Re: [gentoo-user] virtualbox - failed to access the USB subsystem
On 01/09/2013 05:27, Joseph wrote: On 08/31/13 19:10, Joseph wrote: After recent upgrade I'm getting an error when trying to start the virtualbox. Failed to access the USB subsystem. Could not load the Host USB Proxy service: VERR_NOT_FOUND. Details: Result Code: NS_ERROR_FAILURE (0x4005) Component: Host Interface: IHost {dab4a2b8-c735-4f08-94fc-9bec84182e2f} Callee: IMachine {5eaa9319-62fc-4b0a-843c-0cb1940f8a91} cat /etc/group shows that I'm in vboxusers group vboxusers:x:1009:thelma,fd What else to try? I'm using Virtualbox 4.1.26 The strange part is when I login to the machine via FreeNX this message does not appear. But only when I'm in front of the box directly. This error pops up quite a lot on VirtualBox forums, it seems to be a generic error message and not have one specific cause. Some typical things that users report to fix things: - mismatched ViortualBox and extension pack versions - incorrect permissions on usb nodes in /dev - incorrect udev rules - legacy VBOX* settings in environment - and a few other oddities You might end up googling that specific error and following all the links till you hit the one that applies to you. The first few to get you going: https://www.virtualbox.org/ticket/9383 https://forums.virtualbox.org/viewtopic.php?f=7t=50670 https://bbs.archlinux.org/viewtopic.php?id=156247 -- Alan McKinnon alan.mckin...@gmail.com
Re: [gentoo-user] PMTUD
How is PMTUD enabled/disabled on Gentoo? I've recently been made aware of the existence of MTU and I'm wondering if mine is set properly for a cell phone tethered connection. Thanks Mick. Can you generally rely on PMTUD to set the MTU optimally or should this be experimented with when changing connections? - Grant # sysctl -A | grep -i pmtu net.ipv4.ip_no_pmtu_disc = 0 net.ipv4.route.min_pmtu = 552 Use echo to change a value as required and then modify your /etc/sysctl.d/ accordingly (first read /etc/sysctl.d/README)
Re: Integrated ZFS for Gentoo - WAS Re: [gentoo-user] Optional /usr merge in Gentoo
Walter Dnes waltd...@waltdnes.org wrote: You can get away with most stuff as modules; ***BUT NOT THE ROOT FILESYSTEM***. Think about it for a minute. Gentoo reads modules off the disk. If the code for the root filesystem is a module, Gentoo would have to read the module off the disk to enable it to read the module off the disk... OOPS. This is a classic chicken and egg situation. On Solaris no problem with loadable modules - everything is dynamically loaded. You need a grub that understands ZFS and that gives a ZFS interface to the kernel to use before ZFS was loaded. Jörg -- EMail:jo...@schily.isdn.cs.tu-berlin.de (home) Jörg Schilling D-13353 Berlin j...@cs.tu-berlin.de(uni) joerg.schill...@fokus.fraunhofer.de (work) Blog: http://schily.blogspot.com/ URL: http://cdrecord.berlios.de/private/ ftp://ftp.berlios.de/pub/schily
Re: [gentoo-user] {OT} DNS: no SOA record or DNSSEC
I use a fairly well-known (free) DNS provider. I just checked my DNS settings at dnscheck.pingdom.com and I got: 1. No SOA record was found when querying the name server. This is most probably due to a misconfiguration at the name server - a zone must have a SOA record. 2. Nameserver * does not do DNSSEC extra processing. Are either of these something to worry about? Yes. Without an SOA record you don't actually have a zone. You should stop using those crappy dns checker sites, they tend to be full of shit, unreliable and operate off someone's idea of how DNS should be instead of reading the actual RFCs on the matter. Our abuse team has long ticket lists from people trusting those sites and now think there's something with how we do glue. Hint: Our glue is right and proper :-) Instead just use dig, using google.com as an example get the NS records first: $ dig ns google.com +short ns3.google.com. ns2.google.com. ns1.google.com. ns4.google.com. Then query each of those name server in turn directly for the SOA: $ dig soa google.com +short @ns3.google.com ns1.google.com. dns-admin.google.com. 2013081400 7200 1800 1209600 300 That's a correct SOA record. Does this look OK? $ dig soa MASKED.com +short @MASKED1.MASKED.com MASKED1.MASKED.com. MASKED.MASKED.com. MMDD00 3600 1801 604800 3601 What could have happened with that test site is the query timed out and the site assumed the universe was therefore about to explode. Use such if you want but always verify the results yourself using dig. Will do. The DNSSEC message is not a problem. It means your provider does not use DNSSEC. Again, the universe will not explode from this, we all got along just fine with plain unsigned DNS transfers for 30 years. DNSSEC is a way to digitally sign zone transfers and updates. Nothing to do with zone resolution. Got it, thanks. - Grant
Re: [gentoo-user] PMTUD
On Sunday 01 Sep 2013 08:40:20 Grant wrote: How is PMTUD enabled/disabled on Gentoo? I've recently been made aware of the existence of MTU and I'm wondering if mine is set properly for a cell phone tethered connection. Thanks Mick. Can you generally rely on PMTUD to set the MTU optimally or should this be experimented with when changing connections? Short answer: default Linux machine settings behave properly as network devices and acknowledge packets larger than their MTU value with the appropriate response. Longer answer: Communications between IPv4 end points use PMTUD by setting a Don't Fragment (DF) bit in the headers of the outgoing packet. If a router/server along the path has a smaller MTU, it will drop that packet and respond with an ICMP 'Destination Unreachable -- Fragmentation Needed' packet including its smaller MTU value. Upon receiving this smaller packet value the initiating host will dynamically reduce the size of the outgoing packets, until the packet arrives at its intended destination. PMTUD should always be switched on in any well behaving network implementation, but here's the rub: some network nodes, firewalls, servers are configured to never respond with *any* ICMP packets (because they think that this is a way to avoid DDoS problems and the like). Therefore, the initiating host keeps sending large packets never knowing that they are dropped on the way. This network problem is known as a PMTUD black hole and is explained better here: http://tools.ietf.org/html/rfc2923 Some MSWindows servers were notoriously bad at this, but I think that modern configurations have corrected their buggy ways. Linux machines have PMTUD switched on by default and behave properly. If you are still troubled by the proxy connection stalling problem, have you tried transferring large files over the network using scp/sftp to see if you are also getting similar symptoms? This would isolate it to the application level (squid) or if the problem remains would point to network configuration issues. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] {OT} DNS: no SOA record or DNSSEC
On 01/09/2013 10:24, Grant wrote: Instead just use dig, using google.com as an example get the NS records first: $ dig ns google.com +short ns3.google.com. ns2.google.com. ns1.google.com. ns4.google.com. Then query each of those name server in turn directly for the SOA: $ dig soa google.com +short @ns3.google.com ns1.google.com. dns-admin.google.com. 2013081400 7200 1800 1209600 300 That's a correct SOA record. Does this look OK? $ dig soa MASKED.com +short @MASKED1.MASKED.com MASKED1.MASKED.com. MASKED.MASKED.com. MMDD00 3600 1801 604800 3601 That looks OK, doubly so if all listed NS servers return the same answer In all likelihood I'd say you are dealing with a DNS-check web site that is over-enthusiastic, or can't deal with network errors or just plain buggy. IOW, odds are very good that there is nothing wrong with your domain at all :-) -- Alan McKinnon alan.mckin...@gmail.com
Re: [gentoo-user] {OT} DNS: no SOA record or DNSSEC
Does this look OK? $ dig soa MASKED.com +short @MASKED1.MASKED.com MASKED1.MASKED.com. MASKED.MASKED.com. MMDD00 3600 1801 604800 3601 That looks OK, doubly so if all listed NS servers return the same answer They do indeed. In all likelihood I'd say you are dealing with a DNS-check web site that is over-enthusiastic, or can't deal with network errors or just plain buggy. IOW, odds are very good that there is nothing wrong with your domain at all :-) Many thanks Alan. - Grant
[gentoo-user] Re: Chromium: questions
On Tuesday 30 July 2013 12:11:37 you wrote: After the first launch, some entries immediately appear in History. I visited those before, but it's not everything I visited. Approximately 10-20 entries. From where is this information taken? If it's Google servers, what info is used for identification? IP address, system user name, something else? Well, I found out that Chromium was automatically importing Firefox history from all Firefox profiles.
