[gentoo-user] Portage telling me what it's doing
Hi all, I've just kicked off an emerge -NuD world and will now head out for a while. My emerge has to do, amongst others, gcc, libreoffice, Firefox Thunderbird. Now when I get back I'll want to know where the emerge is up to so, in my ignorance of portage/emerge in great depth and with only compiler output spewing up the screen, I'll fire up another terminal, and now don't laugh, I'll do emerge --pretend -NuD world. That will tell me what's currently being compiled as it will be the top thingy on the list. There has to be a better way Is there a way so that the terminal that the emerge is happening in can display additional info? At the moment, I get: /home/agl: emerge can I get, say: /home/agl: emerge www-client/firefox by setting some config variable? Failing that is there a log file that lists just what's been emerged, not a whole lot of checking this, checking that, compiling this file, linking that library, whoops, error here... sort of thing. Any thoughts, greatly appreciated, Andrew
Re: [gentoo-user] Portage telling me what it's doing
On Jun 2, 2012 1:13 PM, Andrew Lowe a...@wht.com.au wrote: Hi all, I've just kicked off an emerge -NuD world and will now head out for a while. My emerge has to do, amongst others, gcc, libreoffice, Firefox Thunderbird. Now when I get back I'll want to know where the emerge is up to so, in my ignorance of portage/emerge in great depth and with only compiler output spewing up the screen, I'll fire up another terminal, and now don't laugh, I'll do emerge --pretend -NuD world. That will tell me what's currently being compiled as it will be the top thingy on the list. There has to be a better way Is there a way so that the terminal that the emerge is happening in can display additional info? At the moment, I get: /home/agl: emerge can I get, say: /home/agl: emerge www-client/firefox by setting some config variable? Failing that is there a log file that lists just what's been emerged, not a whole lot of checking this, checking that, compiling this file, linking that library, whoops, error here... sort of thing. Any thoughts, greatly appreciated, I never tried it while an emerge @world us running, but elogv/elogviewer sorts by last emerge time. Thus, the last package emerged -- successfully or not -- is topmost. Rgds,
Re: [gentoo-user] Portage telling me what it's doing
On Sat, Jun 02, 2012 at 02:08:39PM +0800, Andrew Lowe wrote Is there a way so that the terminal that the emerge is happening in can display additional info? At the moment, I get: /home/agl: emerge can I get, say: /home/agl: emerge www-client/firefox I use xterm under ICEWM (a simple WM). The title bar at the top of the xterm lists how far in the list you are, and the current ebuild... emerge:(1 of 2) www-client/midori-0.4.3 Compile see attached top few lines of a screen shot. Note that even if you minimize the xterm, you can still see the info by doing either of... * holding down {ALT-TAB} to bring up the programs menu * hovering the mouse pointer over the location on the program bar list of running programs. Both of these simply duplicate what shows up on the title bar. -- Walter Dnes waltd...@waltdnes.org attachment: xterm.png
Re: [gentoo-user] Re: ~gcc-4.7.0
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02.06.2012 04:37, Nilesh Govindrajan wrote: On Jun 2, 2012 6:08 AM, walt w41...@gmail.com wrote: SNIP Has anyone tried compiling chromium 20 (as of yesterday) and libreoffice 3.5.4.2 using gcc 4.7.0? I am unable to do so. Using unstable Amd64. -- Nilesh Govindrajan http://nileshgr.com Openoffice: No Chromium 20: Yes - they're a bit of a PITA... It won't work without some patches. Mostly missing includes for unistd.h (in most files is a #if defined(OS_ANDROID) #include unistd.h #endif where it is needed (ideally in a #id defined(OS_POSIX) (or LINUX?) #endif block). I've got no time to look into the versions 20.x to 21.0.1155.2 and my custom patch for 21.0.1155.2 also fixes a selinux related issue. If you google you'll find some other patches (even one on bugs.gentoo.org) which max work for you (depends on version, I think). I'll attach my patch for reference. WKR Hinnerk -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPybgeAAoJEJwwOFaNFkYcu2YIAIa3xtDXMD7hFy/7iI5yEhd2 eLE5+GswNKYdCeYRaLvuqQpWJnm2GZj7UQVklxd1qgA2UhxgHCZkiya5Uj8M3va6 iE8e2TfCwAUqkL69/9HAXQh+cuHreq7ZAP9/+1yUaH8NOa9gZluIzyZv/TtO/PiJ wDK6Zhar/MlpFOrduz3m0gFuJun1fruVGvT9cIWRTDSsMmsGm6l88JNG1YyXtmZV yoL5ZfT0g+Lw1IJ6C03WEFG8yW/nXjE9wIojjzQoC3fkBmTPNWmcXdz5LzPx8T+P rc9WQf8IGRQwA8ME8LPEJZdGxZmT170nOs74TqwJOs7F2YGAwL+N0euHF8DCilg= =16Fc -END PGP SIGNATURE- diff -ru chromium-21.0.1155.2/chrome/browser/policy/policy_path_parser_linux.cc chromium-21.0.1155.2.new/chrome/browser/policy/policy_path_parser_linux.cc --- chromium-21.0.1155.2/chrome/browser/policy/policy_path_parser_linux.cc 2012-05-30 03:47:01.0 +0200 +++ chromium-21.0.1155.2.new/chrome/browser/policy/policy_path_parser_linux.cc 2012-05-30 23:53:01.123823731 +0200 @@ -4,6 +4,10 @@ #include pwd.h +//#if defined(OS_POSIX) +#include unistd.h +//#endif + #include chrome/browser/policy/policy_path_parser.h #include base/logging.h diff -ru chromium-21.0.1155.2/content/public/common/sandbox_init.cc chromium-21.0.1155.2.new/content/public/common/sandbox_init.cc --- chromium-21.0.1155.2/content/public/common/sandbox_init.cc 2012-05-30 03:46:30.0 +0200 +++ chromium-21.0.1155.2.new/content/public/common/sandbox_init.cc 2012-05-30 17:09:00.044889918 +0200 @@ -6,6 +6,8 @@ #if defined(OS_ANDROID) #include unistd.h +#elif defined(OS_POSIX) +#include unistd.h #endif namespace content { diff -ru chromium-21.0.1155.2/content/zygote/zygote_linux.cc chromium-21.0.1155.2.new/content/zygote/zygote_linux.cc --- chromium-21.0.1155.2/content/zygote/zygote_linux.cc 2012-05-30 03:46:27.0 +0200 +++ chromium-21.0.1155.2.new/content/zygote/zygote_linux.cc 2012-05-31 04:04:32.072791812 +0200 @@ -31,10 +31,38 @@ #include content/common/sandbox_methods_linux.h #include content/common/zygote_commands_linux.h +#if defined(CHROMIUM_SELINUX) +#include selinux/selinux.h +#include selinux/context.h +#endif + // See http://code.google.com/p/chromium/wiki/LinuxZygote namespace content { + +#if defined(CHROMIUM_SELINUX) +static void SELinuxTransitionToTypeOrDie(char const* type) { + security_context_t security_context; + if (getcon(security_context)) +LOG(FATAL) Cannot get SELinux context; + + context_t context = context_new(security_context); + context_type_set(context, type); + const int r = setcon(context_str(context)); + context_free(context); + freecon(security_context); + + if (r) { +LOG(FATAL) dynamic transition to type ' type ' failed. + (this binary has been built with SELinux support, but maybe + the policies haven't been loaded into the kernel?); + } +} +#endif // CHROMIUM_SELINUX + + + namespace { // NOP function. See below where this handler is installed. diff -ru chromium-21.0.1155.2/content/zygote/zygote_linux.h chromium-21.0.1155.2.new/content/zygote/zygote_linux.h --- chromium-21.0.1155.2/content/zygote/zygote_linux.h 2012-05-30 03:46:27.0 +0200 +++ chromium-21.0.1155.2.new/content/zygote/zygote_linux.h 2012-05-31 03:31:16.013928301 +0200 @@ -16,6 +16,8 @@ namespace content { +static void SELinuxTransitionToTypeOrDie(char const * type); + class ZygoteForkDelegate; // This is the object which implements the zygote. The ZygoteMain function, @@ -106,7 +108,6 @@ int initial_uma_sample_; int initial_uma_boundary_value_; }; - } // namespace content #endif // CONTENT_ZYGOTE_ZYGOTE_H_ diff -ru chromium-21.0.1155.2/content/zygote/zygote_main_linux.cc chromium-21.0.1155.2.new/content/zygote/zygote_main_linux.cc --- chromium-21.0.1155.2/content/zygote/zygote_main_linux.cc 2012-05-30 03:46:27.0 +0200 +++ chromium-21.0.1155.2.new/content/zygote/zygote_main_linux.cc 2012-05-31 04:04:21.383792544 +0200 @@ -2,6 +2,8 @@ // Use of this source code is governed by a BSD-style license that can be // found in the
