[gentoo-user] resolv.conf full of old info

[Grant Edwards]

I've noticed that /etc/resolv.conf seems to accumulate obsolete,
useless info as my laptop moves from one network to another. It looks
like dhcpcd adds stuff when a connection comes up, but never removes
it when the connection goes down.

There are search entries and nameserver entries from networks I
haven't been connected to for a long time.

Even when there are no network interfaces up/configured,
/etc/resolv.conf is full of entries -- and none of them are useful or
valid.

I've tried shutting down all of the network interfaces, deleteting all
of the leases from /var/lib/dhcpcd and then removing resolv.conf. The
next time any interface comes up, /etc/resolv.conf is again full of
obsolete stuff along with the valid entries for the interface that has
just come up.

How do you get rid of old entries that show up in resolv.conf?

RE: [gentoo-user] Re: Full battery laptop only 1 hour

[Laurence Perkins]

>-Original Message-
>From: Michael  
>Sent: Thursday, September 15, 2022 11:01 AM
>To: gentoo-user@lists.gentoo.org
>Subject: Re: [gentoo-user] Re: Full battery laptop only 1 hour
>
>On Thursday, 15 September 2022 18:10:39 BST Laurence Perkins wrote:
>> Note that most batteries these days in anything more complex than a 
>> watch have "smart" charge controllers and so upower or similar can 
>> read what their design watt-hours and current maximum capacity are.  
>> Also, often the total charge or discharge rate.  That plus a little 
>> math should tell you if it's an aging battery or if your machine is 
>> simply failing to idle down for some reason.
> 
>> LMP
>
>Larger capacity batteries have multiple banks in them connected in parallel.  
>Some times one of the banks or its controller(?) fails and while the rest 
>continue to work, the loss in capacity is a noticeable step change.  I recall 
>suddenly losing ~1/3 of the battery capacity on a laptop just 3 or so happy 
>years into its life.  The remaining of the battery capacity continued to 
>degrade slowly and gradually over many years.  So notwithstanding the high 
>consumption identified by the OP the software causes of which should be 
>investigated, there could be also a problem with the battery unit itself.
>
>BTW, short & frequent top ups of lithium-ion batteries is the best approach to 
>their charging, while deep discharge can guarantee a shorter effective life.
>
At the same time, don't make it too short.  The charger has to run for a few 
seconds to a few minutes to determine that the battery is, in fact, full, and 
repeated overcharging in that manner will destroy the battery in short order.  
Let it run down at least a few percent before you plug it in again.

Their lifetime is generally happiest if you keep them between 50 and 80%.  Some 
packs automatically cut off the charging at the 80% mark and just tell you that 
it's full in order to increase the cycle count.

LMP

Re: [gentoo-user] Re: Full battery laptop only 1 hour

[Michael]

On Thursday, 15 September 2022 18:10:39 BST Laurence Perkins wrote:
> Note that most batteries these days in anything more complex than a watch
> have "smart" charge controllers and so upower or similar can read what
> their design watt-hours and current maximum capacity are.  Also, often the
> total charge or discharge rate.  That plus a little math should tell you if
> it's an aging battery or if your machine is simply failing to idle down for
> some reason.
 
> LMP

Larger capacity batteries have multiple banks in them connected in parallel.  
Some times one of the banks or its controller(?) fails and while the rest 
continue to work, the loss in capacity is a noticeable step change.  I recall 
suddenly losing ~1/3 of the battery capacity on a laptop just 3 or so happy 
years into its life.  The remaining of the battery capacity continued to 
degrade slowly and gradually over many years.  So notwithstanding the high 
consumption identified by the OP the software causes of which should be 
investigated, there could be also a problem with the battery unit itself.

BTW, short & frequent top ups of lithium-ion batteries is the best approach to 
their charging, while deep discharge can guarantee a shorter effective life.


signature.asc
Description: This is a digitally signed message part.

RE: [gentoo-user] Re: Full battery laptop only 1 hour

[Laurence Perkins]

Note that most batteries these days in anything more complex than a watch have 
"smart" charge controllers and so upower or similar can read what their design 
watt-hours and current maximum capacity are.  Also, often the total charge or 
discharge rate.  That plus a little math should tell you if it's an aging 
battery or if your machine is simply failing to idle down for some reason.

