Re: [gentoo-user] What does emerge status R mean?
The R status means REBUILD. Usually, if it's an @world it's pulling that in because something about that package changed and so it needs to rebuild it. The --noreplace option would block that if portage didn't think it was needed. Based on your options, I'd say that it's probably a USE flag was changed. I don't use binpkgs myself, preferring to compile except in certain circumstances (can we say RUST!?) that I need to use a -bin variant. You can try without it, but I recommend leaving your change-use and newuse flags in place and letting the system rebuild xmodmap. On 5/14/2021 3:54 AM, n952162 wrote: Why does portage want to build this: [ebuild R ] x11-apps/xmodmap-1.0.10::gentoo 0 KiB given this, already installed: /var/db/pkg/x11-apps/xmodmap-1.0.10/xmodmap-1.0.10.ebuild and these on my binary server (which is apparently not working properly for reasons I'm trying to track down): binpkgs/x11-apps/xmodmap-1.0.10.tbz2 distfiles/xmodmap-1.0.10.tar.bz2 When I remove these options, it doesn't want to anymore: # --changed-use \ # --changed-deps \ # --newuse \ # --backtrack=100 \ # --deep \ Which option was it, I wonder, which triggered the build, and would it bring me anything? The options still used are: emerge \ --getbinpkg y \ -v \ --tree \ --update \ --noreplace \ --verbose-conflicts \ --keep-going \ --with-bdeps=y \ @world -- Dan Egli From my Test Server OpenPGP_0x11B7451DF2015959.asc Description: OpenPGP public key OpenPGP_signature Description: OpenPGP digital signature
[gentoo-user] SELinux errors
ock" dev="vda1" ino=492466 scontext=system_u:system_r:winbind_t tcontext=system_u:object_r:var_lock_t tclass=lnk_file permissive=1 Apr 25 19:44:31 jupiter kernel: audit: type=1400 audit(1619401471.206:502): avc: denied { search } for pid=9056 comm="winbindd" name="lock" dev="tmpfs" ino=454 scontext=system_u:system_r:winbind_t tcontext=system_u:object_r:var_lock_t tclass=dir permissive=1 Apr 25 19:44:31 jupiter kernel: audit: type=1400 audit(1619401471.206:503): avc: denied { getattr } for pid=9056 comm="winbindd" path="/run/lock/samba" dev="tmpfs" ino=462 scontext=system_u:system_r:winbind_t tcontext=system_u:object_r:var_lock_t tclass=dir permissive=1 Apr 25 19:44:31 jupiter kernel: audit: type=1400 audit(1619401471.206:504): avc: denied { write } for pid=9056 comm="winbindd" name="msg.lock" dev="tmpfs" ino=516 scontext=system_u:system_r:winbind_t tcontext=system_u:object_r:var_lock_t tclass=dir permissive=1 Apr 25 19:44:31 jupiter kernel: audit: type=1400 audit(1619401471.206:505): avc: denied { add_name } for pid=9056 comm="winbindd" name="9056" scontext=system_u:system_r:winbind_t tcontext=system_u:object_r:var_lock_t tclass=dir permissive=1 Apr 25 19:44:31 jupiter kernel: audit: type=1400 audit(1619401471.206:506): avc: denied { create } for pid=9056 comm="winbindd" name="9056" scontext=system_u:system_r:winbind_t tcontext=system_u:object_r:var_lock_t tclass=file permissive=1 Apr 25 19:44:31 jupiter kernel: audit: type=1400 audit(1619401471.206:507): avc: denied { read write open } for pid=9056 comm="winbindd" path="/run/lock/samba/msg.lock/9056" dev="tmpfs" ino=709 scontext=system_u:system_r:winbind_t tcontext=system_u:object_r:var_lock_t tclass=file permissive=1 Apr 25 19:44:31 jupiter kernel: audit: type=1400 audit(1619401471.206:508): avc: denied { lock } for pid=9056 comm="winbindd" path="/run/lock/samba/msg.lock/9056" dev="tmpfs" ino=709 scontext=system_u:system_r:winbind_t tcontext=system_u:object_r:var_lock_t tclass=file permissive=1 Apr 25 20:00:11 jupiter kernel: audit: type=1400 audit(1619402411.709:509): avc: denied { search } for pid=10897 comm="sshd" name="root" dev="vda1" ino=996517 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:default_t tclass=dir permissive=1 Apr 25 20:00:11 jupiter kernel: audit: type=1400 audit(1619402411.709:510): avc: denied { read } for pid=10897 comm="sshd" name="authorized_keys" dev="vda1" ino=272988282 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:default_t tclass=file permissive=1 First thing I tried was restorecon. I did restorecon -r / to ensure that the entire directory tree was updated correctly. The errors above are AFTER restorecon. I am using the targeted policy right now. I figured it would work for the first tests and I could upgrade to strict later. But if I can't even get targeted to work correctly, then I'm really in trouble. Any tips? -- Dan Egli From my Test Server
Re: [gentoo-user] syslog-ng misbehaving
Yea, that was it. I can't believe I missed that. Boy do I feel dumb now. Thanks! On 4/8/2021 11:11 PM, Stefan Schmiedl wrote: "Dan Egli" , 08.04.2021, 20:15: I'm afraid that didn't work either. I did as you said, and changed the syslog filter line to read: filter syslog { not filter(sshd) and not filter (samba); }; which would match the previous lines (see URL below). I still see sshd messages in /var/log/messages when I ssh into the machine. I'm totally lost. I've posted relevant files for everyone to see. All are updated in real time becuase they are either symlinks to the actual files, or are the target of a redirection directly: https://www.newideatest.site/syslog-conf = /etc/syslog-ng/syslog-ng.conf Is the filter definition correct? filter sshd { program("ssdhd"); }; ^ ??? s. https://www.newideatest.site/syslog-out = output of syslog-ng -Fdav https://www.newideatest.site/system_log = /var/log/messages Any further ideas are most welcome.
Re: [gentoo-user] setting system time
On 4/8/2021 6:07 PM, the...@sys-concept.com wrote: Try to set system clock via script: /usr/sbin/htpdate 1.ro.pool.ntp.org /sbin/hwclock -w But when I run it always prints: Offset 38.000 seconds The system clock does not adjust. The hardware clock syncs to the software clock. If, when you run the date command, it prints the correct time (accounting for timezones) then as far as I know, that is the time your hardware clock uses. Besides, 38 seconds is not bad. Unless you are doing something between computers that requires EXTREMELY precise time, then I wouldn't bother. If you do want to fix things, ntpdate is kind of old (I assume that's what you meant, as I've never heard of htpdate). You can accomplish the same thing with the ntp command. Just use: ntpd -g -q. That will set the clock once according to the pool server, then quit. And it sets the clock, no matter how far off it is.
Re: [gentoo-user] Looking for other Seamonkey users
On 4/8/2021 5:12 PM, Neil Bothwick wrote: I think I'm missing the part that I can access it with a GUI, like when I go to mail.google.com or something. Dovecot is an IMP server, it doesn't have a GUI. What you are thinking of is a webmail *client*. That's just another client, like Thunderbird or mutt, as far as Dovecot is concerned. There are a few webmail clients available, I use Roundcube. It all depends on what you want. I've not used Roundcube, although I hear it's good. I've used SquirrelMail, Horde, and SOGo. I personally prefer SOGo, but it's complicated to setup. SquirrelMail is easy, but lacks a lot of features that SOGo had. Horde is kind of in the middle. The only thing I'd watch out for is that if you use SOGo, the gentoo packages are WAY out of date. The most recent SOGo package in portage is 4.3.2, but you can get the sources for 5.1.0 from the SOGO.NU website.
Re: [gentoo-user] syslog-ng misbehaving
I swear Thunderbird is sending to the MTA when it should be saving on the IMAP server. Ignore this one for the next one. IT is complete. This one is not. On 4/8/2021 12:13 PM, Dan Egli wrote: On 4/8/2021 9:59 AM, Dr Rainer Woitok wrote: Dan, On Wednesday, 2021-04-07 12:05:10 -0600, you wrote: I had posted the whole file. But I can do it again easy enough. ... filter samba { program("samba"); }; filter ssh_messages { facility("AUTH") and level("INFO"); }; filter syslog { not filter("ssh_messages") and not filter("samba"); }; Omit the double quotes in this last line. You're needing the NAMES of the filters here. I'm afraid that didn't work either. I did as you said, and changed the syslog filter line to read: filter syslog { not filter(sshd) and not filter (samba); }; which would match the previous lines (see URL below). I still see sshd messages in /var/log/messages when I ssh into the machine.
Re: [gentoo-user] syslog-ng misbehaving
On 4/8/2021 9:59 AM, Dr Rainer Woitok wrote: Dan, On Wednesday, 2021-04-07 12:05:10 -0600, you wrote: I had posted the whole file. But I can do it again easy enough. ... filter samba { program("samba"); }; filter ssh_messages { facility("AUTH") and level("INFO"); }; filter syslog { not filter("ssh_messages") and not filter("samba"); }; Omit the double quotes in this last line. You're needing the NAMES of the filters here. I'm afraid that didn't work either. I did as you said, and changed the syslog filter line to read: filter syslog { not filter(sshd) and not filter (samba); }; which would match the previous lines (see URL below). I still see sshd messages in /var/log/messages when I ssh into the machine. I'm totally lost. I've posted relevant files for everyone to see. All are updated in real time becuase they are either symlinks to the actual files, or are the target of a redirection directly: https://www.newideatest.site/syslog-conf = /etc/syslog-ng/syslog-ng.conf https://www.newideatest.site/syslog-out = output of syslog-ng -Fdav https://www.newideatest.site/system_log = /var/log/messages Any further ideas are most welcome.
