Re: [gentoo-user] Re: Updating an old version of Gentoo

[Arve Barsnes]

>
> On Thursday 27 Jul 2017 09:48:43 symack wrote:
> > There must be an easy way to do this. Something like download the latest
> > portage and source package. Untar on live system and rebuild!
> > That would be so amazing if possible.​
>

It does not seem like the installation is super old, maybe worth a try to
update the portage tree in steps, by pulling from git at some set
intervals, and just do updates after each sync.

Re: [gentoo-user] Re: Updating an old version of Gentoo

[Gregory Woodbury]

I have updated online several time over the past few years.

Do portage first; then GCC and the basic system utilities (glibc,
make, binutils, etc...)
If you need a new kernel, make it and then reboot.
I would then do OpenRC and the rest of the development chain.
Finally, anything else.

I have also done the chroot install and replace. The main complications it to
make sure that configurations for your system (passwd/group and others
from /etc)
get transferred over before you get too far into the installation into
the chroot.

Good luck. You may email me if you want more details.

-- 
Gregory "Wolfe" Woodbury
redwo...@gmail.com

Re: [gentoo-user] BOINC on a hardened system?

[Gregory Woodbury]

Depending on which BOINC projects you choose to run, BOINC may or may
not need continual access to the Internet.
Most of the projects I run only need intermittent access to upload and
receive new workunits, but CERN projects need
continuous access while running.
Also, BOINC will run if the certificates are not owned by BOINC, but
will complain in the logs when they are updated, and then
you could update them by hand.

So far as I know, there have not been any vectors propagated via BOINC.

-- 
G.Wolfe Woodbury
redwo...@gmail.com

Re: [gentoo-user] Re: Updating an old version of Gentoo

[Mick]

On Thursday 27 Jul 2017 09:48:43 symack wrote:
> There must be an easy way to do this. Something like download the latest
> portage and source package. Untar on live system and rebuild!
> That would be so amazing if possible.​

There are a number of ways you could approach this.

1. Offline Update

Emerge within a chroot on an offline system having set the same CFLAGS with 
your production box, build binary packages, copy them over and run:

emerge -uaNDkv @system

Run dispatch, gcc-config, @represerved-rebuild, depclean and the like and 
assuming all is good reboot in the new kernel and repeat for world.

This will ensure minimal downtime.

2. Online Update

If downtime can be tolerated and your system is fast, you can back up /etc, 
/var/lib/portage/world and your database(s), take the system offline and 
reinstall with the latest stage 3 filesystem and portage from a LiveCD.  This 
will take considerably longer.

3. Hybrid

Personally, I would opt for a combo of 2 and 1.  In other words, I would re-
install offline using the configuration and databases of the live system, then 
test the new build to make sure all is working as expected.  Finally, take the 
prod system offline, and tar over the whole filesystem from the recently 
rebuilt mirror.  There may be some minor tweaks needed for fstab, hosts files 
between the two, but otherwise you will end up with a fresh build on your 
production box with relatively small amount of downtime.  You will also have 
an offline/cold standby system to manage emergencies and emerges with.

-- 
Regards,
Mick

signature.asc
Description: This is a digitally signed message part.

Re: [gentoo-user] Re: Updating an old version of Gentoo

[Andrés Becerra Sandoval]

2017-07-27 8:48 GMT-05:00 symack :

> There must be an easy way to do this. Something like download the latest
> portage and source package. Untar on live system and rebuild!
> That would be so amazing if possible.​
>


​If you have enough disk space create a chroot, do a new gentoo install on
it. When everything is installed in the chroot, replace the old
installation.

-- 
  Andrés Becerra Sandoval

[gentoo-user] Re: Updating an old version of Gentoo

[symack]

There must be an easy way to do this. Something like download the latest
portage and source package. Untar on live system and rebuild!
That would be so amazing if possible.​

[gentoo-user] Re: Updating an old version of Gentoo

[symack]

When I try to emerge portage I get:

All ebuilds that could satisfy ">=app-portage/elt-patches-20170317" have
been masked.