[gentoo-user] {OT} cool new postfix whitelist feature
postfix has a new whitelist feature in 2.11. A main.cf config like this: postscreen_greet_action = enforce postscreen_pipelining_enable = yes postscreen_pipelining_action = enforce postscreen_non_smtp_command_enable = yes postscreen_non_smtp_command_action = enforce postscreen_bare_newline_enable = yes postscreen_bare_newline_action = enforce postscreen_dnsbl_sites = zen.spamhaus.org list.dnswl.org*-1 postscreen_dnsbl_whitelist_threshold = -1 means you're using a blacklist (zen.spamhaus.org), whitelist (list.dnswl.org), and greylisting everything else. I'm not getting spam anymore and I don't think I'm rejecting legitimate mail either. I was having a problem with the 450 greylisting response causing permanent bounces with mail servers that don't retry (comcast.net for example) but the whitelist has fixed it and most mail is delivered a lot faster since it doesn't have to retry. - Grant
Re: [gentoo-user] PMTUD
Thanks Mick. Can you generally rely on PMTUD to set the MTU optimally or should this be experimented with when changing connections? Short answer: default Linux machine settings behave properly as network devices and acknowledge packets larger than their MTU value with the appropriate response. Longer answer: Communications between IPv4 end points use PMTUD by setting a Don't Fragment (DF) bit in the headers of the outgoing packet. If a router/server along the path has a smaller MTU, it will drop that packet and respond with an ICMP 'Destination Unreachable -- Fragmentation Needed' packet including its smaller MTU value. Upon receiving this smaller packet value the initiating host will dynamically reduce the size of the outgoing packets, until the packet arrives at its intended destination. PMTUD should always be switched on in any well behaving network implementation, but here's the rub: some network nodes, firewalls, servers are configured to never respond with *any* ICMP packets (because they think that this is a way to avoid DDoS problems and the like). Therefore, the initiating host keeps sending large packets never knowing that they are dropped on the way. This network problem is known as a PMTUD black hole and is explained better here: http://tools.ietf.org/html/rfc2923 Some MSWindows servers were notoriously bad at this, but I think that modern configurations have corrected their buggy ways. Linux machines have PMTUD switched on by default and behave properly. Got it, thank you. If you are still troubled by the proxy connection stalling problem, have you tried transferring large files over the network using scp/sftp to see if you are also getting similar symptoms? This would isolate it to the application level (squid) or if the problem remains would point to network configuration issues. How can I make this determination? I'm testing a 50MB scp over hotel wifi from my laptop to the remote proxy server now (with squid running in case it matters) and it seems OK. It oscillates constantly between 0.0KB/s and 80.0KB/s. As soon as I start browsing via the proxy server, the upload frequently goes to stalled but I suppose that could be a bandwidth issue. Browsing still stalls before very long. - Grant
Re: [gentoo-user] PMTUD
Communications between IPv4 end points use PMTUD by setting a Don't Fragment (DF) bit in the headers of the outgoing packet. If a router/server along the path has a smaller MTU, it will drop that packet and respond with an ICMP 'Destination Unreachable -- Fragmentation Needed' packet including its smaller MTU value. Upon receiving this smaller packet value the initiating host will dynamically reduce the size of the outgoing packets, until the packet arrives at its intended destination. PMTUD should always be switched on in any well behaving network implementation, but here's the rub: some network nodes, firewalls, servers are configured to never respond with *any* ICMP packets (because they think that this is a way to avoid DDoS problems and the like). Therefore, the initiating host keeps sending large packets never knowing that they are dropped on the way. This network problem is known as a PMTUD black hole and is explained better here: Could ICMP packets not getting through be to blame for my proxy server problem? My laptop can't seem to ping anyone (blocked at the firewall in this hotel I suppose) and certainly the proxy server can't ping my laptop. - Grant
Re: [gentoo-user] PMTUD
On Sunday 01 Sep 2013 11:31:10 Grant wrote: If you are still troubled by the proxy connection stalling problem, have you tried transferring large files over the network using scp/sftp to see if you are also getting similar symptoms? This would isolate it to the application level (squid) or if the problem remains would point to network configuration issues. How can I make this determination? I'm testing a 50MB scp over hotel wifi from my laptop to the remote proxy server now (with squid running in case it matters) and it seems OK. It oscillates constantly between 0.0KB/s and 80.0KB/s. As soon as I start browsing via the proxy server, the upload frequently goes to stalled but I suppose that could be a bandwidth issue. Browsing still stalls before very long. The oscillation is related to buffering and is normal. If you are getting longer stalling periods where no packets are being transmitted then there could be a network problem. iptraf-ng, ntop and other tools can show if packets have stopped moving in either direction. From what you're describing the problem seems related to the squid application, since scp is not seeing similar timeouts. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] PMTUD
If you are still troubled by the proxy connection stalling problem, have you tried transferring large files over the network using scp/sftp to see if you are also getting similar symptoms? This would isolate it to the application level (squid) or if the problem remains would point to network configuration issues. How can I make this determination? I'm testing a 50MB scp over hotel wifi from my laptop to the remote proxy server now (with squid running in case it matters) and it seems OK. It oscillates constantly between 0.0KB/s and 80.0KB/s. As soon as I start browsing via the proxy server, the upload frequently goes to stalled but I suppose that could be a bandwidth issue. Browsing still stalls before very long. The oscillation is related to buffering and is normal. If you are getting longer stalling periods where no packets are being transmitted then there could be a network problem. iptraf-ng, ntop and other tools can show if packets have stopped moving in either direction. From what you're describing the problem seems related to the squid application, since scp is not seeing similar timeouts. Strangely, the ziproxy application behaves in exactly the same way. - Grant
[gentoo-user] Can't ping remote system
My laptop can't ping my remote system but it can ping others (google.com, yahoo.com, etc). I've tried disabling my firewall on both ends with '/etc/init.d/shorewall stop shorewall clear'. Could my ATT business ADSL connection on the remote system be blocking inbound pings? - Grant
Re: [gentoo-user] Can't ping remote system
Am 01.09.2013 14:54, schrieb Michael Hampicke: Am 01.09.2013 14:28, schrieb Grant: My laptop can't ping my remote system but it can ping others (google.com, yahoo.com, etc). I've tried disabling my firewall on both ends with '/etc/init.d/shorewall stop shorewall clear'. Could my ATT business ADSL connection on the remote system be blocking inbound pings? Possible, have you tried pinging your remote system from a different location? You may try http://www.downforeveryoneorjustme.com/ Sorry, wrong link: http://ping.eu/ping/ signature.asc Description: OpenPGP digital signature
Re: [gentoo-user] Can't ping remote system
Am 01.09.2013 14:28, schrieb Grant: My laptop can't ping my remote system but it can ping others (google.com, yahoo.com, etc). I've tried disabling my firewall on both ends with '/etc/init.d/shorewall stop shorewall clear'. Could my ATT business ADSL connection on the remote system be blocking inbound pings? Possible, have you tried pinging your remote system from a different location? You may try http://www.downforeveryoneorjustme.com/ signature.asc Description: OpenPGP digital signature
Re: [gentoo-user] PMTUD