Re: [gentoo-user] Portage telling me what it's doing
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02.06.2012 08:08, Andrew Lowe wrote: Hi all, I've just kicked off an emerge -NuD world and will now head out for a while. My emerge has to do, amongst others, gcc, libreoffice, Firefox Thunderbird. Now when I get back I'll want to know where the emerge is up to so, in my ignorance of portage/emerge in great depth and with only compiler output spewing up the screen, I'll fire up another terminal, and now don't laugh, I'll do emerge --pretend -NuD world. That will tell me what's currently being compiled as it will be the top thingy on the list. There has to be a better way Is there a way so that the terminal that the emerge is happening in can display additional info? At the moment, I get: SNIP here... sort of thing. Any thoughts, greatly appreciated, Andrew I normally issue something like cat /var/log/emerge.log | grep -i compiling | tail -n 1 from another terminal. It shows the last package for which compiling started. if you change the -n 1 to -n 2 it'll show the last 2 packages (if you leave it out, you'll get the last 10). You could also replace compiling with i.e. merge (then it'll look for another part of the build process. Otherwise (like Walter stated) most terminals within X (that I've tried) add this info to the titlebar. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPybnNAAoJEJwwOFaNFkYcBkYH/35c9bgkWUyFORyPfcqsYvPA qAgKTBpS9i4FdA+TJYKBP+DpkNvlQlCtyb3I3YrrADSZKrQIopX9He55FDrxDh+6 /iySLA7/0DgKlJgxTofrXbJHpvZHsCjRF21UQJdk57RYD6JBGarCywJF52vNkNVz c2C9FfeZHXM1CdqWHApIE0UPa+mq6mnk81XrzbQ39PT6ObLuxVpsD8hVPO5puMLD +yYD3thNWyXx3WkDq1ZaR+sT+ZfYKjezByLS+N4Nj+BAAa5yC8I3A8b1HzCylo6d sfbltqbLSHdTtQhZJQq7EHqbqjJ3xs0HUkhzNqRHNJIoMFVkyQs3VnuHjjvNMBE= =WvQg -END PGP SIGNATURE-
Re: [gentoo-user] Portage telling me what it's doing
Andrew Lowe wrote: Hi all, I've just kicked off an emerge -NuD world and will now head out for a while. My emerge has to do, amongst others, gcc, libreoffice, Firefox Thunderbird. Now when I get back I'll want to know where the emerge is up to so, in my ignorance of portage/emerge in great depth and with only compiler output spewing up the screen, I'll fire up another terminal, and now don't laugh, I'll do emerge --pretend -NuD world. That will tell me what's currently being compiled as it will be the top thingy on the list. There has to be a better way Is there a way so that the terminal that the emerge is happening in can display additional info? At the moment, I get: /home/agl: emerge can I get, say: /home/agl: emerge www-client/firefox by setting some config variable? Failing that is there a log file that lists just what's been emerged, not a whole lot of checking this, checking that, compiling this file, linking that library, whoops, error here... sort of thing. Any thoughts, greatly appreciated, Andrew I use the command: genlop -c That tells what is compiling and some general time info too. Hope that helps. Dale :-) :-) -- I am only responsible for what I said ... Not for what you understood or how you interpreted my words! Miss the compile output? Hint: EMERGE_DEFAULT_OPTS=--quiet-build=n
Re: [gentoo-user] Lockdown: free/open OS maker pays Microsoft ransom for the right to boot on users' computers
Am 02.06.2012 04:26, schrieb William Kenworthy: http://boingboing.net/2012/05/31/lockdown-freeopen-os-maker-p.html and something I had not considered with the whole idea was even bootable cd's and usb keys for rescue will need the same privileges ... BillK I find this article lacking in substance. You get a much more reasonable view reading the original blog post by Matthew Garrett [1]. A few points: meaning that unless Microsoft has blessed your favorite flavor of GNU/Linux or BSD, you won't be able to just install it on your machine, or boot to it from a USB stick or CD to try it out. You don't have to be blessed. You could call your distribution BallmerSucks and still get a certificate. You just have to register, authenticate and pay the fee. Anything else would earn them an antitrust law suite they wouldn't forget. There is a work-around for some systems involving a finicky and highly technical override process, but all that means is that installing proprietary software is easy and installing free/open software is hard. They mean finicky as in go to the BIOS and switch it off and some systems as in all x86 hardware but not ARM? Yeah, the situation is not nice but it is not as bad as it could be. Microsoft requires that it can be switched off for x86. It forbids it for ARM, though. The article gets that bit right. Regarding the 99$ ransom: It is a one-off payment. The article should have made that clear. Okay, enough bashing the article. Some technical question: As I understand it, if I want to make a live CD or a distribution, all I'd need to do is to use Fedora's kernel and boot loader? That's not so bad. [1] http://mjg59.dreamwidth.org/12368.html Regards, Florian Philipp signature.asc Description: OpenPGP digital signature
Re: [gentoo-user] Lockdown: free/open OS maker pays Microsoft ransom for the right to boot on users' computers
On 2012-06-02 09:43, Florian Philipp wrote: You don't have to be blessed. You could call your distribution BallmerSucks and still get a certificate. You just have to register, authenticate and pay the fee. Anything else would earn them an antitrust law suite they wouldn't forget. ... or one could simply replace the bios/UEFI with coreboot[1] and get on with life... albeit, (at least currently) it will severely limit your choice of motherboards (AMD is supporting coreboot, which is why I've chosen AMD ones but it also requires the support of the motherboard makers). [1]: www.coreboot.org Best regards Peter K
Re: [gentoo-user] Portage telling me what it's doing
Andrew Lowe writes: I've just kicked off an emerge -NuD world and will now head out for a while. My emerge has to do, amongst others, gcc, libreoffice, Firefox Thunderbird. Now when I get back I'll want to know where the emerge is up to so, in my ignorance of portage/emerge in great depth and with only compiler output spewing up the screen, I'll fire up another terminal, and now don't laugh, I'll do emerge --pretend -NuD world. That will tell me what's currently being compiled as it will be the top thingy on the list. There has to be a better way Using the --jobs / -j option to emerge will give a nice output, omitting all the compiler output. It can also speed up emerging, because it will build packages in parallel. I really really like this feature. Is there a way so that the terminal that the emerge is happening in can display additional info? At the moment, I get: /home/agl: emerge can I get, say: /home/agl: emerge www-client/firefox by setting some config variable? Yes, but I do not know how. Failing that is there a log file that lists just what's been emerged, not a whole lot of checking this, checking that, compiling this file, linking that library, whoops, error here... sort of thing. tail -f /var/log/emerge.log, or better emerge app-portage/genlop, then use genlop -l | tail. Wonko