Re: [gentoo-user] syslog-ng misbehaving
That was fixed a bit ago. See my most recent post for a copy of the current config file. On 4/7/2021 8:46 AM, Dr Rainer Woitok wrote: Dan, On Tuesday, 2021-04-06 23:11:15 -0600, you wrote: ... log { source(src); destination(smb_logs); filter(samba); flags(final); ); According to the documentation at https://support.oneidentity.com/technical-documents/syslog-ng-open-source-edition/3.30/administration-guide/56#TOPIC-1595065 the filter clause should be specified between source and destination. Sincerely, Rainer
Re: [gentoo-user] syslog-ng misbehaving
I had posted the whole file. But I can do it again easy enough. @version: 3.30 @include "scl.conf" options { threaded(yes); chain_hostnames(no); stats_freq(43200); mark_freq(3600); }; source src { system(); internal(); }; filter samba { program("samba"); }; filter ssh_messages { facility("AUTH") and level("INFO"); }; filter syslog { not filter("ssh_messages") and not filter("samba"); }; destination console { file("/dev/tty12"); }; destination messages { file("/var/log/messages"); }; destination sshd_log { file("/var/log/sshd/sshd.log"); }; destination smb_logs { file("/var/log/samba/samba.log"); }; log { source(src); filter(samba); destination(smb_logs); flags(final); ); log { source(src); filter(ssh_messages); destination(sshd_log); flags(final); }; log { source(src); filter(syslog); destination(console); }; log { source(src); filter(syslog); destination(messages); }; There, that's the ENTIRE file, sans comments. On 4/7/2021 5:47 AM, Michael Orlitzky wrote: On Wed, 2021-04-07 at 02:02 -0600, Dan Egli wrote: It's worth a shot. I never completely got boolean logic, so you may be right. It depends on an implicit order of operations. Usually "not" has higher precedence than "and" and "or", but personally I wouldn't count on it unless the documentation says so (or you've tried it). It's like when you see a+b/c*d. Some people use PEMDAS, some people use BEDMAS. Neither of them work, and they give different answers. It's no wonder nobody understands this stuff. In any case, post your whole syslog-ng.conf file. Some later directive could be shoveling things into /var/log/messages.
Re: [gentoo-user] Looking for other Seamonkey users
On 4/7/2021 2:34 AM, Dale wrote: Dan Egli wrote: On 4/6/2021 10:41 PM, Dale wrote: I've done some research. It seems Dovecot is what I need. It uses mbox and has some features I might need one day already where Courier doesn't but there isn't much difference really. If anyone is curious, the comparison is here. https://en.wikipedia.org/wiki/Comparison_of_mail_servers The biggest thing, mbox. If I recall correctly that is what Seamonkey uses and I should be able to import those easy enough. It at least gives me a head start. Since this is a whole new deal, going to start a new thread if nobody pops up and says nooo to Dovecot. I found a guide here: Seamonkey is a web browser. Therefore, mbox vs maildir is meaningless to it. All it knows it it talks to the imap server and the imap server replies and sends a message. Having said that, AVOID mbox like the plague! It is only a matter of time before mbox mail files get corrupted. Maildir is INFINITELY safer. And in the event of corruption in maildir, you loose ONLY the corrupted messages. Corrupt your mbox file and you're likely to loose the whole folder! As far as moving from one to another, both mbox and maildir are standards. So if imap server X and Y both use Maildir, then swapping between them is easy, and POINTLESS, due to the fact that imap maintains the files on your server. So, if you move to a different mail CLIENT (thunderbird for example) then the new client only needs to take the time to re-download the messages from the server. It's the same way webmail and a client can work together. Neither is doing the actual work with the files. Each is only sending commands to a separate server program to work with the files. http://www.wikigentoo.ksiezyc.pl/Dovecot.htm So far, it is Gentoo based. I found another one but it is Ubuntu based. May work but commands are different. Trying to go by a Gentoo based one. If anyone has a better one, please share links. May start new thread in a day or so if no one shouts no. Consider this the shout. I can't stop you from using mbox, but I can shout at the top of my lungs that it's a BAD IDEA. And I can say over and over that changing your imap SERVER will have ZERO impact on what Seamonkey does. The only exception would be if you have a mail server (original or new) that doesn't fully follow the imap protocol. And in that case, who knows what the change will do. I looked, Dovecot can use either mbox or maildir. Can Dovecot convert those to or must I use a different tool? To anyone using Dovecot, just what all had to be installed? This is what emerge gives me right now. I use dovecot here. What you see is plenty for the standard install. the managesieve flag allows you to write custom scripts in the seieve language. But I don't recommend getting into that until you know the language. Other than that, the other disabled flags are fairly self-explanatory. As for converting, you would need to have two instances with two different configs running to do that. Then you'd use your mail client to move messages between accounts. But I __STILL__ say you should NOT use mbox format. If you happen to be using it now, then I recommend you convert! Converting TO maildir is not hard if you use formail. root@fireball / # emerge -av dovecot These are the packages that would be merged, in order: Calculating dependencies... done! [ebuild N ] acct-group/dovecot-0-r1::gentoo 0 KiB [ebuild N ] acct-group/dovenull-0-r1::gentoo 0 KiB [ebuild N ] acct-user/dovecot-0-r1::gentoo 0 KiB [ebuild N ] acct-user/dovenull-0-r1::gentoo 0 KiB [ebuild N ] net-mail/dovecot-2.3.13-r100::gentoo USE="bzip2 ipv6 lzma mysql pam sqlite tcpd zlib -argon2 -caps -doc -kerberos -ldap (-libressl) -lua -lucene -lz4 -managesieve -postgres -rpc (-selinux) -sieve -solr -static-libs -suid -textcat -unwind -zstd" LUA_SINGLE_TARGET="lua5-1 -lua5-2 -lua5-3" 7,282 KiB Total: 5 packages (5 new), Size of downloads: 7,282 KiB Would you like to merge these packages? [Yes/No] I suspect I need to install some other packages to make certain things work. Then again, maybe they already installed?? Some may recall that cron jobs sent emails so it has to have packages installed for that. The guide I linked to elsewhere has USE flags not listed above. It may be out of date. It does say not to use it for older 1.* versions of Dovecot tho. Just trying to see what I'm getting into here. I think this is a really good idea but want to see how deep the water is before jumping in. I can't swim, well, I do, like a lead rock. :/ My config is more advanced since my dovecot has to talk to both MySQL and LDAP databases, and to support compressed messages. So the use flags I put on for 2.3.13-r100 are: bzip2 doc ipv6 ldap lua lz4 lzma managesieve mysql pam rpc selinux sieve sqlite zlib ztd
Re: [gentoo-user] Looking for other Seamonkey users
Okay, how this one got posted, I have no idea. Sorry about the dupe. I didn't hit SEND except on the second one, so I guess thunderbird goofed up. On 4/7/2021 2:11 AM, Dan Egli wrote: On 4/6/2021 10:41 PM, Dale wrote: I've done some research. It seems Dovecot is what I need. It uses mbox and has some features I might need one day already where Courier doesn't but there isn't much difference really. If anyone is curious, the comparison is here. https://en.wikipedia.org/wiki/Comparison_of_mail_servers The biggest thing, mbox. If I recall correctly that is what Seamonkey uses and I should be able to import those easy enough. It at least gives me a head start. Since this is a whole new deal, going to start a new thread if nobody pops up and says nooo to Dovecot. I found a guide here: Seamonkey is a web browser. Therefore, mbox vs maildir is meaningless to it. All it knows it it talks to the imap server and the imap server replies and sends a message. Having said that, AVOID mbox like the plague! It is only a matter of time before mbox mail files get corrupted. Maildir is INFINITELY safer. And in the event of corruption in maildir, you loose ONLY the corrupted messages. Corrupt your mbox file and you're likely to loose the whole folder! As far as moving from one to another, both mbox and maildir are standards. So if imap server X and Y both use Maildir, then swapping between them is easy, and POINTLESS, due to the fact that i http://www.wikigentoo.ksiezyc.pl/Dovecot.htm So far, it is Gentoo based. I found another one but it is Ubuntu based. May work but commands are different. Trying to go by a Gentoo based one. If anyone has a better one, please share links. May start new thread in a day or so if no one shouts no. Consider this the shout. I can't stop you from using mbox, but I can shout at the top of my lungs that it's a BAD IDEA.
Re: [gentoo-user] Looking for other Seamonkey users
On 4/6/2021 10:41 PM, Dale wrote: I've done some research. It seems Dovecot is what I need. It uses mbox and has some features I might need one day already where Courier doesn't but there isn't much difference really. If anyone is curious, the comparison is here. https://en.wikipedia.org/wiki/Comparison_of_mail_servers The biggest thing, mbox. If I recall correctly that is what Seamonkey uses and I should be able to import those easy enough. It at least gives me a head start. Since this is a whole new deal, going to start a new thread if nobody pops up and says nooo to Dovecot. I found a guide here: Seamonkey is a web browser. Therefore, mbox vs maildir is meaningless to it. All it knows it it talks to the imap server and the imap server replies and sends a message. Having said that, AVOID mbox like the plague! It is only a matter of time before mbox mail files get corrupted. Maildir is INFINITELY safer. And in the event of corruption in maildir, you loose ONLY the corrupted messages. Corrupt your mbox file and you're likely to loose the whole folder! As far as moving from one to another, both mbox and maildir are standards. So if imap server X and Y both use Maildir, then swapping between them is easy, and POINTLESS, due to the fact that imap maintains the files on your server. So, if you move to a different mail CLIENT (thunderbird for example) then the new client only needs to take the time to re-download the messages from the server. It's the same way webmail and a client can work together. Neither is doing the actual work with the files. Each is only sending commands to a separate server program to work with the files. http://www.wikigentoo.ksiezyc.pl/Dovecot.htm So far, it is Gentoo based. I found another one but it is Ubuntu based. May work but commands are different. Trying to go by a Gentoo based one. If anyone has a better one, please share links. May start new thread in a day or so if no one shouts no. Consider this the shout. I can't stop you from using mbox, but I can shout at the top of my lungs that it's a BAD IDEA. And I can say over and over that changing your imap SERVER will have ZERO impact on what Seamonkey does. The only exception would be if you have a mail server (original or new) that doesn't fully follow the imap protocol. And in that case, who knows what the change will do.