On Sunday 01 Sep 2013 12:17:28 Grant wrote: Communications between IPv4 end points use PMTUD by setting a Don't Fragment (DF) bit in the headers of the outgoing packet. If a router/server along the path has a smaller MTU, it will drop that packet and respond with an ICMP 'Destination Unreachable -- Fragmentation Needed' packet including its smaller MTU value. Upon receiving this smaller packet value the initiating host will dynamically reduce the size of the outgoing packets, until the packet arrives at its intended destination. PMTUD should always be switched on in any well behaving network implementation, but here's the rub: some network nodes, firewalls, servers are configured to never respond with *any* ICMP packets (because they think that this is a way to avoid DDoS problems and the like). Therefore, the initiating host keeps sending large packets never knowing that they are dropped on the way. This network problem is known as a PMTUD blackhole and is explained better here: Could ICMP packets not getting through be to blame for my proxy server problem? My laptop can't seem to ping anyone (blocked at the firewall in this hotel I suppose) and certainly the proxy server can't ping my laptop. Not all ICMP packets are relevant to detecting the MTU of a node. A correctly implemented node will return an ICMP Fragmentation Needed (Type 3, Code 4) packet, with its MTU value. This kind of ICMP packets should not be blocked at firewalls. Use ping with the do not fragment option to see if packets above a certain size time out, i.e. they are dropped by some offending node on the way. ping -c 6 -n -M do -s 1472 server_address This will send 6 packets to your server's address having set the do not fragment bit. The packet payload size is set at 1472 to allow for 28 bytes that are taken up by the IP and ICMP header data. So the total packet size would be 1472+28=1500, the usual ethernet packet size. If the MTU of the server is less than 1500 bytes, you will get a response containing Frag needed and DF set, otherwise you will get pong responses, like e.g. 1480 bytes from XXX.XX.XXX.XXX: icmp_seq=1 ttl=121 time=66.5 ms If there is a black hole in the circuit you will be getting timeouts. Start reducing the size of the packet if you are getting time outs, say by 10 bytes at a time. When you arrive at or below the corresponding size of the MTU of a blackhole you will start getting responses. Of course, if the hotel's firewall is blocking all outgoing/incoming pings this sort of diagnostic test will not be useful. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
[gentoo-user] Digest errors in an overlay, but only in one box
Hi All, I updated the enlightenment overlay on two PCs. The first which incidentally I use as a portage mirror for my LAN works as expected, while the second PC is coming up with these type of errors: # emerge -uaDv world These are the packages that would be merged, in order: Calculating dependencies - * Missing digest for '/var/lib/layman/enlightenment/media-libs/ethumb/ethumb-1.7.1.ebuild' - * Digest verification failed: * /var/lib/layman/enlightenment/x11-plugins/e_modules-forecasts/e_modules- forecasts-.ebuild * Reason: Filesize does not match recorded size * Got: 442 * Expected: 436 | * Digest verification failed: * /var/lib/layman/enlightenment/x11-plugins/e_modules-tclock/e_modules- tclock-.ebuild * Reason: Filesize does not match recorded size * Got: 385 * Expected: 379 [snip ...] I removed everything below /var/lib/layman/enlightenment/* and resync'ed. I keep getting the same errors. The layman/overlay on the two PCs is set the same way as far as I can recall, the only difference being one is x86 and the other amd64 arch. Can you please give me some pointers in troubleshooting this? Why are the digests wrong and if so why is this being picked up on one machine only and not the other? -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] Can't ping remote system
My laptop can't ping my remote system but it can ping others (google.com, yahoo.com, etc). I've tried disabling my firewall on both ends with '/etc/init.d/shorewall stop shorewall clear'. Could my ATT business ADSL connection on the remote system be blocking inbound pings? Possible, have you tried pinging your remote system from a different location? You may try http://www.downforeveryoneorjustme.com/ Sorry, wrong link: http://ping.eu/ping/ I get 100% packet loss when pinging from there. - Grant
Re: Integrated ZFS for Gentoo - WAS Re: [gentoo-user] Optional /usr merge in Gentoo
On 2013-08-31 7:29 AM, Joerg Schilling joerg.schill...@fokus.fraunhofer.de wrote: Tanstaafltansta...@libertytrek.org wrote: You must have missed the point that this is for*servers*, that most people*disable modules* on. I*know* that it is available as a module. Why, for security reasons? Because if you don't need something, why enable it? If modules are totally disabled, then there is no worry about any security issue involving modules at all.
Re: [gentoo-user] PMTUD
Could ICMP packets not getting through be to blame for my proxy server problem? My laptop can't seem to ping anyone (blocked at the firewall in this hotel I suppose) and certainly the proxy server can't ping my laptop. Not all ICMP packets are relevant to detecting the MTU of a node. A correctly implemented node will return an ICMP Fragmentation Needed (Type 3, Code 4) packet, with its MTU value. This kind of ICMP packets should not be blocked at firewalls. Use ping with the do not fragment option to see if packets above a certain size time out, i.e. they are dropped by some offending node on the way. ping -c 6 -n -M do -s 1472 server_address I get Frag needed and DF set (mtu = 1492) when pinging google.com. I get normal replies with -s 1464. ifconfig shows my WAN interface at MTU 1500 so PMTUD must change the MTU for communication with google.com if I understand correctly. Of course, if the hotel's firewall is blocking all outgoing/incoming pings this sort of diagnostic test will not be useful. I actually only lose pings to my own remote system so I've started a new thread about that. I tried down to -s 1 but still 100% packet loss there. - Grant
Re: Integrated ZFS for Gentoo - WAS Re: [gentoo-user] Optional /usr merge in Gentoo
On 2013-08-31 11:55 PM, Walter Dnes waltd...@waltdnes.org wrote: Also, I really wonder what the point is in having to use initramfs on a system where /usr is part of /. You don't, it is only *required* if you have a separate /usr... in fact that is what the whole argument was about. At least that is my understanding of the situation now... please don't tell me I'm wrong and there was another vote and it is now required just to be able to use gentoo?
Re: Integrated ZFS for Gentoo - WAS Re: [gentoo-user] Optional /usr merge in Gentoo
On 2013-08-31 7:32 AM, Alon Bar-Lev alo...@gentoo.org wrote: If this is not mainline, and it is not trivial gentoo kernels maintainer patch, and you must have this as static, you can just put the patch within/etc/portage/patches/sys-kernel/gentoo-sources/, so it will patch your kernel every time you emerge new one. Interesting, but this would require manually updating the patch every time, right? Or could the 'patch' be configured to automatically pull the right version (compatible with the kernel being installed) every time? That would not be such a bad thing... but if not... well... Computers excel at automating things. People excel at breaking things, and I'd like this to be automated as much as possible. That said, I've never applied patches in this manner, so, is there an up to date how-to on how to do this? It might be something I can get comfortable with unless/until an automated process is implemented. On 2013-08-31 8:19 AM, Joerg Schilling wrote: So there seems to be no real need to create a static linux kernel with ZFS inside. sigh There is for those who *do not want modules enabled on their servers*. Why is it so hard for some people to just not get that their way is not the only way. Again, Joerg... please *stop arguing* about this point, it has *nothing* to do with the thread. On 2013-08-31 2:44 PM, Mark David Dumlao madum...@gmail.com wrote: You must have missed the point that this is for *servers*, that most people *disable modules* on. I*know* that it is available as a module. Ok, I was just asking. But as for what most people do on their servers, speak for yourself. Ok, I left out two words: '... I know ... ' - and the fact is, most everyone I know (over a dozen) who runs linux servers (not just gentoo) runs them with modules disabled, and I've seen countless others say the same thing over the years... The fact is, *many* people do this, and if it trivial to implement it in gentoo (which appears it is), then why not do so?
Re: [gentoo-user] Optional /usr merge in Gentoo
On 2013-09-01 12:31 AM, Canek Peláez Valdés can...@gmail.com wrote: Of course, support for an initramfs is not actually a file system (it's not even in the File systems section of the kernel configuration, is in General setup); it's not possible to have initramfs as a module (that would make no sense at all); and it's code that is several orders of magnitude more simpler than the one used by ext4 (or any other journal file system). Is there any reason that the creation, use and maintenance of the initramfs couldn't be as simple as a checkbox in the kernel config, so that running 'make' after the kernel was configured would automatically build it? Then, all I'd have to do is move it into /boot along with the new kernel (just like I do now), with *nothing* else required, and the kernel would call it, and things would just work (as long as it was there and I didn't forget to copy it to /boot).