emerge --info
!!! SYNC setting found in make.conf.
This setting is Deprecated and no longer used.  Please ensure your
'sync-type' and 'sync-uri' are set correctly in
/etc/portage/repos.conf/gentoo.conf
Portage 2.2.20.1 (python 2.7.9-final-0,
default/linux/amd64/13.0/no-multilib, gcc-4.8.5, glibc-2.20-r2,
4.0.5-gentoo x86_64)
=
System uname:
Linux-4.0.5-gentoo-x86_64-Intel-R-_Xeon-TM-_CPU_3.60GHz-with-gentoo-2.2
KiB Mem: 8176220 total,   4596664 free
KiB Swap:2097148 total,   2097148 free
Timestamp of repository gentoo: Thu, 27 Jul 2017 13:00:01 +
sh bash 4.3_p39
ld GNU ld (Gentoo 2.24 p1.4) 2.24
app-shells/bash:  4.3_p39::gentoo
dev-lang/perl:5.20.2::gentoo
dev-lang/python:  2.7.9-r1::gentoo, 3.4.1::gentoo
dev-util/cmake:   3.2.2::gentoo
dev-util/pkgconfig:   0.28-r2::gentoo
sys-apps/baselayout:  2.2::gentoo
sys-apps/openrc:  0.17::gentoo
sys-apps/sandbox: 2.6-r1::gentoo
sys-devel/autoconf:   2.69::gentoo
sys-devel/automake:   1.14.1::gentoo, 1.15::gentoo
sys-devel/binutils:   2.24-r3::gentoo
sys-devel/gcc:4.8.5::gentoo
sys-devel/gcc-config: 1.7.3::gentoo
sys-devel/libtool:2.4.6::gentoo
sys-devel/make:   4.1-r1::gentoo
sys-kernel/linux-headers: 3.18::gentoo (virtual/os-headers)
sys-libs/glibc:   2.20-r2::gentoo
Repositories:

gentoo
location: /usr/portage
sync-type: rsync
sync-uri: rsync://rsync.gentoo.org/gentoo-portage
priority: -1000

ACCEPT_KEYWORDS="amd64"
ACCEPT_LICENSE="* -@EULA"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-O2 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/gconf
/etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"
CXXFLAGS="-O2 -pipe"
DISTDIR="/usr/portage/distfiles"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-logs config-protect-if-modified distlocks
ebuild-locks fixlafiles merge-sync news parallel-fetch preserve-libs
protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs
unmerge-orphans userfetch userpriv usersandbox usersync"
FFLAGS="-O2 -pipe"
GENTOO_MIRRORS="http://mirror.csclub.uwaterloo.ca/gentoo-distfiles/;
LANG="en_US"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times
--omit-dir-times --compress --force --whole-file --delete --stats
--human-readable --timeout=180 --exclude=/distfiles --exclude=/local
--exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
USE="acl amd64 app-emulation/xen-4.3.3-r3 berkdb bzip2 cli cracklib crypt
cxx dri fortran gdbm iconv ipv6 modules ncurses nls nptl openmp pam pcre
readline seccomp session ssl tcpd unicode xattr zlib" ABI_X86="64"
ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci
emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m
maestro3 trident usb-audio via82xx via82xx-modem ymfpci"
APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias
auth_basic authn_alias authn_anon authn_dbm authn_default authn_file
authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user
autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env
expires ext_filter file_cache filter headers include info log_config logio
mem_cache mime mime_magic negotiation rewrite setenvif speling status
unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow
plan sheets stage tables krita karbon braindump author"
COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog"
CPU_FLAGS_X86="mmx mmxext sse sse2" ELIBC="glibc" GPSD_PROTOCOLS="ashtech
aivdm earthmate evermore fv18 garmin garmintxt gpsclock isync itrax mtk3301
nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf
skytraq superstar2 timing tsip tripmate tnt ublox ubx"
INPUT_DEVICES="libinput keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad
cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text"
LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer"
OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-6"
POSTGRES_TARGETS="postgres9_5" PYTHON_SINGLE_TARGET="python2_7"
PYTHON_TARGETS="python2_7" RUBY_TARGETS="ruby21 ruby22" USERLAND="GNU"
VIDEO_CARDS="amdgpu fbdev intel nouveau radeon radeonsi vesa dummy v4l"
XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p
iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark
dhcpmac delude chaos account"
USE_PYTHON="2.7"
Unset:  CC, CPPFLAGS, CTARGET, CXX, EMERGE_DEFAULT_OPTS, INSTALL_MASK,
LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS,
PORTAGE_RSYNC_EXTRA_OPTS

[gentoo-user] Updating an old version of Gentoo

[symack]

Hello Everyone,

I usually dive right into these things however I do not have a lot of
experience with Gentoo and currently facing this task.

Is there a safe and conservative way to upgrade this live system minimizing
downtime as much as possible.

Your help is greatly appreciated.

Kind Regards,

Nick.

[gentoo-user] BOINC on a hardened system?

[Peter Humphrey]

Hello list,

I have a small box as a web development host, running hardened-sources, 
which I'll also want to expose to the Internet for odd periods. As that load 
is so light, I thought it might be a good idea to put the spare CPU to some 
use by running BOINC.

The startup script, however, changes the entire boinc directory's ownership 
to the user nominated in /etc/conf.d/boinc. The problem is that, on a 
hardened system, the ca-bundle.crt file must be owned by root.

This could be fixed with a small addition to the startup script, but before I 
open a bug, does the panel think I ought to be running BOINC on an exposed 
system? I don't know any of its history to argue one way or the other, but 
the team does try to avoid security lapses.

-- 
Regards
Peter