Re: [gentoo-user] syslog-ng misbehaving
It's worth a shot. I never completely got boolean logic, so you may be right. And the result is no joy. I changed it to or, restarted syslog-ng and tailed /var/log/messages, just in time to catch a botnet trying a brute-force attack. Since all the sshd messages are comming in through /var/log/messages, then changing to "or" vs. "and" made no difference. On 4/7/2021 1:40 AM, Neil Bothwick wrote: On Tue, 6 Apr 2021 23:11:15 -0600, Dan Egli wrote: Before I seek out a mailing list for syslog-ng, I was hoping I could get some tips from people here. I recently started trying to separate logs into various functions rather than letting everything go to /var/log/messages. So I created three filters in syslog-ng. One is intended to separate sshd messages, one to separate samba messages, and the other to say "everything ELSE". The problem I seem to be having is that the everything ELSE log still shows things that should have been removed! For example, when I login via ssh I get identical notification in the /var/log/messages and in /var/sshd/sshd.log. So I'm lost. I'm including my syslog-ng.conf. Perhaps someone here can tell me what I'm doing wrong. filter samba { program("samba"); }; filter ssh_messages { facility("AUTH") and level("INFO"); }; filter syslog { not filter("ssh_messages") and not filter("samba"); }; Shouldn't this be an or? You are filtering out anything that is in both groups, which will be a very small set of messages.
[gentoo-user] syslog-ng misbehaving
Before I seek out a mailing list for syslog-ng, I was hoping I could get some tips from people here. I recently started trying to separate logs into various functions rather than letting everything go to /var/log/messages. So I created three filters in syslog-ng. One is intended to separate sshd messages, one to separate samba messages, and the other to say "everything ELSE". The problem I seem to be having is that the everything ELSE log still shows things that should have been removed! For example, when I login via ssh I get identical notification in the /var/log/messages and in /var/sshd/sshd.log. So I'm lost. I'm including my syslog-ng.conf. Perhaps someone here can tell me what I'm doing wrong. Thanks! -- CUT HERE - syslog_ng.conf -- @version: 3.30 @include "scl.conf" options { threaded(yes); chain_hostnames(no); stats_freq(43200); mark_freq(3600); }; source src { system(); internal(); }; filter samba { program("samba"); }; filter ssh_messages { facility("AUTH") and level("INFO"); }; filter syslog { not filter("ssh_messages") and not filter("samba"); }; destination console { file("/dev/tty12"); }; destination messages { file("/var/log/messages"); }; destination sshd_log { file("/var/log/sshd/sshd.log"); }; destination smb_logs { file("/var/log/samba/samba.log"); }; log { source(src); destination(smb_logs); filter(samba); flags(final); ); log { source(src); destination(sshd_log); filter(ssh_messages); flags(final); }; log { source(src); destination(console); filter(syslog); }; log { source(src); destination(messages); filter(syslog); }; -- CUT HERE --
Re: [gentoo-user] Sharing printers via Cups
On 2/12/2021 4:00 AM, Michael wrote: [snip] Then we have this on line 292: D [11/Feb/2021:13:08:36 -0700] [Job 11] hpcups (application/vnd.cups-raster to printer/ENVY, cost 0) This is the hplip printer driver in action, using a MIME format for CUPS to transmit and print raster imaged pages. Question: Why is this driver in play? Even if the physical printer is an HP, it is neither connected to Janus, nor Athena. No, it's not. But the windows printer driver expects the client to do all the rendering and deliver only finalized printer instructions when it receives network jobs. I suppose I could change it to a generic PostScript driver and tell Windows to do the rendering... On lines 331 & 332: I [11/Feb/2021:13:08:36 -0700] [Job 11] Started filter /usr/libexec/cups/ filter/hpcups (PID 92258) I [11/Feb/2021:13:08:36 -0700] [Job 11] Started backend /usr/libexec/cups/ backend/smb (PID 92259) Although the CUPS back end on Athena is using SMB - as it should, the input filter is hpcups. Then on lines 461, 462 we have the outcome of using the wrong filter: D [11/Feb/2021:13:08:39 -0700] [Job 11] prnt/hpcups/HPCupsFilter.cpp 581: cupsRasterOpen failed, fd = 5 D [11/Feb/2021:13:08:39 -0700] [Job 11] PID 92258 (/usr/libexec/cups/filter/ hpcups) stopped with status 1. CUPS on athena can't use it and subsequently, the SMB connection fails too on lines 689, 690: E [11/Feb/2021:13:08:45 -0700] [Job 11] Connection failed: NT_STATUS_IO_TIMEOUT E [11/Feb/2021:13:08:45 -0700] [Job 11] SMB connection failed! I suggest you configure CUPS in Janus to use a different print driver: First try 'IPP everywhere' the latest /driverless/ printing option. With 'IPP everywhere' CUPS will communicate with IPP enabled printers and interrogate them on the fly to generate and use the requisite PPD capabilities configuration. Hmmm. Didn't see IPP everywhere as a "driver" but i really didn't look past the HP drivers. But I question if even that will work. Sounds like when Athena tries to render the page into printer instructions it's dying, with the cupsRasterOpen failed (and what kind of an error message is that? Tell me something I might be able to use to FIX the issue!). If this doesn't work, then try 'RAW' and leave it to Athena's CUPS server to submit the raw data for printing to its back end (Windows Printer via SAMBA). The logs should indicate if there is a problem somewhere along the chain. I'll try this and let you know. I'm actually about to head for bed as I write this, so I'll check on it Tomorrow (Sunday). -- Dan Egli On my test server
Re: [gentoo-user] Going through these one by one.
On 2/13/2021 2:41 PM, Steven Lembark wrote: [snip] Bumps into not having sys-apps/portage-::gentoo: # $emerge dev-db/pgmodeler Calculating dependencies... done! !!! All ebuilds that could satisfy "sys-apps/portage[python_targets_python2_7(-),python_targets_python3_6(-),-python_single_target_python2_7(-),-python_single_target_python3_5(-),-python_single_target_python3_6(-),-python_single_target_python3_7(-)]" have been masked. !!! One of the following masked packages is required to complete your request: - sys-apps/portage-::gentoo (masked by: missing keyword) Portage- is risky since it's VERY MUCH still developmental. BUT, if you really want it, add this to your package.accept_keywords: sys-apps/portage ** Include the two stars. That will override missing keyword. It may be better to specify a full token rather than a shortcut. In that case use: =sys-apps/portage- ** -- Dan Egli On my test server
Re: [gentoo-user] why both /usr/lib and /usr/lib64 on a 64bit system?
I think there will always be some things that want /usr/lib. That said, I'm guessing you started with a no-multilib tarball? Frankly, I find there's still too many programs that want 32bit libraries to go full no-multilib. Maybe in a few more years as the last of the 32bit only machines die off and are replaced with 64 bit machines. On 2/13/2021 12:33 PM, Valmor F. de Almeida wrote: Hello, I use the global flags USE="elogind alsa -multilib -abi_x86_32" and I thought this would prevent 32bit libraries to be installed. For example I have (from glibc) both: /usr/lib/libutil.so /usr/lib64/libutil.so this causes problems with some packages outside portage that I would like to install. The install fails (or is incomplete) because it is trying to link a 32bit incompatible library, e.g.: /usr/lib/gcc/x86_64-pc-linux-gnu/9.3.0/../../../../x86_64-pc-linux-gnu/bin/ld: skipping incompatible /usr/lib/libutil.so when searching for -lutil Is there a way to have only /usr/lib64 in gentoo or is this not possible? I do use export LD_LIBRARY_PATH=/usr/lib64:$LD_LIBRARY_PATH in my shell startup file. Thanks for inputs. -- Valmor -- Dan Egli On my test server
Re: [gentoo-user] Sharing printers via Cups
On 2/11/2021 7:05 AM, Michael wrote: On Wednesday, 10 February 2021 23:03:18 GMT Dan Egli wrote: On 2/10/2021 4:30 AM, Michael wrote: This is how I understand the printing process ought to work in your use case: The Samba server, Athena, will use the MSWindows Network Printer identified as "Windows Printer via SAMBA" in its CUPS GUI. Printing jobs will be submitted from Athena's CUPS to the MSWindows PC & its attached printer, via the corresponding smb:// URI. CUPS which will use the Samba server on Athena to authenticate and send the data for printing to the MSWindows PC and its shared printer. The same process will need to be followed by Janus; i.e. the CUPS server on Janus will have to use the same smb:// URI to submit the data to be printed to Athena's Samba server and as long as authentication is successful Athena will forward it to the Windows PC. Forgive me, but if I use the SAME url, then it's not Athena acting as the print server, it's the windows client that the printer is hooked up to. Sorry, I meant to say on Janus use the smb://Athena/ URI and see if Athena then forwards the request via the shared Samba printer service onward to the MSWindows PC. Of course if you try to print directly to the MSWindows PC with smb://IRIS/ it will work, just as it works from Athena - but that's not what you're after. That may work. I guess I'm just a bit worried about back and forth. i.e. Janus tries to print, then Athena asks for permission to let it happen, and that request goes right back to Janus. I'm VERY unfamiliar with AD so I can't be 100% certain this will work. I can't see any reason why it wouldn't, but that's not the same thing as saying there ISN'T a reason why it wouldn't work. I tried to use the LPD to print to Athena and have Athena print to the printer via Samba. That's where I was running into problems. I suppose I can try IPP. I don't know of a smb:// url would work goinf from Janus (or anyone else) to Athena. After all, the printer isn't connected to Athena. It's connected to the windows 10 home PC. I suppose IPP might work if I configure that. As far as listening on 631, Athena's cups was ALREADY listening on that port because that's where the web interface is. the url I use to manage the printers is https://athena:631. I guess that somehow Cups can tell the difference between https, http, and ipp all coming on the same port. The ports listened to by CUPS are as follows: https://www.cups.org/doc/firewalls.html When the printer URI used is http, then the MIME type used by IPP will be "application/ipp" to transact printing commands. A browser will