Re: [gentoo-dev] Re: Short bugzilla outage today between 2100-2200 UTC
Quoting Theo Chatzimichos tampak...@gentoo.org: Finished, everything seems fine again. Please let us know if you notice any weird behavior Hello, When I want to see an attachment, the URL becomes https://#bug_od#.b.g.o and I need to register the certificate for every bug. Xavier
Re: [gentoo-dev] Re: Short bugzilla outage today between 2100-2200 UTC
Quoting Xavier Miller xavier.mil...@cauwe.org: Quoting Theo Chatzimichos tampak...@gentoo.org: Finished, everything seems fine again. Please let us know if you notice any weird behavior Hello, When I want to see an attachment, the URL becomes https://#bug_od#.b.g.o and I need to register the certificate for every bug. Xavier Sorry, this is only one new certificate, which applies for [0-9].b.g.o Not a problem. Xavier.
Re: [gentoo-dev] Re: Short bugzilla outage today between 2100-2200 UTC
On Thu, 2012-07-05 at 08:19 +0200, Xavier Miller wrote: Quoting Theo Chatzimichos tampak...@gentoo.org: Finished, everything seems fine again. Please let us know if you notice any weird behavior Hello, When I want to see an attachment, the URL becomes https://#bug_od#.b.g.o and I need to register the certificate for every bug. Xavier This has been the case for over a year probably. Gentoo's bugzilla uses https with CAcert certificates which are not trusted by default on most non-Gentoo machines. There have been some discussions on gentoo-core about moving to a more widely trusted certificate authority; as far as I remember, the big stumbling block was that the big certificate authorities wanted too much personal information from Gentoo trustees. In the meantime, unless you are on a locked-down system, you can install the CAcert class 3 certificate from http://www.cacert.org/index.php?id=3 -Alexandre
Re: [gentoo-dev] grub:2 keywords
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 05.07.2012 06:26, Doug Goldstein wrote: On Tue, Jul 3, 2012 at 9:20 AM, Jeroen Roovers j...@gentoo.org wrote: On Mon, 2 Jul 2012 15:02:28 -0400 Mike Gilbert flop...@gentoo.org wrote: That is exactly what Doug (cardoe) proposed, and he is working on the docs for that. Ah yes, it's been a long-winded thread. :) jer I got a little busier this past weekend than I had intended (loving that leap second bug) but here's the first draft: http://dev.gentoo.org/~cardoe/docs/grub2-migration.xml It will be integrated into the official Gentoo doc set once I get a nod from the docs guys. Hi, according to my /etc/grub.d/10_linux grub2 (or better the grub2-mkconfig script) searches for the following kernel names: /vmlinuz-*, /boot/vmlinuz-* and /boot/kernel-* for x86 and x86_64 and the same plus /vmlinux-* and /boot/vmlinux-* for other arches. The accepted names for initrd/initramfs are: initrd.img-${version}, initrd-${version}.img, initrd-${version}.gz,initrd-${version}, initramfs-${version}.img, initrd.img-${alt_version}, initrd-${alt_version}.img, initrd-${alt_version}, initramfs-${alt_version}.img, initramfs-genkernel-${version}, initramfs-genkernel-${alt_version}, initramfs-genkernel-${GENKERNEL_ARCH}-${version} and initramfs-genkernel-${GENKERNEL_ARCH}-${alt_version}. I (as a user) would propose to reflect this . I would also give information about /etc/defaults/grub since that is the config file that you need to enable persistent, customized kernel options (will be automatically appended when you run grub2-mkconfig) and grub specific options like the timeout or the graphic settings. Thank you for your effort. I really look forward for grub2 becoming the default (whatever that is in gentoo ;) ) option. WKR Hinnerk -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJP9UI8AAoJEJwwOFaNFkYc2kcH/jKTjWpkqxx4rJxjHwGHDm0N 3BNe+o8/DbMbiyTG/fAwVmq4EdzucqWtoF5fRrNRkNd3OGg9+dZcoUeOVdZfWKpY evJF1/iuetr7XuHDJhjnAn2FLNfb7jzuLlUEXiGLYLvgtu+O5NUgLQyv3ut+eVMU JCRM41/BchnfnZdFTPWreL6QimpxQVBT4HDff5K0YYqrVEePLOufIt8ct81c2oAQ 3KSC4uPb9bvrM+3S3NVtyYUZgy60QrtzuWXM0S4eWEodU1pO5xnczqt7FCGlnnw1 G83aDcXI1oBdvVnMbhHJtAQi9EBvUn/q56gYMbtREFTXDjUvKZ0ozfu1lmEKGk8= =/ZBF -END PGP SIGNATURE-
Re: [gentoo-dev] Kernel compiles and you
