Re: [gentoo-user] Re: Updating an old version of Gentoo
> > On Thursday 27 Jul 2017 09:48:43 symack wrote: > > There must be an easy way to do this. Something like download the latest > > portage and source package. Untar on live system and rebuild! > > That would be so amazing if possible. > It does not seem like the installation is super old, maybe worth a try to update the portage tree in steps, by pulling from git at some set intervals, and just do updates after each sync.
Re: [gentoo-user] Re: Updating an old version of Gentoo
I have updated online several time over the past few years. Do portage first; then GCC and the basic system utilities (glibc, make, binutils, etc...) If you need a new kernel, make it and then reboot. I would then do OpenRC and the rest of the development chain. Finally, anything else. I have also done the chroot install and replace. The main complications it to make sure that configurations for your system (passwd/group and others from /etc) get transferred over before you get too far into the installation into the chroot. Good luck. You may email me if you want more details. -- Gregory "Wolfe" Woodbury redwo...@gmail.com
Re: [gentoo-user] BOINC on a hardened system?
Depending on which BOINC projects you choose to run, BOINC may or may not need continual access to the Internet. Most of the projects I run only need intermittent access to upload and receive new workunits, but CERN projects need continuous access while running. Also, BOINC will run if the certificates are not owned by BOINC, but will complain in the logs when they are updated, and then you could update them by hand. So far as I know, there have not been any vectors propagated via BOINC. -- G.Wolfe Woodbury redwo...@gmail.com
Re: [gentoo-user] Re: Updating an old version of Gentoo
On Thursday 27 Jul 2017 09:48:43 symack wrote: > There must be an easy way to do this. Something like download the latest > portage and source package. Untar on live system and rebuild! > That would be so amazing if possible. There are a number of ways you could approach this. 1. Offline Update Emerge within a chroot on an offline system having set the same CFLAGS with your production box, build binary packages, copy them over and run: emerge -uaNDkv @system Run dispatch, gcc-config, @represerved-rebuild, depclean and the like and assuming all is good reboot in the new kernel and repeat for world. This will ensure minimal downtime. 2. Online Update If downtime can be tolerated and your system is fast, you can back up /etc, /var/lib/portage/world and your database(s), take the system offline and reinstall with the latest stage 3 filesystem and portage from a LiveCD. This will take considerably longer. 3. Hybrid Personally, I would opt for a combo of 2 and 1. In other words, I would re- install offline using the configuration and databases of the live system, then test the new build to make sure all is working as expected. Finally, take the prod system offline, and tar over the whole filesystem from the recently rebuilt mirror. There may be some minor tweaks needed for fstab, hosts files between the two, but otherwise you will end up with a fresh build on your production box with relatively small amount of downtime. You will also have an offline/cold standby system to manage emergencies and emerges with. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] Re: Updating an old version of Gentoo
2017-07-27 8:48 GMT-05:00 symack: > There must be an easy way to do this. Something like download the latest > portage and source package. Untar on live system and rebuild! > That would be so amazing if possible. > If you have enough disk space create a chroot, do a new gentoo install on it. When everything is installed in the chroot, replace the old installation. -- Andrés Becerra Sandoval
[gentoo-user] Re: Updating an old version of Gentoo
There must be an easy way to do this. Something like download the latest portage and source package. Untar on live system and rebuild! That would be so amazing if possible.
[gentoo-user] Re: Updating an old version of Gentoo
When I try to emerge portage I get: All ebuilds that could satisfy ">=app-portage/elt-patches-20170317" have been masked. emerge --info !!! SYNC setting found in make.conf. This setting is Deprecated and no longer used. Please ensure your 'sync-type' and 'sync-uri' are set correctly in /etc/portage/repos.conf/gentoo.conf Portage 2.2.20.1 (python 2.7.9-final-0, default/linux/amd64/13.0/no-multilib, gcc-4.8.5, glibc-2.20-r2, 4.0.5-gentoo x86_64) = System uname: Linux-4.0.5-gentoo-x86_64-Intel-R-_Xeon-TM-_CPU_3.60GHz-with-gentoo-2.2 KiB Mem: 8176220 total, 4596664 free KiB Swap:2097148 total, 2097148 free Timestamp of repository gentoo: Thu, 27 Jul 2017 13:00:01 + sh bash 4.3_p39 ld GNU ld (Gentoo 2.24 p1.4) 2.24 app-shells/bash: 4.3_p39::gentoo dev-lang/perl:5.20.2::gentoo dev-lang/python: 2.7.9-r1::gentoo, 3.4.1::gentoo dev-util/cmake: 3.2.2::gentoo dev-util/pkgconfig: 0.28-r2::gentoo sys-apps/baselayout: 2.2::gentoo sys-apps/openrc: 0.17::gentoo sys-apps/sandbox: 2.6-r1::gentoo sys-devel/autoconf: 2.69::gentoo sys-devel/automake: 1.14.1::gentoo, 1.15::gentoo sys-devel/binutils: 2.24-r3::gentoo sys-devel/gcc:4.8.5::gentoo sys-devel/gcc-config: 1.7.3::gentoo sys-devel/libtool:2.4.6::gentoo sys-devel/make: 4.1-r1::gentoo sys-kernel/linux-headers: 3.18::gentoo (virtual/os-headers) sys-libs/glibc: 2.20-r2::gentoo Repositories: gentoo location: /usr/portage sync-type: rsync sync-uri: rsync://rsync.gentoo.org/gentoo-portage priority: -1000 ACCEPT_KEYWORDS="amd64" ACCEPT_LICENSE="* -@EULA" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo" CXXFLAGS="-O2 -pipe" DISTDIR="/usr/portage/distfiles" FCFLAGS="-O2 -pipe" FEATURES="assume-digests binpkg-logs config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync" FFLAGS="-O2 -pipe" GENTOO_MIRRORS="http://mirror.csclub.uwaterloo.ca/gentoo-distfiles/; LANG="en_US" LDFLAGS="-Wl,-O1 -Wl,--as-needed" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" USE="acl amd64 app-emulation/xen-4.3.3-r3 berkdb bzip2 cli cracklib crypt cxx dri fortran gdbm iconv ipv6 modules ncurses nls nptl openmp pam pcre readline seccomp session ssl tcpd unicode xattr zlib" ABI_X86="64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="mmx mmxext sse sse2" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="libinput keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-6" POSTGRES_TARGETS="postgres9_5" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7" RUBY_TARGETS="ruby21 ruby22" USERLAND="GNU" VIDEO_CARDS="amdgpu fbdev intel nouveau radeon radeonsi vesa dummy v4l" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" USE_PYTHON="2.7" Unset: CC, CPPFLAGS, CTARGET, CXX, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
[gentoo-user] Updating an old version of Gentoo
Hello Everyone, I usually dive right into these things however I do not have a lot of experience with Gentoo and currently facing this task. Is there a safe and conservative way to upgrade this live system minimizing downtime as much as possible. Your help is greatly appreciated. Kind Regards, Nick.
[gentoo-user] BOINC on a hardened system?
Hello list, I have a small box as a web development host, running hardened-sources, which I'll also want to expose to the Internet for odd periods. As that load is so light, I thought it might be a good idea to put the spare CPU to some use by running BOINC. The startup script, however, changes the entire boinc directory's ownership to the user nominated in /etc/conf.d/boinc. The problem is that, on a hardened system, the ca-bundle.crt file must be owned by root. This could be fixed with a small addition to the startup script, but before I open a bug, does the panel think I ought to be running BOINC on an exposed system? I don't know any of its history to argue one way or the other, but the team does try to avoid security lapses. -- Regards Peter