Re: [gentoo-user] Lockdown: free/open OS maker pays Microsoft ransom for the right to boot on users' computers
On Sat, Jun 2, 2012 at 3:43 AM, Florian Philipp li...@binarywings.net wrote: Am 02.06.2012 04:26, schrieb William Kenworthy: http://boingboing.net/2012/05/31/lockdown-freeopen-os-maker-p.html and something I had not considered with the whole idea was even bootable cd's and usb keys for rescue will need the same privileges ... [snip] Okay, enough bashing the article. Some technical question: As I understand it, if I want to make a live CD or a distribution, all I'd need to do is to use Fedora's kernel and boot loader? That's not so bad. Or turn off 'secure boot' in the BIOS configuration menu. For Windows 8 certification, a device must _default_ to 'secure boot' being turned on. You're allowed to turn it off, you just can't have programmatic access to turn it off; it has to be done manually. I expect that'll be available in things like motherboards sold directly to end-users. I expect it *won't* be available in whatever the current iteration of Compaq/HP/Packard Hell all-in-one devices is; manufacturers of those devices will still have keys installed to allow debugging and maintenance tools to operate, but their signed tools would only be available to their certified technicians. Does anyone know what crypto hash they're using to sign these things? I imagine it won't be too long (3-4 years, tops) before either the signing key leaks or collision attacks are figured out. -- :wq
Re: [gentoo-user] Lockdown: free/open OS maker pays Microsoft ransom for the right to boot on users' computers
Am 02.06.2012 15:00, schrieb Michael Mol: On Sat, Jun 2, 2012 at 3:43 AM, Florian Philipp li...@binarywings.net wrote: Am 02.06.2012 04:26, schrieb William Kenworthy: http://boingboing.net/2012/05/31/lockdown-freeopen-os-maker-p.html and something I had not considered with the whole idea was even bootable cd's and usb keys for rescue will need the same privileges ... [snip] Okay, enough bashing the article. Some technical question: As I understand it, if I want to make a live CD or a distribution, all I'd need to do is to use Fedora's kernel and boot loader? That's not so bad. Or turn off 'secure boot' in the BIOS configuration menu. For Windows 8 certification, a device must _default_ to 'secure boot' being turned on. You're allowed to turn it off, you just can't have programmatic access to turn it off; it has to be done manually. Yes, that was my point (or part of it). The main issue is usability for the technically not so inclined. For the typical Gentoo user secure boot is not an issue is no more trouble than changing the boot order to boot from CD-ROM. For mainstream distros like Ubuntu or Fedora, it is an issue. But they can afford to spend 99$ *once* to just get a valid key. I expect that'll be available in things like motherboards sold directly to end-users. I expect it *won't* be available in whatever the current iteration of Compaq/HP/Packard Hell all-in-one devices is; manufacturers of those devices will still have keys installed to allow debugging and maintenance tools to operate, but their signed tools would only be available to their certified technicians. As I understand it, having the chance to deactivate it is now mandatory for Windows certification but I could be wrong. Does anyone know what crypto hash they're using to sign these things? I imagine it won't be too long (3-4 years, tops) before either the signing key leaks or collision attacks are figured out. According to [1] it is SHA-256 and RSA-2048. If I understand it correctly, there are means to blacklist compromised keys. That's why Fedora cannot simply share their key but they will share their infrastructure and tools. [1] http://www.uefi.org/learning_center/UEFI_Plugfest_2011Q4_P5_Insyde.pdf Regards, Florian Philipp signature.asc Description: OpenPGP digital signature
Re: [gentoo-user] weather howto on kde4
On Fri, Jun 1, 2012 at 9:47 PM, Walter Dnes waltd...@waltdnes.org wrote: On Fri, Jun 01, 2012 at 04:17:32PM +, James wrote Hello, Ok, so it is hurricane season here in Florida. So, I'm looking for a kde4 centric weather tool that show radar, forecasts and such. Full screen would be keen. This may be a bit old-school, but howsabout the NHC home webpage at http://www.nhc.noaa.gov/ or the more detailed page at http://www.nhc.noaa.gov/gtwo_atl.shtml There's a list of RSS feeds at http://www.nhc.noaa.gov/aboutrss.shtml The RSS feed you probably want is http://www.nhc.noaa.gov/index-at.xml which covers the Atlantic. I like the point forecasts myself. I've got point forecasts for my apartment, my employer and two lakefront state parks in my bookmarks. http://forecast.weather.gov/MapClick.php?w0=tw1=tdw2=wcw3=sfcwindw3u=0w4=skyw5=popw6=rhw7=thunderw8=rainw9=snoww10=fzgw11=sleetw12=wvhdw13=wvppqpfhr=6psnwhr=6AheadHour=0Submit=SubmitFcstType=graphicaltextField1=43.05628textField2=-86.24783site=allunit=0dd=0bw=0marine=1 And you can tweak that to have it give you, e.g. CSV, though the specific means escape me at the moment. -- :wq
Re: [gentoo-user] Lockdown: free/open OS maker pays Microsoft ransom for the right to boot on users' computers
On 2012-06-02 15:12, Florian Philipp wrote: According to [1] it is SHA-256 and RSA-2048. If I understand it correctly, there are means to blacklist compromised keys. That's why Just curious, how is a compromised key supposed to be blacklisted? Does the bios contact Microsoft, or is it through some other mean (via OS which means it needs to have some sort of service to check for this blacklist)? Smells like trouble to me... :-/ Best regards Peter K
Re: [gentoo-user] Lockdown: free/open OS maker pays Microsoft ransom for the right to boot on users' computers
On Sat, Jun 2, 2012 at 3:51 PM, pk pete...@coolmail.se wrote: On 2012-06-02 15:12, Florian Philipp wrote: According to [1] it is SHA-256 and RSA-2048. If I understand it correctly, there are means to blacklist compromised keys. That's why Just curious, how is a compromised key supposed to be blacklisted? Does the bios contact Microsoft, or is it through some other mean (via OS which means it needs to have some sort of service to check for this blacklist)? Smells like trouble to me... :-/ I expect the chief mechanism is at the manufacturer's end; blacklisted keys get included on shipment. It's also probable that the OS kernel can tell the UEFI BIOS about new keys to blacklist. I expect that'll be a recurring thing in the Monthly batch of security updates Microsoft puts out. (Makes sense, really; if malware is using a key, blacklist that key.) Someone linked to some absolutely terrible stuff being built into Intel's Ivy Bridge...it's plausible it will be possible to deploy blacklist key updates over the network within a couple years. -- :wq
[gentoo-user] Rather ugly portage output today...