access the admin GUI over http also on port 631. LPD/LPR is limited in functionality and deprecated, although if it could be made to work for now there'd be no argument against using it. ;-) IPP is well supported, however, without trying it out I wouldn't know if it will work in your particular use case. In theory a shared CUPS server on Athena, plus its shared printer, should allow Janus to submit print jobs to it. The shared printer advertised by CUPS in Athena should pop up on Janus as an available printer via mDNS. I know nothing of mDNS. I tried IPP to no avail, but then again perhaps I formed the URLs wrong. I tried ipp://athena/ipp/ and it didn't work. I tried http/https mode too. That ALMOST worked. But I get an error on Janus saying "Filter Failed" and a lot of messages in my error_log (debug mode) that really make no sense to me. Here's a sample. I'll put the full log on my web server if you want to see it. It's 77k nearly with debug turned on and that's only for trying to print ONE test page and failing. The url is https://www.newideatest.site/cups_error_log CUT HERE D [11/Feb/2021:13:08:33 -0700] [Client 1] Server address is "192.168.10.2". D [11/Feb/2021:13:08:33 -0700] [Client 1] Accepted from 192.168.10.3:38830 (IPv4) D [11/Feb/2021:13:08:33 -0700] [Client 1] Waiting for request. D [11/Feb/2021:13:08:33 -0700] [Client 1] POST /printers/ENVY HTTP/1.1 D [11/Feb/2021:13:08:33 -0700] [Client 1] Read: status=200, state=6 D [11/Feb/2021:13:08:33 -0700] [Client 1] No authentication data provided. D [11/Feb/2021:13:08:33 -0700] [Client 1] 2.0 Get-Printer-Attributes 1 D [11/Feb/2021:13:08:33 -0700] [Client 1] Returning IPP successful-ok for Get-Printer-Attributes (http://athena:631/printers/ENVY) from 192.168.10.3. D [11/Feb/2021:13:08:33 -0700] [Client 1] Content-Length: 1840 D [11/Feb/2021:13:08:33 -0700] [Client 1] cupsdSendHeader: code=200, type="application/ipp", auth_type=0 D [11/Feb/2021:13:08:33 -0700] [Client 1] con->http=0x5642ebffaad0 D [11/Feb/2021:13:08:33 -0700] [Client 1] cupsdWriteClient error=0, used=0, state=HTTP_STATE_POST_SEND, data_encoding=HTTP_ENCODING_LENGTH, data_remaining=1840, response=0x5642ebfda600(IPP_STATE_DATA), pipe_pid=0, file=-1 D [11/Feb/2021:13:08:33 -0700] [Client 1] Writing IPP response, ipp
Re: [gentoo-user] Re: Sharing printers via Cups
On 2/10/2021 4:44 PM, Grant Edwards wrote: I think I probably would have just bought a printer long before this point... I guess you have money. As the old joke saying goes "I'm so broke I can't afford to pay attention." Fact is, though, that a new printer would solve nothing because at the moment all that I'm doing is in VMWare on the Win 10 box that I stated before is not mine but I have permission to use. I'm trying to get it all set for eventual transfer to real computers. And the issue I am facing is an issue I'd face no matter what. I am _NOT_ buying a printer for each computer that will be there. So it's a matter of having a printer connected to one computer and having the others connect to that first server. Great. That's just what I'm trying to accomplish! I even tried sending the job via HTTP and HTTPS. At that point the logs on Athena show a LOT of output like this: D [10/Feb/2021:17:44:46 -0700] [Client 77] Server address is "192.168.10.2". D [10/Feb/2021:17:44:46 -0700] [Client 77] Accepted from 192.168.10.3:35684 (IPv4) D [10/Feb/2021:17:44:46 -0700] [Client 77] Waiting for request. D [10/Feb/2021:17:44:46 -0700] [Client 77] POST /printers/ENVY HTTP/1.1 D [10/Feb/2021:17:44:46 -0700] cupsdSetBusyState: newbusy="Active clients", busy="Active clients" D [10/Feb/2021:17:44:46 -0700] [Client 77] Read: status=200, state=6 D [10/Feb/2021:17:44:46 -0700] [Client 77] No authentication data provided. D [10/Feb/2021:17:44:46 -0700] [Client 77] 2.0 Get-Job-Attributes 132 D [10/Feb/2021:17:44:46 -0700] Get-Job-Attributes http://athena:631/printers/ENVY D [10/Feb/2021:17:44:46 -0700] [Client 77] Returning IPP successful-ok for Get-Job-Attributes (http://athena:631/printers/ENVY) from 192.168.10.3. D [10/Feb/2021:17:44:46 -0700] [Client 77] Content-Length: 284 D [10/Feb/2021:17:44:46 -0700] [Client 77] cupsdSendHeader: code=200, type="application/ipp", auth_type=0 D [10/Feb/2021:17:44:46 -0700] [Client 77] con->http=0x561443dbc990 D [10/Feb/2021:17:44:46 -0700] [Client 77] cupsdWriteClient error=0, used=0, state=HTTP_STATE_POST_SEND, data_encoding=HTTP_ENCODING_LENGTH, data_remaining=284, response=0x561443df8940(IPP_STATE_DATA), pipe_pid=0, file=-1 D [10/Feb/2021:17:44:46 -0700] [Client 77] Writing IPP response, ipp_state=IPP_STATE_DATA, old wused=0, new wused=0 D [10/Feb/2021:17:44:46 -0700] [Client 77] bytes=0, http_state=0, data_remaining=284 D [10/Feb/2021:17:44:46 -0700] [Client 77] Flushing write buffer. D [10/Feb/2021:17:44:46 -0700] [Client 77] New state is HTTP_STATE_WAITING D [10/Feb/2021:17:44:46 -0700] [Client 77] Waiting for request. D [10/Feb/2021:17:44:46 -0700] cupsdSetBusyState: newbusy="Not busy", busy="Active clients" D [10/Feb/2021:17:44:47 -0700] [Client 77] POST /printers/ENVY HTTP/1.1 D [10/Feb/2021:17:44:47 -0700] cupsdSetBusyState: newbusy="Active clients", busy="Not busy" D [10/Feb/2021:17:44:47 -0700] [Client 77] Read: status=200, state=6 D [10/Feb/2021:17:44:47 -0700] [Client 77] No authentication data provided. D [10/Feb/2021:17:44:47 -0700] [Client 77] 2.0 Get-Printer-Attributes 133 D [10/Feb/2021:17:44:47 -0700] Get-Printer-Attributes http://athena:631/printers/ENVY D [10/Feb/2021:17:44:47 -0700] [Client 77] Returning IPP successful-ok for Get-Printer-Attributes (http://athena:631/printers/ENVY) from 192.168.10.3. D [10/Feb/2021:17:44:47 -0700] [Client 77] Content-Length: 1853 D [10/Feb/2021:17:44:47 -0700] [Client 77] cupsdSendHeader: code=200, type="application/ipp", auth_type=0 D [10/Feb/2021:17:44:47 -0700] [Client 77] con->http=0x561443dbc990 D [10/Feb/2021:17:44:47 -0700] [Client 77] cupsdWriteClient error=0, used=0, state=HTTP_STATE_POST_SEND, data_encoding=HTTP_ENCODING_LENGTH, data_remaining=1853, response=0x561443de64a0(IPP_STATE_DATA), pipe_pid=0, file=-1 D [10/Feb/2021:17:44:47 -0700] [Client 77] Writing IPP response, ipp_state=IPP_STATE_DATA, old wused=0, new wused=0 D [10/Feb/2021:17:44:47 -0700] [Client 77] bytes=0, http_state=0, data_remaining=1853 D [10/Feb/2021:17:44:47 -0700] [Client 77] Flushing write buffer. D [10/Feb/2021:17:44:47 -0700] [Client 77] New state is HTTP_STATE_WAITING D [10/Feb/2021:17:44:47 -0700] [Client 77] Waiting for request. D [10/Feb/2021:17:44:47 -0700] cupsdSetBusyState: newbusy="Not busy", busy="Active clients" D [10/Feb/2021:17:44:47 -0700] [Client 77] HTTP_STATE_WAITING Closing for error 32 (Broken pipe) D [10/Feb/2021:17:44:47 -0700] [Client 77] Closing connection. -- Dan Egli On my test server
Re: [gentoo-user] Sharing printers via Cups
e the LPD to print to Athena and have Athena print to the printer via Samba. That's where I was running into problems. I suppose I can try IPP. I don't know of a smb:// url would work goinf from Janus (or anyone else) to Athena. After all, the printer isn't connected to Athena. It's connected to the windows 10 home PC. I suppose IPP might work if I configure that. As far as listening on 631, Athena's cups was ALREADY listening on that port because that's where the web interface is. the url I use to manage the printers is https://athena:631. I guess that somehow Cups can tell the difference between https, http, and ipp all coming on the same port. The Samba configuration on Athena will deal with the settings for sharing the MSWindows printer. Okay, so basically you're saying that Athena would connect via smb://windows/ and that Janus or other computers would connect via smb://Athena/? Okay, that may work. I'll have to do a bit of digging because Athena and Janus are actually connected to an AD Domain run by samba. In fact, Janus is the DC while Athena is the location of the files/printers to be shared in the domain. -- Dan Egli On my test server
Re: [gentoo-user] Sharing printers via Cups
Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document> AuthType Default Require user @OWNER @SYSTEM Order deny,allow # All administration operations require an administrator to authenticate... CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default> AuthType Default Require user @SYSTEM Order deny,allow # All printer operations require a printer operator to authenticate... Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs> AuthType Default Require user @SYSTEM Order deny,allow # Only the owner or an administrator can cancel or authenticate a job... AuthType Default Require user @OWNER @SYSTEM Order deny,allow Order deny,allow # Set the kerberized printer/job policies... # Job/subscription privacy... JobPrivateAccess default JobPrivateValues default SubscriptionPrivateAccess default SubscriptionPrivateValues default # Job-related operations must be done by the owner or an administrator... AuthType Negotiate Order deny,allow Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document> AuthType Negotiate Require user @OWNER @SYSTEM Order deny,allow # All administration operations require an administrator to authenticate... CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default> AuthType Default Require user @SYSTEM Order deny,allow # All printer operations require a printer operator to authenticate... Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs> AuthType Default Require user @SYSTEM Order deny,allow # Only the owner or an administrator can cancel or authenticate a job... AuthType Negotiate Require user @OWNER @SYSTEM Order deny,allow Order deny,allow Similarly, check the "hosts allow" directive in the Samba configuration to include Janus' IP address. Again, I think you're misunderstood the problem. Forget Janus for a second. Forget Samba for a minute. I create a pinter via the CUPS web interface on Athena. When it shows the box to make it shared, I check the box. When I finish and the printer status appears, it says "not shared". Other machines and other protocols have not even come into play yet. -- Dan Egli On my test server
Re: [gentoo-user] Sharing printers via Cups