Hi! On Wed, 04 Jul 2012, Greg KH wrote: Recently, I have again bumped into the question whether one should compile the kernel as root. One of the things that puzzles me is why almost every HowTo, blog post and book recommends building as non-root -- yet basically no distribution /helps/ the user with doing that. Most distros don't have to do anything, they are not requiring users to build their own kernels :) As I noted in the blog post. There are still people who prefer to roll their own, but still want to use a binary distro. Those people usually do the wget+tar xf approach, completely ignoring the package manager. And that's just dandy. As I also noted in the blog post, the more radical approach for binary distros is to not supply kernel sources as a package at all. Either you use their binary kernel or you're completely on your own. It's probably what I'd do were I to run such a project. Problem with that approach for us (as in Gentoo) is of course, that we need suitable sources (and config) in an easily findable place since assorted stuff depends on it at build time. So in reality, they all do help their users with this, it's trivial to build a kernel as a user on those distros. Actually, it is also on Gentoo, there's no need to ever put a kernel anywhere except in your home directory when building it. Mhm? So how do udev, glibc et al then find out if you have the right options set? What about the assorted ebuilds of out-of-kernel software that needs to access the sources? I'm well aware that for some, this is not a strict necessity (they could just hope you did set them up right or look at /proc/config.gz), but dropping the kernel source ebuilds would be rather radical -- I don't see that happening any time soon. Oh, and one more reason you never want to build your kernel as root, a few years ago, the kernel build process had a bug where it accidentally tried to do a 'rm -rf /*' on your filesystem. None of the kernel developers ever noticed that as they didn't build a kernel as root, and the bug stuck around for a relativly long time (weeks at least.) There was also some semi-serious talk about leaving it in the build as well, just to catch people who were doing this, but sanity prevailed and it was fixed. But, you never know if that old bug might slip back in one day :) I vaguely remembered the rm-rf bug, but I was unable to find any reference to it (at least not easily), do you happen to have a pointer? Regards, Tobias -- Sent from aboard the Culture ship Advanced Case Of Chronic Patheticism
Re: [gentoo-dev] Kernel compiles and you
Am 05.07.2012 01:58, schrieb Rich Freeman: About the only really safe approach would be to run as a limited user, install it into some offset/chroot, package it, and then install it using portage as a binpkg. That actually has advantages on many levels, and it basically is what we do with everything else. I think that's a good idea to have a script which packs the needed files (kernel) and modules into a binpkg: - define KBUILD_OUTPUT - after emerging the sources (or downloading), configure and build your kernel - launch a script which 'installs' the modules and also the kernel in a sandbox like portage normally does and generates a binpkg with a given version number (or auto generated based on kernel version) - install the binpkg (or advise the script to do so) this has the advantage, we can build the kernel as user and also have all installed files recorded by the package manager (which is unfortunately not the case with the current approach) which makes removing them much easier (only remove -source- and/or -bin- pkg) /martin
Re: [gentoo-dev] Kernel compiles and you
The Linux kernel should not and really must not be built as root. This is neither supported nor recommended nor tested by upstream. You may recall there was a kernel build system bug which ran -rf / which would be bad if you built as root. The administrator usually has a normal user account somewhere. Use that to build. Maybe it's just the sysadmin in me, and being used to logging into hundreds of boxes where the only non-root accounts are dedicated to specifics apps which have specific reasons to limit their security access (nginx/etc), but the concept that simply compiling a kernel as root being a dangerous operation -- seems twisted. From a system reliability point of view, compiling a kernel should be something I can do on all boxes when if needed and the only account that I can ensure exists on all boxes is root. Still, I guess it makes sense from the perspective of the kernel developers and we're stuck with that, although -- the gloating over 'rm -rf' seems overdone. In any case, if we must go down this road..than the proper solution is to treat the kernel like any other security sensitive app. Create a new designated user for compiling kernels - call it 'kernel' and over time we'll grow used to it being on all boxes. We can adjust our automated kernel building scripts to su to the kernel user before issuing make commands/etc and the makefile can terminate abnormally if it detects it is being run from any other user than 'kernel'.
