Re: [gentoo-user] Q: pp requires --uesr option t hat doesn't exist?
$ pip install --user awscli or $ pip2.7 install --user awscli works. Merry Christmas. On 24 December 2017 at 21:54, Steven Lembark wrote: > > This should have been simple: Install AWS client command line tools. > Catch: Installing it with AWS' example tells me to use the "--user" > option, though not why, and supplying --user with or without an > argument tells me there is no such switch. > > I'd prefer not maintaining this stuff as SU, rather set up a group > with access to the necessary libarary areas in Python. > > $ pip install awscli > ERROR: (Gentoo) Please run pip with the --user option to avoid breaking > python-exec > > $ pip --user install awscli > > Usage: > pip [options] > > no such option: --user > > $ pip --user=lembark install awscli > > Usage: > pip [options] > > no such option: --user > > Examining the output from "pip --help" gives me lots of no "--user" > in the output, which makes sense if there are no users. Using > "--verbose" didn't tell me anything useful either. > > Say I want users in the "adm" group to maintain the Python libs, > I'll need to ( find | xargs chgrp adm; find > -type d | xargs chmod 02775; find -type f | xargs > chmod g+w ). > > Q: Whare are the python lib's stored? > > Python itself only tells me: > > $ python -V > Python 3.4.5 > > not the paths. > > Or, for that matter, does anyone know how to avoid the "--user" > requirement using pip? > > thanks > > -- > Steven Lembark 1505 National Ave > Workhorse Computing Rockford, IL 61103 > lemb...@wrkhors.com+1 888 359 3508 >
[gentoo-user] Q: pp requires --uesr option t hat doesn't exist?
This should have been simple: Install AWS client command line tools. Catch: Installing it with AWS' example tells me to use the "--user" option, though not why, and supplying --user with or without an argument tells me there is no such switch. I'd prefer not maintaining this stuff as SU, rather set up a group with access to the necessary libarary areas in Python. $ pip install awscli ERROR: (Gentoo) Please run pip with the --user option to avoid breaking python-exec $ pip --user install awscli Usage: pip [options] no such option: --user $ pip --user=lembark install awscli Usage: pip [options] no such option: --user Examining the output from "pip --help" gives me lots of no "--user" in the output, which makes sense if there are no users. Using "--verbose" didn't tell me anything useful either. Say I want users in the "adm" group to maintain the Python libs, I'll need to ( find | xargs chgrp adm; find -type d | xargs chmod 02775; find -type f | xargs chmod g+w ). Q: Whare are the python lib's stored? Python itself only tells me: $ python -V Python 3.4.5 not the paths. Or, for that matter, does anyone know how to avoid the "--user" requirement using pip? thanks -- Steven Lembark 1505 National Ave Workhorse Computing Rockford, IL 61103 lemb...@wrkhors.com+1 888 359 3508
Re: [gentoo-user] How to harden a system
I would also consider purchasing a system with libre firmware and without ME/PSP such as: POWER 9: TALOS 2 (server/workstation, brand new and very high performance - the only brand new hardware that is legitimately libre) x86-64: (older, pre-PSP AMD - the best CPU's for C32/G34 are equivilant to one FX-8310 for the 8 core or almost two FX-8310 for the 16 core) KGPE-D16 (server) KCMA-D8 (workstation) Lenovo G505S (laptop) It is truly disturbing to think that someone with an ME exploit could hack 80% of the computers on the planet.
Re: [gentoo-user] How to harden a system
On 12/24/2017 02:43 AM, Adam Carter wrote: Oh I just noticed that vtv is now default enabled for gcc, so you could try; CXXFLAGS="${CFLAGS} -fvtable-verify=std" I tried this on earlier gccs, and there was a fair bit of breakage so i didnt persue it. Maybe i'll re-try with 7.2 to see how things have progressed. Would you please elaborate on what types of breakage you saw? "security feature that verifies at run time, for every virtual call, that the vtable pointer through which the call is made is valid for the type of the object, and has not been corrupted or overwritten. If an invalid vtable pointer is detected at run time, an error is reported and execution of the program is immediately halted" I'm extremely new to these types of thing and don't truly understand the failure mode of things like this. It sound slike vtable-verify will conceptually make things more secure. But I don't know enough to know how likely believed to be perfectly happy code will pass or fail such vtable verifications. -- Grant. . . . unix || die smime.p7s Description: S/MIME Cryptographic Signature
Re: [gentoo-user] How to harden a system
> > Lastly, this in /etc/sysctl.conf. SYN cookies is kernel option. The fin > timeout cut was to clear out tens of thousands of TIME_WAIT sessions. > net.ipv4.tcp_fin_timeout = 20 > net.ipv4.tcp_syncookies = 1 > Oh I just noticed that vtv is now default enabled for gcc, so you could try; CXXFLAGS="${CFLAGS} -fvtable-verify=std" I tried this on earlier gccs, and there was a fair bit of breakage so i didnt persue it. Maybe i'll re-try with 7.2 to see how things have progressed. "security feature that verifies at run time, for every virtual call, that the vtable pointer through which the call is made is valid for the type of the object, and has not been corrupted or overwritten. If an invalid vtable pointer is detected at run time, an error is reported and execution of the program is immediately halted"
Re: [gentoo-user] after finally doing my emerge -e world successfully, my regular world update fails
> > Ok, thanks. The system profile warning below had me worried, but from what > you're said it appears that the warning is generated on an unsophisticated > check, and in this case is a false positive. > > # emerge -pv --depclean sys-apps/openrc net-misc/netifrc sys-apps/sysvinit > > FYI the rebuild of systemd automatically removes sys-apps/sysvinit for you, which is nice. So its just; emerge --depclean sys-apps/openrc net-misc/netifrc emerge -N systemd And its done.