Re: [gentoo-user] Can't ping remote system
On 01/09/2013 15:28, Grant wrote: My laptop can't ping my remote system but it can ping others (google.com, yahoo.com, etc). I've tried disabling my firewall on both ends with '/etc/init.d/shorewall stop shorewall clear'. Could my ATT business ADSL connection on the remote system be blocking inbound pings? Possible, have you tried pinging your remote system from a different location? You may try http://www.downforeveryoneorjustme.com/ Sorry, wrong link: http://ping.eu/ping/ I get 100% packet loss when pinging from there. - Grant try an icmp traceroute, if you are lucky you'll get a result that tells you on which hop the pings cease to work: traceroute -I but do read the man page (traceroute is like ps in that there are many versions around and options don't always match up with what folk say on mailing lists) -- Alan McKinnon alan.mckin...@gmail.com
Re: [gentoo-user] Digest errors in an overlay, but only in one box
On 01/09/2013 15:07, Mick wrote: Hi All, I updated the enlightenment overlay on two PCs. The first which incidentally I use as a portage mirror for my LAN works as expected, while the second PC is coming up with these type of errors: # emerge -uaDv world These are the packages that would be merged, in order: Calculating dependencies - * Missing digest for '/var/lib/layman/enlightenment/media-libs/ethumb/ethumb-1.7.1.ebuild' - * Digest verification failed: * /var/lib/layman/enlightenment/x11-plugins/e_modules-forecasts/e_modules- forecasts-.ebuild * Reason: Filesize does not match recorded size * Got: 442 * Expected: 436 | * Digest verification failed: * /var/lib/layman/enlightenment/x11-plugins/e_modules-tclock/e_modules- tclock-.ebuild * Reason: Filesize does not match recorded size * Got: 385 * Expected: 379 [snip ...] I removed everything below /var/lib/layman/enlightenment/* and resync'ed. I keep getting the same errors. The layman/overlay on the two PCs is set the same way as far as I can recall, the only difference being one is x86 and the other amd64 arch. Can you please give me some pointers in troubleshooting this? Why are the digests wrong and if so why is this being picked up on one machine only and not the other? What's the contents of the Manifest file in those two directories? What does ls -al say ebuild the supposedly faulty ebuilds? I also note the error reported in both cases is exactly 6 bytes. Might be significant, let's keep that in mind -- Alan McKinnon alan.mckin...@gmail.com
Re: [gentoo-user] Optional /usr merge in Gentoo
On 01/09/2013 16:30, Tanstaafl wrote: On 2013-09-01 12:31 AM, Canek Peláez Valdés can...@gmail.com wrote: Of course, support for an initramfs is not actually a file system (it's not even in the File systems section of the kernel configuration, is in General setup); it's not possible to have initramfs as a module (that would make no sense at all); and it's code that is several orders of magnitude more simpler than the one used by ext4 (or any other journal file system). Is there any reason that the creation, use and maintenance of the initramfs couldn't be as simple as a checkbox in the kernel config, so that running 'make' after the kernel was configured would automatically build it? Then, all I'd have to do is move it into /boot along with the new kernel (just like I do now), with *nothing* else required, and the kernel would call it, and things would just work (as long as it was there and I didn't forget to copy it to /boot). That would require a config file of some sort to define what files you want in the initramfs, and it must be available to the kernel build process. It also has to read your self-defined arbitrary stuff from your userland. The kernel build machinery is a self-contained environment, the kernel devs work very hard to keep userland out of it. So expect Linux to shoot you down in flames for the very suggestion. You keep asking for tools to automate the production of an initramfs; you should realize that the thing has got absolutely nothing to do with building and running a kernel, it's a helper function, and not really tied to the kernel per se. Just rig your kernel update process to add a section where you run the command that builds an initramfs. You already have so many steps where you do exactly that in other areas so it's not a realistic issue, and you take that in your stride. Or at it to the end of your kernel build wrapper script if you wrote such a thing for yourself. -- Alan McKinnon alan.mckin...@gmail.com
[gentoo-user] Re: Can't ping remote system
On 01/09/13 15:28, Grant wrote: My laptop can't ping my remote system but it can ping others (google.com, yahoo.com, etc). I've tried disabling my firewall on both ends with '/etc/init.d/shorewall stop shorewall clear'. Could my ATT business ADSL connection on the remote system be blocking inbound pings? A possible reason is that the packet filter on your router is blocking this. (Meaning the router that also houses the ADSL modem.) And it's actually the router itself that replies to pings; the packets never make it to your machine. Usually there's a setting in the router's settings page where you can allow ICMP replies. So it's worth digging into the router's settings and see what you can find, if this is the setup you have. But since you mentioned business connection, you might actually not have such a SOHO router + modem combo.
Re: [gentoo-user] Can't ping remote system
My laptop can't ping my remote system but it can ping others (google.com, yahoo.com, etc). I've tried disabling my firewall on both ends with '/etc/init.d/shorewall stop shorewall clear'. Could my ATT business ADSL connection on the remote system be blocking inbound pings? Possible, have you tried pinging your remote system from a different location? You may try http://www.downforeveryoneorjustme.com/ Sorry, wrong link: http://ping.eu/ping/ I get 100% packet loss when pinging from there. try an icmp traceroute, if you are lucky you'll get a result that tells you on which hop the pings cease to work: traceroute -I but do read the man page (traceroute is like ps in that there are many versions around and options don't always match up with what folk say on mailing lists) I did 'traceroute -w 30 -I ip-address' several times and the last IP displayed is always the same. I looked it up and it's an ATT IP supposedly located about 1500 miles from my machine which is also on an ATT connection. Does this tell me anything? - Grant
Re: [gentoo-user] Re: Can't ping remote system
My laptop can't ping my remote system but it can ping others (google.com, yahoo.com, etc). I've tried disabling my firewall on both ends with '/etc/init.d/shorewall stop shorewall clear'. Could my ATT business ADSL connection on the remote system be blocking inbound pings? A possible reason is that the packet filter on your router is blocking this. (Meaning the router that also houses the ADSL modem.) And it's actually the router itself that replies to pings; the packets never make it to your machine. Usually there's a setting in the router's settings page where you can allow ICMP replies. So it's worth digging into the router's settings and see what you can find, if this is the setup you have. But since you mentioned business connection, you might actually not have such a SOHO router + modem combo. I bet you're right. This sort of thing occurred to me earlier so I went to look for that type of setting but I need the access code from the bottom of the device which I can't get until tomorrow. I will try then and report back. Thanks, Grant
Re: [gentoo-user] PMTUD
On Sunday 01 Sep 2013 14:59:19 Grant wrote: Could ICMP packets not getting through be to blame for my proxy server problem? My laptop can't seem to ping anyone (blocked at the firewall in this hotel I suppose) and certainly the proxy server can't ping my laptop. Not all ICMP packets are relevant to detecting the MTU of a node. A correctly implemented node will return an ICMP Fragmentation Needed (Type 3, Code 4) packet, with its MTU value. This kind of ICMP packets should not be blocked at firewalls. Use ping with the do not fragment option to see if packets above a certain size time out, i.e. they are dropped by some offending node on the way. ping -c 6 -n -M do -s 1472 server_address I get Frag needed and DF set (mtu = 1492) when pinging google.com. I get normal replies with -s 1464. ifconfig shows my WAN interface at MTU 1500 so PMTUD must change the MTU for communication with google.com if I understand correctly. The hotel's router/modem may be using PPPoE to authenticate with their ISP, which has a larger header size and requires an MTU of 1492 (1464+28=1492) So, although your NIC is configured to the full ethernet MTU size, the router drops the size down to 1492 to be able to squeeze it out through the ISP's network. That's all good and proper and will not cause the timeout problem you have been experiencing. Of course, if the hotel's firewall is blocking all outgoing/incoming pings this sort of diagnostic test will not be useful. I actually only lose pings to my own remote system so I've started a new thread about that. I tried down to -s 1 but still 100% packet loss there. Have you checked that the firewall at your server is not set to drop all ICMP packets and that you don't have something like this set up on it: net.ipv4.icmp_echo_ignore_all = 0 (use sysctl to check) -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] PMTUD