c2stable ~ # emerge -fDuN @world Calculating dependencies \ * ERROR: sys-devel/gcc-4.5.3-r2 failed (depend phase): * EXPORT_FUNCTIONS: toolchain_pkg_prerm is not defined * * Call stack: * ebuild.sh, line 541: Called source '/usr/portage/sys-devel/gcc/gcc-4.5.3-r2.ebuild' * gcc-4.5.3-r2.ebuild, line 20: Called inherit 'toolchain' * ebuild.sh, line 318: Called die * The specific snippet of code: * declare -F ${ECLASS}_$x /dev/null || \ * die EXPORT_FUNCTIONS: ${ECLASS}_$x is not defined * * If you need support, post the output of `emerge --info '=sys-devel/gcc-4.5.3-r2'`, * the complete build log and the output of `emerge -pqv '=sys-devel/gcc-4.5.3-r2'`. * Working directory: '/root' * S: '/var/tmp/portage/sys-devel/gcc-4.5.3-r2/work/gcc-4.5.3' / * ERROR: sys-devel/gcc-4.7.0 failed (depend phase): * EXPORT_FUNCTIONS: toolchain_pkg_prerm is not defined * * Call stack: * ebuild.sh, line 541: Called source '/usr/portage/sys-devel/gcc/gcc-4.7.0.ebuild' * gcc-4.7.0.ebuild, line 21: Called inherit 'toolchain' * ebuild.sh, line 318: Called die * The specific snippet of code: * declare -F ${ECLASS}_$x /dev/null || \ * die EXPORT_FUNCTIONS: ${ECLASS}_$x is not defined * * If you need support, post the output of `emerge --info '=sys-devel/gcc-4.7.0'`, * the complete build log and the output of `emerge -pqv '=sys-devel/gcc-4.7.0'`. * Working directory: '/root' * S: '/var/tmp/portage/sys-devel/gcc-4.7.0/work/gcc-4.7.0' * ERROR: sys-devel/gcc-4.6.3 failed (depend phase): * EXPORT_FUNCTIONS: toolchain_pkg_prerm is not defined * * Call stack: * ebuild.sh, line 541: Called source '/usr/portage/sys-devel/gcc/gcc-4.6.3.ebuild' * gcc-4.6.3.ebuild, line 21: Called inherit 'toolchain' * ebuild.sh, line 318: Called die * The specific snippet of code: * declare -F ${ECLASS}_$x /dev/null || \ * die EXPORT_FUNCTIONS: ${ECLASS}_$x is not defined * * If you need support, post the output of `emerge --info '=sys-devel/gcc-4.6.3'`, * the complete build log and the output of `emerge -pqv '=sys-devel/gcc-4.6.3'`. * Working directory: '/root' * S: '/var/tmp/portage/sys-devel/gcc-4.6.3/work/gcc-4.6.3' * ERROR: sys-devel/gcc-4.6.2 failed (depend phase): * EXPORT_FUNCTIONS: toolchain_pkg_prerm is not defined * * Call stack: * ebuild.sh, line 541: Called source '/usr/portage/sys-devel/gcc/gcc-4.6.2.ebuild' * gcc-4.6.2.ebuild, line 20: Called inherit 'toolchain' * ebuild.sh, line 318: Called die * The specific snippet of code: * declare -F ${ECLASS}_$x /dev/null || \ * die EXPORT_FUNCTIONS: ${ECLASS}_$x is not defined * * If you need support, post the output of `emerge --info '=sys-devel/gcc-4.6.2'`, * the complete build log and the output of `emerge -pqv '=sys-devel/gcc-4.6.2'`. * Working directory: '/root' * S: '/var/tmp/portage/sys-devel/gcc-4.6.2/work/gcc-4.6.2' * ERROR: sys-devel/gcc-4.6.1-r1 failed (depend phase): * EXPORT_FUNCTIONS: toolchain_pkg_prerm is not defined * * Call stack: * ebuild.sh, line 541: Called source '/usr/portage/sys-devel/gcc/gcc-4.6.1-r1.ebuild' * gcc-4.6.1-r1.ebuild, line 20: Called inherit 'toolchain' * ebuild.sh, line 318: Called die * The specific snippet of code: * declare -F ${ECLASS}_$x /dev/null || \ * die EXPORT_FUNCTIONS: ${ECLASS}_$x is not defined * * If you need support, post the output of `emerge --info '=sys-devel/gcc-4.6.1-r1'`, * the complete build log and the output of `emerge -pqv '=sys-devel/gcc-4.6.1-r1'`. * Working directory: '/root' * S: '/var/tmp/portage/sys-devel/gcc-4.6.1-r1/work/gcc-4.6.1' * ERROR: sys-devel/gcc-4.6.0 failed (depend phase): * EXPORT_FUNCTIONS: toolchain_pkg_prerm is not defined * * Call stack: * ebuild.sh, line 541: Called source '/usr/portage/sys-devel/gcc/gcc-4.6.0.ebuild' * gcc-4.6.0.ebuild, line 20: Called inherit 'toolchain' * ebuild.sh, line 318: Called die * The specific snippet of code: * declare -F ${ECLASS}_$x /dev/null || \ * die EXPORT_FUNCTIONS: ${ECLASS}_$x is not defined * * If you need support, post the output of `emerge --info '=sys-devel/gcc-4.6.0'`, * the complete build log and the output of `emerge -pqv '=sys-devel/gcc-4.6.0'`. * Working directory: '/root' * S: '/var/tmp/portage/sys-devel/gcc-4.6.0/work/gcc-4.6.0' * ERROR: sys-devel/gcc-4.5.2 failed (depend phase): * EXPORT_FUNCTIONS: toolchain_pkg_prerm is not defined * * Call stack: * ebuild.sh, line 541: Called source
Re: [gentoo-user] Lockdown: free/open OS maker pays Microsoft ransom for the right to boot on users' computers
On 2012-06-02 22:10, Michael Mol wrote: I expect the chief mechanism is at the manufacturer's end; blacklisted keys get included on shipment. Makes sense. It's also probable that the OS kernel can tell the UEFI BIOS about new keys to blacklist. I expect that'll be a recurring thing in the Monthly batch of security updates Microsoft puts out. (Makes sense, really; if malware is using a key, blacklist that key.) Yes, would expect something like this. Secure boot supposedly prevents unauthorized firmware, operating systems or UEFI drivers at boot time. So if I interpret this correctly it would mean that if I have, say, an old graphics card with an old firmware (vga bios) I can't use it with secure boot. More interestingly, how is an operating system defined? Does it mean only the kernel itself or does it mean a full-blown OS with init and other supporting software? What does that mean to a source based distro? Also, I would assume a legitimate key would be able to sign pretty much any binary so a key that Fedora uses could be used to sign malware for Windows, which then would be blacklisted by Microsoft... and how is malware defined? Anything that would be detrimental to Microsoft? Someone linked to some absolutely terrible stuff being built into Intel's Ivy Bridge...it's plausible it will be possible to deploy You mean: https://en.wikipedia.org/wiki/Intel_insider#Intel_Insider_and_remote-control ? blacklist key updates over the network within a couple years. Well, UEFI already implements remote management: http://www.uefi.org/news/UEFI_Overview.pdf (page 13) ... so implementing an automatic update over the network, preferably via SMM/SMI so that the operating system cannot intervene would be possible already today... and you've lost control of your computer. I'm putting on my tinfoil hat now and I'm going to pretend it's raining... :-/ Best regards Peter K
Re: [gentoo-user] Rather ugly portage output today...
resync
Re: [gentoo-user] Lockdown: free/open OS maker pays Microsoft ransom for the right to boot on users' computers
On Sat, Jun 2, 2012 at 6:50 PM, pk pete...@coolmail.se wrote: On 2012-06-02 22:10, Michael Mol wrote: [snip] It's also probable that the OS kernel can tell the UEFI BIOS about new keys to blacklist. I expect that'll be a recurring thing in the Monthly batch of security updates Microsoft puts out. (Makes sense, really; if malware is using a key, blacklist that key.) Yes, would expect something like this. Secure boot supposedly prevents unauthorized firmware, operating systems or UEFI drivers at boot time. So if I interpret this correctly it would mean that if I have, say, an old graphics card with an old firmware (vga bios) I can't use it with secure boot. It's probable that a system using an IOMMU and virtualization tech could emulate the real-mode requirements needed to execute that VGA BIOS safely. Gets more interesting...my understanding of things like Firewire is that it's almost trivially easy to crack a system on the bus, because of the way DMA is implemented. More interestingly, how is an operating system defined? Does it mean only the kernel itself or does it mean a full-blown OS with init and other supporting software? The BIOS will only load a signed bootloader. The signed bootloader will only load a signed kernel. The signed kernel will...do whatever you tell it to do. What does that mean to a source based distro? It's going to make building and installing grub and the kernel trickier; you'll have to get them signed. And that's going to be a PITA for anyone who does developers. What it *really* means is that someone who wants to run Linux as a hobbyist or developer is going to disable SecureBoot, and then fall back to business as usual. Also, I would assume a legitimate key would be able to sign pretty much any binary so a key that Fedora uses could be used to sign malware for Windows, which then would be blacklisted by Microsoft... If Fedora allows their key to sign crap, then their key will get revoked. What I hope (I don't know) is whether or not the signing system involved allows chaining. i.e., with SSL, I can generate my own key, get it signed by a CA, and then bundle the CA's public key and my public key when I go on to sign _another_ key. So, could I generate a key, have Fedora sign it, and then use my key to sign my binaries? If my key is used to do malicious things, Fedora's off the hook, and it's only my key which gets revoked. and how is malware