Re: [gentoo-user] How to install Ruby bindings in an ebuild

[Ralph Seichter]

* Michael Orlitzky:

> The eclass sets S=$WORKDIR at first because it creates a separate
> source tree for each version of ruby that will be built for. [...]

Hm. While that sounds useful for "full Ruby" ebuilds, I don't see how to
circumvent the impact for the particular ebuild I am trying to extend,
other than overriding S in src_compile() etc.

The build needs to create a C shared library, Python bindings, and now
an additional shared library containing the Ruby bindings. Might this be
a case where a new, separate ebuild for the Ruby bindings would be a
better option than expanding the existing build?

> That uses the currently-eselected version of ruby to determine the
> path though.

I thought of that and tried to use ${RUBY} instead, but the variable was
empty. Hence I use the literal 'ruby' as a workaround, until a better
method comes to mind.

-Ralph

Re: [gentoo-user] How to install Ruby bindings in an ebuild

[Ralph Seichter]

Hello Michael. Long time no read. ;-)

> I think the best way to support that in a package is to declare which
> ruby versions are supported with USE_RUBY and ruby-ng.eclass.

I tried what you suggested. However, inheriting from ruby-ng.eclass
introduces an odd problem: For some reason unknown to me, "${S}" no
longer matches the default value of "${WORKDIR}/${P}", but only what I'd
expect in "${WORKDIR}". That means the base directory for src_compile
and src_install is not correct, causing the build to fail. It might be a
bug in ruby-ng, or a side effect of inheriting from ruby-ng on top of
the other eclasses already needed/used by the ebuild. I don't feel
comfortable with opening this particular can of worms when only a single
library something.so needs to be installed. Right now, I changed to
this:

  local p=$(ruby -e 'puts $LOAD_PATH' | grep 'vendor.\+linux')
  [[ -d "${p}" ]] || die "'${p}' is not a directory"
  exeinto "${p}"

Not very pretty either, but at least this avoids any hardcoded
directories.

-Ralph

[gentoo-user] How to install Ruby bindings in an ebuild

[Ralph Seichter]

I need to install Ruby bindings (something.so) during an ebuild,
specifically into the /usr/lib64/ruby/vendor_ruby/3.0.0/x86_64-linux
directory. I scanned existing ebuilds for an example, but have not yet
found one. The developer manual [1] mentions newlib.so, but that
function appears to inject "/lib64" into the destination path on my
machine. Thus, I currently use the following crutch:

  exeinto /usr/lib64/ruby/vendor_ruby/3.0.0/x86_64-linux
  doexe ./bindings/ruby/something.so

While this works for the time being, this seems quite wrong to me,
because the destination path is obviously hardcoded. Is there perhaps
something in the ruby-utils or ruby-single eclasses I missed? I had
hoped to find support for installing vendor modules for Ruby here.

Your suggestiions are appreciated.

-Ralph

[1] https://devmanual.gentoo.org/function-reference/install-functions/index.html

Re: [gentoo-user] gentoo for a virtual server in the cloud?

[Ralph Seichter]

* Raphael Mejias Dias:

> I've read this question and now I'm curious about how much it would
> cost to compile a Gentoo system into cloud. Anyone know this?

The cheapest Gentoo VMs of mine are based on Hetzner's CX11 [1] which
cost 3,49 EUR per month (plus VAT, but no setup fees). Gentoo can be
installed by booting Hetzner's custom "rescue image" Linux which comes
will full network support, which is all that is required.

[1] https://www.hetzner.com/cloud?country=ot

Disclaimer: I have no affiliation with Hetzner beyond having used their
services for more than 15 years.

-Ralph

Re: [gentoo-user] TLD for home LAN?

[Ralph Seichter]

* tastytea:

> Another solution would be to register an inexpensive domain name and
> use that. 

Quite so. For example, Hetzner (no affiliation) charges 3,36 EUR per
year for a .de Domain. An officially registered domain saves a lot of
hassle.

-Ralph

Re: [gentoo-user] Local mail delivery agent (MDA) wanted

[Ralph Seichter]

* Frank Steinmetzger:

> I am looking for an as-simple-as-possible setup for local mail
> delivery.

See http://www.postfix.org/STANDARD_CONFIGURATION_README.html as a
starting point. Using Postfix for the purposes you described is an
easy-to-setup, robust option which can (but does not have to) grow with
possible future demands.

-Ralph

Re: [gentoo-user] foot terminal not in portage?

[Ralph Seichter]

* caveman رَجُلُ الْكَهْفِ 穴居人:

> why doesn't portage have foot?

Probably because nobody has yet created an ebuild for it? Feel free to
put in the necessary work and provide one yourself.

-Ralph

Re: [gentoo-user] flask up/downgrade problem/question

[Ralph Seichter]

* Jack:

> I had originally installed with -test, but just re-emerged with "test"
> and it emerged with no problems, although I'll have to check the log
> to see if it did actually run the tests.

I just tried it myself. I created flask-migrate-3.0.1-r2.ebuild in an
overlay, using RDEPEND=">=dev-python/flask-0.9[${PYTHON_USEDEP}]". All
tests succeeded when run against dev-python/flask-2.0.1-r1 .

-Ralph

Re: [gentoo-user] flask up/downgrade problem/question

[Ralph Seichter]

* Jack:

> It seems that flask-migrate was recently upgraded from 3.0.0 to 3.0.1,
> but it's DEPEND for flask was changed from >=flask-0.9 to https://bugs.gentoo.org/801670

-Ralph

Re: [gentoo-user] sendmail configuration

[Ralph Seichter]

* the...@sys-concept.com:

> I've always used postifx but I want to try sendmail this time.
> And I have a hard time finding gentoo howto.

Well, configuration-wise, you are saying "I've always enjoyed a soothing
massage, but I want to try being dragged over cobblestone pavement while
simultaneously being caned this time". Some people might choose this
option, but it is not exactly mainstream. ;-)

Based on my personal experience of having used Sendmail for many years
before Postfix became available, I recommend avoiding Sendmail whenever
humanly possible.

-Ralph

Re: [gentoo-user] python2 really really really gone? Scripts all broken?

[Ralph Seichter]

* n952...@web.de:

> I confess, I never really read the fine print to the end because it
> never occurred to me that python would be so gratuitously
> authoritarian as that.

Now look at you. Hiding behind an anonymous freemail address, not paying
attention (for years), whining that the makers of a free programming
language wisely decided to abandon an outdated version for which free
updates have been available (for years), so as to better focus their
efforts.

You don't get to whine about things like that. It is that simple.

-Ralph

Re: [gentoo-user] Re: Local mail server

[Ralph Seichter]

* Grant Edwards:

> Pricing is based on what people are willing to pay. People are willing
> to pay extra for a static IPv6 address, therefore static IPv6
> addresses cost extra.

Somewhere, and some people. I'd be interested to hear from users who
still need to pay extra for IPv6. Here in Germany IPv6 usually comes at
not extra cost (I write "usually" because I don't know every single ISP
here; some only operate in a particular city.)

-Ralph

Re: [gentoo-user] Local mail server

[Ralph Seichter]

* antli...@youngman.org.uk:

> An ISP will then be allocated the next 16 bits, giving them a 32-bit
> address space to allocate to their customers - each ISP will have an
> address space the size of IPv4?!

ISPs can ask for several address spaces, each of which had a much,
*much* larger address space than the whole of IPv4. My ISP (Deutsche
Telekom) assigns /56 Subnets to Home Routers. Given that an IPv6 address
encompasses 128 Bits, each household is thus provided with an address
space of 2^(128-56) Bits. The whole of IPv4 spans only 2^32 Bits.

Any halfway decent data center should, at least, hand out /64 Subnets
for each and every hardware server and VM, free of charge. With virtu-
alisation becoming mainstream, I'd prefer to have a /56 for the host
server, so I can assign /64 subnets to each VM.

A wider address space does not mean one makes use of every available
address, of course. It just makes routing that much simpler, and there
is no need for silly stuff like NAT.

-Ralph

Re: [gentoo-user] What's with all these "acct-group" ebuilds recently?

[Ralph Seichter]

* Daniel Frey:

> You just pointed out the ambiguity.

I did no such thing, and there is no ambiguity. There is only the
failure to specify a package's identifier ("atom").

> Emerging a package solely by its name worked 99.9% of the time before
> this change.

Perhaps for the packages you used; I have obviously not verified
that. Even if it was the case, it was not guaranteed to work that
way. Package atoms are, and have been, of the form CATEGORY/NAME, not
just NAME. Emerge also expects atoms, not names (as do package.mask,
package.use, etc.).

> Now new users get the fun of "Gee, which one is the one I actually
> want?" MythTV is a fairly clear one to figure out, but other packages
> aren't.

"New users" can rely on Gentoo utilities like "eix", "emerge --search"
or "equery". There's also https://packages.gentoo.org . Thus, I see no
problem.

-Ralph

Re: [gentoo-user] What's with all these "acct-group" ebuilds recently?

[Ralph Seichter]

* Daniel Frey:

> I went to emerge mythtv (I think) and now it says it's an ambiguous
> requests with *both* the group and user of the same name.

You need to emerge "media-tv/mythtv", not just "mythtv". Nothing
ambiguous about it.

Further reading: https://www.gentoo.org/glep/glep-0081.html

-Ralph

Re: [gentoo-user] Is Gentoo dead?

[Ralph Seichter]

* con...@ftml.net:

> Still you have to manually configure things. And I know that Gentoo is
> about choice, but configuring kernel is hard.

It may be hard for you personally, but it is not hard for everyone, so I
object to the generalisation. You can choose between learning more about
the Linux kernel (it is not a Gentoo-specific subject) or opt to go with
Genkernel instead. I see nothing "dead" in that.

-Ralph

Re: [gentoo-user] aggregate logs into Elasticsearch

[Ralph Seichter]

* Stefan G. Weichinger:

> Maybe I look into mongodb as well, for example I found this small
> howto: https://www.fluentd.org/guides/recipes/maillog-mongodb

That looks unnecessarily complicated to me. While you can of course move
data from an existing log file into MongoDB, I find configuring syslog
to use a MongoDB destination (in addition to your files or as a full
replacement) much easier.

See [1] section "Storing messages in a MongoDB database". I have also
done it with rsyslog, but that took a bit more work.

