Aw: [gentoo-user] Re: Some essential packages fail to compile
> $ FEATURES=-distcc emerge klibc Thanks. :) Roland
Aw: Re: [gentoo-user] Re: Some essential packages fail to compile
> > CFLAGS="-O2 -march=i686 -pipe -fPIC -m32" > > CXXFLAGS="${CFLAGS}" > > CHOST="i486-pc-linux-gnu" I have reformated my disk because I missed a parameter (-d . or so) which would make it possible for dracut to use gpg key decryption. Now I have to reinstall all from scratch (including configuring kernel). In the meanwhile I figured out that I choosed the wrong stage3 file (i486 instead of i686) (I have downloaded http://de-mirror.org/gentoo/releases/x86/current-stage3/stage3-i686-20120710.tar.bz2 + http://de-mirror.org/gentoo/snapshots/portage-latest.tar.bz2 now) which I could fix now. So now CHOST="i686-pc-linux-gnu" is set. > That is not "setting the guest architecture explicitly", you're just > telling whatever compiler gets invoked on the remote host to produce > 32-bit output. Guest from the other node's view. ;) Okay, to stop confusion: Node name | Distri | Architecture daedalus | Debian Unstable | AMD64 (with multilib support) router| Debian Unstable | AMD64 (same) laptop| Gentoo | x86 (i686, reinstallation) One think I also need that 'daedalus' or 'router' can start 64 and 32 bit compilations (e.g. wine should be better 32 bit, other games I play with are 64 bit compiled) which I would like to have. Most of these build systems sadly (!) call gcc and g++ (both aliases), so I had to add -m32 for 32 bit apps/libs. If I fully follow that wiki page (I did until the wrapper script is added) I would have to change these links: lrwxrwxrwx 1 root root 16 Sep 6 21:35 c++ -> ../../bin/distcc lrwxrwxrwx 1 root root 16 Sep 6 21:35 cc -> ../../bin/distcc lrwxrwxrwx 1 root root 16 Sep 6 21:35 g++ -> ../../bin/distcc lrwxrwxrwx 1 root root 16 Sep 6 21:35 gcc -> ../../bin/distcc ... to the wrapper scripts which (I think so) will make it impossible to compile 64 bits. In my view my "fix" by adding explicitly the -m32 -march= flags may help here better, as long as all packages are honoring them (which most do, except those with x86_64 problems). > If you need -m32, it means you are *not* cross-compiling, i.e. you are > invoking the native gcc on the remote hosts instead of your > cross-compiler. That usually works as any x86_84 gcc with multilib > support can produce 32-bit output, but it is just masking the problem > and will break if the -m32 flag is lost for some reason. Yes, i686-pc-linux-gnu-gcc and i686-pc-linux-gnu-g++ are just symbolic links to the native compilers (because I don't have those binaries). Here is a list: -- daedalus:/usr/bin# ls -l i686-pc-linux-gnu-g* lrwxrwxrwx 1 root root 7 Sep 8 18:55 i686-pc-linux-gnu-g++ -> g++-4.7 lrwxrwxrwx 1 root root 7 Sep 8 18:55 i686-pc-linux-gnu-gcc -> gcc-4.7 -- I have now the g++-multilib and gcc-multilib packages installed on 'daedalus' and 'router', what now? They only contain libraries. Should I better remove the symbolic links and add scripts there which adds -m32 -march=i686 to the parameter list (I could do it because those compiler names are only used on 'laptop'). Roland > > > I left the default CHOST as is and on the Debian systems I provided the > > required compiler. > > "provided the required compiler" should mean that on every server you > have a complete 32-bit toolchain (binutils, gcc, glibc and kernel > headers) with the version of each component matching those on your > distcc client. You should be able to compile a 32-bit executable locally > on any of the Debian systems just by invoking 'i486-pc-linux-gnu-gcc'. > > Setting up such a toolchain can be quite a PITA, so on Gentoo it's > usually done with crossdev -- but as long as you get things right that's > not a requirement. > > > One of the nodes has compiled a 64 bit object (conf.o) which the linker > > (running on 32 bit) tried to link