defined? Anything that would be detrimental to Microsoft? Dunno. I imagine it comes down to whatever the chief key's owner doesn't want running on the same hardware while SecureBoot is enabled. Rootkits come to mind. Someone linked to some absolutely terrible stuff being built into Intel's Ivy Bridge...it's plausible it will be possible to deploy You mean: https://en.wikipedia.org/wiki/Intel_insider#Intel_Insider_and_remote-control ? The vPro stuff relates, yeah. blacklist key updates over the network within a couple years. Well, UEFI already implements remote management: http://www.uefi.org/news/UEFI_Overview.pdf (page 13) ... so implementing an automatic update over the network, preferably via SMM/SMI so that the operating system cannot intervene would be possible already today... and you've lost control of your computer. You still own your network, so you have at least some control over it. These features are intended to be managed by the system network administrator. This is going to be a matter of caveat emptor. Don't buy a Tivo or Kindle and expect to be able to repurpose it. (And don't buy hardware from Oracle, I expect. Though I suspect you may eventually not get a choice is you want to run their software.) If you don't know whether or not you can expect to reformat a device before you buy it, then you haven't been paying attention to mobile tech over the last five years, and you didn't do your homework. Apologies for the lack of sympathy. :( -- :wq
Re: [gentoo-user] Portage telling me what it's doing
On Sat, 02 Jun 2012 14:08:39 +0800 Andrew Lowe wrote: Hi all, I've just kicked off an emerge -NuD world and will now head out for a while. My emerge has to do, amongst others, gcc, libreoffice, Firefox Thunderbird. Now when I get back I'll want to know where the emerge is up to so, in my ignorance of portage/emerge in great depth and with only compiler output spewing up the screen, I'll fire up another terminal, and now don't laugh, I'll do emerge --pretend -NuD world. That will tell me what's currently being compiled as it will be the top thingy on the list. There has to be a better way Is there a way so that the terminal that the emerge is happening in can display additional info? At the moment, I get: /home/agl: emerge can I get, say: /home/agl: emerge www-client/firefox by setting some config variable? Failing that is there a log file that lists just what's been emerged, not a whole lot of checking this, checking that, compiling this file, linking that library, whoops, error here... sort of thing. Any thoughts, greatly appreciated, Andrew I use emerge -auDtqv world to update. The uD identifies all the updates (from world) and the packages used in lower levels. The t uses indented names to show levels of dependency. Lastly qv suppresses (from my console) all the configuration and build details while that information is written to /var/lib/portage. In short, I can see what's being emerged without being overwhelmed by details. HTH, David
Re: [gentoo-user] Lockdown: free/open OS maker pays Microsoft ransom for the right to boot on users' computers
Am 03.06.2012 01:36, schrieb Michael Mol: On Sat, Jun 2, 2012 at 6:50 PM, pk pete...@coolmail.se wrote: On 2012-06-02 22:10, Michael Mol wrote: [snip] [...] The BIOS will only load a signed bootloader. The signed bootloader will only load a signed kernel. The signed kernel will...do whatever you tell it to do. According to Matthew's blog post, Fedora patched Grub2 and the kernel to avoid loading custom code into them: - Deactivate grub2 plugins - Sign all kernel modules and disallow unsigned ones - Prevent access to PCI through userland - Sanitize the kernel command line What does that mean to a source based distro? It's going to make building and installing grub and the kernel trickier; you'll have to get them signed. And that's going to be a PITA for anyone who does developers. What it *really* means is that someone who wants to run Linux as a hobbyist or developer is going to disable SecureBoot, and then fall back to business as usual. Yeah, the only way for Gentoo to have secure boot is a) let each user register with Microsoft, b) provide a binary kernel and boot loader. Also, I would assume a legitimate key would be able to sign pretty much any binary so a key that Fedora uses could be used to sign malware for Windows, which then would be blacklisted by Microsoft... If Fedora allows their key to sign crap, then their key will get revoked. What I hope (I don't know) is whether or not the signing system involved allows chaining. i.e., with SSL, I can generate my own key, get it signed by a CA, and then bundle the CA's public key and my public key when I go on to sign _another_ key. So, could I generate a key, have Fedora sign it, and then use my key to sign my binaries? If my key is used to do malicious things, Fedora's off the hook, and it's only my key which gets revoked. Consider the exact approach Fedora takes: They've only made a certified stage-1 boot loader. This boot loader then loads grub2 (signed with a custom Fedora key, nothing chained back to MS) which then loads a custom-signed kernel. This allows them to avoid authenticating against MS every time they update grub or the kernel. This means if you want to certify with Fedora, you don't need to chain up to MS as long as you use their stage-1 boot loader. However, if I was part of Fedora, I wouldn't risk my key by signing other people's stuff. Mainboard makers won't look twice when they see rootkits with Fedora boot loaders. and how is malware defined? Anything that would be detrimental to Microsoft? Dunno. I imagine it comes down to whatever the chief key's owner doesn't want running on the same hardware while SecureBoot is enabled. Rootkits come to mind. To quote Matthew: If I take a signed Linux bootloader and then use it to boot something that looks like an unsigned Linux kernel, I've instead potentially just booted a piece of malware. And if that malware can attack Windows then the signed Linux bootloader is no longer just a signed Linux bootloader, it's a signed Windows malware launcher and that's the kind of thing that results in that bootloader being added to the list of blacklisted binaries and suddenly your signed Linux bootloader isn't even a signed Linux bootloader. Regards, Florian Philipp signature.asc Description: OpenPGP digital signature
Re: [gentoo-user] Lockdown: free/open OS maker pays Microsoft ransom for the right to boot on users' computers
On Sat, Jun 2, 2012 at 8:35 PM, Florian Philipp li...@binarywings.net wrote: Am 03.06.2012 01:36, schrieb Michael Mol: On Sat, Jun 2, 2012 at 6:50 PM, pk pete...@coolmail.se wrote: On 2012-06-02 22:10, Michael Mol wrote: [snip] [...] The BIOS will only load a signed bootloader. The signed bootloader will only load a signed kernel. The signed kernel will...do whatever you tell it to do. According to Matthew's blog post, Fedora patched Grub2 and the kernel to avoid loading custom code into them: - Deactivate grub2 plugins - Sign all kernel modules and disallow unsigned ones - Prevent access to PCI through userland - Sanitize the kernel command line Yeah, I read his blog post via lwn.net. I forgot some of the details. What does that mean to a source based distro? It's going to make building and installing grub and the kernel trickier; you'll have to get them signed. And that's going to be a PITA for anyone who does developers. What it *really* means is that someone who wants to run Linux as a hobbyist or developer is going to disable SecureBoot, and then fall back to business as usual. Yeah, the only way for Gentoo to have secure boot is a) let each user register with Microsoft, b) provide a binary kernel and boot loader. If you have a need to get a secure Gentoo boot, and you don't need to boot Windows 8, then (as I understand it) you can also purge the UEFI BIOS of Microsoft's key and install your own. Also, I would assume a legitimate key would be able to sign pretty much any binary so a key that Fedora uses could be used to sign malware for Windows, which then would be blacklisted by Microsoft... If Fedora allows their key to sign crap, then their key will get revoked. What I hope (I don't know) is whether or not the signing system involved allows chaining. i.e., with SSL, I can generate my own key, get it signed by a CA, and then bundle the CA's public key and my public key when I go on to sign _another_ key. So, could I generate a key, have Fedora sign it, and then use my key to sign my binaries? If my key is used to do malicious things, Fedora's off the hook, and it's only my key which gets revoked. Consider the exact approach Fedora takes: They've only made a certified stage-1 boot loader. This boot loader then loads grub2 (signed with a custom Fedora key, nothing chained back to MS) which then loads a custom-signed kernel. This allows them to