Here's a syslog-ng destination I use. Note that using uri() allows
passing parameters to modern MongoDB drivers which the older servers()
statement cannot cope with.

  destination d_mongo {
mongodb(
  uri("mongodb://user:pw@hostname:27017/syslog?authSource=admin=true")
  collection("messages")
  value-pairs(
scope("selected-macros" "nv-pairs")
pair("DATE", datetime("$UNIXTIME"))
pair("PID", int64("$PID"))
pair("SEQNUM", int64("$SEQNUM"))
exclude("HOST*")
exclude("LEGACY*")
exclude("SOURCE*")
exclude("TAGS")
  )
);
  };

Values are strings to begin with. This example excludes some values I am
not interested in, and performs type conversion on others, for example
mapping DATE to MongoDB's date/time data type (see ISODate) and PID to a
numeric value. Conversion can of course happen during analysis, but
since syslog-ng is smart enough to do it when writing data, I prefer
that.

[1] 
https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edition/3.16/administration-guide/37#TOPIC-956524

-Ralph

Re: [gentoo-user] Idea for Videoconferencing (Video part)

[Ralph Seichter]

* Petric Frank:

> But normal people aren't professional actors. I thought i could be
> a technical solution. Making life easier in this corona-days with
> increasing video conferences.

Normal people just have to adapt to a worldwide pandemic and be damn
grateful for existing video conferencing software, much of it available
free of charge. In light of the real problems related to COVID-19 I
couldn't care less about fake eye contact if I actively tried.

However, business has been very slow lately. If you are willing to pay
me for months of work, and for the necessary hardware, I might work
something out. Oh, while you're at it, don't forget that you'll need to
sponsor multiple cameras for each user of the new software.

Sorry, I just cannot take this seriously. In fact, it annoys me to even
contemplate this prime example of a first world problem. If you want to
make life easier for some people and have a little money to spare, please
consider supporting local health workers. Thank you.

-Ralph

Re: [gentoo-user] aggregate logs into Elasticsearch

[Ralph Seichter]

* Stefan G. Weichinger:

> My goal:
>
> collect logs of postfix, nginx into the docker-containers running ES,
> Kibana .. and learn my way from there.

If you are not dead-set on Elasticsearch et al, I propose considering
MongoDB as an alternative.

There are syslog Modules that allow logging into MongoDB directly. On
the DB side, collections (roughly equivalent to tables in relational
databases) can be limited by size or by age, meaning that removing older
data will happen automatically if you so wish.

MongoDB also makes it easy to add data from sources with different data
makeup to shared collections, because there is no rigid table structure.

For analysis, MongoDB includes its own Aggregation Framework[1], which
is a very powerful and versatile. While probably not relevant to your
needs right now, It even comes with built-in geolocation search

  [1] https://docs.mongodb.com/manual/core/aggregation-pipeline/

I think very highly of MongoDB and encourage you to look into it as a
possibility and as an interesing technical concept.

-Ralph

Re: [gentoo-user] Idea for Videoconferencing (Video part)

[Ralph Seichter]

* Petric Frank:

> Problem: Usually the camera is outside of the screen. The user normally looks
> at the screen. As result the communication partner(s) see him not looking at
> the camera.

It may be bothering you, but that's not a problem in any real life
sense. People can either live with it, knowing the reasons behind it, or
look into the camera when speaking, if they want to provide an illusion
of eye contact. Actors have been doing it for ages.

> Anyone taking the task ?

You are aware it is no longer April the first? :-)

-Ralph

Re: [gentoo-user] Rasp-Pi-4 Gentoo servers

[Ralph Seichter]

* ai...@aisha.cc:

> I'm not too sure that running it as a mail server is impossible.

I never wrote that it is impossible, only that "I would not use it as an
Internet-facing production Mailserver". That's a huge difference. You
are free to do as you wish, but I still consider it an unsuitable role
for a wee Rasberry Pi, considering the I/O load I see on our production
mail servers. SD-Cards really don't like this sort of thing.

-Ralph

Re: [gentoo-user] Rasp-Pi-4 Gentoo servers

[Ralph Seichter]

* james:

> I'm thinking about setting up a pair of Rasp-Pi-4 as DNS servers with
> 4GB of ram. Is that enough ram for a DNS server?

For running the Nameservers, yes. Compiling Gentoo packages will likely
put your SD-Card under stress, but that's just how it goes. My Model B
Rev 2 of 2015 runs dnsmasq as DHCP server, NGINX, Postfix, Unbound and
more for a bunch of clients in a LAN. It is quite nifty as a local DNS
Resolver and DHCP server, because it is usually the fastest to boot
after the occasional power outage.

I would not use it as an Internet-facing production Mailserver, though,
because that would generate a lot of I/O, which is not a Raspberry Pi
strong suit.

-Ralph

Re: [gentoo-user] Help with IPv6, please

[Ralph Seichter]

* Peter Humphrey:

> My IPv6 address is indeed static.

Nice. In that case, you can of course use your router's global scope
address in /etc/hosts or DNS.

> The only IPv6 details my router shows are the LAN and WAN addresses,
> and 'ip -6 route show' on this host, although it lists six addresses
> bound to eth0, doesn't mention fd67.

ULA support, or rather the ability to assign additional static IPv6
addresses to an interface, depends on the router's firmware. If you can
make it work, https://cd34.com/rfc4193/ can help you generate a ULA
prefix.

ULA allows for fixed addresses, while SLAAC-based addresses expire and
can contain random components, and that's why static name-to-address
mappings generally use ULA.

-Ralph

Re: [gentoo-user] Re: To all IPv6-slackers among the Gentoo community

[Ralph Seichter]

* Ian Zimmerman:

> [OpenWrt] needs one crucial bit of configuration that's kind of hidden
> (can't be done via the GUI), to let the router advertisements through.

Glad to hear that you got things working. You have probably already
filed a GUI enhancement request. ;-)

-Ralph

Re: [gentoo-user] Help with IPv6, please

[Ralph Seichter]

* gentoo-u...@c-14.de:

> The easiest option is if you're using stateful DHCPv6. In this case
> you just need to set up your dhcp server to notify your dns server of
> any new leases.

That's what you consider "the easiest option"? ;-)

I usually ask the following of people starting with IPv6: Do you really
need fixed names for all nodes, or is this more of a reflex?

In my experience, home networks can usually run with only a few fixed
addresses (or rather name-to-address mappings). An old printer might
need a fixed address. A multimedia server will broadcast its services
and often does not need a fixed address. Neither do various smart-
phones. The router might need one, if it has a web UI. Something like
this might be enough:

  # /etc/hosts
  fd67:1:2:3::1 router.local  router
  fd67:1:2:3::2 printer.local printer

fd67:1:2:3::/64 is a random ULA prefix, pretty much an equivalent of
10.0.0.0/8 but much larger. Just assign a fixed ULA address to nodes
that *really* need it and share /etc/hosts across your nodes.

That, to me, is an easier option than setting up DHCPv6 and a DNS
server, both of which need to support dynamic DNS updates. Depending on
your environment, "ping6 somename.local" might work without any manual
configuration at all, as I mentioned in my previous message.

-Ralph

Re: [gentoo-user] Help with IPv6, please

[Ralph Seichter]

* Peter Humphrey:

> $ ping6 vdsl
> ping: vdsl: No address associated with hostname

The outcome of ping depends on /etc/resolv.conf and /etc/hosts, and even
on the OS of the IPv6 nodes involved. Apple devices will be available as
somename.local, with "somename" being what the user configured as the
device's name in Preferences->Sharing. I can for example ping my iPhone
via "ping6 silver.local".

> If I add the LAN address of the Bipac to /etc/hosts, ping finds it
> okay, but what if the address changes if the Bipac reboots?

Your Bipac will have multiple "LAN addresses", or rather addresses that
are bound to the LAN-facing network interface. In your example, you were
pinging the global scope address 2a02:x which may change over time,
unless your provider assigns static networks (mine does not). However,
the router should also have at least one link-local address and one
unique local address (ULA):

  Global scope: 2a02:8010:x (may change or may not)
  Link local: fe80:y (may change with SLAAC privacy extensions)
  ULA: fd67:z (should be fixed)

With my router, the ULA was set up once when I first picked a random ULA
prefix, and has remained immutable since then.

> I see my mobile phone has acquired an IPv6 address starting with
> fe80::40be... and it doesn't look like its MAC address.

That's not actually a bad thing. I mentioned SLAAC privacy extensions
(RFC 4941) before; [1] offers some explanations.

[1] 
https://www.internetsociety.org/resources/deploy360/2014/privacy-extensions-for-ipv6-slaac/

-Ralph

Re: [gentoo-user] Re: Network config problem

[Ralph Seichter]

* Nuno Silva:

> Which version of netifrc do you have? Could this be bug 642774[1]?

Possibly. Similar issues have been reported for a while, see for example
https://bugs.gentoo.org/609682 .  Since I only stop network interfaces
manually once in a blue moon, I have shrugged it off so far.

-Ralph

Re: [gentoo-user] Re: To all IPv6-slackers among the Gentoo community

[Ralph Seichter]

* Ralph Seichter:

> I just randomly picked [1] as a generator service

[1] being https://cd34.com/rfc4193/ . I need more sleep, I really do.

-Ralph

Re: [gentoo-user] Re: To all IPv6-slackers among the Gentoo community

[Ralph Seichter]

* Mick:

> I have net-libs/libndp installed, but no ndp command ... where is it
> hiding?

Oh, I forgot that "ndp" is BSD Unix specific. On Gentoo, you can use
sys-apps/iproute2 tools, e.g. "ip -6 neigh" to inspect the kernel's
neighbour table.

> PS. Thanks for your posts and links, at some point I will be replacing
> my aging router with a dual stack device and all this is good
> education for me.

My pleasure. I am actually surprised that this thread gained some
traction, instead of being wholly dismissed as networking nerdiness.
Go Gentoo users! ;-)

-Ralph

Re: [gentoo-user] Re: To all IPv6-slackers among the Gentoo community

[Ralph Seichter]

* Walter Dnes:

> Assume the following [...]