to a 32 bit program/library (the output). > > So for me, the Makefile in that package (klibc) didn't provide the > > specified CFLAGS I configured which needs fixing, if my assuming is right. > > I can deeper more investigate here. > > export HOSTCFLAGS := -Wall -Wstrict-prototypes -O2 -fomit-frame-pointer > > I think this line only needs to be extended with $(CFLAGS) then the fix is > > complete. > > No. CFLAGS are for the build target, HOSTCFLAGS are for the build host. > Building (configuring, actually) klibc involves compiling a tool which > is run on the host (i.e. the machine you're building on), before > compiling klibc itself for the build target. So CFLAGS and HOSTCFLAGS must be set to the same in make.conf? It is really confusing. :( > In your case both the host and the target are the same > (i486-pc-linux-gnu), so the difference might not be very clear, but if > you were compiling klibc for a different arch (e.g. powerpc) you would > have a comple
[gentoo-user] Possible fix for splashutils 1.5.4.4
I ran into this trouble: -- /usr/lib/gcc/i486-pc-linux-gnu/4.5.3/../../../../lib/libfreetype.a(ftbzip2.o): In function `ft_bzip2_stream_close': (.text+0x121): undefined reference to `BZ2_bzDecompressEnd' /usr/lib/gcc/i486-pc-linux-gnu/4.5.3/../../../../lib/libfreetype.a(ftbzip2.o): In function `ft_bzip2_file_fill_output': (.text+0x1e3): undefined reference to `BZ2_bzDecompress' /usr/lib/gcc/i486-pc-linux-gnu/4.5.3/../../../../lib/libfreetype.a(ftbzip2.o): In function `ft_bzip2_stream_io': (.text+0x3cb): undefined reference to `BZ2_bzDecompressEnd' /usr/lib/gcc/i486-pc-linux-gnu/4.5.3/../../../../lib/libfreetype.a(ftbzip2.o): In function `ft_bzip2_stream_io': (.text+0x41f): undefined reference to `BZ2_bzDecompressInit' /usr/lib/gcc/i486-pc-linux-gnu/4.5.3/../../../../lib/libfreetype.a(ftbzip2.o): In function `FT_Stream_OpenBzip2': (.text+0x593): undefined reference to `BZ2_bzDecompressInit' -- This happens when the build script attempts to link fbsplashctl. I had to unsilent the whole process and found out that a variable in /var/tmp/portage/media-gfx/splashutils-1.5.4.4/work/splashutils-1.5.4.4/src/Makefile(.*) needs to be extended, so here is what it fixes (quick'n'dirty, I know): -- fbsplashctl_LDADD = libfbsplashrender.la libfbsplash.la $(PTHREAD_STATIC_LIBS) $(RT_LIBS) $(GPM_LIBS) /usr/lib/libbz2.a -- All what I have added was "/usr/lib/libbz2.a" and the linker is happy again. :) I know it is not 'final' so can a C hacker come up and fix this? Roland
Aw: [gentoo-user] Re: Re: Some essential packages fail to compile
> > I was reading this: > >http://www.gentoo.org/doc/en/cross-compiling-distcc.xml I also read it far before I wrote my email. > > It specifically mentions you need crossdev: > >If you are cross-compiling between different subarchitectures >for Intel x86 (e.g. i586 and i686), you must still build a full >cross-toolchain for the desired CHOST, or else the compilation >will fail. > > I suppose any cross compiler might be enough and you don't need > crossdev. I don't know. I need to repeat: The other nodes are all running Debian and there is *no* crossdev package. And I wrote in my initial mail, that I was already able to cross-compile other Gentoo packages on these nodes as the parameters -m32 and -march=i686 were *provided* by those packages which seems to be *not* the case with e.g. klibc All I want is that the klibc package is honoring the global CFLAGS or else I have to temporary disable distcc (FEATURES variable needs to be commented out) for klibc, emerge klibc and then re-enable distcc to have a great speedup for other packages (that are honoring CFLAGS from make.conf). I do that now what I wrote but it is really annoying to cannot leave the compilation unattended. I repeat once more: cross-compiling is possible on my nodes, so there is absolutely no need to setup such "cross-toolchains" because it works.