avoid authenticating against MS every time they update grub or the kernel. This means if you want to certify with Fedora, you don't need to chain up to MS as long as you use their stage-1 boot loader. However, if I was part of Fedora, I wouldn't risk my key by signing other people's stuff. Mainboard makers won't look twice when they see rootkits with Fedora boot loaders. Yeah, that's not the kind of thing I was thinking about. With SSL's PKI, someone like StartSSL has a CA cert. I generate my own key, have StartSSL sign my key. My brother generates a key, and I sign his. Now my brother takes his key and sends you a signed email. Now, you've never heard of me, and the crypto signature attached to that email doesn't mean anything. However, if he bundles my public key along with his public key in that email, then you can see that my public key was signed by someone you _do_ know. Now you have a chain of signatures showing the relationship between that email and the root CA. Now here's the interesting part, and what I was alluding to wrt signed binaries and key revocation. Let's say _my_ key is leaked. My brother send you an email signed with his key. You look at that key, you see that key hasn't been revoked. You look at the key that signed that key, and you see that _that_ key _has_ been revoked. You can then choose to not trust keys signed by that key. Now let's say my _brother's_ key is leaked, and so he revokes it. Any new emails signed with that key can be seen to be invalid. However, _my_ key is still considered valid; I can still sign things with it. That's the kind of thing I was thinking about. If you allow key chains to be deep, rather than forcing them to be wide, you can wield blacklists like a scalpel, rather than a bludgeon. and how is malware defined? Anything that would be detrimental to Microsoft? Dunno. I imagine it comes down to whatever the chief key's owner doesn't want running on the same hardware while SecureBoot is enabled. Rootkits come to mind. To quote Matthew: If I take a signed Linux bootloader and then use it to boot something that looks like an unsigned Linux kernel, I've instead potentially just booted a piece of malware. And if that malware can attack Windows then the signed Linux bootloader is no longer just a signed Linux bootloader, it's a signed Windows malware launcher and that's the kind of thing that results in that bootloader being added to the list of blacklisted binaries and suddenly your signed Linux bootloader isn't even a
Re: [gentoo-user] Lockdown: free/open OS maker pays Microsoft ransom for the right to boot on users' computers
From: Michael Mol mike...@gmail.com On Sat, Jun 2, 2012 at 8:35 PM, Florian Philipp li...@binarywings.net wrote: Am 03.06.2012 01:36, schrieb Michael Mol: On Sat, Jun 2, 2012 at 6:50 PM, pk pete...@coolmail.se wrote: On 2012-06-02 22:10, Michael Mol wrote: [snip] [...] The BIOS will only load a signed bootloader. The signed bootloader will only load a signed kernel. The signed kernel will...do whatever you tell it to do. According to Matthew's blog post, Fedora patched Grub2 and the kernel to avoid loading custom code into them: - Deactivate grub2 plugins - Sign all kernel modules and disallow unsigned ones - Prevent access to PCI through userland - Sanitize the kernel command line Yeah, I read his blog post via lwn.net. I forgot some of the details. What does that mean to a source based distro? It's going to make building and installing grub and the kernel trickier; you'll have to get them signed. And that's going to be a PITA for anyone who does developers. What it *really* means is that someone who wants to run Linux as a hobbyist or developer is going to disable SecureBoot, and then fall back to business as usual. Yeah, the only way for Gentoo to have secure boot is a) let each user register with Microsoft, b) provide a binary kernel and boot loader. If you have a need to get a secure Gentoo boot, and you don't need to boot Windows 8, then (as I understand it) you can also purge the UEFI BIOS of Microsoft's key and install your own. well, on x86 for now... Also, I would assume a legitimate key would be able to sign pretty much any binary so a key that Fedora uses could be used to sign malware for Windows, which then would be blacklisted by Microsoft... If Fedora allows their key to sign crap, then their key will get revoked. What I hope (I don't know) is whether or not the signing system involved allows chaining. i.e., with SSL, I can generate my own key, get it signed by a CA, and then bundle the CA's public key and my public key when I go on to sign _another_ key. So, could I generate a key, have Fedora sign it, and then use my key to sign my binaries? If my key is used to do malicious things, Fedora's off the hook, and it's only my key which gets revoked. Consider the exact approach Fedora takes: They've only made a certified stage-1 boot loader. This boot loader then loads grub2 (signed with a custom Fedora key, nothing chained back to MS) which then loads a custom-signed kernel. This allows them to avoid authenticating against MS every time they update grub or the kernel. This means if you want to certify with Fedora, you don't need to chain up to MS as long as you use their stage-1 boot loader. However, if I was part of Fedora, I wouldn't risk my key by signing other people's stuff. Mainboard makers won't look twice when they see rootkits with Fedora boot loaders. Yeah, that's not the kind of thing I was thinking about. With SSL's PKI, someone like StartSSL has a CA cert. I generate my own key, have StartSSL sign my key. My brother generates a key, and I sign his. Now my brother takes his key and sends you a signed email. Now, you've never heard of me, and the crypto signature attached to that email doesn't mean anything. However, if he bundles my public key along with his public key in that email, then you can see that my public key was signed by someone you _do_ know. Now you have a chain of signatures showing the relationship between that email and the root CA. Now here's the interesting part, and what I was alluding to wrt signed binaries and key revocation. Let's say _my_ key is leaked. My brother send you an email signed with his key. You look at that key, you see that key hasn't been revoked. You look at the key that signed that key, and you see that _that_ key _has_ been revoked. You can then choose to not trust keys signed by that key. Now let's say my _brother's_ key is leaked, and so he revokes it. Any new emails signed with that key can be seen to be invalid. However, _my_ key is still considered valid; I can still sign things with it. That's the kind of thing I was thinking about. If you allow key chains to be deep, rather than forcing them to be wide, you can wield blacklists like a scalpel, rather than a bludgeon. In theory that's how key signing systems are suppose to work. In practice, they rarely implement the blacklists as they are (i) hard to maintain, and (ii) hard to distribute in an effective manner. Honestly, I don't expect SecureBoot to last very long. Either MS and the OEMs will be forced to always allow users to disable it, or they'll be simply drop it - kind of like they did with TPM requirements that were talked about 10 years back and never came to fruition. and how is malware defined? Anything that would be detrimental to Microsoft? Dunno. I imagine it
Re: [gentoo-user] Lockdown: free/open OS maker pays Microsoft ransom for the right to boot on users' computers
On Sat, Jun 2, 2012 at 10:04 PM, BRM bm_witn...@yahoo.com wrote: From: Michael Mol mike...@gmail.com [snip] In theory that's how key signing systems are suppose to work. In practice, they rarely implement the blacklists as they are (i) hard to maintain, and (ii) hard to distribute in an effective manner. Indeed. While Firefox, Chromium, et al check certificate revocation lists, Microsoft doesn't; they distribute them as part of Windows Update. Honestly, I don't expect SecureBoot to last very long. Either MS and the OEMs will be forced to always allow users to disable it, or they'll be simply drop it - kind of like they did with TPM requirements that were talked about 10 years back and never came to fruition. TPM is still around for organizations which can use them. And, honestly, I've been annoyed that they haven't been widespread, nor easy to pick up in the aftermarket. (They come with a random number generator...just about any HRNG is going to be better than none.) I see something like SecureBoot as being useful in corporate and military security contexts. I don't see it lasting in SOHO environments. [snip] What kind of signature is the bootloader checking, anyway? Regardless of the check, it'll never be sufficient. Sure; ultimately, all DRM solutions get cracked. -- :wq
Re: [gentoo-user] Just a heads-up, I think =sys-libs/glibc-2.14.1-r3 is a stinker.