The hotel's router/modem may be using PPPoE to authenticate with their ISP, which has a larger header size and requires an MTU of 1492 (1464+28=1492) So, although your NIC is configured to the full ethernet MTU size, the router drops the size down to 1492 to be able to squeeze it out through the ISP's network. That's all good and proper and will not cause the timeout problem you have been experiencing. OK, does PMTUD lower the outgoing packet size on my system due to the hotel router's lower MTU or does the hotel router itself fragment my 1500 byte packets in order to send them out? Just curious. Have you checked that the firewall at your server is not set to drop all ICMP packets and that you don't have something like this set up on it: net.ipv4.icmp_echo_ignore_all = 0 (use sysctl to check) I get this which looks OK: # sysctl -a|grep icmp_echo_ignore_all net.ipv4.icmp_echo_ignore_all = 0 Nikos mentioned in the other thread that I may need to configure ICMP on my server's modem/router which I will be able to try tomorrow. - Grant
Re: [gentoo-user] Digest errors in an overlay, but only in one box
On Sunday 01 Sep 2013 15:45:05 Alan McKinnon wrote: What's the contents of the Manifest file in those two directories? What does ls -al say ebuild the supposedly faulty ebuilds? I also note the error reported in both cases is exactly 6 bytes. Might be significant, let's keep that in mind Thanks Alan, it's not just these two ebuilds digests that come up with errors. I attach the complete error. I compared the corresponding Manifests between the two PCs and there no differences. For example: Good PC: === # sha1sum /var/lib/layman/enlightenment/x11-plugins/e_modules- forecasts/Manifest d058dc5e9f6443a9f4e3a02f32c8dde9c2ae1844 /var/lib/layman/enlightenment/x11- plugins/e_modules-forecasts/Manifest Bad PC: == $ sha1sum /var/lib/layman/enlightenment/x11-plugins/e_modules- forecasts/Manifest d058dc5e9f6443a9f4e3a02f32c8dde9c2ae1844 /var/lib/layman/enlightenment/x11- plugins/e_modules-forecasts/Manifest Similarly, there's no difference between the checksums of the ebuilds in the two PCs. Here is the content of the e_modules-forecasts Manifest: === $ cat /var/lib/layman/enlightenment/x11-plugins/e_modules-forecasts/Manifest -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 EBUILD e_modules-forecasts-.ebuild 436 SHA256 66c7fd87b666ec5b29e3756b36ed3fcd3140c267a02757fe29997e912ad8fc05 SHA512 952910877f0cc2f36fb9980822b3088652c4f813de6ed1fa584fa9c9737c832000a5e7ffdce00bc9c255cf1663cc0efd76ec6910ba504e515303be44b9d792bc WHIRLPOOL 8f7ba88d7658257d6cf9a9655a7152ed7bf6b126dade35a3f6304451bd2f16621e36298ac10b8c8420259dfae14e28289ba20bbec84373c25ed5f538df5bc8f1 MISC ChangeLog 225 SHA256 e4290d34b0e8936f485adee22ec8e596fdeff60ed041c03f0a6925bcdc973c2f SHA512 48819cea3e04612f94feeb8511cc79a583e777fa1de438ca287f8f8289301537b4ff4df5c1fe96d8edd6a10bc1f0a0dd76020e30b4e2210ff5e119239ce33664 WHIRLPOOL 41478a52980a23476d21eec41a32d77dada0ced86b7baadd59bc8db9adbf06ae3c7d38b55516dec57a60a4ad67bae9d2d3aae6066f6ad6589b34ee6499420b52 MISC metadata.xml 228 SHA256 42ea435327140212f3beb05aafebad5053cbad84532f9bb78987de8540c6459a SHA512 5b1191ceaa7bcaa10b4b28d5b80cbb214da3e5857c2897f7b8001d3ac7ef3491c2dbb8a51583677c79770c106368297c16698d7a10b5ba85ce211412a61ae8bd WHIRLPOOL ed7fa6aacaa62a04fd1d184fc7a86eff8bd65a29664dca293f6723db14d1b8c22e5707cb0c1a0c7405cf2da2e0af1c031f7c9406fda5dfe74df3421b47b1cbf3 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) iJwEAQEIAAYFAlDewwEACgkQG7kqcTWJkGfjiAP+OKqYKSf8DefFXND/+MWK5Zk1 ib+e0yc1nF+QpmrO8G1GhsR2lNu/zTpBh0qyL9w4lfsFz39lUu8/+AqVVR0CRyfS pzagurDvQ5Rw+/h2qY/6uyUzPSSQxY7t5JUyzP70P8EPETqX934Nwl8KjpWktiHL d0M80h8apliu6eYI14Y= =h2o0 -END PGP SIGNATURE- === On the good PC I am able to emerge tclock: = # emerge -1aDv x11-plugins/e_modules-tclock These are the packages that would be merged, in order: Calculating dependencies... done! [ebuild N*] x11-plugins/e_modules-tclock-::enlightenment USE=nls - doc 0 kB Total: 1 package (1 new), Size of downloads: 0 kB The following keyword changes are necessary to proceed: (see package.accept_keywords in the portage(5) man page for more details) # required by x11-plugins/e_modules-tclock (argument) =x11-plugins/e_modules-tclock- ** NOTE: The --autounmask-keep-masks option will prevent emerge from creating package.unmask or ** keyword changes. Use --autounmask-write to write changes to config files (honoring CONFIG_PROTECT). Carefully examine the list of proposed changes, paying special attention to mask or keyword changes that may expose experimental or unstable packages. = On the bad PC it complaints of corrupt files: # emerge -1aDv x11-plugins/e_modules-tclock These are the packages that would be merged, in order: Calculating dependencies \ * Digest verification failed: * /var/lib/layman/enlightenment/x11-plugins/e_modules-tclock/e_modules- tclock-.ebuild * Reason: Filesize does not match recorded size * Got: 385 * Expected: 379 ... done! !!! All ebuilds that could satisfy x11-plugins/e_modules-tclock have been masked. !!! One of the following masked packages is required to complete your request: - x11-plugins/e_modules-tclock-::enlightenment (masked by: corruption) For more information, see the MASKED PACKAGES section in the emerge man page or refer to the Gentoo Handbook. The content of two overlay package directories listed here as an example, from the bad PC: # ls -la /var/lib/layman/enlightenment/x11-plugins/e_modules-tclock total 24 drwxr-xr-x 2 root root 4096 Sep 1 17:33 . drwxr-xr-x 39 root root 4096 Sep 1 17:33 .. -rw-r--r-- 1 root root 219 Sep 1 17:33 ChangeLog -rw-r--r-- 1 root root 1487 Sep 1
Re: [gentoo-user] Can't ping remote system
On Sunday 01 Sep 2013 16:04:17 Grant wrote: My laptop can't ping my remote system but it can ping others (google.com, yahoo.com, etc). I've tried disabling my firewall on both ends with '/etc/init.d/shorewall stop shorewall clear'. Could my ATT business ADSL connection on the remote system be blocking inbound pings? Possible, have you tried pinging your remote system from a different location? You may try http://www.downforeveryoneorjustme.com/ Sorry, wrong link: http://ping.eu/ping/ I get 100% packet loss when pinging from there. try an icmp traceroute, if you are lucky you'll get a result that tells you on which hop the pings cease to work: traceroute -I but do read the man page (traceroute is like ps in that there are many versions around and options don't always match up with what folk say on mailing lists) I did 'traceroute -w 30 -I ip-address' several times and the last IP displayed is always the same. I looked it up and it's an ATT IP supposedly located about 1500 miles from my machine which is also on an ATT connection. Does this tell me anything? - Grant Out of interest, does it show the same with you use the -T option? It could well be a congested link. Try again in off peak times to see if it still drops packets. If it happens off peak it could well be a misconfigured node. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] PMTUD
On Sunday 01 Sep 2013 17:17:37 Grant wrote: OK, does PMTUD lower the outgoing packet size on my system due to the hotel router's lower MTU or does the hotel router itself fragment my 1500 byte packets in order to send them out? Just curious. If you are sending out packets with the DF bit set no fragmentation will take place - the packet is dropped and an appropriate message is returned to sender. Otherwise the router will fragment them and send them on to the recipient address. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
[gentoo-user] kerninst (was Optional /usr merge in Gentoo)
I am following vanilla-sources in all my machines, which is what people like Greg Kroah-Hartman actually recommends [1][2]. Since they are now never stabilized [3], this means that I need to update them pretty regularly to keep them safe. This implies that I have to change the /usr/src/linux symbolic link, configure the kernel using make oldconfig, compile it, install it, install its modules, reemerge any package that provides kernel modules (if any), regenerate its initramfs, regenerate the GRUB2 config file OR adding a new entry in GRUB. None of this steps are particularly difficult, but any mistake in one of them can result in an unbootable system. So I wrote a little script that takes care of each of this steps automagically: https://github.com/canek-pelaez/kerninst So now everytime I need to use a new kernel version, I only do: # eselect kernel set new-kernel # kerninst Everything is done by the script. The script is 167 lines of Bash, and I think is pretty easy to follow what it does. Any of the steps can be called individually, and I have been using it in all of my machines without any problem. It works with both GRUB and GRUB2, generating a very simple GRUB config file for every image available in /boot, with corresponding inird line if availabe. WARNINGS • If /usr/src/linux points to /usr/src/linux-3.10.10, then the script deletes /boot vmlinuz-3.10.10, /boot/initrd-3.10.10 *and* /lib/modules/3.10.10. • The script *WILL* overwrite your GRUB/GRUB2 configuration file, so make a copy before trying it. • The script requires a valid kernel .config file which will be copied into /usrc/src/linux, and then used to configure the kernel with: yes | make oldconfig Some people recommend not doing this, and it can stall if a new option for the kernel requires an answer with no default value. • The script only supports dracut, but adding genkernel (or any other initramfs maker) should be easy. Patches accepted. Dracut should be already configured. • I have only tested it with vanilla-sources, but probably will work with other *-sources packages. I have been using it in all of my machines for some days now, and it works for me; but I take no responsibility if it breaks your machine, or if it kills your dog. Regards. [1] http://article.gmane.org/gmane.linux.gentoo.devel/86496 [2] http://article.gmane.org/gmane.linux.gentoo.devel/86506 [3] http://article.gmane.org/gmane.linux.gentoo.devel/87015 -- Canek Peláez Valdés Posgrado en Ciencia e Ingeniería de la Computación Universidad Nacional Autónoma de México