Aw: [gentoo-user] Re: Some essential packages fail to compile
> > > Isn't it a requirement that all nodes run Gentoo, with the same GCC > > version, and you must setup sys-devel/crossdev on each of them? > > > > I don't see how it could possibly work otherwise. > > I see the same thing. The next text block I wrote that I have Debian 64 bits (aka AMD64) on all other nodes and it is always possible to compile 32 bit programs/lib/whatever on 64 bit host system. That is called cross-compiling. The named package "crossdev" is NOT available on Debian systems and so I wont uninstall my Debian AMD64 on all other nodes only to compile 32 bits, there must be an other way. One way is (if you have read any 'environment' files in my tar archive) to set the guest architecture explitcitly in /etc/(portage/)make.conf which I did. That will tell every compiler (if provided by call parameters) to use the right architecture explicitly and that will always allow to compile 32 bit on 64 bit host systems. To say it again, this is already done on my Gentoo's /etc/(portage/)make.conf file and I quote the relevant parts for you again: /etc/make.conf: CFLAGS="-O2 -march=i686 -pipe -fPIC -m32" CXXFLAGS="${CFLAGS}" CHOST="i486-pc-linux-gnu" I left the default CHOST as is and on the Debian systems I provided the required compiler. Here is an example which I try to explain: -- /usr/lib/gcc/i486-pc-linux-gnu/4.5.3/../../../../i486-pc-linux-gnu/bin/ld: i386:x86-64 architecture of input file `scripts/kconfig/conf.o' is incompatible with i386 output -- One of the nodes has compiled a 64 bit object (conf.o) which the linker (running on 32 bit) tried to link to a 32 bit program/library (the output). So for me, the Makefile in that package (klibc) didn't provide the specified CFLAGS I configured which needs fixing, if my assuming is right. I can deeper more investigate here. >From that same package' Makefile (found in /var/tmp/portage/bla/blub/work/ >directory): export HOSTCFLAGS := -Wall -Wstrict-prototypes -O2 -fomit-frame-pointer I think this line only needs to be extended with $(CFLAGS) then the fix is complete. All other packages have same symtomes (missing $CLFAGS from /etc/make.conf) and can be fixed in similar or same way. Regards, Roland
Aw: [gentoo-user] Re: Some essential packages fail to compile
> > Isn't it a requirement that all nodes run Gentoo, with the same GCC > version, and you must setup sys-devel/crossdev on each of them? > > I don't see how it could possibly work otherwise. > In my first email I wrote that all other nodes have Debian installed, not Gentoo.
Aw: Re: [gentoo-user] dm-crypt + ext4 = where will the journal go?
> That is already solved (I had selected it somehow) by simply deselecting it. > > But is now a little OT. I now try to compile x11-libs/libxcb, and > dev-python/elementtree is not installed on my system. There is hope for this matter, see my forum posting: http://forums.gentoo.org/viewtopic-p-7133700.html#7133700 In short: USE="*build* foo bar" That >build< was wrong and has disabled a lot required python modules (including _elementtree, gdbm, curses, ...). Roland
Aw: Re: [gentoo-user] Fix for getting libxml2 compiled!
> Weird, I'm on 2.8.0-r1 and didn't have to do any hoop jumping to get > there (~amd64). Yes, it is really weird thing. :/ I use x86 (i686, my laptop does only support 32 bit; it is a Thinkpad R51). Regards, Roland
Aw: Re: [gentoo-user] dm-crypt + ext4 = where will the journal go?
> Try `emerge -pvT $foo`. With whatever package $foo you are trying to > install. That is already solved (I had selected it somehow) by simply deselecting it. But is now a little OT. I now try to compile x11-libs/libxcb, and dev-python/elementtree is not installed on my system. > Regards, > Florian Philipp Regards, Roland
[gentoo-user] Fix for getting libxml2 compiled!
Hi all, I finally got libxml2 compiled, first I had to do this: # emerge expat # emerge python # cd /usr/portage/dev-lang/python/ # emerge python-2.7.3-r2.ebuild # cd - This makes sure that libexpat is there. Now the package is still not compiling because of a missing .so file, see this: # cd /usr/lib/python2.7/xml/parsers/ # ln -sf /usr/lib/python2.7/site-packages/_xmlplus/parsers/pyexpat.so . If I don't do this a python script in /var/tmp/portage/dev-libs/libxml2-2.8.0_rc1/work/libxml2-2.8.0/python-2.7/ called generate.py (you have to call this python2.7 ./generate.py) will fail. Hope this saves someones endless hours. Regards, Roland PS: There are a lot warnings compiling libxml2, you may want to fix them. I have used this to build libxml2: (temporary) USE="-ipv6 readline -debug -doc -examples -icu lzma python -static-libs -test"
Aw: Re: Re: [gentoo-user] dm-crypt + ext4 = where will the journal go?
> dracut and genkernel will both set up initrd. Okay, thank you. :) Now I hang with this: --- >>> Emerging (1 of 203) dev-db/oracle-instantclient-basic-10.2.0.3-r1 * Fetching files in the background. To view fetch progress, run * `tail -f /var/log/emerge-fetch.log` in another terminal. --- How can I disable it? I don't want to have an Oracle client or so. In my /etc/make.conf I already said "-oracle" but it still shows up. Can I somehow find out which package requires it?
