin/virt-viewer[bash:30436] uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/bash[bash:19756] uid/euid:1000/1000 gid/egid:1000/1000 which is what you can see the screencasts of at: http://www.croatiafidelis.hr/foss/cap/cap-170113_tails/ (the link already given above) To be honest, it's not at all so easy to track down exactly how I did it. But there are a few reasons why I want to do it, the most important being, that I need to replicate the entire procedure, patches and all, because I completed this installation in my clone machine, which I also use for test-installs like this, but the more permanent install I want to do in Air-Gapped [1] machine, which never goes online, and which installation I can then clone [2] onto this contacting-with-the-dangerous-and-dirty-internet machine (and other machines of mine sometimes). Air-Gapping is complex of course, yes, but it so clean and peaceful. Especially the updating the Air-Gapped from my local Gentoo mirror with the portage snapshots signed by the Releng Team. My Air-Gapped is pretty reliably non-compromised, or at least has been, and continues to be, very difficult to compromise. And there'll be some strange things to show from this clone, introduced wih this installation, which don't let me calm and peaceful, there will be! Another reason which looke very important to me when I was getting confused if no-dbus gtk2 virt-manager, along with virt-viewer, was at all possible, is, I even thought for those hard long hours that it looked impossible, that already the time was running out to fix it for everybody, from older packages that would work... Because there really ended up being no way that I could do it, pls. look it up: https://packages.gentoo.org/packages/app-emulation/virt-viewer with, say, what is currently in testing: https://gitweb.gentoo.org/repo/gentoo.git/tree/app-emulation/virt-viewer/virt-viewer-5.0.ebuild While I tried patching quite a few files in the virt-viewer-5.0 source, it could never anymore be done without making gtk+-2.0 into more of a gtk+-3.0 just without the dbus dependency, which I am not apt to accomplishing. Instead, I had to bump into my local portage repo this one: https://gitweb.gentoo.org/repo/gentoo.git/tree/app-emulation/virt-viewer/virt-viewer-3.1.ebuild (of course for both of those --and other packages that I needed to patch--, I used the local /usr/portage/app-emulation/virt-viewer to get those ebuilds) and I was only then able to get that 3.1, patched to 3.1-r1 in my local overlay, working, and only after bumping spice-gtk-0.31 to local overlay, and recompiling spice-gtk. Along with the correct changes in /etc/packages{.use/,.mask/} or whatever anybody has. For package.use, add: =net-misc/spice-gtk-0.31-r1 gtk2 app-emulation/virt-viewer -vnc For package.mask, add: >net-misc/spice-gtk-0.31-r1 >app-emulation/virt-viewer-3.1-r1 Pls. find the two ebuilds gzip'ed in the attachment: spice-gtk-0.31-r1.ebuild.gz virt-viewer-3.1-r1.ebuild.gz Since this is a user list, here's how the parts relavant to this discussion, in my local overlay ( https://wiki.gentoo.org/wiki/Overlay/Local_overlay ) look like: # ls -lR /usr/local/portage/net-misc/ /usr/local/portage/net-misc/: total 4 drwxr-xr-x 3 root root 4096 2017-01-13 10:02 spice-gtk /usr/local/portage/net-misc/spice-gtk: total 20 drwxr-xr-x 2 portage portage 4096 2016-08-25 17:32 files -rw-r--r-- 1 root root 2277 2017-01-13 10:02 Manifest -rw-r--r-- 1 portage portage 1052 2017-01-13 09:20 metadata.xml -rw-r--r-- 1 portage portage 4618 2017-01-13 10:02 spice-gtk-0.31-r1.ebuild /usr/local/portage/net-misc/spice-gtk/files: total 12 -rw-r--r-- 1 portage portage 527 2016-08-17 08:36 README.gentoo -rw-r--r-- 1 portage portage 1141 2016-08-17 22:13 spice-gtk-0.31-x11-libs.patch -rw-r--r-- 1 portage portage 881 2016-08-17 22:13 spice-gtk-0.32-x11-libs.patch # ls -lR /usr/local/portage/app-emulation/ /usr/local/portage/app-emulation/: total 4 drwxr-xr-x 2 root root 4096 2017-01-13 20:19 virt-viewer /usr/local/portage/app-emulation/virt-viewer: total 16 -rw-r--r-- 1 root root 1902 2017-01-13 20:19 Manifest -rw-r--r-- 1 portage portage 452 2016-01-25 00:06 metadata.xml -rw-r--r-- 1 portage portage 1047 2017-01-13 20:19 virt-viewer-3.1-r1.ebuild -rw-r--r-- 1 portage portage 922 2017-01-13 09:22 virt-viewer-5.0-r1.ebuild # The files that I didn't mention further above, are simply copied over from /usr/portage/net-misc/spice-gtk and /usr/portage/app-emulation/virt-viewer respectively (without the /local/). The (gzip'ed) virt-viewer-5.0-r1.ebuild is included for completeness, and to demonstrate the issue awaiting Gentoo, and any other distro with a non-poetterware offer, in the future. I patched it by placing the patch: gtk+-2_revert.patch like this: # ls -lRa /etc/portage/patches/app-emulation/ /etc/portage/patches/app-emulation/: total 12 drwxr-xr-x 3 portage portage 4096 2017-01-13 10:24 . drwxr-xr-x 7 portage portage 4096 2017-01-13 10:24 .. drwxr-xr-x 2 portage portage 4096 2017-01-14 09:21 virt-viewer /etc/portage/patches/app-emulation/virt-viewer: total 20 drwxr-xr-x 2 portage portage 4096 2017-01-14 09:21 . drwxr-xr-x 3 portage portage 4096 2017-01-13 10:24 .. -rw-r--r-- 1 portage portage 12189 2017-01-13 17:33 gtk+-2_revert.patch # (as you can see also I ran chown portage:portage on the whole of /etc/portage/patches/ dir) That patch finally got all these properly substituted: :%s/gtk+-3.0/gtk+-2.0/gc :%s/3\.10/2\.24\.31/gc :%s/0\.12\.7/0\.12\.12/gc :%s/0\.33/0\.31/gc :%s/3_10/2_24_31/gc :%s/spice-client-gtk-3.0/spice-client-gtk-2.0/gc (those are commands with my Vim on the four files that this patch patches, pls. see the patch), but it was still to no avail, because they are starting to implement the new API of GTK3, and the GTK2, which in Gentoo and in some other distros is kept so dbus is not a dependency, don't have those new calls, functions et cetera. If anybody is interested, I attach the install log: app-emulation_virt-viewer-5.0-r1_20170113-164725.log.gz (that's from /var/log/portage, just I replaced the : with _) where it's easy to spot lines like: virt-viewer-app.h:47:5: error: unknown type name 'GtkApplicationClass' because the new API is missing in GTK2. And the package virt-viewer cannot possibly compile. I will next check this in my Air-Gapped, and post errata if any in the next email to this, in slow time. I hope my experience is useful to other users with dbus-free Gentoo machines who want to be able to run Tails via virt-manager in their machines. Regards! --- [1] Air-Gapped Gentoo Install, Tentative https://forums.gentoo.org/viewtopic-t-987268.html [2] Postfix smtp/TLS, Bkp/Cloning Mthd, Censorship/Intrusion https://forums.gentoo.org/viewtopic-t-999436.html#7613044 -- Miroslav Rovis Zagreb, Croatia http://www.CroatiaFidelis.hr
virt-install_170113_0701_g0n.gz
Description: Binary data
spice-gtk-0.31-r1.ebuild.gz
Description: Binary data
virt-viewer-3.1-r1.ebuild.gz
Description: Binary data
gtk+-2_revert.patch.gz
Description: Binary data
app-emulation_virt-viewer-5.0-r1_20170113-164725.log.gz
Description: Binary data
signature.asc
Description: Digital signature