Re: [gentoo-user] Can't ping remote system
On 01/09/2013 17:04, Grant wrote: My laptop can't ping my remote system but it can ping others (google.com, yahoo.com, etc). I've tried disabling my firewall on both ends with '/etc/init.d/shorewall stop shorewall clear'. Could my ATT business ADSL connection on the remote system be blocking inbound pings? Possible, have you tried pinging your remote system from a different location? You may try http://www.downforeveryoneorjustme.com/ Sorry, wrong link: http://ping.eu/ping/ I get 100% packet loss when pinging from there. try an icmp traceroute, if you are lucky you'll get a result that tells you on which hop the pings cease to work: traceroute -I but do read the man page (traceroute is like ps in that there are many versions around and options don't always match up with what folk say on mailing lists) I did 'traceroute -w 30 -I ip-address' several times and the last IP displayed is always the same. I looked it up and it's an ATT IP supposedly located about 1500 miles from my machine which is also on an ATT connection. Does this tell me anything? Yes, it tells you that all hops up to that point at least respond to the kinds of icmp packets traceroute uses. The first hop that fails to answer isn't answering. You are looking for possible reasons why icmp might not be working out properly - that router is your first suspect. Admittedly, it might be blocking traceroute pings and still allow the responses you seek, but you have to start somewhere :-) The problem you are trying to track down is notoriously tricky to nail down exactly as too many ISPs out there obsessively block useful icmp traffic. They believe it's security. I believe it's security theatre and makes fault finding on a live network infernally difficult. Mick is on the right track - deal with each issue one by one till you hit paydirt. -- Alan McKinnon alan.mckin...@gmail.com
Re: [gentoo-user] PMTUD
OK, does PMTUD lower the outgoing packet size on my system due to the hotel router's lower MTU or does the hotel router itself fragment my 1500 byte packets in order to send them out? Just curious. If you are sending out packets with the DF bit set no fragmentation will take place - the packet is dropped and an appropriate message is returned to sender. Otherwise the router will fragment them and send them on to the recipient address. Shouldn't PMTUD change my MTU based on the hotel router's lower MTU? - Grant
Re: [gentoo-user] kerninst (was Optional /usr merge in Gentoo)
Am 01.09.2013 19:30, schrieb Canek Peláez Valdés: I have been using it in all of my machines for some days now, and it works for me; but I take no responsibility if it breaks your machine, or if it kills your dog. So far the cat still lives ... your script worked fine here in the first try. Some syntax error in line 26 as far as syntax highlighting in vim tells me ... everything red from down there ... but it works ... I got to figure out why I get multiple entries for one version right now ... my /boot might need some pre-cleanup ... but otherwise: great, thanks! I pull linux-git into a directory aside from /usr/src ... this doesn't work with the current version AFAI see ... I will simply move my git-repo ... Stefan
Re: [gentoo-user] Can't ping remote system
My laptop can't ping my remote system but it can ping others (google.com, yahoo.com, etc). I've tried disabling my firewall on both ends with '/etc/init.d/shorewall stop shorewall clear'. Could my ATT business ADSL connection on the remote system be blocking inbound pings? Possible, have you tried pinging your remote system from a different location? You may try http://www.downforeveryoneorjustme.com/ Sorry, wrong link: http://ping.eu/ping/ I get 100% packet loss when pinging from there. try an icmp traceroute, if you are lucky you'll get a result that tells you on which hop the pings cease to work: traceroute -I but do read the man page (traceroute is like ps in that there are many versions around and options don't always match up with what folk say on mailing lists) I did 'traceroute -w 30 -I ip-address' several times and the last IP displayed is always the same. I looked it up and it's an ATT IP supposedly located about 1500 miles from my machine which is also on an ATT connection. Does this tell me anything? - Grant Out of interest, does it show the same with you use the -T option? It could well be a congested link. Try again in off peak times to see if it still drops packets. If it happens off peak it could well be a misconfigured node. The last IP displayed is the same with the -T option. Off-peak at the destination? I've actually been trying all day under those conditions. You don't think it's likely to be the ICMP setting on the server's modem/router? - Grant
Re: [gentoo-user] Can't ping remote system
My laptop can't ping my remote system but it can ping others (google.com, yahoo.com, etc). I've tried disabling my firewall on both ends with '/etc/init.d/shorewall stop shorewall clear'. Could my ATT business ADSL connection on the remote system be blocking inbound pings? I did 'traceroute -w 30 -I ip-address' several times and the last IP displayed is always the same. I looked it up and it's an ATT IP supposedly located about 1500 miles from my machine which is also on an ATT connection. Does this tell me anything? Yes, it tells you that all hops up to that point at least respond to the kinds of icmp packets traceroute uses. The first hop that fails to answer isn't answering. You are looking for possible reasons why icmp might not be working out properly - that router is your first suspect. Admittedly, it might be blocking traceroute pings and still allow the responses you seek, but you have to start somewhere :-) So the culprit is the first IP that should appear in the list but doesn't? If so, how is that helpful since it's not displayed? - Grant
Re: [gentoo-user] kerninst (was Optional /usr merge in Gentoo)
On Sun, Sep 1, 2013 at 1:01 PM, Stefan G. Weichinger li...@xunil.at wrote: Am 01.09.2013 19:30, schrieb Canek Peláez Valdés: I have been using it in all of my machines for some days now, and it works for me; but I take no responsibility if it breaks your machine, or if it kills your dog. So far the cat still lives ... your script worked fine here in the first try. Some syntax error in line 26 as far as syntax highlighting in vim tells me ... everything red from down there ... but it works ... Well, a proper editor, like Emacs, highlights correcty Bash regex :P I got to figure out why I get multiple entries for one version right now ... my /boot might need some pre-cleanup ... but otherwise: great, thanks! It should put an entry for every /boot/vmlinuz-* file. I pull linux-git into a directory aside from /usr/src ... this doesn't work with the current version AFAI see ... I will simply move my git-repo ... If the /usr/src/linux symlink points to linux-git, then the version should be git and everything should work. Otherwise is a bug. Thanks for trying it. Regards. -- Canek Peláez Valdés Posgrado en Ciencia e Ingeniería de la Computación Universidad Nacional Autónoma de México
Re: [gentoo-user] Digest errors in an overlay, but only in one box
That overlay hasn't been manifested properly, the checksums and file sizes don't match. You have two options: redigest every ebuild in the entire overlay resync and hope it's fixed (maybe report a bug) Just to confirm, this is vapier's overlay you are using? Not niifaq? I recall manifest problems with niifaq overlay a while ago, but can't recall issues with vapier's. It isn't the portage tree though, so I imagine it can be easy to forget the manifest step when committing files. What I can't explain is why one pc is happy using the overlay files and the other not. AFAIK portage doesn't allow digest checks to be disabled. On 01/09/2013 18:41, Mick wrote: On Sunday 01 Sep 2013 15:45:05 Alan McKinnon wrote: What's the contents of the Manifest file in those two directories? What does ls -al say ebuild the supposedly faulty ebuilds? I also note the error reported in both cases is exactly 6 bytes. Might be significant, let's keep that in mind Thanks Alan, it's not just these two ebuilds digests that come up with errors. I attach the complete error. I compared the corresponding Manifests between the two PCs and there no differences. For example: Good PC: === # sha1sum /var/lib/layman/enlightenment/x11-plugins/e_modules- forecasts/Manifest d058dc5e9f6443a9f4e3a02f32c8dde9c2ae1844 /var/lib/layman/enlightenment/x11- plugins/e_modules-forecasts/Manifest Bad PC: == $ sha1sum /var/lib/layman/enlightenment/x11-plugins/e_modules- forecasts/Manifest d058dc5e9f6443a9f4e3a02f32c8dde9c2ae1844 /var/lib/layman/enlightenment/x11- plugins/e_modules-forecasts/Manifest Similarly, there's no difference between the checksums of the ebuilds in the two PCs. Here is the content of the e_modules-forecasts Manifest: === $ cat /var/lib/layman/enlightenment/x11-plugins/e_modules-forecasts/Manifest EBUILD e_modules-forecasts-.ebuild 436 SHA256 