Pretty close. If you *really* want to set things up manually, I suggest
using ULA as per https://tools.ietf.org/html/rfc4193 . I just randomly
picked [1] as a generator service, entered a fictuous MAC address (you
should use one of your own), and clicked "Go". The outcome was:

  Your Private IPv6 network is:
  fdb3:fa69:3947::/48
  giving you access to the to the following /64s:
  fdb3:fa69:3947:0::/64 through fdb3:fa69:3947:::/64

The private /48 network contains 2^16 /64 subnets, so there is enough to
go round for LAN, DMZ, guest network, etc. As an example, let's pick
fdb3:fa69:3947:0::/64 as our local network.

> machine1 has a script in /etc/local.d/ that executes...
> ipv6 address fe80::1 link-local

I prefer this alternative:

  # /etc/conf.d/net for machine #5
  config_eth0="192.168.123.5/24
  fdb3:fa69:3947::5/64"
  # The previous line is the shortened representation of
  # fdb3:fa69:3947:0:0:0:0:5/64

You can now indeed use a shared hosts file as before:

  # /etc/hosts
  192.168.123.5  machine5-ipv4
  fdb3:fa69:3947::5  machine5

I cannot test this right now, but if I did not miss any typos, this
should get you going.

-Ralph

Re: [gentoo-user] Re: To all IPv6-slackers among the Gentoo community

[Ralph Seichter]

* Walter Dnes:

> Look Ma, we have a form of IPV6 NAT (Ducks back into foxhole before
> incoming artillery barrage from IPV6 purists).

Hehe. ;-) That's both provocative and wrong. An IPv6 router can, at a
glance, decide if a packet needs to be handled locally or pushed out. No
need for mangling/rewriting as IPv4 NAT would require. It does not
matter if the packet arrives at the router via a link-local address,
because it contains the sender's global scope address and replies can
therefore be sent back with another single glance.

-Ralph

Re: [gentoo-user] Re: To all IPv6-slackers among the Gentoo community

[Ralph Seichter]

* Walter Dnes:

> I prefer man pages to rambling Youtube videos.

As you wish: man ndp  ;-)

> given that SLAAC and DHCPV6 assign random addresses how do I
> accomplish the equivalant of "scp  i660:."

The world according to 'argon', a MacBook Pro I am using right now:

argon $ ndp -a
NeighborLinklayer Address  Netif ExpireSt Flgs Prbs
fd67::::10  (incomplete) en0 expired   N
fd67:::0:86a:e0ce:2999:7c4 4c:57:ca:dc:8d:5e en0 23h59m20s S
fd67:::0:882:c472:d94f:66e3 20:c9:d0:45:ee:af en0 permanent R
fd67:::0:a96:d7ff:fe8b:69dd 8:96:d7:8b:69:dd en0 23h53m10s S  R
fd67:::0:553c:9719:22e0:af74 4c:57:ca:dc:8d:5e en0 23h52m30s S
fd67:::0:9d4c:8017:ae:c5af 20:c9:d0:45:ee:af en0 permanent R
argon.local (incomplete) lo0 permanent R
fe80::1%en0 (incomplete) en0 expired   N
fe80::a96:d7ff:fe8b:69dd%en08:96:d7:8b:69:dd en0 36s   R  R
silver.local4c:57:ca:dc:8d:5een0 23h59m10s S
argon.local 20:c9:d0:45:ee:afen0 permanent R
ferrum.local3c:7:54:7d:50:c1 en0 23h28m48s S
argon.local (incomplete)   utun0 permanent R
argon.local (incomplete)   utun1 permanent R
[... more addresses removed ...]

argon $ ssh ferrum.local
Last login: Fri Nov 29 01:06:17 2019 from 192.168.235.17
ferrum $ who
ralph  ttys000  Nov 29 01:45  (fe80::1444:5bd9:f47c:663c%en0)

The ndp dump on 'argon' shows expired entries, entries that are still
valid for the listed time, and permanent entries. As you can see, I can
use 'ferrum.local' to identify a particular machine and login. There is
also 'silver', which happens to be my smartphone. There is even an entry
'fd67::::10' which represents a static IPv6 address I used for
testing earlier, with fd67:: being my obfuscated ULA prefix.

IPv6 clients are chatting link-local without user intervention, to say
"I'm here" and to ask "Who is near me?". Routers actively advertise
their services. After a little while, clients start to get an idea of
their surroundings without an admin holding their hand. IPv6 is pretty
nifty in that regard.

-Ralph

Re: [gentoo-user] Re: To all IPv6-slackers among the Gentoo community

[Ralph Seichter]

* Ian Zimmerman:

> The first reason [...] was that my router does _not_ assign fe80::1 to
> itself, but rather some other arbitrary address in the fe80 prefix

I found an article[1] that I first read years ago. "One method to make
things easier is to manually assign the link-local address to the
upstream router’s interfaces." That's one of the firmware-dependent
things, it may happen automatically. I know that my favourite data
center has its routers set up this way as well. One does not have to use
this method, of course.

[1] 
https://blogs.infoblox.com/ipv6-coe/fe80-1-is-a-perfectly-valid-ipv6-default-gateway-address/

> while the router seems to obtain a delegated prefix from upstream, it
> doesn't assign any address from that range to the internal
> interface. The only ipv6 addresses on the internal interface are the
> link-local address and the ULA address.

I think that, as long as the clients use link-local routing to connect
to the router, and the router correctly passes IPv6 traffic in both
directions, it should work without a global-scope address on the
router's LAN-facing NIC.

> I did enable the router advertisement feature, and I checked that the
> daemon is running on the router. But I can see no output related to
> that when I run tcpdump on the desktop system.

Anything that might be interfering with ICMPv6 ? That would prevent all
NDP, including router advertisement.

> so  you _do_ self-assign a static ipv6 address after all. How do
> you know it is the right one?

I only use a static IPv6 address for hosted machines, because I need DNS
 records. The individual subnets are statically assigned by the data
center to each machine.

At home, I don't configure clients with static IPv6, because it is not
necessary for me. In fact, I'm happy to have the lowest 64 address bits
scrambled (IPv6 Privacy Extensions) to make traffic analysis more
difficult. All local clients can use NDP to locate each other anyway.

> https://openwrt.org/docs/guide-user/network/ipv6/start

Sadly I have no practical experience with OpenWrt. Hopefully somebody
else here can help with that.

-Ralph

Re: [gentoo-user] Re: To all IPv6-slackers among the Gentoo community

[Ralph Seichter]

* Walter Dnes:

> How would this be accomplished under IPV6?

You may find https://youtu.be/A3LFt7CHpgs helpful. It is a video about
Neighbor Discovery Protocol (NDP), provided by RIPE NCC.

-Ralph

Re: [gentoo-user] Re: To all IPv6-slackers among the Gentoo community

[Ralph Seichter]

* Ian Zimmerman:

>  What am I missing?

I can't really tell, based on what you posted. Is there an IPv6 Router
Advertisment service running, either on your router or another machine
in your local network?

Here is some data from the Gentoo machine I am currently working on. It
is hosted in a data center and uses a /64 subnet. I obfuscated the IP
addresses, but I'm sure you get the gist:

# cat /etc/conf.d/net
dns_domain_lo="example.com"
modules="iproute2"
config_enp0s31f6="99.88.77.50/26
2a01:11:22:33::44/64"
routes_enp0s31f6="default via 99.88.77.1
default via fe80::1"

# route -6n
Kernel IPv6 routing table
DestinationNext Hop Flag Met Ref Use If
::1/128::   Un   0   110 lo
2a01:11:22:33::44/128  ::   Un   0   100 enp0s31f6
2a01:11:22:33::/64 ::   U256 2 0 enp0s31f6
fe80::4e52:62ff:fe0a:9d75/128  ::   Un   0   3 0 enp0s31f6
fe80::/64  ::   U256 3 0 enp0s31f6
ff00::/8   ::   U256 2 0 enp0s31f6
::/0   fe80::1  UG   3   9 0 enp0s31f6

# ping6 fe80::1
PING fe80::1(fe80::1) 56 data bytes
64 bytes from fe80::1%enp0s31f6: icmp_seq=1 ttl=64 time=2.01 ms
64 bytes from fe80::1%enp0s31f6: icmp_seq=2 ttl=64 time=2.38 ms
64 bytes from fe80::1%enp0s31f6: icmp_seq=3 ttl=64 time=0.763 ms

In my home network, my FRITZ!Box router assigns both a ULA and a global
scope address to each client, without any manual configuration on the
clients. The optional ULA assignment means that, should my uplink
connection die, the local clients can still talk to each other.

-Ralph

Re: [gentoo-user] To all IPv6-slackers among the Gentoo community

[Ralph Seichter]

* Ian Zimmerman:

> But what about connecting to the outside world? For that, the
> link-local address doesn't work.

It does work, actually. fe80::1 is a perfectly valid way to specify the
default gateway. Remember that NICs have several IPv6 addresses with
different scopes.

> No configuration needed for this ULA thing? How does it happen, then -
> is it implemented entirely in the kernel?

Before I try to come up with my own explanation, I suggest you search
for terms like Neighbor Discovery Protocol (NDP) and Stateless Address
Autoconfiguration (SLAAC). The latter, for example, is the reason why
DHCPv6 is often not necessary.

-Ralph

Re: [gentoo-user] Re: To all IPv6-slackers among the Gentoo community

[Ralph Seichter]

* Ian Zimmerman:

> So, how to configure IPv6 on an end user gentoo box (not a router)?

This depends on how clever your existing router is. If it provides
Router Advertisement, like the FRITZ!Box 7xxx line does, IPv6 clients
should be configured automatically. As an alternative, you can run
net-misc/radvd in your network. It is also possible to use fixed
addresses like so (2001::: is an imaginary /64 subnet and
the rest is based on what you posted):

  config_enp2s0="192.168.1.10/24
  2001:::::10/64"
  routes_enp2s0="default via 192.168.1.1
  default via fe80::1"

In case you're wondering, the variables config_x and routes_x can indeed
contain line breaks. Personally, I don't think static IPv6 addresses are
very useful, because machines in a local IPv6 network can easily locate
each other using link-local addressing, without the need to configure
this in any way. In the example above, the link-local address fe80::1
means "the default IPv6 gateway out of here".

IPv6 has more convenient mechanisms, like unique local addresses (ULA),
that can be configured but don't need to be. If your router is smart
enough, no configuration is required on the end nodes; be it Linux,
macOS, Windows, or various smartphones.

One of the many available sources of information is hosted by The Linux
Documentation Project[1].