On 2/8/2021 5:01 PM, Michael wrote: On Monday, 8 February 2021 19:08:11 GMT Dan Egli wrote: On 2/8/2021 2:14 AM, Wols Lists wrote: This is typical. In my linux setup, the printer is always busy. Stuff still prints fine, though. Mine won't print. Says the printer is busy, and nothing else happens. It just sits there. Let me give better names because even I can get confused. So, we have three machines. Win10 Home = IRIS, Linux Server = Athena, Linux Workstation = Janus If I print directly from Iris, it obviously works fine. If I print from Athena it works fine. If I print from Janus, it never goes anywhere. How can I set this up correctly? To describe exactly what I'm trying to do, let's just use four computers in this example. A is the central print server. B is the windows client with the printer. C and D are linux machines. What I want is if either C or D print something, they both send it to A, and then A sends it to B. I'd try moving the printer to A, or configuring C & D to print directly to B. I dunno how you set up smbprint, but that should send straight to a shared printer on B no problem. Unfortunately, moving the printer is a no-go right now, for various reasons. Otherwise I'd just move it to be a network printer. The printer itself is designed to be network capable. But Iris is technically not MY Computer, and the printer isn't technically MINE either. They belong to someone else in the house, and I simply have permission to use them. So my only two options are 1) Configure EVERYTHING to print to Iris. That's doable I suppose, but really not what I want, or B) Use Athena as a central print server just as it already acts as a central file server. That is FAR more preferable because then if something changes instead of updating EVERY computer I update ONE. -- Dan Egli Some ideas: 1. If the printer is network capable, why don't you connect it to the router and they it will accessible directly by all devices over the LAN, irrespective of their OSs? Like I said, not my printer or my computer. I just have permission to USE them. So making a config change like that is out. Besides, that defeats the point I made at the end of what you quoted above. "That is FAR more preferable because then if something changes instead updating EVERY computer I update ONE. 2. Last time I set up a Windows XP as a printer-server, I installed-enabled Unix Print Service Windows Component (really an LPD/LPR service). Then Linux PCs were able to print directly to it. No need to configure SMB and what not, just for printing. This randomly selected article describes the principle: https://support.printmanager.com/hc/en-us/articles/202835449-Linux-printing-via-the-Windows-Print-Server- Actually tried that. Got LPD installed, sent a test page. Test page appeared in the Windows Queue, then disappeared without any acknowledgement from the printer. I finally got it working in samba mode so I'm good with that. And that, again, would skip the whole point of having a central print server. :) 3. If the current setup is the right thing for you, increase CUPS log verbosity and check the logs on Athena to find out what it isn't happy with when Janus sends a print job to it. First check the CUPS driver and printing protocol is the same on Janus as on Athena and the CUPS' config on Athena allows inbound connections from your LAN, or your Janus' IP address. I can check on those. Thanks. I do notice one thing strange. Maybe a cups bug. In the web interface when I created the printer in Athena, I checked the box to say it was a shared printer. But when I look at the status it says "not shared". -- Dan Egli On my test server
Re: [gentoo-user] Sharing printers via Cups
On 2/8/2021 2:14 AM, Wols Lists wrote: This is typical. In my linux setup, the printer is always busy. Stuff still prints fine, though. Mine won't print. Says the printer is busy, and nothing else happens. It just sits there. Let me give better names because even I can get confused. So, we have three machines. Win10 Home = IRIS, Linux Server = Athena, Linux Workstation = Janus If I print directly from Iris, it obviously works fine. If I print from Athena it works fine. If I print from Janus, it never goes anywhere. How can I set this up correctly? To describe exactly what I'm trying to do, let's just use four computers in this example. A is the central print server. B is the windows client with the printer. C and D are linux machines. What I want is if either C or D print something, they both send it to A, and then A sends it to B. I'd try moving the printer to A, or configuring C & D to print directly to B. I dunno how you set up smbprint, but that should send straight to a shared printer on B no problem. Unfortunately, moving the printer is a no-go right now, for various reasons. Otherwise I'd just move it to be a network printer. The printer itself is designed to be network capable. But Iris is technically not MY Computer, and the printer isn't technically MINE either. They belong to someone else in the house, and I simply have permission to use them. So my only two options are 1) Configure EVERYTHING to print to Iris. That's doable I suppose, but really not what I want, or B) Use Athena as a central print server just as it already acts as a central file server. That is FAR more preferable because then if something changes instead of updating EVERY computer I update ONE. -- Dan Egli
[gentoo-user] logins controlled via Samba AD DC - what did I miss?
Hi people. I need a bit of help. I am trying to establish a Samba AD domain for purposes of central authentication and printer sharing with Windows and Linux hosts. I went through and managed to get the Domain created, and I can even talk to the AD DC from another Linux box using getent and wbtool and such. So I edited /etc/nsswitch and add winbind to the passwd and group lines. Winbind is running, but I still can't login as a domain-only user, even though all the mappings are there. I'm sure I missed something, but I have no idea what. Any help is REALLY appreciated.
[gentoo-user] Sharing printers via Cups
Hey folks, I'm a bit lost on this, so I hope you can help me out. I have a computer I want to act as the central print server for a network. It would spool all jobs for all printers, and send them out to the actual computers the printers are connected to, or to the printer itself in the event of a printer directly connected to the network. To start with, I have setup the server and added the printer connected to a Windows 10 Home computer to it. After a bit of work, I managed to get it so I can print a test page from cups and it comes out on the printer. But when I try to connect another computer to the printer via the print server, the other computer never sends it out. Just says the printer is busy. How can I set this up correctly? To describe exactly what I'm trying to do, let's just use four computers in this example. A is the central print server. B is the windows client with the printer. C and D are linux machines. What I want is if either C or D print something, they both send it to A, and then A sends it to B. Thanks!
Re: [gentoo-user] fail2ban can't find sqlite?
You were right. With the debugging tips from Alex Mishustin I was able to determine that I had rebuilt 3.9 while fail2ban was using 3.8. I did what I SHOULD have done in the first place and did an emerge -DN fail2ban. That caused portage to see that Python 3.8 needed to be rebuilt, and it did so. Now fail2ban is able to access the sqlite database. Thanks! On 2/6/2021 7:03 PM, Michael Orlitzky wrote: On Sat, 2021-02-06 at 18:46 -0700, Dan Egli wrote: At first I thought it was complaining about it's own missing module. But there's no use flag for sqlite in fail2ban. So then I looked at python itself. Sure enough, the sqlite use flag was disabled. So I turned it on and re-emerged python. I also fixed a couple flags on sqlite itself and re-emerged it. STILL I get this error. How do I fix this? Just a guess: did you rebuild EVERY version of python, or just one? It could be that fail2ban is running under a version that you didn't re- emerge.
[gentoo-user] fail2ban can't find sqlite?
I am trying to figure this one out. I need some help as apparently my google-fu isn't strong today. I installed faii2ban so I could use it to monitor the logs and adjust the firewall as necessary. It installed okay, and seems to run okay EXCEPT for this one error I get each time I start fail2ban-server: 2021-02-06 18:30:28,128 fail2ban.server [32124]: ERROR Unable to import fail2ban database module as sqlite is not available. At first I thought it was complaining about it's own missing module. But there's no use flag for sqlite in fail2ban. So then I looked at python itself. Sure enough, the sqlite use flag was disabled. So I turned it on and re-emerged python. I also fixed a couple flags on sqlite itself and re-emerged it. STILL I get this error. How do I fix this?
[gentoo-user] Kernel source (gentoo-sources) ignore CC=
Hey all. I have an OLD laptop that I'm trying to compile the latest Gentoo for (don't ask, it's a long story). To help speed things up, I installed distcc on the laptop and on another linux computer. But when I try to compile the kernel source into a workable kernel, it completely ignores the CC definition and calls i686-pc-linux-gnu-gcc for it's C compiler. The kernel tree is too complicated for me to understand the make hierarchy used, so I can't look in the Makefile(s) to see if it's getting overridden somewhere in there. Short of replacing i686-pc-linux-gnu-gcc with a symlink to distcc, what can be done to fix this? Thanks!
Re: [gentoo-user] \ \ \ 2021 / / /
It's not quite the new year for everyone yet. Still got a little under 8 hours here. But still, I reciprocate. Happy new year everyone! On 12/31/2020 9:26 AM, bobwxc wrote: 在 2020/12/25 下午7:00, Michael 写道: On Thursday, 24 December 2020 20:11:19 GMT the...@sys-concept.com wrote: {@} * {@} * {@} Merry X-mas and a Happy New Year! {@} * {@} * {@} * {@} Wish you all extra ordinary good luck! {@} * {@} * {@} \ \ \ 2021 / / / And thank you all for the help you trying to provide. That is what distinguish Gentoo community from other forums. Best festive wishes to all Gentoo users and devs! :-) Now is 2021! Happy New Year! Hope all of us and the world will get better in 2021. -- Dan Egli From my Test Server
Re: [gentoo-user] Re: [SOLVED] UEFI install noob questions
More like off-LIST help since he was still emailing me. But I was glad to help him. :) On 12/28/20 7:18 AM, Walter Dnes wrote: I took up Dan Egli's kind offer of offline help and with that, my XPS 8940 is now booting UEFI. Thanks Dan. I've logged in both at the physical keyboard and via ssh from my current desktop PC. There's still the usual grunt work setting up the regular user account and the usual applications, but that shouldn't be a problem... famous last words.