On Sat, Apr 28, 2012 at 11:07 AM, Michael Mol mike...@gmail.com wrote: Kaylee has 10GB of RAM...if that's not enough, I'll be disabling graphite. (Though I haven't explicitly enabled it, either.) But, no I'm not sure, and can't check until Sunday eveningish. Currently at Penguicon. Wow. Just wow. This is incredible. This is repeatable for me. My steps: Start with the 12.1 LiveDVD ( http://www.gentoo.org/news/20120401-livedvd.xml ) Install latest stage 3, latest portage. Set various stuff. USE flags, make.conf stuff, etc. Get kernel installed, reboot into system, sshd up, etc. Now, I essentially reused my existing make.conf file, which is at the end of this email. I finally get to: emerge --update --deep --newuse @world ...and once it goes to install glibc, I get: * The ebuild phase 'postrm' has been killed by signal 11. * The 'postrm' phase of the 'sys-libs/glibc-2.14.1-r3' package has failed * with exit value 1. * * The problem occurred while executing the ebuild file named * 'glibc-2.14.1-r3.ebuild' located in the '/var/db/pkg/sys- * libs/glibc-2.14.1-r3' directory. If necessary, manually remove the * environment.bz2 file and/or the ebuild file located in that directory. * * Removal of the environment.bz2 file is preferred since it may allow the * removal phases to execute successfully. The ebuild will be sourced and * the eclasses from the current portage tree will be used when necessary. * Removal of the ebuild file will cause the pkg_prerm() and pkg_postrm() * removal phases to be skipped entirely. So, once the updated glibc goes in, anything that dynamically links against it fails on spawn, hence the failure at postinst. This is crazy. Make.conf: CFLAGS=-O2 -pipe -D_FORTIFY_SOURCE=2 -march=core2 -mcx16 -msahf --param l1-cache-size=32 --param l1-cache-line-size=64 --param l2-cache-size=4096 -mtune=core2 -ggdb3 CXXFLAGS=${CFLAGS} MAKEOPTS=--jobs --load 8 EMERGE_DEFAULT_OPTS=--jobs --load-average=8 --verbose --tree --with-bdeps=y --keep-going FEATURES=splitdebug LINGUAS=en SYS_USE_CPU=mmx sse sse2 sse3 ssse3 openmp opencl cuda posix nptl multilib smp lapack SYS_USE_LANG=perl python tcl SYS_USE_TOOLKITS=gtk SYS_USE_GAPI=gd sdl ncurses xcb opengl v4l vdpau xv X dri SYS_USE_AAPI=openal alsa SYS_USE_OTHER=acl alsa cdr crypt cups dvd dvdr firefox gmp iconv nsplugin offensive pcre pda rss spell taglib truetype videos vim-syntax xattr xcomposite xft xinerama xml xscreensaver fontconfig qt3support phonon SYS_USE_COMPRESSION=bzip2 gzip lzma lzo szip zlib SYS_USE_MEDIA_GFX=imagemagick jpeg jpeg2k openexr png raw svg tiff wmf mng SYS_USE_MEDIA_AUDIO=aac cdda flac gsm lame mad mikmod shorten speex timidity vorbis mp3 midi SYS_USE_MEDIA_VIDEO=css dv ffmpeg theora x264 xvid SYS_USE_MEDIA_CONTAINERS=matroska mms mp4 mpeg ogg pdf quicktime vcd SYS_USE_MEDIA=${SYS_USE_MEDIA_GFX} ${SYS_USE_MEDIA_AUDIO} ${SYS_USE_MEDIA_VIDEO} ${SYS_USE_MEDIA_CONTAINERS} sound cddb encode exif gimp libsamplerate mtp ppds sndfile sox wavpack xmp latex SYS_USE_NET=avahi curl ftp geoip gnutls ipv6 libwww rdesktop samba sockets ssl tcpd vnc SYS_USE_PLATFORM=acpi dbus fam hddtemp ieee1394 joystick libnotify lm_sensors pam readline sharedmem syslog sysvipc threads udev unicode usb SYS_USE_DONOTWANT=-pulseaudio -gnome -oss -berkdb -gdbm USE=${SYS_USE_CPU} ${SYS_USE_LANG} ${SYS_USE_TOOLKITS} ${SYS_USE_GAPI} ${SYS_USE_AAPI} ${SYS_USE_OTHER} ${SYS_USE_MEDIA} ${SYS_USE_COMPRESSION} ${SYS_USE_NET} ${SYS_USE_PLATFORM} ${SYS_USE_DONOTWANT} GENTOO_MIRRORS=http://chi-10g-1-mirror.fastsoft.net/pub/linux/gentoo/gentoo-distfiles/ http://mirrors.cs.wmich.edu/gentoo http://gentoo.mirrors.tds.net/gentoo; SYNC=rsync://rsync29.us.gentoo.org/gentoo-portage VIDEO_CARDS=nvidia INPUT_DEVICES=evdev ALSA_CARDS= ACCEPT_LICENSE=AdobeFlash-10.3 PORTAGE_BINHOST=http://binhost.ossdl.de/x86_64-pc-linux-gnu/; #PKGDIR=/mnt/r5/pkgdir #PORTAGE_TMPDIR=/mnt/r5/portage_tmp CHOST=x86_64-pc-linux-gnu -- :wq
Re: [gentoo-user] Just a heads-up, I think =sys-libs/glibc-2.14.1-r3 is a stinker.
On Sat, Jun 02, 2012 at 10:52:12PM -0400, Michael Mol wrote: On Sat, Apr 28, 2012 at 11:07 AM, Michael Mol mike...@gmail.com wrote: Wow. Just wow. This is incredible. This is repeatable for me. snip * The problem occurred while executing the ebuild file named * 'glibc-2.14.1-r3.ebuild' located in the '/var/db/pkg/sys- snip CFLAGS=-O2 -pipe -D_FORTIFY_SOURCE=2 -march=core2 -mcx16 -msahf --param l1-cache-size=32 --param l1-cache-line-size=64 --param l2-cache-size=4096 -mtune=core2 -ggdb3 CXXFLAGS=${CFLAGS} Can you upgrage to glibc-2.15? Can you tweak you gcc flags to something more conventional and see if the problem persists? If you are interested in submitting a patch to the upstream then you can build the glibc test suite with your gcc flags and check if the tests pass. regards, Dmitry
Re: [gentoo-user] Just a heads-up, I think =sys-libs/glibc-2.14.1-r3 is a stinker.
On Sat, Jun 2, 2012 at 11:34 PM, Dmitry Goncharov dgoncha...@users.sf.net wrote: On Sat, Jun 02, 2012 at 10:52:12PM -0400, Michael Mol wrote: On Sat, Apr 28, 2012 at 11:07 AM, Michael Mol mike...@gmail.com wrote: Wow. Just wow. This is incredible. This is repeatable for me. snip * The problem occurred while executing the ebuild file named * 'glibc-2.14.1-r3.ebuild' located in the '/var/db/pkg/sys- snip CFLAGS=-O2 -pipe -D_FORTIFY_SOURCE=2 -march=core2 -mcx16 -msahf --param l1-cache-size=32 --param l1-cache-line-size=64 --param l2-cache-size=4096 -mtune=core2 -ggdb3 CXXFLAGS=${CFLAGS} Can you upgrage to glibc-2.15? Sure. It's going to be another full reinstall. Can you tweak you gcc flags to something more conventional and see if the problem persists? Those CFLAGS should be equivalent to: CFLAGS=-O2 -pipe -ggdb3 --march=native. But I'll try making it just -O2 -pipe --march=native. If you are interested in submitting a patch to the upstream then you can build the glibc test suite with your gcc flags and check if the tests pass. If it gets things fixed. I have two machines which have been offline for almost two months from this. -- :wq
Re: [gentoo-user] Just a heads-up, I think =sys-libs/glibc-2.14.1-r3 is a stinker.
On Sat, Jun 02, 2012 at 11:56:01PM -0400, Michael Mol wrote: On Sat, Jun 2, 2012 at 11:34 PM, Dmitry Goncharov dgoncha...@users.sf.net wrote: On Sat, Jun 02, 2012 at 10:52:12PM -0400, Michael Mol wrote: On Sat, Apr 28, 2012 at 11:07 AM, Michael Mol mike...@gmail.com wrote: Wow. Just wow. This is incredible. This is repeatable for me. snip * The problem occurred while executing the ebuild file named * 'glibc-2.14.1-r3.ebuild' located in the '/var/db/pkg/sys- snip CFLAGS=-O2 -pipe -D_FORTIFY_SOURCE=2 -march=core2 -mcx16 -msahf --param l1-cache-size=32 --param l1-cache-line-size=64 --param l2-cache-size=4096 -mtune=core2 -ggdb3 CXXFLAGS=${CFLAGS} Can you upgrage to glibc-2.15? Sure. It's going to be another full reinstall. Can you tweak you gcc flags to something more conventional and see if the problem persists? Those CFLAGS should be equivalent to: CFLAGS=-O2 -pipe -ggdb3 --march=native. But I'll try making it just -O2 -pipe --march=native. If you are interested in submitting a patch to the upstream then you can build the glibc test suite with your gcc flags and check if the tests pass. If it gets things fixed. I have two machines which have been offline for almost two months from this. -- :wq Also, which gcc are you using? Can you try a different version? regards, Dmitry
Re: [gentoo-user] Just a heads-up, I think =sys-libs/glibc-2.14.1-r3 is a stinker.