-Ralph

[1] https://www.tldp.org/HOWTO/Linux+IPv6-HOWTO/index.html

Re: [gentoo-user] To all IPv6-slackers among the Gentoo community

[Ralph Seichter]

* Daniel Frey:

> I have exactly one choice for an ISP and I need a static IP. The ISP
> disables ipv6 for some reason when you have a static IP.

Like I said, the availability of "decent" ISPs varies by location, and
there are of course locations where one is basically screwed when it
comes to IPv6, even in November 2019.

I have no intention whatsoever to chide Gentoo users who cannot have
IPv6 due to their ISP. I only meant to mention that now is a good time
to (a) consider IPv6 if you can get it, (b) consider IPv6 if you thought
about purchasing a new router during Black Friday or Christmas sales
offers, (c) let your ISP know that you are interested in IPv6, and
perhaps consider choosing a different ISP with more modern service (if
you realistically can do that).

We're not exactly swimming in ISPs where I live, and I have been biting
ISP ankles for more than a decade to make my requirements known. Things
have improved, luckily, but they are far from perfect. I am simply
unwilling to pay for additional single IPv4 addresses while whole IPv6
subnets are available in abundance.

According to RIPE, almost every member (LIR) qualifies for a /29 subnet
right away, no questions asked, so handing out /48 or at least /56
subnets to customers should be a no-brainer.

Gentoo users are often technically skilled and therefore in a position
to make good use of IPv6. I think it would be beneficial to let ISPs and
router manufacturers know that IPv6 is not some exotic luxury.

-Ralph

Re: [gentoo-user] To all IPv6-slackers among the Gentoo community

[Ralph Seichter]

* Adam Carter:

> when i enable v6, all my internal hosts become directly routable from
> the Internet via the /56 my ISP assigns me.

Even pretty anemic hardware can handle the demands of an IPv6 firewall,
for example using iptables/nftables. The demands of IPV6-related
processing should actually be a bit lower than for IPv4, because IPv6
does not need NAT.

-Ralph

Re: [gentoo-user] To all IPv6-slackers among the Gentoo community

[Ralph Seichter]

* Daniel Frey:

> Can't do anything, ipv6 is completely disabled (removed from kernel
> config.)

A search for "linux kernel enable ipv6" just returned more than 1.7
million results.

> Current ISP will not issue any ipv6 if an ipv4 static is required.

My current ISP offers native IPv6 and has been doing so for years.
While choice varies across different countries, IPv6 availability has
increased considerably over the last 10 years, which is why SiXXs.net
has discontinued services[1] mid 2017. Even a small amount of searching
should turn up a decent ISP in most industrialized countries.

[1] https://www.sixxs.net/sunset/

> ipv4 works just fine

Maybe our ancestors should never have come down from the trees. Perhaps
even leaving the oceans was a dumb move. ;-)

Seriously, IPv4 may appear to work "just fine" for you, but there is a
lot of nasty stuff like NAT going on under the hood. IPv6 means a lot
less hassle if you have a decent ISP and a halfway modern router.

It will take a while longer before the lack of free IPv4 addresses
becomes too profound to ignore even for private users, but users with
more advanced needs already feel the squeeze. My recommendation is to
pick a proper ISP and select a proper router when the current one has
lived out its life (or maybe a firmware update suffices). The higher the
customers' demand for IPv6, the more incentive there is for ISPs and
router manufacturers to get cracking.

-Ralph

[gentoo-user] To all IPv6-slackers among the Gentoo community

[Ralph Seichter]

https://www.ripe.net/ripe/mail/archives/ripe-list/2019-November/001712.html

This does not come as a surprise, of course, but I consider it a good
point in time to pause and ask oneself what each individual can do to
move further towards IPv6. The end is neigh(ish).

-Ralph

Re: [gentoo-user] g-cpan equivalent for python

[Ralph Seichter]

* Michael Orlitzky:

> Shh, this is how we trick people into becoming proxy maintainers and
> eventually Gentoo developers.

And don't I know it. ;-)

-Ralph

Re: [gentoo-user] g-cpan equivalent for python

[Ralph Seichter]

* Michael Orlitzky:

> You'll have to write the ebuild yourself, there is no g-cpan
> equivalent for python packages.

Dan wrote "I have a piece of python software [...] that I would like to
install/try". Creating an ebuild just to do that sounds like overkill to
me. If the software author suggests pip, than pip is what I'd use. ;-)

-Ralph

Re: [gentoo-user] g-cpan equivalent for python

[Ralph Seichter]

* Dan Johansson:

> The recommended way to install it is using pip which will then install
> everything including dependencies (which could lead to conflicts with
> software installed using emerge (I guess)).

There will be no conflicts if you use 'pip' with virtual Python
environments. The following example works in BASH:

  cd /path/to/some/workdir
  python3.7 -m venv venv
  . venv/bin/activate

You have now activated a virtual Python 3.7 environment, including
'pip'. Now you can use

  pip install foobar

To install 'foobar' and all dependencies from pypi.org, with all files
being written inside the /path/to/some/workdir/venv directory. Virtual
environments ensure there are no conflicts between different Python
applications or the system's own Python installations.

-Ralph

Re: [gentoo-user] missing patch in latest notmuch (0.29.2)

[Ralph Seichter]

* Caveman Al Toraboran:

> any thoughts?

Known bug, fixed, see Bugzilla.

-Ralph

Re: [gentoo-user] ntp-client slows down the boot process

[Ralph Seichter]

* YUE Daian:

> I added [ntp-client] to the default boot level (OpenRC), however it
> seriously slows down the boot process (around 10 seconds or so).

Launching 'clamd' can hold up a reboot for a minute or longer, so ten
seconds do not seem that bad to me.

> Is there any way to make it faster?

Personally, I gladly wait for a couple of seconds and know that the
clock is correct, but if it bothers you too much, you can try setting
rc_parallel="YES" in /etc/rc.conf .

-Ralph

Re: [gentoo-user] How do I get rid of colors (console and xterm)?

[Ralph Seichter]

* Christian Groessler:

> My question is how do I get rid of colors in "emerge", "man" and other
> command line programs.

The methods vary between command line tools.  You can for example
disable the 'manpager' USE flag for sys-apps/man-db. The manual page for
emerge mentions different methods (search for "--color"). Depending on
the terminal software you use, you might be able to select monochromatic
colour profiles (iterm2 for macOS does support this).

-Ralph

Re: [gentoo-user] "

[Ralph Seichter]

* Jack:

> The DEPEND line !!

[gentoo-user] "

[Ralph Seichter]

Hi folks,

I have come across blocked packages [1] before, but this time I am
having a hard time solving things. Accordings to the attached log, there
is a hard block of dev-python/setuptools_scm somewhere, preventing the
update of that package.

Could somebody point me in the way of resolving this issue? Thanks.

-Ralph

[1] https://wiki.gentoo.org/wiki/Handbook:X86/Working/Portage#Blocked_packages

[ebuild U ~] dev-python/setuptools_scm-3.3.1 [1.15.6-r1] 
PYTHON_TARGETS="-python3_7%"
[blocks B  ] 

Re: [gentoo-user] Re: New network cards default to "Y" with "make oldconfig"

[Ralph Seichter]

* Grant Edwards:

> If the old config file didn't have drivers for that vendor enabled,
> why should I have to see all the options now?

Indeed. There must have been some working network device driver included
in the old kernel to get the system running. If one feels the need for
additional drivers in the new kernel, enable them manually.

-Ralph

Re: [gentoo-user] Linux 4.19.8 kernel panics with netfilter/iptables

[Ralph Seichter]

* Hasan Ç.:

> I can share my results.

Have you been able to run some tests yet?

-Ralph

Re: [gentoo-user] Linux 4.19.8 kernel panics with netfilter/iptables

[Ralph Seichter]

* Hasan Ç.:

> Can you share your iptables rules i am on 4.19.8 too with exact
> version of kernel c headers & updated glibc.

Here you go: https://pastebin.com/f8V8DfFU

As you can see, I obfuscated some IP addresses, but other than that,
this is the original ruleset.

-Ralph

[gentoo-user] Linux 4.19.8 kernel panics with netfilter/iptables

[Ralph Seichter]

With kernel versions 4.19.0 to 4.19.8, I see kernel panics whenever
I activate some iptables rules. The same ruleset works fine with all
earlier kernel versions.

I found https://marc.info/?l=netfilter-devel=154211825506348=2 and
was wondering if there is any workaround/patch availabe in Gentoo?

-Ralph

Re: [gentoo-user] Help with dev-util/cargo blocking dev-lang/rust.

[Ralph Seichter]

* Neil Bothwick:

> That's because ~ doesn't mean unstable, it means testing. Stable in
> this context means less likely to change, not less likely to fall
> over. Plus the differentiation is for the ebuilds, not the software
> itself.

It is also worth mentioning that ebuilds cannot be added to the tree
with "stable" flags, at least not by unprivileged contributors such as
myself.

If, for example, there is an upstream bugfix release, I will copy my
existing ebuild because neither build process nor dependencies have
changed one bit, but I am required to change keywords to unstable
anyway.

Switching to stable would require a second pull request after at least a
month has passed, and many contributors just don't bother with that.

-Ralph

Re: [gentoo-user] stage3 does not have Gentoo signing keys, which is unacceptable!

[Ralph Seichter]

On 25.09.18 08:15, gevisz wrote:

> Gentoo handbook contains instructions that lead to downloading and
> using unverified portage tree that is unacceptable [...]

See https://bugs.gentoo.org/597918 (filed almost two years ago).

-Ralph

Re: [gentoo-user] Setting PYTHON_TARGETS in make.conf is not supported?

[Ralph Seichter]

On 26.07.2018 16:57, Grand Duet wrote:

> PYTHON_TARGETS="python2_7 python3_6"
> PYTHON_SINGLE_TARGET="python3_6"
> [...]
> The ebuild selected to satisfy "app-text/asciidoc" has unmet requirements.
> The following REQUIRED_USE flag constraints are unsatisfied:
> exactly-one-of ( python_single_target_pypy python_single_target_python2_7 )
> [...]
> Does it mean that setting python targets in /etc/portage/make.conf is
> not supported any more?

No. It means what the message says says. app-text/asciidoc requires its
PYTHON_SINGLE_TARGET to be either PyPy exclusive or Python 2.7.

You cannot force an application to use Python 3.x if the maintainer
flagged the ebuild as incompatible with Python 3.x.