Re: [gentoo-dev] Kernel compiles and you
Il 05/07/2012 10:27, Tobias Klausmann ha scritto: I vaguely remembered the rm-rf bug, but I was unable to find any reference to it (at least not easily), do you happen to have a pointer? Regards, Tobias neither I, but look at this bug for an example http://lkml.indiana.edu/hypermail/linux/kernel/0601.2/0877.html start search: linus build as root kernel 2.6.16 rm -f
Re: [gentoo-dev] Kernel compiles and you
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/05/2012 06:23 AM, Matthew Marlowe wrote: The Linux kernel should not and really must not be built as root. This is neither supported nor recommended nor tested by upstream. You may recall there was a kernel build system bug which ran -rf / which would be bad if you built as root. The administrator usually has a normal user account somewhere. Use that to build. Maybe it's just the sysadmin in me, and being used to logging into hundreds of boxes where the only non-root accounts are dedicated to specifics apps which have specific reasons to limit their security access (nginx/etc), but the concept that simply compiling a kernel as root being a dangerous operation -- seems twisted. From a system reliability point of view, compiling a kernel should be something I can do on all boxes when if needed and the only account that I can ensure exists on all boxes is root. Still, I guess it makes sense from the perspective of the kernel developers and we're stuck with that, although -- the gloating over 'rm -rf' seems overdone. In any case, if we must go down this road..than the proper solution is to treat the kernel like any other security sensitive app. Create a new designated user for compiling kernels - call it 'kernel' and over time we'll grow used to it being on all boxes. We can adjust our automated kernel building scripts to su to the kernel user before issuing make commands/etc and the makefile can terminate abnormally if it detects it is being run from any other user than 'kernel'. portage already has a portage user which is used to build (or pretty much do) everything else if you set FEATURES=userpriv usersync usersandbox so do we really need a kernel user to build the kernel? How about a kde user to build kde? I for one do not need a new user on my system every time I want to build something new. For all I care, build as nobody, but adding a kernel user is ridiculous. - -Zero -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJP9Z6OAAoJEKXdFCfdEflKhMsQAIBaqxWhRzkRmdYGajqItyKV DHAIE6LyY9lQ08rHV8eWXi/lKjUamM22wRrvOiHg/z0Cwu1shHgQtsuxJZZ3bJ6W hkvNLMOEkUaGlWFwhwYfUKWXDgS01eJc7OAF63Vxfgq+F8kpdM5SajeAVh+6XRp6 ea2NB1ywmqChqXc5M/ZkA28Y2IzT8hyrdiqFG5n0d63W8vt39kTgBpNkrJvoBEbh s7Fpmli+RTlR8bGjYVyAuimUQfL3R+GulbI+5JEseVCzCs8VeoY/Ab0s0XctA+hx LRa1SzUG2rP8UjMoVZYFnxvVp0YX76t3b50qL+USyq0VDdEeoi4XzxMzVcKnkkb7 lBtlkp4IwsxC9NfDb2aYM5iStGo1nTSJ/nK6XIbl8ePYCh2iuq9mFFrZAURUUqpS hdd21VchpyC2exuvg1tImmddetiPE0aiwQUqAOVQEwIZ/ViWDdRCjkk7sN3y039A it/Ddr5DGe7P/TzPq2Q5mNlaonVbGrqz5dqObfky0oYzqHoRb06+PGq1fjNXWx/s WtqnaJHH86kol/AIsMpN/0FRQ2bGzDibG3VLezjklpmxczPqq9CQWuYzRqRw5q57 9/8LO7aPsEAIW/7+Y+pe2asTI1ZfUJIUsmDvQqZKA2oeJ3kqa4dtLyqv2bgfAi8R DAV8uC+2xbRFlas47b7F =NhiX -END PGP SIGNATURE-
Re: [gentoo-dev] Kernel compiles and you
On Wed, 2012-07-04 at 22:22 -0400, Mike Frysinger wrote: On Wednesday 04 July 2012 21:36:02 Albert W. Hopkins wrote: Might it be better if you could tell portage to look for kernel builds in another location than /usr/src/linux. Perhaps you can already and I'm not aware. export KBUILD_OUTPUT=... That'll work. Thanks!
Re: [gentoo-dev] Kernel compiles and you
On Wednesday, July 04, 2012 10:30:20 PM Peter Stuge wrote: You may recall there was a kernel build system bug which ran -rf / which would be bad if you built as root. So there isn't anything during the build that requires writing outside the source tree? Since I use a custom script for automating the build, there would be no problem with having it run everything in the sandbox itself up to installing the modules? -- Dan Douglas
[gentoo-dev] New herd: radio
Hello all, The new radio herd will maintain packages related to sending and receiving of radio transmissions. Currently, these are GNU Radio and some packages from the Osmocom/SDR project. The initial members are zerochaos, creffett and me, but anybody is free to join. Plans for the near future include packaging parts of the airprobe suite, and importing some interesting ebuilds from Pentoo and betagarden overlay. Best regards, Chí-Thanh Christopher Nguyễn
Re: [gentoo-dev] New herd: radio
On Thu, 05 Jul 2012 23:58:02 +0200 Chí-Thanh Christopher Nguyễn chith...@gentoo.org wrote: Hello all, The new radio herd will maintain packages related to sending and receiving of radio transmissions. Currently, these are GNU Radio and some packages from the Osmocom/SDR project. The initial members are zerochaos, creffett and me, but anybody is free to join. Very well. Please count me in. Just added myself to the mail alias. Regards, Thomas.