Aw: Re: [gentoo-user] dm-crypt + ext4 = where will the journal go?
To add my 2¢:All you need is build initram and pass it as a argument to pre configured kernel (with needed encryption and hash algorithms built in) Initram scripts are on github here https://github.com/tokiclover/mkinitramfs-ll Can I also use dracut? Or won't it setup initrd? I I didn't setup LVM just encryption, on top of it LUKS and then mkfs.ext4 /dev/mapper/envVolRoland
Aw: Re: [gentoo-user] dm-crypt + ext4 = where will the journal go?
Okay, I have setup so far this: /dev/sda1 - /boot (unencrypted) /dev/sda2 - swap (not yet setup, will be encrypted) /dev/sda3 - / (encrypted) /dev/sda3 is the underlaying drive, where I used gpg: # gpg --decrypt key.gpg | cryptsetup --verbose luksFormat /dev/sda3 # gpg --decrypt key.gpg | cryptsetup --verbose luksOpen /dev/sda3 encVol # dd if=/dev/zero of=/dev/mapper/encVol bs=100M (to avoid filesystem corruption) # mkfs.ext4 -L root /dev/mapper/encVol Now I continued as usual with the Gentoo handbook (mount all, copy things on it, etc.) After I compiled the kernel, emerged cryptsetup on the new system, I editied /boot/grub/grub.conf: --- default 0 timeout 30 splashimage=(hd0,0)/boot/grub/splash.xpm.gz title Gentoo Linux root (hd0,0) kernel /boot/kernel-genkernel-x86-3.3.8-gentoo root=/dev/ram0 crypt_root=/dev/sda3 initrd /boot/initramfs-genkernel-x86-3.3.8-gentoo --- (I read not to use real_root, but crypt_root instead?) Then I emerged grub as usual (also: # cat /proc/mounts > etc/mtab ) and did: # grub-install --no-floppy /dev/sda Still as usual. Now it is downloading plymouth (to have some cool things) + dracut (easiest way as I read in wiki). I also had to expand /etc/make.conf (not /etc/portage/make.conf ??? Is this a mistake in handbook?): --- DRACUT_MODULES="crypt_gpg plymouth" --- Now I really hope, that after I installed dracut on it, that I can boot it and the initrd will be updated. It needs at least some kernel modules (e.g. dm_crypt, ext4, sha512_generic, aes_generic) plus gpg and cryptsetup tools to actually decrypt the hard drive. Regards, Roland
Aw: Re: [gentoo-user] dm-crypt + ext4 = where will the journal go?
> 1. Maybe it would be a good idea to use an ASCII-only random string, for > example by piping it through `base64 -w 0`. That way you don't loose any > entropy (the key just gets longer) but it is easier to type the keyfile > manually, in case you ever need to. You also don't have to worry about > odd behavior of password prompts anymore. I think that is now to late for? I have already formated it and added ext4 on it plus installed some packages already (was a long way). > > 2. You should `shred` key.out instead of `rm`. That key file was on RAM disk, not on real. ;) Roland
Aw: Re: Re: [gentoo-user] dm-crypt + ext4 = where will the journal go?
> I think the new method for determining swap is to use what makes sense > and not the old rule of 'twice the ram'. Okay, agreed. Roland
Aw: Re: [gentoo-user] dm-crypt + ext4 = where will the journal go?
I think I made a (tollerateable) mistake: My hard drive has two partitions: - sda1 - encrypted swap - sda2 - encrypted root How should it boot? One way could be by external media (e.g. stick), other is from hard drive. But that is encrypted. So I must leave a small area left for kernel, initrd, System.map and maybe config. So the page at [1] is a little wrong because it misses the boot partition, so the new layout should be: - sda1 - unencrypted boot (/boot) partition - sda2 - encrypted swap (at least as double as your RAM) (crypt-swap) - sda3 - encrypted root (crypt-root) Can someone update this? Regards, Roland [1]: http://wiki.gentoo.org/wiki/DM-Crypt
Aw: Re: [gentoo-user] dm-crypt + ext4 = where will the journal go?