-Ralph

Re: [gentoo-user] Re: Heads up: Gentoo fouls up mail transport agent.

[Ralph Seichter]

On 23.07.2018 08:56, Kai Peter wrote:

> package.provided have to be configured at each host by hand wich is a
> big effort if you have a lot of boxes.

I call that nonsense. How is that an effort, especially if the proposed
alternative is installing a do-nothing ebuild on "a lot of boxes"?

"He who cannot be bothered to add an entry to a text file should not
administer Linux systems." (Confucius)

-Ralph

Re: [gentoo-user] Re: Heads up: Gentoo fouls up mail transport agent.

[Ralph Seichter]

On 22.07.2018 09:27, Kai Peter wrote:

> A bit more easier is to create an 'empty' virtual ebuild which at
> least does nothing but tells portage the dependency is fulfilled.

Not a good choice, IMO. Portage has its own mechanism for that:
https://wiki.gentoo.org/wiki//etc/portage/profile/package.provided

-Ralph

Re: [gentoo-user] Heads up: Gentoo fouls up mail transport agent.

[Ralph Seichter]

On 21.07.2018 23:03, Alan Mackenzie wrote:

> But what's the proper method to tell my gentoo system that I don't
> want crud like nullmailer installed?

Install an MTA using emerge, or let Gentoo know that you have installed
qmail manually. When you work around portage, you are responsible to
keep Gentoo happy in terms of dependencies. Gentoo did not "foul up",
you just tried to be a tricksy fellow, unaware of the consequences. ;-)

-Ralph

Re: [gentoo-user] how to set python version for one user

[Ralph Seichter]

On 10.07.2018 10:23, p...@xvalheru.org wrote:

> I need to set specific python version to a user and I don't want to
> set it up for whole system. Is it possible?

I can't tell if by "set it up" to have Python binaries available for
only one user, or if you want one user to use a different Python version
from other users, with multiple Python versions potentially available to
all users, which would be then "Gentoo way".

If you have, for example, Python 2.7 and 3.6 installed, you can use
"eselect python set ..." to configure the default Python for most users.
For individual users, I recommend a Python virtual environment. You can
use the 'virtualenv' module for both Python 2.7 and 3.x, but since Python
3.5 the built-in 'venv' module is recommended.

I know soft links to a specific Python version were recommended here,
but based on my experience I strongly discourage that. Your special user
will need more than just the binaries, and a venv is definitely the more
robust and versatile way to go.

-Ralph

[gentoo-user] Re: Gentoo Github Organization hacked.

[Ralph Seichter]

On 04.07.18 16:53, Alec Warner wrote:

> https://wiki.gentoo.org/wiki/Github/2018-06-28

My thanks to all the people involved for resolving this and also taking
the time to document events.

-Ralph

Re: [gentoo-user] python 3.6

[Ralph Seichter]

On 28.06.18 00:16, John Covici wrote:

> after doing a world update, there are still packages which apparently
> need both 3.4 and 3.5, so I cannot remove them.

That sounds like you might still have some packages where the use flags
python_targets_python3_4 and/or python_targets_python3_5 are active. Vim
comes to my mind as an example:

  # equery u app-editors/vim
  [ Legend : U - final flag setting for installation]
  [: I - package is installed with flag ]
  [ Colors : set, unset ]
   * Found these USE flags for app-editors/vim-8.0.1298:
   U I
   ( ... )
   - - perl   : Add optional support/bindings for the 
Perl language
   - - python : Add optional support/bindings for the 
Python language
   - - python_single_target_python2_7 : Build for Python 2.7 only
   - - python_single_target_python3_4 : Build for Python 3.4 only
   - - python_single_target_python3_5 : Build for Python 3.5 only
   + + python_single_target_python3_6 : Build for Python 3.6 only
   + + python_targets_python2_7   : Build with Python 2.7
   - - python_targets_python3_4   : Build with Python 3.4
   - - python_targets_python3_5   : Build with Python 3.5
   + + python_targets_python3_6   : Build with Python 3.6
   - - racket : Enable support for Scheme using 
dev-scheme/racket
   ( ... )

As you can see, vim was built with support for Python 2.7 and 3.6, but
neither 3.4 nor 3.5. Which is the way I want it.

-Ralph

Re: [gentoo-user] python 3.6

[Ralph Seichter]

On 27.06.18 22:43, Bill Kenworthy wrote:

> After installing python 3.6, I now have multiple systems wanting to
> depclean it! Have I missed something? Should I be uninstalling 3.4
> and 3.5 which are also present?

After you have recompiled all packages that were built with Python 3.4
and 3.5 support and verified that these versions are no longer required,
you can delete them.

-Ralph

Re: [gentoo-user] Simple SMTP to cmd-line MTA relay?

[Ralph Seichter]

On 19.01.18 19:03, Grant Edwards wrote:

> I need to setup an SMTP relay server.
>
> It needs to accept messages as an SMTP server (using SSL and AUTH on a
> non-standard port) from a single user and single source and then relay
> them by passing them to a command-line MTA (e.g. /usr/bin/sendmail
> replacement provided by msmtp).

Based on your description you seem to have things backward. Sendmail is
used to inject mail into an MTA on the local machine, and the MTA can
then use SMTP to transfer said mail to another server.

If the final recipient (i.e. mailbox) is on the same server the mail is
generated on, the MTA can use a local transport mechanism to store mail
instead of passing it on via SMTP.

I suggest you clarify your goal, and ask on the Postfix mailing list
(or Exim, etc.) for more information.

-Ralph

Re: [gentoo-user] Using an old kernel .config as the basis for a new .config

[Ralph Seichter]

On 28.12.17 20:52, Alan Mackenzie wrote:

> There is some way of initialising a new kernel .config from an existing
> one, I am sure, but I can't find it.

If your previous kernel has IKCONFIG support(*) enabled, I recommend
these steps for a kernel update to keep as many configuration options
as possible:

# eselect kernel set {number}
# cd /usr/src/linux
# zcat /proc/config.gz > .config
# make silentoldconfig

-Ralph

(*) https://wiki.gentoo.org/wiki/Kernel/IKCONFIG_Support

Re: [gentoo-user] Re: Setting up fetchmail to feed postfix

[Ralph Seichter]

On 27.11.17 18:48, Ian Zimmerman wrote:

> Do you really need lmtp for that, though? As far as I remember simply
> piping the messages to the /usr/lib/dovecot/deliver program, as the
> deilivery mechanism, will ensure the same thing.

Both Dovecot and Postfix speak LMTP, so why not use it for local mail
transport? As the name suggests, that's what it was designed for, and
the setup I described (my standard configuration) has proven to be both
easy to configure and very reliable for me and my customers.

> I don't know postfix much though, so maybe that's hard to do with
> postfix, unlike my pet exim.

It's easy, see mailbox_command et al. One could even configure different
commands for each recipient, but I think LMTP beats launching an external
process per delivery.

-Ralph

Re: [gentoo-user] Setting up fetchmail to feed postfix

[Ralph Seichter]

On 27.11.17 14:44, Peter Humphrey wrote:

> Do I really need to do that on this small, low-volume network? What do
> I lose by letting postfix and fetchmail write files for dovecot to read?

It is very easy to configure Postfix to use an LMTP socket provided
by Dovecot (paths match typical installations, adapt if necessary):

  # /etc/dovecot/conf.d/10-master.conf
  service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
  user = postfix
  group = postfix
  mode = 0660
}
  }

  # /etc/postfix/main.cf
  mailbox_transport = lmtp:unix:private/dovecot-lmtp

These few lines save you from all the potential hassle that sharing
read/write access to the same files could bring. Dovecot will ensure
that indexes are up to date when mail is delivered, and that alone is
reason enough for me. I think the mail store belongs to the IMAP server,
and neither the MTA nor MUA should access that store directly via the
file system, but use protocols like LMTP and IMAP to communicate with
Dovecot instead. Standard separation of responsibilities, easier to
maintain.

-Ralph

Re: [gentoo-user] Re: Setting up fetchmail to feed postfix

[Ralph Seichter]

On 26.11.2017 18:46, Ian Zimmerman wrote:

> those are Exim's local IDs, assigned by the list server host. Those
> are distinct from RFc 5322 Message-IDs, which are the closest thing
> to uniquely identify a message.

I am well aware of this, and this is exactly what I wanted to point out.

> So from the above it cannot be concluded that Peter's system sent the
> message twice: it might have, but it might equally have been the fault
> of the list server.

Peter's email was either sent to both of the following

  smarthost03a.mail.zen.net.uk [212.23.1.20]
  smarthost03d.mail.zen.net.uk [212.23.1.23]

in short succession or magically duplicated. Just save both messages and
run 'diff' to verify this. The other MUA-generated headers appear to be
identical, including "Message-ID: <1722168.phgiPb26BP@peak>". While it
is possible that zen.net.uk screwed up, I consider it more likely that
the message was sent twice, as more of their customers would notice a
systemic problem and probably be quite vocal about it. There's nothing
to be done if the smarthosts are actually stupid hosts anyway. ;-)

> FWIW, I am _not_ seeing any duplicates on this list [...]

Does NeoMutt perhaps suppress dupes based on message ID? Thunderbird
obviously does not.

-Ralph

Re: [gentoo-user] Setting up fetchmail to feed postfix

[Ralph Seichter]

On 26.11.2017 03:30, Peter Humphrey wrote:

> I get duplicate messages, which are a known problem and easily worked
> around, but the latest version of KMail whinges about more than one
> candidate for display and just gives up.

For debugging purposes it might help you to know that you actually sent
the message I am currently quoting twice, according to the header data.
Message #1:

  Received: from [82.69.80.10] (helo=peak.localnet)
by smarthost03d.mail.zen.net.uk with esmtps 
(TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256)
(Exim 4.80)
(envelope-from )
id 1eImhw-IJ-SK
for gentoo-user@lists.gentoo.org; Sun, 26 Nov 2017 02:30:12 +

Message #2:

  Received: from [82.69.80.10] (helo=peak.localnet)
by smarthost03a.mail.zen.net.uk with esmtps 
(TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256)
(Exim 4.80)
(envelope-from )
id 1eImhw-0002XH-8v
for gentoo-user@lists.gentoo.org; Sun, 26 Nov 2017 02:30:12 +

Note the different host names and different IDs, these are two distinct
emails sent by you.