66c7fd87b666ec5b29e3756b36ed3fcd3140c267a02757fe29997e912ad8fc05 SHA512 952910877f0cc2f36fb9980822b3088652c4f813de6ed1fa584fa9c9737c832000a5e7ffdce00bc9c255cf1663cc0efd76ec6910ba504e515303be44b9d792bc WHIRLPOOL 8f7ba88d7658257d6cf9a9655a7152ed7bf6b126dade35a3f6304451bd2f16621e36298ac10b8c8420259dfae14e28289ba20bbec84373c25ed5f538df5bc8f1 MISC ChangeLog 225 SHA256 e4290d34b0e8936f485adee22ec8e596fdeff60ed041c03f0a6925bcdc973c2f SHA512 48819cea3e04612f94feeb8511cc79a583e777fa1de438ca287f8f8289301537b4ff4df5c1fe96d8edd6a10bc1f0a0dd76020e30b4e2210ff5e119239ce33664 WHIRLPOOL 41478a52980a23476d21eec41a32d77dada0ced86b7baadd59bc8db9adbf06ae3c7d38b55516dec57a60a4ad67bae9d2d3aae6066f6ad6589b34ee6499420b52 MISC metadata.xml 228 SHA256 42ea435327140212f3beb05aafebad5053cbad84532f9bb78987de8540c6459a SHA512 5b1191ceaa7bcaa10b4b28d5b80cbb214da3e5857c2897f7b8001d3ac7ef3491c2dbb8a51583677c79770c106368297c16698d7a10b5ba85ce211412a61ae8bd WHIRLPOOL ed7fa6aacaa62a04fd1d184fc7a86eff8bd65a29664dca293f6723db14d1b8c22e5707cb0c1a0c7405cf2da2e0af1c031f7c9406fda5dfe74df3421b47b1cbf3 === On the good PC I am able to emerge tclock: = # emerge -1aDv x11-plugins/e_modules-tclock These are the packages that would be merged, in order: Calculating dependencies... done! [ebuild N*] x11-plugins/e_modules-tclock-::enlightenment USE=nls - doc 0 kB Total: 1 package (1 new), Size of downloads: 0 kB The following keyword changes are necessary to proceed: (see package.accept_keywords in the portage(5) man page for more details) # required by x11-plugins/e_modules-tclock (argument) =x11-plugins/e_modules-tclock- ** NOTE: The --autounmask-keep-masks option will prevent emerge from creating package.unmask or ** keyword changes. Use --autounmask-write to write changes to config files (honoring CONFIG_PROTECT). Carefully examine the list of proposed changes, paying special attention to mask or keyword changes that may expose experimental or unstable packages. = On the bad PC it complaints of corrupt files: # emerge -1aDv x11-plugins/e_modules-tclock These are the packages that would be merged, in order: Calculating dependencies \ * Digest verification failed: * /var/lib/layman/enlightenment/x11-plugins/e_modules-tclock/e_modules- tclock-.ebuild * Reason: Filesize does not match recorded size * Got: 385 * Expected: 379 ... done! !!! All ebuilds that could satisfy x11-plugins/e_modules-tclock have been masked. !!! One of the following masked packages is required to complete your request: - x11-plugins/e_modules-tclock-::enlightenment (masked by: corruption) For more information, see the MASKED PACKAGES section in the emerge man page or refer to the Gentoo
Re: [gentoo-user] kerninst (was Optional /usr merge in Gentoo)
Am 01.09.2013 20:16, schrieb Canek Peláez Valdés: On Sun, Sep 1, 2013 at 1:01 PM, Stefan G. Weichinger li...@xunil.at wrote: Some syntax error in line 26 as far as syntax highlighting in vim tells me ... everything red from down there ... but it works ... Well, a proper editor, like Emacs, highlights correcty Bash regex :P open your beer, gentleman ... editor-discussions ahead ;-) ... no, not really I got to figure out why I get multiple entries for one version right now ... my /boot might need some pre-cleanup ... but otherwise: great, thanks! It should put an entry for every /boot/vmlinuz-* file. Hmm, yes ... got 2 entries for 3.10.10 ... but I clean up and retest ... I pull linux-git into a directory aside from /usr/src ... this doesn't work with the current version AFAI see ... I will simply move my git-repo ... If the /usr/src/linux symlink points to linux-git, then the version should be git and everything should work. Otherwise is a bug. bug. Does not work so far here. Seems it doesn't like git as version when building the modules or something. Sorry, no time right now to further test it .. maybe more tomorrow. Thank you, Stefan
Re: [gentoo-user] Can't ping remote system
On 01/09/2013 20:07, Grant wrote: My laptop can't ping my remote system but it can ping others (google.com, yahoo.com, etc). I've tried disabling my firewall on both ends with '/etc/init.d/shorewall stop shorewall clear'. Could my ATT business ADSL connection on the remote system be blocking inbound pings? I did 'traceroute -w 30 -I ip-address' several times and the last IP displayed is always the same. I looked it up and it's an ATT IP supposedly located about 1500 miles from my machine which is also on an ATT connection. Does this tell me anything? Yes, it tells you that all hops up to that point at least respond to the kinds of icmp packets traceroute uses. The first hop that fails to answer isn't answering. You are looking for possible reasons why icmp might not be working out properly - that router is your first suspect. Admittedly, it might be blocking traceroute pings and still allow the responses you seek, but you have to start somewhere :-) So the culprit is the first IP that should appear in the list but doesn't? If so, how is that helpful since it's not displayed? This is where it gets tricky. You identify the last router in the list for which you have an address or name, and contact the NOC team for that organization. Ask them for the next hop in routing for the destination address you are trying to ping and hope that they will be kind enough to help you out. -- Alan McKinnon alan.mckin...@gmail.com
Re: [gentoo-user] Can't ping remote system
My laptop can't ping my remote system but it can ping others (google.com, yahoo.com, etc). I've tried disabling my firewall on both ends with '/etc/init.d/shorewall stop shorewall clear'. Could my ATT business ADSL connection on the remote system be blocking inbound pings? I did 'traceroute -w 30 -I ip-address' several times and the last IP displayed is always the same. I looked it up and it's an ATT IP supposedly located about 1500 miles from my machine which is also on an ATT connection. Does this tell me anything? Yes, it tells you that all hops up to that point at least respond to the kinds of icmp packets traceroute uses. The first hop that fails to answer isn't answering. You are looking for possible reasons why icmp might not be working out properly - that router is your first suspect. Admittedly, it might be blocking traceroute pings and still allow the responses you seek, but you have to start somewhere :-) So the culprit is the first IP that should appear in the list but doesn't? If so, how is that helpful since it's not displayed? This is where it gets tricky. You identify the last router in the list for which you have an address or name, and contact the NOC team for that organization. Ask them for the next hop in routing for the destination address you are trying to ping and hope that they will be kind enough to help you out. Oh man that's funny. Really? Let's say they do pass along the info. Then I hunt down contact info for the culprit router based on its IP and tell them their stuff isn't working and hope they fix it? Actually, since the last IP displayed is from ATT and my server's ISP is ATT, I suppose it's extremely likely that the culprit is either an ATT router somewhere or my own server and I could find out by calling ATT. - Grant
Re: [gentoo-user] PMTUD
On Sunday 01 Sep 2013 18:54:45 Grant wrote: OK, does PMTUD lower the outgoing packet size on my system due to the hotel router's lower MTU or does the hotel router itself fragment my 1500 byte packets in order to send them out? Just curious. If you are sending out packets with the DF bit set no fragmentation will take place - the packet is dropped and an appropriate message is returned to sender. Otherwise the router will fragment them and send them on to the recipient address. Shouldn't PMTUD change my MTU based on the hotel router's lower MTU? Yes, it should. At the start of the connection the sender sends DF in the header to find out what is the MRU that the network nodes will support. Then sends packets of the appropriate size so that they get through with no fragmentation. This is the optimal scenario. Now, imagine another scenario where some router/firewall/server does not send back the correct ICMP packet with its required MRU, or even worse it sends back a 1500 (full ethernet) size with DF set, or also drops fragments ... This reminds me of MSN IM which was a particularly bad implementation back when. The sender may eventually try a smaller packet, after initially increasing the time it waits for a response, and you could well get something through 30 seconds later, or even give up and time out. If you are using Shorewall at your remote server I would expect it to behave properly and return the correct ICMP packet when it receives a DF. However, I am not familiar with the Shorewall properties and settings, so if you suspect this as the cause of your problem it would be better if you look into it properly. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] Can't ping remote system