Re: [gentoo-user] after finally doing my emerge -e world successfully, my regular world update fails
On Sun, 24 Dec 2017 13:11:08 +1100, Adam Carter wrote: > > > But virtual/service-manager is using openrc. How do i point this to > > > systemd? > > > > By having systemd installed. A virtual is just a list of packages that > > provide the functionality needed. As long as one of them is > > installed, it is happy. If not, it installs the first in the list. > > > > Ok, thanks. The system profile warning below had me worried, but from > what you're said it appears that the warning is generated on an > unsophisticated check, and in this case is a false positive. > > # emerge -pv --depclean sys-apps/openrc net-misc/netifrc > sys-apps/sysvinit > > Calculating dependencies... done! > sys-apps/sysvinit-2.88-r9 pulled in by: > sys-apps/systemd-236-r1 requires sys-apps/sysvinit > > >>> Calculating removal order... > > >>> These are the packages that would be unmerged: > > net-misc/netifrc > selected: 0.6.0 >protected: none > omitted: none > > > !!! 'sys-apps/openrc' (virtual/service-manager) is part of your system > profile. > !!! Unmerging it may be damaging to your system. That's probably because openrc is installed at the top of the list of deps in the virtual. I saw the same warning and everything is still working. -- Neil Bothwick The cow is nothing but a machine which makes grass fit for us people to eat. pgpIZU19DYZo_.pgp Description: OpenPGP digital signature
Re: [gentoo-user] 'firmware_install' won't on 4.14.7-gentoo
On Sunday, 24 December 2017 04:10:55 GMT Adam Carter wrote: > > As you can see above there is a marked difference between the firmware > > built > > by the two kernels. In any case, my '/lib/firmware/' path contains: > > > > $ ls -l /lib/firmware/radeon/RV730* > > -rw-r--r-- 1 root root 5440 Dec 20 17:29 /lib/firmware/radeon/RV730_me. > > bin > > -rw-r--r-- 1 root root 3392 Dec 20 17:29 /lib/firmware/radeon/RV730_ > > pfp.bin > > -rw-r--r-- 1 root root 16684 Dec 20 17:29 /lib/firmware/radeon/RV730_ > > smc.bin > > Earlier I saw > > CONFIG_EXTRA_FIRMWARE="intel-ucode/06-1e-05 radeon/R700_rlc.bin > radeon/RV730_smc.bin radeon/RV710_uvd.bin" Yes, other than the Intel microcode I followed the Gentoo Wiki page for my graphics card: https://wiki.gentoo.org/wiki/Radeon > For radeon/R700_rlc.bin > $ find /lib/firmware/ -name \*R700\* > /lib/firmware/radeon/R700_rlc.bin > > For radeon/RV730_smc.bin > $ find /lib/firmware/ -name \*RV730\* > /lib/firmware/radeon/RV730_pfp.bin > /lib/firmware/radeon/RV730_smc.bin > /lib/firmware/radeon/RV730_me.bin > > For adeon/RV710_uvd.bin > $ find /lib/firmware/ -name \*RV710\* > /lib/firmware/radeon/RV710_me.bin > /lib/firmware/radeon/RV710_pfp.bin > /lib/firmware/radeon/RV710_smc.bin > /lib/firmware/radeon/RV710_uvd.bin > > So it looks like you're trying to load firmware from three different > models. Yes, this is what the Wiki recommends for RV730. > Run lspci -v to determine which is correct one, then load all the firmwares > for that model. 02:00.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] RV730/M96-XT [Mobility Radeon HD 4670] (prog-if 00 [VGA controller]) Subsystem: Dell RV730/M96-XT [Mobility Radeon HD 4670] Flags: bus master, fast devsel, latency 0, IRQ 29 Memory at d000 (32-bit, prefetchable) [size=256M] I/O ports at 2000 [size=256] Memory at cfef (32-bit, non-prefetchable) [size=64K] [virtual] Expansion ROM at 000c [disabled] [size=128K] Capabilities: [50] Power Management version 3 Capabilities: [58] Express Legacy Endpoint, MSI 00 Capabilities: [a0] MSI: Enable+ Count=1/1 Maskable- 64bit+ Capabilities: [100] Vendor Specific Information: ID=0001 Rev=1 Len=010 Kernel driver in use: radeon 02:00.1 Audio device: Advanced Micro Devices, Inc. [AMD/ATI] RV710/730 HDMI Audio [Radeon HD 4000 series] Subsystem: Dell RV710/730 HDMI Audio [Radeon HD 4000 series] Flags: bus master, fast devsel, latency 0, IRQ 32 Memory at cfeec000 (32-bit, non-prefetchable) [size=16K] Capabilities: [50] Power Management version 3 Capabilities: [58] Express Legacy Endpoint, MSI 00 Capabilities: [a0] MSI: Enable+ Count=1/1 Maskable- 64bit+ Capabilities: [100] Vendor Specific Information: ID=0001 Rev=1 Len=010 Kernel driver in use: snd_hda_intel Kernel modules: snd_hda_intel It seems the blobs changed. The firmware_install message confused me by making me think this was the cause of not being able to initiate the graphics card when I tried to boot the new kernel, rather than the missing blobs. -- Regards, Mick signature.asc Description: This is a digitally signed message part.