Re: [gentoo-user] UEFI install noob questions
Let's see. I have done it two ways, depending on the machine. /boot is a separate partition, and /boot is part of / while /boot/EFI is a separate. I'll post both. /boot is EFI partition: /dev/cdrom /mnt/cdrom auto noauto,ro 0 0 /dev/sda1 /boot vfat defaults 1 2 /dev/sda2 / xfs defaults,noatime 1 1 /boot is part of /: /dev/sda1 /boot/EFI vfat defaults,noatime 1 2 /dev/sda3 / xfs defaults,noatime 1 1 /dev/sda2 none swap defaults 0 0 As for parted, I still use fdisk myself. I know the way I created each was simple enough. fdisk> g fdisk> n 1 +128M t 1 The way this works is the g command creates a new gpt table, destroying any other partition table, then your usual N for new, 1 for partition 1, enter to start at the first available point, and +128M to select a 128 MB partition. If you're looking for the prompt for primary vs extended vs logical, those don't exist in gpt tables. EVERYTHING is primary. The t 1 changes the partition type to EFI System Partition. It's technically not needed as I neglected to do it to one of my virtual machines. But it's not a bad idea. Now format as fat32: mkfs.vfat -F32 /dev/sda1 Still, here's parted output for the /boot is ESP (EFI System Partition): (parted) print Model: ATA VBOX HARDDISK (scsi) Disk /dev/sda: 68.7GB Sector size (logical/physical): 512B/512B Partition Table: gpt Disk Flags: Number Start End Size File system Name Flags 1 1049kB 135MB 134MB fat32 boot, esp 2 135MB 68.7GB 68.6GB xfs and here's the output for the one where /boot is one partition and /boot/EFI is a different one (and I didn't change the partition type): (parted) print Model: ATA VBOX HARDDISK (scsi) Disk /dev/sda: 34.4GB Sector size (logical/physical): 512B/512B Partition Table: gpt Disk Flags: Number Start End Size File system Name Flags 1 1049kB 68.2MB 67.1MB fat32 2 68.2MB 8658MB 8590MB linux-swap(v1) swap 3 8658MB 34.4GB 25.7GB xfs EFI really isn't THAT complicated once you remember the restrictions. For example, on the first instance, using fdisk, the following is exactly what I did: Command (m for help): g Created a new GPT disklabel (GUID: 448CFABB-EBB6-AF44-8A36-A5679DB2EF76). Command (m for help): n Partition number (1-128, default 1): First sector (2048-134217694, default 2048): Last sector, +/-sectors or +/-size{K,M,G,T,P} (2048-134217694, default 134217694): +128M Created a new partition 1 of type 'Linux filesystem' and of size 128 MiB. Command (m for help): n Partition number (2-128, default 2): First sector (264192-134217694, default 264192): Last sector, +/-sectors or +/-size{K,M,G,T,P} (264192-134217694, default 134217694): Created a new partition 2 of type 'Linux filesystem' and of size 63.9 GiB. Command (m for help): t Partition number (1,2, default 2): 1 Partition type (type L to list all types): 1 Changed type of partition 'Linux filesystem' to 'EFI System'. Command (m for help): w # mkfs.vfat /dev/sda1 -F32 #mkfs.xfs /dev/sda2 mount /dev/sda2 /mnt/gentoo mkdir /mnt/gentoo/boot mount /dev/sda1 /mnt/gentoo/boot Then once grub is emerged and the kernel compiled: # grub-install --target=x86_64-efi --efi-directory=/boot # grub-mkconfig -o /boot/grub/grub.cfg That's it, I swear. If you still have questions, you can keep asking the list, or write to me off the list and I'd be happy to help. Your choice. -- Dan Egli From my Test Server
Re: [gentoo-user] Re: Is a USB-key-to-hard-drive-tap-dance-boot possible?
On 12/25/2020 9:41 AM, Walter Dnes wrote: On Thu, Dec 24, 2020 at 03:49:35PM -0700, Dan Egli wrote I see your problem, I think. You don't have your ESP mounted, so grub can't write the EFI files to it. You are likely trying to use grub with grub-install /dev/sda. That won't work for EFI. mkdir /boot/efi mount -t vfat /dev/sda1 /boot/efi grub-install --target=x86_64-efi --efi-directory=/boot/efi grub-mkconfig -o /boot/grub/grub.cfg you MAY need to add --removable to the grub-install line. Some EFI setups prefer that. I have this sinking feeling in my stomach that I need to blow away the install (after scp'ing config files to my desktop) and start over. There is no room for another partition. Apparently, using fdisk (like I did) to partition a GPT system is begging for problems down the road. After 20 years on linux, I've been reduced to a newbie. BIOS boot, Lilo, and fdisk served me well for 2 decades. Now I'm going to have to learn UEFI, grub, and parted all at once. I'll start a new thread tomorrow once I have my config files copied off. Then I'll install UEFI mode properly. One thing you could try is using gparted to shrink the partition ever so slightly. It doesn't need to be big at all. The standard windows EFI partition is 100MB! That's it. It's not a matter of using FDisk, as I did too. It's just a matter of remembering to make the partition. -- Dan Egli From my Test Server
Re: [gentoo-user] Re: Is a USB-key-to-hard-drive-tap-dance-boot possible?
I see your problem, I think. You don't have your ESP mounted, so grub can't write the EFI files to it. You are likely trying to use grub with grub-install /dev/sda. That won't work for EFI. Try this (as root): mkdir /boot/efi mount -t vfat /dev/sda1 /boot/efi grub-install --target=x86_64-efi --efi-directory=/boot/efi grub-mkconfig -o /boot/grub/grub.cfg you MAY need to add --removable to the grub-install line. Some EFI setups prefer that. On 12/22/2020 10:37 PM, Walter Dnes wrote: [d531][waltdnes][~] ll /boot total 18412 drwxr-xr-x 2 root root4096 Dec 22 21:42 . drwxr-xr-x 21 root root4096 Oct 24 12:14 .. -rw-r--r-- 1 root root 0 Oct 11 19:55 .keep -rw-r--r-- 1 root root 0 Oct 13 05:57 .keep_sys-boot_lilo-0 -rw--- 1 root root 139264 Dec 22 21:42 .map -rw-r--r-- 1 root root 2979997 Dec 21 19:31 System.map.experimental -rw-r--r-- 1 root root 2991033 Oct 13 06:03 System.map.production -rw-r--r-- 1 root root 512 Oct 13 06:04 boot.0800 -rw-r--r-- 1 root root 90538 Dec 21 19:31 config.experimental -rw-r--r-- 1 root root 90579 Oct 13 06:03 config.production -rw-r--r-- 1 root root 6214192 Dec 21 19:31 kernel.experimental -rw-r--r-- 1 root root 6271536 Oct 13 06:03 kernel.production Yea, see, no directories except . and .., which is no good at all for EFI. Try what I said above, and see if that doesn't help. -- Dan Egli From my Test Server
Re: [gentoo-user] ERROR: asterisk failed to start
On 12/22/2020 11:52 PM, the...@sys-concept.com wrote: !!! existing preserved libs found run emerge @preserved-rebuild. It's got libraries from a package you removed that are needed by one or more packages left. @preserved-rebuild will rebuild the packages that own the library files in question, then they won't be "preserved" anymore. -- Dan Egli From my Test Server
Re: [gentoo-user] syslog-ng: filter plugin NOT not found ????
23 is the hard coded constant for local7. They are identical. facility(23) and facility(local7) mean the exact same thing. On 12/16/2020 10:30 AM, David Haller wrote: Hello, On Wed, 16 Dec 2020, Todd Goodman wrote: I think you need a semi-colon inside and after the right curly brace ('}') You right braces are parentheses and not right curly braces too (maybe a cut and paste issue?) FWIW, the following is what I use to separate my mail logs out and it works: destination messages { file("/var/log/messages"); }; destination maillog { file("/var/log/maillog"); }; filter f_mail { facility(mail); }; filter f_messages { not facility(mail); }; log { source(src); filter(f_mail); destination(maillog); }; log { source(src); filter(f_messages); destination(messages); }; On 12/15/2020 10:44 PM, Dan Egli wrote: Help me understand this, please? I have ISC dhcpd configured to log to syslog.local7 (since I don't see an option to force it into it's own log file). So I went into my syslog-ng file and created two filters, just like on the example page of syslog-ng.com: filter dhcpmsgs { facility(23) ); filter non_dhcp { NOT filter(dhcpmsgs) ) Also, where's that '23' coming from? Shouldn't that be filter dhcpmsgs { facility(local7); }; HTH, -dnh -- Dan Egli From my Test Server
Re: [gentoo-user] syslog-ng: filter plugin NOT not found ????
Well, I'm starting to make progress. But something isn't right. I found out the plugin error was due to the fact that despite syslog-ng.com showing the reversal as NOT, the actual statement is not (all lower case vs all upper case). So that means that syslog-ng loads just fine. But I can't get the dhcp output to where I want it. If I have the syslog facility in dhcpd turned on, or if I redirect the output to a file in systemd, then I get dhcpd messages in the file AND in the syslog itself (/var/log/messages). No matter what I try, the dhcpd output ALWAYS goes to syslog. I can get it to go to a separate file TOO, but not ONLY. Here's the entire syslog-ng.conf and the service file for dhcpd. Hopefully you guys can figure something out I missed: (dhcpd4.service) [Unit] Description=DHCPv4 Server Daemon Documentation=man:dhcpd(8) man:dhcpd.conf(5) After=network.target After=time-sync.target After=network-online.target Wants=network-online.target StandardOut=null StandardError=null [Service] ExecStart=/usr/sbin/dhcpd -f -cf /etc/dhcp/dhcpd.conf -user dhcp -group dhcp --no-pid [Install] WantedBy=multi-user.target With everyhing going to null, you'd think that with the syslog statement in dhcpd.conf disabled, I'd get no log at all. But I still get the log in /var/log/messages. Here's syslog-ng.conf: @version: 3.26 options { threaded(yes); chain_hostnames(no); stats_freq(43200); mark_freq(3600); }; filter dhcpfilter { facility(local7); }; filter nondhcp { not filter(dhcpfilter); }; source src { system(); internal(); }; destination messages { file("/var/log/messages"); }; destination dhcplog { file("/var/log/dhcpd.log"); }; destination console_all { file("/dev/tty12"); }; log { source(src); filter(nondhcp); destination(messages); }; log { source(src); destination(console_all); }; log { source(src); filter(dhcpfilter); destination(dhcplog); }; And for what it's worth, here's my dhcpd.conf: default-lease-time 3600; max-lease-time 43200; # Use this to enble / disable dynamic dns updates globally. ddns-update-style interim; authoritative; # log-facility local7; allow booting; subnet 10.0.2.0 netmask 255.255.255.0 { # no services at all! } subnet 192.168.10.0 netmask 255.255.255.0 { range 192.168.10.128 192.168.10.254; if exists user-class and option user-class = "iPXE" { filename "pxelinux.efi"; } else { filename "pxelinux.0"; } next-server 192.168.10.3; option domain-name-servers 192.168.10.2, 8.8.8.8; option domain-name "eglifamily.name"; option routers 192.168.10.1; } host testbox-1 { hardware ethernet 08:00:27:D5:AA:3C; fixed-address 192.168.10.64; option host-name "testbox-1"; ddns-hostname "testbox-1.eglifamily.name"; } -- Dan Egli From my Test Server
[gentoo-user] syslog-ng: filter plugin NOT not found ????