Okay, I have made a little progress. I have generated my private key using some random data + gpg: # head -c 3705 /dev/urandom | head -n 66 | tail -n 65 > key.out # gpg --symmetric -a --s2k-count 8388608 key.out # mv key.out.asc key.gpg # rm -f key.out Now I have to copy that file on my stick and setup /etc/conf.d/dmcrypt: # whole root system encrypted with gpg key from removeable media target=crypt-root source='/dev/hdaX' key='/key:gpg' # This is your stick remdev='/dev/sda1' But what next? The example at [1] is based on key-only file (no passphrase). I know, later on /etc/conf.d/dmcrypt must be placed on the new root-fs but what now? I still have to setup it. cryptsetup doesn't do anything with gpg. So I have setup a pipeline?
Aw: Re: [gentoo-user] dm-crypt + ext4 = where will the journal go?
> No comment on dracut as I have no experience with it. Okay, so I have to try it out myself. When I found something out, I expand the wiki with it. > > However, as I see it, you need no key file if you just use a pass > phrase. In my opinion, a key file is only necessary for two improvements: Entering just a pass phrase means that this pass phrase will be used to decrypt the device, if you decrypt a key before and then with that key decrypt all your volumes you have a much better security because that key will then be used as 'pass phrase' which is *way* much stronger (4096+ chars + ~10-20 chars you can remember). > > 1. Two-factor authentication (read: encrypted key file) > > 2. Avoiding re-typing the pass phrase for multiple dmcrypt partitions See above. :) > You can easily achieve the second point by putting an unencrypted key > file on the first partition which you encrypt with a pass phrase. You > don't even need dracut for this, /etc/conf.d/dmcrypt lets you configure > it easily (as long as it doesn't affect /usr). Okay, I look into this. > > However, I personally find it easier to put LVM on a single dmcrypt > volume and be done this. All you need for this to work are two lines in > /etc/rc.conf: > rc_dmcrypt_before="lvm" > rc_dmcrypt_after="udev" I'm new to LVM, does it setup key-based encryption (best is to put that key on an USB stick, so the attacker needs my stick). Regards, Roland
Aw: Re: [gentoo-user] dm-crypt + ext4 = where will the journal go?
> You forgot the link to [1]. Already mailed but here again: http://wiki.gentoo.org/wiki/DM-Crypt > Never used loop-aes myself. Sorry if I miss the reason for your > confusion because of it. http://loop-aes.sourceforge.net There is the source code. It needs patched util-linux(-ng) package to get working. Also you should not use (crypt-)loop because it conflicts with it (see README inside tar ball). It also provides a really simple swap encryption: - /etc/fstab - /dev/blaX noneswap sw,loop=/dev/loop0,encryption=AES256,itercountk=100 0 0 This will make sure that everytime you bootup your system a new encryption is setup with an iteration of 100 (still performant enough for most things). > Opening a dmcrypt volume creates a mapped block device in /dev/mapper. > You treat it like a partition and format it with ext4. Unless you use > some exotic flags for mke2fs, the journal will be put on the same block > device and is encrypted along with the rest of it. > > So: No need to worry about it. Thank you for the explanation. Maybe it should be added to the wiki? > > Hope this helps, > Florian Philipp Sure it does. :) Roland
Aw: [gentoo-user] dm-crypt + ext4 = where will the journal go?
Opps, here is the missing link: http://wiki.gentoo.org/wiki/DM-Crypt (I don't think it is a good idea to store the keyFile somewhere plain, [2] tells that there is support for crypt-gnupg, but it doesn't show any help how to setup it. [2]: http://wiki.gentoo.org/wiki/Dracut
[gentoo-user] dm-crypt + ext4 = where will the journal go?
Hi all, I'm currently testing dm-crypt to encrypt my whole hard drive. So far I followed this [1] guide and have to wait for the randomization part of the hard drive. In the wiki, ext4 is being used. Since ext3 a journal has been added. From my times with loop-aes I know that I have to store the journal through an encrypted loop device else it might be written on the hard drive. As of I'm new to dm-crypt and Gentoo, where will that journal now go? Any help is welcomed. :) Regards, Roland
[gentoo-user] Bittorrent tracker available with gentoo miniinstall ISOs
Hello, I have added (more may follow) both ISOs of the AMD64 and I386 mini-installer as torrents to my tracker: http://mxchange.org:23456/ AMD64: http://mxchange.org:23456/file?info_hash=%C5%C4%B2%88%92%F5%A9O%01udg%92%17gy%22%9A%ED%B7 I386: http://mxchange.org:23456/file?info_hash=i8%C1%5D%0D%FE%A8M%8E%C5k%FE%B9%8A%1E%A2%9A9%DB%7B I thought you might be interested in. :) I can track more if you like (of course no illegal things). Regards, Roland