-Ralph

Re: [gentoo-user] Setting up fetchmail to feed postfix

[Ralph Seichter]

On 24.11.17 18:30, Rich Freeman wrote:

> While Postfix certainly won't serve up email via IMAP it definitely
> does store email.

As an MTA should, Postfix transports email. It can also handle local
mail transport (say, in maildirs) and I guess one could call that
"storing" mail, but to me that's stretching the term too far.

> You are correct that you'd run a separate IMAP server. They need not
> be on the same host assuming they can both get at the maildirs.

As the OP is using Postfix to feed data to Dovecot, I strongly suggest
configuring Dovecot's LMTP as a mailbox transport instead of having
Postfix write directly to the file system.

-Ralph

Re: [gentoo-user] Setting up fetchmail to feed postfix

[Ralph Seichter]

On 24.11.17 17:40, Peter Humphrey wrote:

> That's because I don't yet know enough to know what questions to ask;
> that's why I hoped I'd be pointed to a general guide or explanation.

http://www.fetchmail.info/ is the most obvious starting point, and I
assume you have found that one. Fetchmail per se is not Gentoo-specific,
so you're better off asking questions on the FM mailing lists should you
find the manual and FAQ insufficient.

> > If you plan to use a single fetchmail process, ~foo/.fetchmailrc (with
> > foo being the user you want to run fetchmail as) usually suffices.
>
> I assume you mean ~/.fetchmailrc, a file in my home directory, no?

You can run fetchmail as the user you are logging in with or as a
separate user. I suggest the latter if you want to run fetchmail in
daemon mode, for standard privilege separation reasons. I used "foo" as
an example. If you want to run fetchmail on demand only, a dedicated
user account may be inconvenient, and you did not say which method you
are aiming for in your OP.

-Ralph

Re: [gentoo-user] Setting up fetchmail to feed postfix

[Ralph Seichter]

On 24.11.17 16:39, Peter Humphrey wrote:

> I'm trying an evasion, which is to use fetchmail to retrieve emails
> from my ISP and deliver them to postfix, which can then serve them
> via IMAP.

Postfix is an MTA and does neither store email nor lets you access email
via IMAP. There must be an IMAP server in your mix somewhere (e.g.
Dovecot or Courier).

> I still don't know what to add to /etc/ conf.d/fetchmail, nor whether
> I need a ~/.fetchmailrc or an /etc/fetchmailrc file (no sample comes
> with the ebuild).

Your needs depend on what you are trying to achieve, and you have been a
bit vague on the details. If you plan to use a single fetchmail process,
~foo/.fetchmailrc (with foo being the user you want to run fetchmail as)
usually suffices.

-Ralph

Re: [gentoo-user] Re: monit and friends.

[Ralph Seichter]

On 16.10.2017 17:50, Alan McKinnon wrote:

> Nagios and I go way back, way way waay back. I now recommend it
> never be used unless there really is no other option.

Have you tried Icinga 2 (*) yet? It originally started as a Nagios fork
and uses plugins to monitor, but the rule-based configuration mechanism
of Icinga 2 is IMO more powerful and easier than Nagios' mechanism. I've
used both Nagios and Icinga for years, and I definitely prefer Icinga 2.

-Ralph

(*) https://www.icinga.com/products/icinga-2/

Re: [gentoo-user] What do you think about Firefox 57?

[Ralph Seichter]

On 07.09.17 22:04, Dale wrote:

> If he's using or planning to use Firefox on Gentoo, that is on topic.

If you read the OP again, you'll find that it had no relation to Gentoo
whatsoever. Danny himself agreed this is not the right mailing list, so
please let's leave it at that.

-Ralph

Re: [gentoo-user] What do you think about Firefox 57?

[Ralph Seichter]

On 07.09.2017 15:20, Danny YUE wrote:

> Well, I know it is not the perfect place but I don't want to spam my
> inbox with Firefox topics, so that's why I don't subscribe that mail
> list and am asking here. ;-)

And you believe that spamming the inbox people interested in Gentoo
(that's why we subscribed to this mailing list) is OK ? ;-) Seriously,
this is completely off-topic here, so please use the appropriate mailing
lists instead. Thanks.

-Ralph

Re: [gentoo-user] What do you think about Firefox 57?

[Ralph Seichter]

On 07.09.2017 14:26, Danny YUE wrote:

> I have been using FoxyProxy in Firefox for a really long time, until
> today I found its new version really sucks.

If you're curious about Mozilla's move to the WebExtensions API, see
https://blog.mozilla.org/addons/2016/11/23/add-ons-in-2017/ . You'll
probably have more in-depth discussions about this on other mailing
lists, since it is not Gentoo-specific.

-Ralph

Re: [gentoo-user] Simplest NTP client for standalone system?

[Ralph Seichter]

On 29.08.2017 14:52, Stroller wrote:

> Any recommendations for a simple NTP client?

Anything you dislike about net-misc/ntp, which you apparently use on
that other system of yours? It comes with both ntpd and ntp-client,
and the performance impact is minimal.

> I *think* this is because ntp-client is designed not to make large
> adjustments, so ntpd is run at startup in case the clock is too far
> out.

The other way around. See https://wiki.gentoo.org/wiki/Ntp for more
info.

-Ralph

Re: [gentoo-user] certbot confusion

[Ralph Seichter]

On 26.08.2017 08:40, Ian Zimmerman wrote:

> The cop-out solution is to have a single pre-hook and a single
> post-hook, which stop (resp. start) both daemons, but that is
> ugly. How do people handle this?

I have not used certbot hooks myself, but a glance at the docs shows:

  --pre-hook and --post-hook hooks run before and after every renewal
  attempt. If you want your hook to run only after a successful renewal,
  use --renew-hook [...]

Separate renew hooks seem to be the way to go.

-Ralph

Re: [gentoo-user] install under centos606

[Ralph Seichter]

On 21.08.2017 13:49, mad.scientist.at.la...@tutanota.com wrote:

> I'm excited about using gentoo, though the online instructions could
> really use more structuring, i.e. it's hard to avoid reading the parts
> you don't need to and the "flow" is rather lost. It's an extremely
> verbose document which makes it very hard to get the gist of the install
> procedure. it's not a bad document, merely poorly organized. [...]

I completely disagree. I consider the Gentoo installation documentation
well structured, easy to follow and precise, and I don't know what your
statements like "most newbies would be helplessly confused" are supposed
to be based on. Please don't try to pass on your personal opinions as
facts without providing any proof. Show us a control group of newbies,
most of them helplessly confused, if you can. ;-)

-Ralph

Re: [gentoo-user] Nameserver lookups fail on virtual server after Kernel upgrade from version 4.9 to 4.12

[Ralph Seichter]

On 21.08.2017 08:08, Neil Bothwick wrote:

> Ah, so silentoldconfig is effectively the same as old config.

Silentoldconfig is quite a useful make target, since it only asks about
newly introduced kernel options.

> Does your old kernel still work ad before? Just wondering if another
> update could have caused this.

Both affected virtual servers run fine when I boot kernel 4.9.34 while
leaving everything else unchanged. I'm currently comparing .config files
for kernel versions 4.9.34 and 4.12.5 again, but nothing catches my eye.

As for the symptoms, I wonder: Outbound nameserver access is seizing up
completely, while I can still access the servers via SSH at the same
time. Could it be something that kills UDP after the servers are active
for a while, but leaves TCP alive?

-Ralph

Re: [gentoo-user] Nameserver lookups fail on virtual server after Kernel upgrade from version 4.9 to 4.12

[Ralph Seichter]

On 20.08.2017 08:17, Neil Bothwick wrote:

> I'd try again with a clean kernel tree but using make oldconfig. It's
> possible the automagic stuff answered n somewhere where you need a y.

As https://wiki.gentoo.org/wiki/Kernel/Upgrade/en#make_silentoldconfig
describes, "make silentoldconfig" (which I used) asks for a decision for
all newly introduced kernel options.

Most default to "no" anyway, but I have painstakingly read each of the
new descriptions to figure out if I might need the options. I've done it
several times, and I still cannot figure out if I missed anything. Here
is a subset of the options I have configured, perhaps you can spot if
something is amiss? Of course, grep VIRT is not exactly the most precise
approach...

  ### Server 1 (high volume traffic)
  $ grep VIRT .config | sort
  CONFIG_ARCH_HAS_DEBUG_VIRTUAL=y
  CONFIG_BLK_MQ_VIRTIO=y
  # CONFIG_DEBUG_VIRTUAL is not set
  # CONFIG_DMA_VIRT_OPS is not set
  CONFIG_DMA_VIRTUAL_CHANNELS=y
  # CONFIG_DRM_VIRTIO_GPU is not set
  # CONFIG_FB_VIRTUAL is not set
  CONFIG_HAVE_VIRT_CPU_ACCOUNTING_GEN=y
  CONFIG_HW_RANDOM_VIRTIO=y
  CONFIG_PARAVIRT_CLOCK=y
  # CONFIG_PARAVIRT_DEBUG is not set
  CONFIG_PARAVIRT_SPINLOCKS=y
  # CONFIG_PARAVIRT_TIME_ACCOUNTING is not set
  CONFIG_PARAVIRT=y
  CONFIG_SCSI_VIRTIO=y
  # CONFIG_VIRT_CPU_ACCOUNTING_GEN is not set
  # CONFIG_VIRT_DRIVERS is not set
  CONFIG_VIRTIO_BALLOON=m
  # CONFIG_VIRTIO_BLK_SCSI is not set
  CONFIG_VIRTIO_BLK=y
  CONFIG_VIRTIO_CONSOLE=y
  # CONFIG_VIRTIO_INPUT is not set
  # CONFIG_VIRTIO_MMIO is not set
  CONFIG_VIRTIO_NET=y
  CONFIG_VIRTIO_PCI_LEGACY=y
  CONFIG_VIRTIO_PCI=y
  CONFIG_VIRTIO=y
  CONFIG_VIRT_TO_BUS=y
  # CONFIG_VIRTUALIZATION is not set

I have since updated a second virtual Gentoo server to Kernel 4.12. This
server sees a lot less network traffic, but after a couple of hours it
runs into the same timeouts when attempting to contact resolvers. Kernel
settings include:

  ### Server 2 (low volume traffic)
  $ grep VIRT .config | sort
  CONFIG_ARCH_HAS_DEBUG_VIRTUAL=y
  CONFIG_BLK_MQ_VIRTIO=y
  # CONFIG_DEBUG_VIRTUAL is not set
  # CONFIG_DMA_VIRT_OPS is not set
  CONFIG_DMA_VIRTUAL_CHANNELS=y
  # CONFIG_DRM_VIRTIO_GPU is not set
  # CONFIG_FB_VIRTUAL is not set
  CONFIG_HAVE_VIRT_CPU_ACCOUNTING_GEN=y
  CONFIG_HW_RANDOM_VIRTIO=y
  CONFIG_PARAVIRT_CLOCK=y
  # CONFIG_PARAVIRT_DEBUG is not set
  CONFIG_PARAVIRT_SPINLOCKS=y
  # CONFIG_PARAVIRT_TIME_ACCOUNTING is not set
  CONFIG_PARAVIRT=y
  CONFIG_SCSI_VIRTIO=y
  # CONFIG_VIRT_CPU_ACCOUNTING_GEN is not set
  # CONFIG_VIRT_DRIVERS is not set
  CONFIG_VIRTIO_BALLOON=m
  # CONFIG_VIRTIO_BLK_SCSI is not set
  CONFIG_VIRTIO_BLK=y
  CONFIG_VIRTIO_CONSOLE=y
  # CONFIG_VIRTIO_INPUT is not set
  # CONFIG_VIRTIO_MMIO is not set
  CONFIG_VIRTIO_NET=y
  CONFIG_VIRTIO_PCI_LEGACY=y
  CONFIG_VIRTIO_PCI=y
  CONFIG_VIRTIO=y
  CONFIG_VIRT_TO_BUS=y
  CONFIG_VIRTUALIZATION=y

As you can see, I used CONFIG_VIRTUALIZATION=y in this case, even though
I believe this only affects running as a VM host. I carried this option
over from the previous 4.9 kernel.

-Ralph

Re: [gentoo-user] Nameserver lookups fail on virtual server after Kernel upgrade from version 4.9 to 4.12

[Ralph Seichter]

On 20.08.17 00:15, Craig MacKinder wrote:

> It sounds like this vmxnet3 bug causing intermittent interface problems
> https://bugzilla.kernel.org/show_bug.cgi?id=191201
> Try adding this to the VMware guest advanced settings.
> vmxnet3.rev.30 = FALSE
> And restart the guests.

Interesting idea. However, the host server is running KVM, not VMware.
If I am not mistaken, the bug you mentioned is specific to VMware? I
also don't have the option to define VM host server settings beyond the
choice of network adapter type, as the host is run by a third party.

I have included support for both Intel E1000 and VirtIO networking in my
Linux kernels, with the hosting company recommending VirtIO. Choosing
one over the other does not seem to affect the nameserver timeout
problem.

-Ralph

[gentoo-user] Nameserver lookups fail on virtual server after Kernel upgrade from version 4.9 to 4.12

[Ralph Seichter]

It seems strange to me as I write it, but since I updated one of my
virtual servers from Kernel version 4.9.34 to 4.12.5, the server (Gentoo
Linux running as a KVM guest) is experiencing timeouts when trying to
connect to DNS resolvers. For the Kernel update, I followed the same
steps I used for years, like

  cd /usr/src/linux
  zcat /proc/config.gz >.config
  make silentoldconfig (answering "no" whereever possible)
  make ...

After booting with Kernel 4.12, commands like "dig +trace www.ibm.com"
work just fine for a while, duration depending on server load, but after
some threshold is passed, all further attempts to contact resolvers fail
due to timeouts.

I have tried running a local, caching resolver (BIND 9) on the server,
like I usually do, and also tried using the hoster's dedicated resolvers.
With Kernel 4.12, I see timeouts in both cases. These problems do not
occur when I boot with the 4.9 Kernel which I have been using for the
past two months.

It is also worth noting that I updated two other servers to Kernel 4.12
without any issues, but these are "real" servers, not VMs. At this point
I am searching for ways to debug the issue, vaguely suspecting some KVM
magic behind it (without any proof). I know that Kernel 4.11 introduced
several KVM related changes, but that's about it.

I appreciate all pointers.

-Ralph

Re: [gentoo-user] Subdirectories on NFS server missing 'executable' permission

[Ralph Seichter]

On 27.01.13 17:23, Alan McKinnon wrote:

 You config certainly looks right to me, and I don't know of any config
 that makes it work differently.

I suspected as much. The trouble is that the Pingulux is unable to write
data to the directories it creates. Thus, your idea of using chmod from
a cron job won't help. I can only assume that the shell's umask 0022 is
not being used by the process which records video data. Bummer.

-Ralph

Re: [gentoo-user] Subdirectories on NFS server missing 'executable' permission

[Ralph Seichter]

On 27.01.13 19:21, Alan McKinnon wrote:

 so essentially you have an nfs client that by design can't do nfs?

You could put it that way. I purchased this satellite receiver a few
days ago and upgraded to the latest firmware available (version 1.2.61
released 2013-01-07). Unfortunately, the manufacturer's support page and
FAQ are available in Greek only. :-/

 What does the vendor say about this?

I'll try to contact the vendor tomorrow (Monday).

-Ralph

[gentoo-user] Subdirectories on NFS server missing 'executable' permission

[Ralph Seichter]

Hi list members,

I set up Gentoo as an NFS server, and I am experiencing problems with
one of my NFS clients. When this specific client creates new directories
within the NFS-exported directory, the permissions are 0644 instead of
0755 ('executable' is missing). The client does not allow passing any
arguments when mounting a remote directory, so I wonder if this can be
fixed on the server side? My exports configuration looks like this:

# /etc/exports
/mnt/foo 
192.168.235.0/24(rw,async,all_squash,no_subtree_check,anonuid=1003,anongid=1003,insecure)
/mnt/bar 
192.168.235.0/24(rw,sync,no_root_squash,no_subtree_check,anonuid=1003,anongid=1003,insecure)

Both /mnt/foo and /mnt/bar were created like this:

mkdir /mnt/foo  chown root:root /mnt/foo  chmod 1777 /mnt/foo

It does not matter whether the client creates a new directory in /mnt/foo
or /mnt/bar, the executable bit is always missing.

Your ideas are appreciated. Thanks!

-Ralph

Re: [gentoo-user] Subdirectories on NFS server missing 'executable' permission

[Ralph Seichter]

On 27.01.13 00:04, Alan McKinnon wrote:

 What sort of client is this, and what umask is it using?

The client is an Edision Argus Pingulux Plus satellite receiver.

[root@stlinux]#uname -a
Linux stlinux 2.6.32.42_stm24_V4.1-SAT7111_7111-STSDK #56 PREEMPT Tue Oct 16 
16:17:14 CST 2012 sh4 GNU/Linux

 That's regular shell umask, not some fancy thing related to fs mounts.

[root@stlinux]#umask
0022

This umask looks OK to me.

-Ralph

Re: [gentoo-user] Re: Netatalk 2.2 for Gentoo?

[Ralph Seichter]

On 30.07.11 02:11, Manuel McLure wrote:

 FYI, netatalk 2.1.5 for AFP (I don't use anything else) is working for
 me here with OS X Lion.

That's interesting, I can't seem to connect to Netatalk 2.1.5 with Lion.
Would you perhaps share the contents of your /etc/netatalk folder?

-Ralph

[gentoo-user] Netatalk 2.2 for Gentoo?

[Ralph Seichter]

Hi list,

as a Mac user who recently began migrating machines to OS X Lion, I am
wondering if some kind soul is already working on net-fs/netatalk 2.2.0
for Gentoo? The existing version 2.1.5 does not support AFP 3.3, which
is required by Lion's modified Time Machine implementation.

-Ralph

Re: [gentoo-user] off topic : Dolphin massacre in Japan

[Ralph Seichter]

Aggelos wrote:

 I really don't care if consider the above as spam or not or watever, for
 this list or for any list. I am subscribed to this list so I posted it
 here.

If you don't care about the other subscribers here, I suggest you to host
your own mailing list, i.e. 
gentoo-user-and-everything-else-aggelos-considers-relevant,
and unsubscribe here. ;-)

 My OT post would be one and only one, but you just made it a thread.

Other people's replies to your off-topic posting do not mitigate your
responsibility for actually causing these replies one bit.

-R
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Can't emerge dazuko 2.3.x with kernel 2.6.20

[Ralph Seichter]

Peter Ruskin wrote:

 CONFIG_SECURITY_NETWORK is not set

Thanks, I thought so. The compile error occurs in a sections encapsuled
in #ifdef CONFIG_SECURITY_NETWORK_XFRM, and your kernel configuration
does not include XFRM Networking Security Hooks. I'll probably disable
this, because the machine doesn't need IPSec anyway.

-R
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Can't emerge dazuko 2.3.x with kernel 2.6.20

[Ralph Seichter]

Peter Ruskin wrote:

 No, it doesn't look familiar - I had no problems at all

I wonder... Could you please check your kernel configuration?

  /usr/src/linux-2.6.20-gentoo # grep CONFIG_SECURITY .config
  CONFIG_SECURITY=y
  CONFIG_SECURITY_NETWORK=y
  CONFIG_SECURITY_NETWORK_XFRM=y
  CONFIG_SECURITY_CAPABILITIES=m
  CONFIG_SECURITY_ROOTPLUG=m
  # CONFIG_SECURITY_SELINUX is not set

I'd like to know if these settings are different on your machine.

-R

-- 
gentoo-user@gentoo.org mailing list

[gentoo-user] Can't emerge dazuko 2.3.x with kernel 2.6.20

[Ralph Seichter]

Has anybody successfully emerged sys-fs/dazuko on a machine using
kernel version 2.6.20? I tried dazuko-2.3.2-r3 and dazuko-2.3.3_pre1,
but emerge fails with errors like in the attached build log. I haven't
yet found anything about this on bugs.gentoo.org or MARC.