On Sun, Jun 3, 2012 at 12:08 AM, Dmitry Goncharov dgoncha...@users.sf.net wrote: On Sat, Jun 02, 2012 at 11:56:01PM -0400, Michael Mol wrote: On Sat, Jun 2, 2012 at 11:34 PM, Dmitry Goncharov dgoncha...@users.sf.net wrote: On Sat, Jun 02, 2012 at 10:52:12PM -0400, Michael Mol wrote: On Sat, Apr 28, 2012 at 11:07 AM, Michael Mol mike...@gmail.com wrote: Wow. Just wow. This is incredible. This is repeatable for me. snip * The problem occurred while executing the ebuild file named * 'glibc-2.14.1-r3.ebuild' located in the '/var/db/pkg/sys- snip CFLAGS=-O2 -pipe -D_FORTIFY_SOURCE=2 -march=core2 -mcx16 -msahf --param l1-cache-size=32 --param l1-cache-line-size=64 --param l2-cache-size=4096 -mtune=core2 -ggdb3 CXXFLAGS=${CFLAGS} Can you upgrage to glibc-2.15? Sure. It's going to be another full reinstall. Can you tweak you gcc flags to something more conventional and see if the problem persists? Those CFLAGS should be equivalent to: CFLAGS=-O2 -pipe -ggdb3 --march=native. But I'll try making it just -O2 -pipe --march=native. If you are interested in submitting a patch to the upstream then you can build the glibc test suite with your gcc flags and check if the tests pass. If it gets things fixed. I have two machines which have been offline for almost two months from this. -- :wq Also, which gcc are you using? Can you try a different version? It updated gcc immediately before glibc, IIRC, so I expect it's newest stable. Kaylee is offline until I do a new reinstall again, but it looks like latest stable in portage is 4.5.3-r2. -- :wq
[gentoo-user] Slot war on my system
I have been fighting with this for at least three weeks now. Most of the conflicting packages are qt-based, between 4.8.1 (which I want) and 4.7.4 (which I don't want). I have rebuilt every package I can find again 4.8.1, but emerge still wants to install 4.7.4, despite the fact that I've altered my /etc/portage/package.mask file to try to keep them away. Here's my /etc/portage/package.mask: michael@camille currentmnt $ cat /etc/portage/package.mask =sys-power/powermgmt-base-1.22 sys-apps/apmd =kde-base/libknotificationitem-4.3.5 =sys-apps/hal-0.5.14-r4 =media-libs/libvpx-0.9.6 =gnome-extra/gnome-system-monitor-2.28.2-r1 =gnome-extra/gnome-screensaver-2.30.2-r1 =gnome-base/gnome-settings-daemon-2.32.1-r1 x11-libs/qt-script-4.8.1::gentoo x11-libs/qt-core-4.8.1-r3::gentoo x11-libs/qt-sql-4.8.1::gentoo x11-libs/qt-dbus-4.8.1::gentoo x11-libs/qt-gui-4.8.1-r1::gentoo x11-libs/qt-qt3support-4.8.1::gentoo Here's a shortened version of what I get when I run python-updater: !!! Multiple package instances within a single package slot have been pulled !!! into the dependency graph, resulting in a slot conflict: x11-libs/qt-script:4 (x11-libs/qt-script-4.8.1::gentoo, installed) pulled in by ~x11-libs/qt-script-4.8.1[aqua=,c++0x=,qpa=,debug=] required by (x11-libs/qt-gui-4.8.1-r1::gentoo, installed) (and 1 more with the same problem) (x11-libs/qt-script-4.7.4::gentoo, ebuild scheduled for merge) pulled in by ~x11-libs/qt-script-4.7.4[aqua=,debug=] required by (x11-libs/qt-gui-4.7.4-r1::gentoo, ebuild scheduled for merge) x11-libs/qt-sql:4 (x11-libs/qt-sql-4.8.1::gentoo, installed) pulled in by ~x11-libs/qt-sql-4.8.1[aqua=,c++0x=,debug=,qpa=,qt3support=] required by (x11-libs/qt-declarative-4.8.1::gentoo, installed) (and 1 more with the same problem) (x11-libs/qt-sql-4.7.4::gentoo, ebuild scheduled for merge) pulled in by ~x11-libs/qt-sql-4.7.4[aqua=,debug=,qt3support] required by (x11-libs/qt-qt3support-4.7.4::gentoo, ebuild scheduled for merge) kde-base/oxygen-icons:4 (kde-base/oxygen-icons-4.8.1::gentoo, installed) pulled in by (no parents that aren't satisfied by other packages in this slot) (kde-base/oxygen-icons-4.8.3::gentoo, ebuild scheduled for merge) pulled in by =kde-base/oxygen-icons-4.8.3:4[aqua=] required by (kde-base/nepomuk-4.8.3::gentoo, ebuild scheduled for merge) (and 19 more with the same problem) x11-libs/qt-core:4 (x11-libs/qt-core-4.8.1-r3::gentoo, installed) pulled in by ~x11-libs/qt-core-4.8.1[aqua=,c++0x=,debug=,qpa=,qt3support=] required by (x11-libs/qt-declarative-4.8.1::gentoo, installed) (and 10 more with the same problem) (x11-libs/qt-core-4.7.4-r1::gentoo, ebuild scheduled for merge) pulled in by ~x11-libs/qt-core-4.7.4[aqua=,debug=,glib=,qt3support=] required by (x11-libs/qt-gui-4.7.4-r1::gentoo, ebuild scheduled for merge) (and 4 more with the same problem) sys-libs/zlib:0 (sys-libs/zlib-1.2.5-r2::gentoo, ebuild scheduled for merge) pulled in by sys-libs/zlib-1.2.5.1-r1:0 required by (dev-db/virtuoso-server-6.1.3-r2::gentoo, installed) (sys-libs/zlib-1.2.5.1-r2::gentoo, installed) pulled in by (no parents that aren't satisfied by other packages in this slot) x11-libs/qt-dbus:4 (x11-libs/qt-dbus-4.7.4::gentoo, ebuild scheduled for merge) pulled in by ~x11-libs/qt-dbus-4.7.4[aqua=,debug=] required by (x11-libs/qt-gui-4.7.4-r1::gentoo, ebuild scheduled for merge) (x11-libs/qt-dbus-4.8.1::gentoo, installed) pulled in by ~x11-libs/qt-dbus-4.8.1[aqua=,c++0x=,qpa=,debug=] required by (x11-libs/qt-gui-4.8.1-r1::gentoo, installed) kde-base/kdelibs:4 (kde-base/kdelibs-4.8.3::gentoo, ebuild scheduled for merge) pulled in by =kde-base/kdelibs-4.8.3:4[aqua=,handbook] required by (kde-base/ksysguard-4.8.3::gentoo, ebuild scheduled for merge) (and 29 more with the same problem) (kde-base/kdelibs-4.8.1-r2::gentoo, installed) pulled in by (no parents that aren't satisfied by other packages in this slot) x11-libs/qt-gui:4 (x11-libs/qt-gui-4.7.4-r1::gentoo, ebuild scheduled for merge) pulled in by ~x11-libs/qt-gui-4.7.4[accessibility=,aqua=,debug=,qt3support] required by (x11-libs/qt-qt3support-4.7.4::gentoo, ebuild scheduled for merge) (and 1 more with the same problem) (x11-libs/qt-gui-4.8.1-r1::gentoo, installed) pulled in by ~x11-libs/qt-gui-4.8.1[aqua=,c++0x=,debug=,qpa=] required by (x11-libs/qt-webkit-4.8.1::gentoo, installed) (and 5 more with the same problem) kde-base/nepomuk:4 (kde-base/nepomuk-4.8.1-r1::gentoo, installed) pulled in by (no parents that aren't satisfied by other packages in this slot) (kde-base/nepomuk-4.8.3::gentoo, ebuild scheduled for merge) pulled in by =kde-base/nepomuk-4.8.3:4[aqua=] required by (kde-base/kdelibs-4.8.3::gentoo, ebuild scheduled for merge) kde-base/kdesu:4 (kde-base/kdesu-4.8.1::gentoo, installed) pulled in by (no parents that aren't satisfied by other packages in this slot)