Help me understand this, please? I have ISC dhcpd configured to log to syslog.local7 (since I don't see an option to force it into it's own log file). So I went into my syslog-ng file and created two filters, just like on the example page of syslog-ng.com: filter dhcpmsgs { facility(23) ); filter non_dhcp { NOT filter(dhcpmsgs) ) I quoted almost directly from the example page on syslog-ng.com, but I keep getting this error when I reload syslog-ng's config: Error parsing filter expression, filter plugin NOT not found OR you may not used double quotes in your filter expression in /etc/syslog-ng/syslog-ng.conf:25:18-25:21: What did I do wrong? Here's the lines I modified from the syslog-ng page: filter demo_filter { host("example") and match("deny" value("MESSAGE")) }; filter inverted_demo_filter { NOT filter(demo_filter) } You can see the page at: https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edition/3.16/administration-guide/53 -- Dan Egli From my Test Server
Re: [gentoo-user] update fails, but I don't see why
Have to agree with Neil on this one. You've got a LOT of updates. World is great, but start with emerge -UDuv @system, after you find the culprit that is still setting python3_6 as a target. Once the system emerge is done then you can try world again and hopefully get a much smaller list. We can help you much better from there. On 12/12/2020 3:35 PM, Neil Bothwick wrote: On Sat, 12 Dec 2020 23:08:15 +0100, n952162 wrote: I did a --depclean but that didn't help. I'm not seeing where an error is indicated. This was done with this still installed: */* PYTHON_TARGETS: python3_7 I commented that out and tried again, and after a few USE flag iterations, I ended up with what seems like the same situation. Log on request. There's a lot to trawl through here, it looks like you haven't updated for quite some time. I'd suggest you try to cut down on the noise by updating only @system instead of @world. A quick glance at some of the output suggests that you still have PYTHON_TARGETS="python3_6" set somewhere. What do grep -r python3_6 /etc/portage emerge --info | grep -i python tell you? -- Dan Egli From my Test Server
Re: [gentoo-user] fsck.fat 4.1 - File system couldn't be fixed
If you have a rescue cd, then you do just what I see you've already done. run fsck against the file sytem and let it fix any errors. As to being in read only mode, HOPEFULLY that's fixed, but if not you can try manually remounting your filesystem: mount / -o remount,rw On 12/12/2020 12:49 PM, the...@sys-concept.com wrote: How to to fix it? I can bootstrap from USB but what command to run it? On 12/12/2020 03:59 AM, Tamer Higazi wrote: Take systemrescuecd and fix your partitions. Let's see what might be the result. best, Tamer On 12/11/20 10:36 PM, the...@sys-concept.com wrote: I wipe the /boot, reinstall kernel, initframes, grub. The system boots, I can login as root but X is not running, the command is displaying: "(none) /#" When I try to start the network I get: fsck.fat 4.1 (2017-01-24) open: no such file or directory Filesystems couldn't be fixed ERROR: fsck failed to start It seems to me "/" file system mount in "read only" mode. When I try to emerge anything I get: /var/log/emerge.log Read-only file system. -- Dan Egli From my Test Server
Re: [gentoo-user] fsck.fat 4.1 - File system couldn't be fixed
You want to add it to the default command line in /etc/default/grub, if it's needed. Frankly, as long as you have ext4 support built in to your kernel (not a module) then I don't think you need it. I've gotten similar warnings on my machines and they've never had a problem loading the root FS. Oh, and it's not initframes, it is INIT RAM FS (no spaces, of course). For Initial Ram Filesystem. :) On 12/12/2020 12:47 PM, the...@sys-concept.com wrote: I took care of this error, it was about cfg80211 enable wireless support (which I don't have) so I disable it in .config. But when I generate initframes I'm getting a warning: genkernel --install --kernel-config=/usr/src/linux/.config initramfs * WARNING... WARNING... WARNING... * Additional kernel parameters that *may* be required to boot properly: * * With support for several ext* filesystems available, it may be needed to * add "rootfstype=ext3" or "rootfstype=ext4" to the list of boot parameters. Which grub file I edit to add support for "rootfstype=ext4" ? -- Dan Egli From my Test Server
Re: [gentoo-user] fsck.fat 4.1 - File system couldn't be fixed
Hmmm, looks like a missing or corrupted firmware file is failing to load. Observe: On 12/12/2020 11:48 AM, the...@sys-concept.com wrote: platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 cfg80211: failed to load regulatory.db nvme mvme0: missing or invalid SUBNQN field I'd say, off my head, that your regulatory.db file has gotten corrupted. I'd suggest booting from a rescue CD, chrooting into your main partition, and reinstalling your firmware. It mentions the wireless, of course (cfg80211) but also it looks like either the firmware or the driver for your nvme system has gotten corrupted. It's obviously present, but it's complaining about missing information. You may want to go ahead and re-compile the kernel and the modules.If you're using genkernel I'd even go so far as to suggest a mrproper. Just to ensure that EVERYTHING is cleaned out. Then let genkernel rebuild everything. Another option, although one I dislike for _purely ascetic_ reasons, would be to just grab the gentoo-kernel-bin package. That's a precompiled kernel with a lot of stuff enabled as modules. It could very well be helpful in getting your system back on it's feet. -- Dan Egli From my Test Server
Re: [gentoo-user] switching from "refine" to "grub"
What complexity? I have a couple EFI machines booting via Grub, and they work great. I just had to ensure the correct GRUB_TARGET in make.conf and then after I had my partitions setup and formatted, I just did grub-install --target=x86_64-efi --efi-directory=/boot/EFI and it went smooth as silk as long as I didn't have /boot on newer ZFS setup. Even ZFS would work if you setup /boot to be a separate dataset and make it with absolute minimal options. On 12/12/2020 1:31 AM, Neil Bothwick wrote: On Fri, 11 Dec 2020 07:48:06 -0700, the...@sys-concept.com wrote: I use refine as boot loader but it is giving me a problems. How to switch back to grub 2 And remove any refine files from /boot I take it you mean refind? It may well be easier to solve the problem with refind rather than trying to deal with the overcomplexity of GRUB for an EFI system. I normally use systemd-boot but when I have used refind, it has picked up everything it needs to know without a config file. What errors are you seeing? -- Dan Egli From my Test Server
Re: [gentoo-user] fsck.fat 4.1 - File system couldn't be fixed
Actually, you have an error or two below. On 12/11/2020 6:16 PM, the...@sys-concept.com wrote: No, I did not reformat the /boot partition. I just cd to /boot and run: rm -r * Probably better to wipe the file system. But you talk about moving away from EFI in another thread, so we'll just say that should this happen again, you should wipe with mkfs. instead of just rm -r. Yes, this machine is new but I run it for a over 10-days, configured most of the programs and it was running without much problems. Yesterday, I decided to check some parameters in kernel .config so I run: genkernel --menuconfig all Next time, just do this: cd /usr/src/linux make menconfig (or nconfig) * Gentoo Linux Genkernel; Version 4.1.2 * Using genkernel configuration from '/etc/genkernel.conf' ... * Running with options: --kernel-config=/proc/config.gz all * Working with Linux kernel 5.4.72-gentoo-x86_64 for x86_64 * Using kernel config file '/proc/config.gz' ... * * Note: The version above is subject to change (depends on config and status of kernel sources). * kernel: >> Initializing ... * >> Running 'make clean' ... * >> --mrproper is set; Making 'make mrproper' ... * >> Will ignore kernel config from '/proc/config.gz' *in favor of already existing but different kernel config *found in '/usr/src/linux/.config' ... * So you are wrong below. As you can see above, genkernel IS using /usr/src/linux/.config. I'm not 100% certain, but I THINK genkernel will compare the config files, and prefer the .config if it is present. >> Running 'make oldconfig' ... * >> Compiling 5.4.72-gentoo-x86_64 bzImage ... When I exit it it started to compile the kernel (it did not finish) I pressed "CTRL-C" (interrupted). I didn't know then, but running genkernel --menuconfig all takes configuration from: /etc/kernels/kernel-config-5.4.72-gentoo-x86_64 not from: /usr/src/linux/.config No, unless /etc/kernels/kernel-config- is NEWER than .config, and maybe not even then. See above. However, NO FILE HAD CHANGED IN /boot But this this is the moment, I couldn't boot correctly. What was the boot error? make && make modules_install make install genkernel --install --kernel-config=/usr/src/linux/.config initramfs grub-install --target=x86_64-efi --efi-directory=/boot grub-mkconfig -o /boot/grub/grub.cfg But nothing had changed. So I tired newer kernel: 5.4.80-gentoo-r1-x86_64 But this time I run (without interruptions): genkernel --menuconfig all grub-mkconfig -o /boot/grub/grub.cfg And again nothing changed, root "/" still mounts "ro" findmnt TARGETSOURCE FSTYPE OPTIONS / /dev/nvme0n1p4 ext4 ro,relatime Normally it should be: findmnt TARGET SOURCE FSTYPE OPTIONS //dev/sda4 ext4rw,noatime,data=ordered Looks like it's not getting to the root remount stage. The kernel will almost always boot in ro mode. So you're probably getting stuck in the emergency shell. Can you see your device in /dev? Does dmesg show the drive being recognised, corresponding drivers being loaded, partitions and filesystems recognised? cat dmesg |grep error doesn't show any errors What's the last 10 or so lines from dmesg when it fails to boot and goes to what I'm guessing is the emergency shell? I'll try to boot GParted and see what comes up. I don't think gparted is your answer. Sounds to me like something is causing it to fail in the changeover from your initrd to the actual drive. If that's the case I bet your partitions are fine. Can you show us the last 10-15 lines printed on the screen before you get stuck? -- Dan Egli From my Test Server
Re: [gentoo-user] UEFI system - installing Grub without EFI
As long as your system is set to use legacy/bios mode instead of EFI then I don't see why not. On 12/11/2020 7:28 PM, the...@sys-concept.com wrote: I was trying to check VFAT boot partition on my disk with Gparted but it failed. Root partition checked OK. Can I format the VFAT to EXT2 and install grub on it without EFI? There is a possibility VFAT partition got damaged. -- Dan Egli From my Test Server
Re: [gentoo-user] switching from "refine" to "grub"
I can not say for certain, but I imagine it would be something like this: emerge -c refine rm -rf rm -rf /boot/refine GRUB_TARGET="x86_64-efi" emerge grub grub-install --efi-directory= --target=x86_64-efi grub-mkconfig -o /boot/grub/grub.cfg Of course you really should put the GRUB_TARGET in your make.conf, but in a pinch that will work. I'm assuming you are using a 64-bit EFI enabled computer. The grub steps I am sure of. I've never used refine before, so I don't know it. On 12/11/2020 7:48 AM, the...@sys-concept.com wrote: I use refine as boot loader but it is giving me a problems. How to switch back to grub 2 And remove any refine files from /boot -- Dan Egli From my Test Server
Re: [gentoo-user] system won't boot - --no-bootloader set; Skipping bootloader update ...