-R
 * Determining the location of the kernel source code
 * Found kernel source directory:
 * /usr/src/linux
 * Found kernel object directory:
 * /lib/modules/2.6.20-gentoo/build
 * Found sources for kernel version:
 * 2.6.20-gentoo
 * Checking for suitable kernel configuration options...
  [ ok ]
 Unpacking source...
 Unpacking dazuko-2.3.3-pre1.tar.gz to 
 /mnt/hda6/tmp/portage/sys-fs/dazuko-2.3.3_pre1/work
 Source unpacked.
 Compiling source in 
 /mnt/hda6/tmp/portage/sys-fs/dazuko-2.3.3_pre1/work/dazuko-2.3.3-pre1 ...
checking host system type... Linux
checking for make utility... ok (make)
checking for C compiler... ok (cc)
kernel build source in /usr/src/linux... yes
acquiring Linux kernel code configuration... ok
checking if Linux is RSBAC patched... no
checking if devfs is enabled... no
discovered host system... Linux (2.6.20)
checking if security module support is enabled... yes
verifying capabilities are not built-in... ok
locating LSM API header... ok
identifying LSM API (this can take a while)... ok
identifying device API... ok
inspecting class type... ok (class)
inspecting suspend function... ok (suspend2)
inspecting task_struct structure... ok (using parent)
disabling ON_CLOSE events (not available for Linux 2.6 LSM)
configure: creating Makefile
configure: creating library/Makefile
configure: creating example_c/Makefile

./configure successful

===
 Configuration summary
===

module events = ON_OPEN ON_EXEC
devfs support = no
rsbac support = no
stacking support = yes
local __d_path() = no (using chroot events, see README.linux26)
module debug = no
library 1.x compatibility = yes

 * Converting Makefile to use M= instead of SUBDIRS= ...
  [ ok ]
 * Preparing dazuko module
make -C /usr/src/linux 
M=/mnt/hda6/tmp/portage/sys-fs/dazuko-2.3.3_pre1/work/dazuko-2.3.3-pre1 
modules
make[1]: Entering directory `/usr/src/linux-2.6.20-gentoo'
  CC [M]  
/mnt/hda6/tmp/portage/sys-fs/dazuko-2.3.3_pre1/work/dazuko-2.3.3-pre1/dazuko_core.o
  CC [M]  
/mnt/hda6/tmp/portage/sys-fs/dazuko-2.3.3_pre1/work/dazuko-2.3.3-pre1/dazuko_transport.o
  CC [M]  
/mnt/hda6/tmp/portage/sys-fs/dazuko-2.3.3_pre1/work/dazuko-2.3.3-pre1/dazuko_linux26_lsm.o
/mnt/hda6/tmp/portage/sys-fs/dazuko-2.3.3_pre1/work/dazuko-2.3.3-pre1/dazuko_linux26_lsm.c:
 In function 'dazuko_security_xfrm_policy_alloc':
/mnt/hda6/tmp/portage/sys-fs/dazuko-2.3.3_pre1/work/dazuko-2.3.3-pre1/dazuko_linux26_lsm.c:1486:
 error: too many arguments to function 
'dazuko_security_ops.xfrm_policy_alloc_security'
/mnt/hda6/tmp/portage/sys-fs/dazuko-2.3.3_pre1/work/dazuko-2.3.3-pre1/dazuko_linux26_lsm.c:1486:
 error: too many arguments to function 
'dazuko_security_default_ops.xfrm_policy_alloc_security'
/mnt/hda6/tmp/portage/sys-fs/dazuko-2.3.3_pre1/work/dazuko-2.3.3-pre1/dazuko_linux26_lsm.c:
 In function 'dazuko_security_xfrm_state_alloc':
/mnt/hda6/tmp/portage/sys-fs/dazuko-2.3.3_pre1/work/dazuko-2.3.3-pre1/dazuko_linux26_lsm.c:1527:
 warning: passing argument 3 of 'dazuko_security_ops.xfrm_state_alloc_security' 
makes integer from pointer without a cast
/mnt/hda6/tmp/portage/sys-fs/dazuko-2.3.3_pre1/work/dazuko-2.3.3-pre1/dazuko_linux26_lsm.c:1527:
 error: too many arguments to function 
'dazuko_security_ops.xfrm_state_alloc_security'
/mnt/hda6/tmp/portage/sys-fs/dazuko-2.3.3_pre1/work/dazuko-2.3.3-pre1/dazuko_linux26_lsm.c:1527:
 warning: passing argument 3 of 
'dazuko_security_default_ops.xfrm_state_alloc_security' makes integer from 
pointer without a cast
/mnt/hda6/tmp/portage/sys-fs/dazuko-2.3.3_pre1/work/dazuko-2.3.3-pre1/dazuko_linux26_lsm.c:1527:
 error: too many arguments to function 
'dazuko_security_default_ops.xfrm_state_alloc_security'
make[2]: *** 
[/mnt/hda6/tmp/portage/sys-fs/dazuko-2.3.3_pre1/work/dazuko-2.3.3-pre1/dazuko_linux26_lsm.o]
 Error 1
make[1]: *** 
[_module_/mnt/hda6/tmp/portage/sys-fs/dazuko-2.3.3_pre1/work/dazuko-2.3.3-pre1] 
Error 2
make[1]: Leaving directory `/usr/src/linux-2.6.20-gentoo'
make: *** [dummy_rule] Error 2

!!! ERROR: sys-fs/dazuko-2.3.3_pre1 failed.
Call stack:
  ebuild.sh, line 1614:   Called dyn_compile
  ebuild.sh, line 971:   Called qa_call 'src_compile'
  environment, line 4190:   Called src_compile
  dazuko-2.3.3_pre1.ebuild, line 48:   Called linux-mod_src_compile
  linux-mod.eclass, line 510:   Called die

!!! Unable to make   dummy_rule.
!!! If you need support, post the topmost build error, and the call stack if 
relevant.
!!! A complete build log is located at 
'/mnt/hda6/tmp/portage/sys-fs/dazuko-2.3.3_pre1/temp/build.log'.

Re: [gentoo-user] Can't emerge dazuko 2.3.x with kernel 2.6.20

[Ralph Seichter]

Peter Ruskin wrote:

 2.3.3_pre1 works OK here.

So it is possible and there's hope left. ;-) I don't suppose that

  [...]/dazuko-2.3.3-pre1/dazuko_linux26_lsm.c:1486: error: too many
  arguments to function 'dazuko_security_ops.xfrm_policy_alloc_security'

looks familiar to you? Did you modify or patch anything manually?

-R
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Marvell Yukon 88E8001 not working, already tried modprobe sk98lin et al

[Ralph Seichter]

Ralph Seichter wrote:

 I'll try to figure out exactly which modules can be used to access
 the network controller (sk98lin, skge or sky2).

emerge --update --deep world finished over night, and this is what I
see after booting with an empty /etc/modules.autoload.d/kernel-2.6:

# lsmod
Module Size  Used by
nls_utf8   2688  0
ntfs  94664  0
i2c_viapro10264  0
via82cxxx  9732  0 [permanent]
skge  40080  0
nfs  221744  0
lockd 67216  1 nfs
sunrpc   168776  2 nfs,lockd
ata_piix  14212  0
sata_vsc   9732  0
sata_sis   9476  0
sata_sx4  14980  0
sata_nv   11652  0
sata_via   9988  2
sata_svw   9220  0
sata_sil  11912  0
sata_promise  13700  0
libata75288  9 ata_piix,sata_vsc,sata_sis,sata_sx4,sata_nv,
   sata_via,sata_svw,sata_sil,sata_promise
sbp2  25096  0
ohci1394  34504  0
ieee1394 106104  2 sbp2,ohci1394
ohci_hcd  21124  0
uhci_hcd  24088  0
usb_storage   71104  0
usbhid43040  0
ehci_hcd  33160  0

# cat /proc/interrupts
CPU0
  0: 1772896 IO-APIC-edge  timer
  1:1103 IO-APIC-edge  i8042
  8:   0 IO-APIC-edge  rtc
  9:   0 IO-APIC-level acpi
 12: 105 IO-APIC-edge  i8042
 14:  50 IO-APIC-edge  ide0
 16:   0 IO-APIC-level ehci_hcd:usb1, uhci_hcd:usb2, uhci_hcd:usb3,
   uhci_hcd:usb4, uhci_hcd:usb5
 17:   2 IO-APIC-level ohci1394
 18:   3 IO-APIC-level ohci1394
 19:3270 IO-APIC-level libata
 20:3351 IO-APIC-level skge
NMI:  64
LOC: 1772885
ERR:   0
MIS:   0

The kernel which I compiled supports sk98lin, skge and sky2 as modules,
and it seems like skge is automatically chosen. BTW, shouldn't used by
have a non-zero value for skge when the network controller is active?

-- 
Mit freundlichen Grüßen / Sincerely
Dipl. Inform. Ralph Seichter

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Marvell Yukon 88E8001 not working, already tried modprobe sk98lin et al

[Ralph Seichter]

Richard Fish wrote:

 IIRC, eth0 on the live CD can be a IEEE1394 ethernet bridge, if you
 have a firewire port in the PC. The UNSPEC and 'weird' hardware
 address are indicative of this.

Good timing of yours, I just wanted to boast a bit about getting to the
bottom of the problem myself (after I leaving the machine alone for two
hours to get a fresh mental start on things). ;-)

It seems that booting from the Minimal CD indeed maps two FireWire
devices first. The mainboard's IEEE 1394 becomes attached to eth0, and
eth1 is the FireWire port of a SB Audigy card. The network controller is
available as eth2 after loading the modules, which I didn't expect. %-P

I have since installed Gentoo 2006.0, compiled my own kernel and ten
minutes ago the machine properly booted for the first time with the
Yukon controller as eth0. Hooray! I've started emerge --update --deep
world, and when it is finished, I'll try to figure out exactly which
modules can be used to access the network controller (sk98lin, skge or
sky2).

-- 
Mit freundlichen Grüßen / Sincerely
Dipl. Inform. Ralph Seichter

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Marvell Yukon 88E8001 not working, already tried modprobe sk98lin et al

[Ralph Seichter]

billyd wrote:

 His ultimate suggestion, which I followed, was to go out to your
 favorite computer store, purchase a NIC card (about $20 US) off the
 shelf, install it in your computer, and disable the on-board Marvell
 Yukon controller in the BIOS.

A valid suggestion, of course. I would probably use a different network
controller in a server setup, but as this is a workstation and already
quite crammed with PCI cards, I'd rather not add more hardware.

-- 
Mit freundlichen Grüßen / Sincerely
Dipl. Inform. Ralph Seichter

-- 
gentoo-user@gentoo.org mailing list