On Sunday 01 Sep 2013 19:50:53 Grant wrote: So the culprit is the first IP that should appear in the list but doesn't? If so, how is that helpful since it's not displayed? This is where it gets tricky. You identify the last router in the list for which you have an address or name, and contact the NOC team for that organization. Ask them for the next hop in routing for the destination address you are trying to ping and hope that they will be kind enough to help you out. Oh man that's funny. Really? Let's say they do pass along the info. Then I hunt down contact info for the culprit router based on its IP and tell them their stuff isn't working and hope they fix it? Actually, since the last IP displayed is from ATT and my server's ISP is ATT, I suppose it's extremely likely that the culprit is either an ATT router somewhere or my own server and I could find out by calling ATT. It could well be your router and it is easy to confirm this after you set it up to respond to ping (or set it to forward all packets with ICMP protocol to your server while you're troubleshooting this). After you set up your router/server to respond you should be getting a different mtr or traceroute output showing any hops in between you and your server that are dropping packets. You may have to contact them if they are running a saturated link which is not allowing you to use the service you are paying them for. Here's an example of saturated links: # mtr -r -c 9 -n bbc.co.uk Start: Sun Sep 1 20:03:24 2013 HOST: dell_xpsLoss% Snt Last Avg Best Wrst StDev [snip ...] 4.|-- 195.66.224.103 0.0% 9 65.8 41.1 26.0 77.3 19.1 5.|-- ??? 100.0 90.0 0.0 0.0 0.0 0.0 6.|-- ??? 100.0 90.0 0.0 0.0 0.0 0.0 7.|-- 132.185.254.1090.0% 9 28.1 32.5 27.0 55.7 9.7 8.|-- 132.185.255.1400.0% 9 27.0 27.5 26.4 29.0 0.6 9.|-- 212.58.251.195 0.0% 9 27.5 28.0 27.1 28.9 0.4 -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] Digest errors in an overlay, but only in one box
On Sunday 01 Sep 2013 19:25:45 Alan McKinnon wrote: That overlay hasn't been manifested properly, the checksums and file sizes don't match. You have two options: redigest every ebuild in the entire overlay I wasn't going to do this, given that one machine is happy. resync and hope it's fixed (maybe report a bug) Right, I tried that already, but I can wait a bit longer and resync again. With regards to filing a bug, I spoke to Thomas Sachau and he can't reproduce the problem on his side. Hence I ended up blaming something being wrong with my machine ... Just to confirm, this is vapier's overlay you are using? Not niifaq? Yes, this is vapier's overlay. I recall manifest problems with niifaq overlay a while ago, but can't recall issues with vapier's. It isn't the portage tree though, so I imagine it can be easy to forget the manifest step when committing files. What I can't explain is why one pc is happy using the overlay files and the other not. AFAIK portage doesn't allow digest checks to be disabled. Right, I can't explain this either. It's not as if each machine is using a somehow unique digest mechanism. I really don't understand how this can be happening, especially when I removed the whole /var/lib/layman/enlightenment/* tree on the dodgy PC and resync'ed. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: Integrated ZFS for Gentoo - WAS Re: [gentoo-user] Optional /usr merge in Gentoo
On Sun, Sep 01, 2013 at 09:49:23AM +0200, Joerg Schilling wrote Walter Dnes waltd...@waltdnes.org wrote: You can get away with most stuff as modules; ***BUT NOT THE ROOT FILESYSTEM***. Think about it for a minute. Gentoo reads modules off the disk. If the code for the root filesystem is a module, Gentoo would have to read the module off the disk to enable it to read the module off the disk... OOPS. This is a classic chicken and egg situation. On Solaris no problem with loadable modules - everything is dynamically loaded. ***YOU NEED A GRUB THAT UNDERSTANDS ZFS AND THAT GIVES A ZFS INTERFACE TO THE KERNEL TO USE BEFORE ZFS WAS LOADED***. So instead of needing ZFS built into the kernel, you need ZFS built into GRUB... ***AND*** you need a ZFS module for the main system... ***AND*** you need to keep both versions in sync. I'm not impressed. -- Walter Dnes waltd...@waltdnes.org I don't run desktop environments; I run useful applications
Re: [gentoo-user] virtualbox - failed to access the USB subsystem
On 09/01/13 08:50, Alan McKinnon wrote: On 01/09/2013 05:27, Joseph wrote: On 08/31/13 19:10, Joseph wrote: After recent upgrade I'm getting an error when trying to start the virtualbox. Failed to access the USB subsystem. Could not load the Host USB Proxy service: VERR_NOT_FOUND. Details: Result Code: NS_ERROR_FAILURE (0x4005) Component: Host Interface: IHost {dab4a2b8-c735-4f08-94fc-9bec84182e2f} Callee: IMachine {5eaa9319-62fc-4b0a-843c-0cb1940f8a91} cat /etc/group shows that I'm in vboxusers group vboxusers:x:1009:thelma,fd What else to try? I'm using Virtualbox 4.1.26 The strange part is when I login to the machine via FreeNX this message does not appear. But only when I'm in front of the box directly. This error pops up quite a lot on VirtualBox forums, it seems to be a generic error message and not have one specific cause. Some typical things that users report to fix things: - mismatched ViortualBox and extension pack versions - incorrect permissions on usb nodes in /dev - incorrect udev rules - legacy VBOX* settings in environment - and a few other oddities You might end up googling that specific error and following all the links till you hit the one that applies to you. The first few to get you going: https://www.virtualbox.org/ticket/9383 https://forums.virtualbox.org/viewtopic.php?f=7t=50670 https://bbs.archlinux.org/viewtopic.php?id=156247 -- Alan McKinnon alan.mckin...@gmail.com Thanks Alan for suggestions. I've re-installed the Guest Addition and see if something has changed. My problem is that everything works OK when I log-in over the Free-NX; I only noticed these problem when I physically was in front of the box. This box is in a remote location. -- Joseph
Re: Integrated ZFS for Gentoo - WAS Re: [gentoo-user] Optional /usr merge in Gentoo
On Sun, Sep 01, 2013 at 10:11:01AM -0400, Tanstaafl wrote You don't, it is only *required* if you have a separate /usr... in fact that is what the whole argument was about. At least that is my understanding of the situation now... please don't tell me I'm wrong and there was another vote and it is now required just to be able to use gentoo? This is for the people who want *EVERYTHING INCLUDING THE ROOT FILE SYSTEM CODE* built as a module. Note that the Gentoo (AMD64) docs at http://www.gentoo.org/doc/en/handbook/handbook-amd64.xml?full=1#book_part1_chap7say... Don't compile the file system you use for the root filesystem as module, otherwise your Gentoo system will not be able to mount your partition. Using an initramfs allows you to ignore that warning. -- Walter Dnes waltd...@waltdnes.org I don't run desktop environments; I run useful applications
Re: Integrated ZFS for Gentoo - WAS Re: [gentoo-user] Optional /usr merge in Gentoo
On Sep 2, 2013 5:21 AM, Walter Dnes waltd...@waltdnes.org wrote: On Sun, Sep 01, 2013 at 09:49:23AM +0200, Joerg Schilling wrote Walter Dnes waltd...@waltdnes.org wrote: You can get away with most stuff as modules; ***BUT NOT THE ROOT FILESYSTEM***. Think about it for a minute. Gentoo reads modules off the disk. If the code for the root filesystem is a module, Gentoo would have to read the module off the disk to enable it to read the module off the disk... OOPS. This is a classic chicken and egg situation. On Solaris no problem with loadable modules - everything is dynamically loaded. ***YOU NEED A GRUB THAT UNDERSTANDS ZFS AND THAT GIVES A ZFS INTERFACE TO THE KERNEL TO USE BEFORE ZFS WAS LOADED***. I'm confused as to what this means. Grub reads a filesystem, loads a kernel with options, and may give it an initrd. What happens from then on is none of grub's business. The filesystem it reads from and the one the kernel uses may be completely unrelated - this is why we have /boot filesystems. At what point does grub present a zfs interface for the kernel to use?
Re: Integrated ZFS for Gentoo - WAS Re: [gentoo-user] Optional /usr merge in Gentoo
On Sun, Sep 01, 2013 at 01:41:30PM +0800, Mark David Dumlao wrote Case in point - do you enable all the ext4 options, like acls and whatnot? Let's say no. What if you suddenly have to mount an external hard disk to recover some system on your server and the hard disk uses those ext4 options? If ext4 is hard built into your kernel, your recompile will have to basically redo the whole thing, whereas if ext4 was a module you would only recompile ext4 itself. Have you ever actually done this? I'd be very leery of pulling such a stunt. The clean way of switching module versions is to... * unload the old module, and * load the new module You obviously can't do this in your setup, because unloading the old module would mean you could no longer access the file system to read in the new module... OOPS. You could run a script that creates /dev/shm/lib/3.1.4.1.5.9-gentoo/ (easy as pieG) and copies the new module to that dir. Then unload the old module and load the new one, using modprobe with -d /dev/shm/. That still looks impossible. The problem is that you generally have a whole bunch of files open at any time. E.g. try... lsof -d txt | grep -v /proc/ | less ...and look at the output. Shutting down all those open files would be disastrous. But that's not what you're saying. You seem to imply that file system code can be overwritten *IN PLACE, WHILE IN USE*, without any problems. Colour me skeptical about that one. -- Walter Dnes waltd...@waltdnes.org I don't run desktop environments; I run useful applications
Re: [gentoo-user] Digest errors in an overlay, but only in one box
On Sunday 01 Sep 2013 20:18:54 you wrote: On Sunday 01 Sep 2013 19:25:45 Alan McKinnon wrote: Just to confirm, this is vapier's overlay you are using? Not niifaq? Yes, this is vapier's overlay. I think I got to the bottom of it. I reinstalled layman and all errors seem to have gone for now. :-) -- Regards, Mick signature.asc Description: This is a digitally signed message part.