you didn't specify grub2 on the command line or (my preference) in /etc/genkernel.conf. So genkernel assumes you don't want it to fix your boot loader. If the kernel and ramdisk are all built, you can fix grub's config with grub-mkconfig -o /boot/grub/grub.cfg. For future kernel builds, read the paramaters in man genkernel so you know how to specify the boot loader, or just edit /etc/genkernel.conf and set the bootloader from none to grub2. On 12/11/2020 12:54 AM, the...@sys-concept.com wrote: My system will not boot. I installed sys-power/acpid and wanted to double check the kernel configuration. I run: genkernel --menuconfig all The ACPI option was enabled so I exit the menu but it started to compile the kernel so I press CTRL-C (to stop it). Upon rebooting the X will not start no root login, just a screen with login: "joseph (none)" I bootstrap the PC and run: genkernel --menuconfig all and finish compiling, and I get a message: - * Kernel compiled successfully! * * --no-bootloader set; Skipping bootloader update ... * * Required kernel parameter: * * root=/dev/$ROOT * * Where $ROOT is the device node for your root partition as the * one specified in /etc/fstab --- What went wrong? Here is my fstab: LABEL=boot /boot vfatnoauto,noatime 1 2 UUID=d32946b3-2236-4998-80dd-68b7d78e0c7b / ext4noatime 0 1 LABEL=swap noneswapsw 0 0 -- Dan Egli From my Test Server
Re: [gentoo-user] gentoo and kickstart files
On 11/21/2020 2:26 PM, Jude DaShiell wrote: Does gentoo know about kickstart files and can it use them? I'm hardly a Gentoo expert, but I'm going to say no on both. Kickstart files are designed for the particular installer you're using. I know that a Kickstart file for Fedora won't work on Ubuntu, or even CentOS. The issue here is that Gentoo doesn't HAVE an installer. Not like SUSe's YaST or Fedora's anaconda. So there is no program to feed a kickstart file to. The best thing you can do to make things similiar between hosts is to create your own script that partitions the disks, formats them, mounts them, then proceeds to copy custom files across. Just off the top of my head, it would look something like this, assuming you are using GPT partitions on a single drive with separate /home partition, with / and /home formatted as ext4: #!/bin/sh echo -e "g\nn\n1\n\n+1G\nn\n2\n\n+64G\nn\n\n\nt\n1\n1\nw" | fdisk /dev/sda mkfs.vfat -F32 /dev/sda1 mkfs.ext4 /dev/sda2 mkfs.ext4 /dev/sda3 mount /dev/sda3 /mnt/gentoo cd /mnt/gentoo tar xvfJ /mnt/cdrom/stage3*.xz for D in proc sys dev tmp; do mount --rbind /$D $D mount --make-rslave $D; done cp /mnt/cdrom/use/* /etc/portage/package.use cp /mnt/cdrom/world /mnt/cdrom/chrooted . cp /mnt/cdrom/make.conf etc/portage cp /etc/resolv.conf etc chroot . chrooted And then chrooted would look like this: . /etc/profile PKGS=$(cat /world)emerge-webrsync emerge -f $PKGS emerge $PKGS if [ -d /etc/systemd/system ] ; then # using systemd, so let's use systemctl to set the boot programs systemctl daemon-reload systemctl enable ; else # using openrc instead for P in ; do rc-update add $P default; done ; fi genkernel --menuconfig all grub2-config -o /boot/grub/grub.cfg And of course, world is what you want listed in the world file. The easiest way to do that part is to copy the /var/lib/portage/world file to the install media (that's where "world" came from above"). If you're not familiar with fdisk commands, what happens is this: 1) make new gpt partition label on the drive 2) make a new 1G partition (this will be /boot/EFI) 3) make a new 64GB partition (this will be /) 4) make a partition using all remaining space (/home) 5) flag partition 1 as an ESP (EFI System Partition). Probably not needed, but better safe than sorry. 6) write the changes to disk and exit The following files are assumed to be in /root of the install media (automatically mounted on /mnt/cdrom): world - the world file containing the base packages you want. We will let portage sort out any dependancies stage3*.xz - wild card to represent your stage3 tarball. chrooted - script to run in the chrooted environment make.conf - the make.conf you want to have. Also, the directory use should exist on the media. This directory will contain the files that automatically get copied to /etc/portage/package.use in the first script. That's off the top of my head, and may very well be missing some steps, but you get the idea. -- Dan Egli From my Test Server -- This email has been checked for viruses by AVG. https://www.avg.com
[gentoo-user] X Forwarding from virtual host
Okay, this is I HOPE a simple enough question. I have a virtual server running on my Win10 Host (not my ideal O/S!) that has a full X environment on it. I usually connect via Putty(ssh) using VirtualBox's Host Only network. That's great for text, but how do I set things up so that I can run X programs on the virtual box and have them show on my Win host? I have an implimentation of X for Windows (Xming)running, and I set putty to forward X connections, but when I try something as silly as xeyes, it fails. I've notice that the DISPLAY environment isn't being set, but setting it myself doesn't seem to help. The Virtual Server's IP is 192.168.56.25 and the Host automatically gets .1, so I tried setting DISPLAY=129.168.56.1:0 and it doesn't work. I get a message "No protocol specified" followed by the error "Error: Can't open display: 192.168.56.1:0.0" Putty is set to forward X connections, and uses the same destination. What am I doing wrong? -- Dan Egli On my Test server OpenPGP_0xF8A7B3F2AAB08F9D.asc Description: application/pgp-keys OpenPGP_signature Description: OpenPGP digital signature
[gentoo-user] SELinux issues
Questions regarding SELinux. Two of them actually. First is how the HECK to I get it enabled!? I compiled my kernel to support it, and I do not have the disabling line in my boot config. But after rebooting to the new kernel, getenforce says disabled. So why is it disabled and how do I enable it? Next, whenever I try to install a SELinux policy that portage missed during it's install (not many, but a couple) I get an error. I've already created a bug on this (https://bugs.gentoo.org/show_bug.cgi?id=744736), but I was wondering if anyone on the list had any ideas as to what's wrong. Thanks! -- Dan Egli On my Test server OpenPGP_0xF8A7B3F2AAB08F9D.asc Description: application/pgp-keys OpenPGP_signature Description: OpenPGP digital signature
Re: [gentoo-user] SELinux policy problem
On 9/23/2020 11:36 PM, Dan Egli wrote: Maybe I just need a day or two off, but I'm having an issue and the Wiki page doesn't seem to help me. I'm installing a new system. It's the same one I was having Grub issues on. Now that those issues are resolved, I am adding the extra packages on the list. One (or several really) of those packages is SELinux and it's policies. I've found all the policies I want to add, but when I emerge them I ALWAYS get an error about not being able to resolve typesetattribute. For example, from the policy for clamav: With the exception of the base-policy package, EVERY SELinux policy said that. I've looked and what I see online doesn't seem to make sense to me. Then again, I AM brand new to SELinux. Anyone got any tips as to making sure they emerge okay? Odd, I just noticed the line didn't appear. Let's try this again. Here's the message I get from selinux-clamav: Failed to resolve typeattributeset statement at /var/lib/selinux/targeted/tmp/modules/400/clamav/cil:41 Anyone got tips on this?
Re: [gentoo-user] SELinux policy problem
No one has any ideas? I was hoping SOMEONE could help within 12 hours On 9/23/2020 11:36 PM, Dan Egli wrote: Maybe I just need a day or two off, but I'm having an issue and the Wiki page doesn't seem to help me. I'm installing a new system. It's the same one I was having Grub issues on. Now that those issues are resolved, I am adding the extra packages on the list. One (or several really) of those packages is SELinux and it's policies. I've found all the policies I want to add, but when I emerge them I ALWAYS get an error about not being able to resolve typesetattribute. For example, from the policy for clamav: With the exception of the base-policy package, EVERY SELinux policy said that. I've looked and what I see online doesn't seem to make sense to me. Then again, I AM brand new to SELinux. Anyone got any tips as to making sure they emerge okay?
[gentoo-user] SELinux policy problem
Maybe I just need a day or two off, but I'm having an issue and the Wiki page doesn't seem to help me. I'm installing a new system. It's the same one I was having Grub issues on. Now that those issues are resolved, I am adding the extra packages on the list. One (or several really) of those packages is SELinux and it's policies. I've found all the policies I want to add, but when I emerge them I ALWAYS get an error about not being able to resolve typesetattribute. For example, from the policy for clamav: With the exception of the base-policy package, EVERY SELinux policy said that. I've looked and what I see online doesn't seem to make sense to me. Then again, I AM brand new to SELinux. Anyone got any tips as to making sure they emerge okay?
[gentoo-user] exim4u
Does anyone know of an ebuild for exim4u? I've seen it used before and it's awesome, but it's a pain in the posterior to setup correctly unless you know exactly what you're doing. I'd love to apply it on my server(s) but I'm not very good at installing and the times I've tried it the install documentation seems to leave me with a broken install. Thanks! --- Dan