LMP

-Original Message-
From: Frank Steinmetzger  
Sent: Tuesday, September 13, 2022 4:46 PM
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Re: Full battery laptop only 1 hour

Am Mon, Sep 12, 2022 at 01:51:39PM -0700 schrieb Mark Knecht:
> On Mon, Sep 12, 2022 at 1:40 PM Nuno Silva  wrote:
> >
> > On 2022-09-12, Guillermo García wrote:
> >
> > > Hello guys,
> > >
> > > I bought a laptop and i got like 4 hours of batter life, 
> > > everything ok, (using more than 1 vm, etc), however now in idle my 
> > > laptop has only 1 hour of life, which is really annoying because 
> > > its a brand new laptop bought one year before.
> >
> > Did anything change? Is this the same system/install which used to 
> > last
> > 4 hours on idle? Or, when you say "brand new bought one year 
> > before", you mean it wasn't used before?
> >
> > --
> > Nuno Silva
> >
> 
> Battery life can change over time. I've had batteries that after a 
> couple of years just didn't last as long. I've purchased a few 
> replacement batteries from Amazon and one of them didn't hold charge at all.

My Thinkpad is 6¼ years old and the batteries it shipped with are at 72 and
75 % of their original capacity. But I didn’t use them *that* much, and always 
kept them betweet 40 and 80 % charge when I didn’t need them, which is probably 
98 % of the year.

> 1 year is pretty short but possibly he might buy a new battery as a 
> test. They generally aren't overly expensive.

I don’t believe that they went down to 25 % of their original capacity within a 
year. To achieve that, they must have endured unspeakable abuse.

--
Grüße | Greetings | Salut | Qapla’
Please do not share anything from, with or about me on any social network.

The three main languages in India: Hindi, English and HTML.

Re: [gentoo-user] Re: Full battery laptop only 1 hour

[Frank Steinmetzger]

Am Mon, Sep 12, 2022 at 01:51:39PM -0700 schrieb Mark Knecht:
> On Mon, Sep 12, 2022 at 1:40 PM Nuno Silva  wrote:
> >
> > On 2022-09-12, Guillermo García wrote:
> >
> > > Hello guys,
> > >
> > > I bought a laptop and i got like 4 hours of batter life, everything
> > > ok, (using more than 1 vm, etc), however now in idle my laptop has
> > > only 1 hour of life, which is really annoying because its a brand new
> > > laptop bought one year before.
> >
> > Did anything change? Is this the same system/install which used to last
> > 4 hours on idle? Or, when you say "brand new bought one year before",
> > you mean it wasn't used before?
> >
> > --
> > Nuno Silva
> >
> 
> Battery life can change over time. I've had batteries that after a couple of
> years just didn't last as long. I've purchased a few replacement batteries
> from Amazon and one of them didn't hold charge at all.

My Thinkpad is 6¼ years old and the batteries it shipped with are at 72 and
75 % of their original capacity. But I didn’t use them *that* much, and
always kept them betweet 40 and 80 % charge when I didn’t need them, which
is probably 98 % of the year.

> 1 year is pretty short but possibly he might buy a new battery as
> a test. They generally aren't overly expensive.

I don’t believe that they went down to 25 % of their original capacity
within a year. To achieve that, they must have endured unspeakable abuse.

-- 
Grüße | Greetings | Salut | Qapla’
Please do not share anything from, with or about me on any social network.

The three main languages in India: Hindi, English and HTML.


signature.asc
Description: PGP signature

Re: [gentoo-user] Re: Full battery laptop only 1 hour

[Mark Knecht]

On Mon, Sep 12, 2022 at 1:40 PM Nuno Silva  wrote:
>
> On 2022-09-12, Guillermo García wrote:
>
> > Hello guys,
> >
> > I bought a laptop and i got like 4 hours of batter life, everything
> > ok, (using more than 1 vm, etc), however now in idle my laptop has
> > only 1 hour of life, which is really annoying because its a brand new
> > laptop bought one year before.
>
> Did anything change? Is this the same system/install which used to last
> 4 hours on idle? Or, when you say "brand new bought one year before",
> you mean it wasn't used before?
>
> --
> Nuno Silva
>

Battery life can change over time. I've had batteries that after a couple of
years just didn't last as long. I've purchased a few replacement batteries
from Amazon and one of them didn't hold charge at all.

1 year is pretty short but possibly he might buy a new battery as
a test. They generally aren't overly expensive.

Or how about booting just to a console and testing how long
the machine stays up?

Re: [gentoo-user] The Full Story.

[Caveman Al Toraboran]

hi - not related to ur email, but i think it may help u fix ur email setup.

just to let u know that protonmail has classified ur email as spam.  it says 
that ur email has failed the domain authentication requirements.  it says it 
might be spoofed or something.  it gives this link for further info: 
https://protonmail.com/support/knowledge-base/email-has-failed-its-domains-authentication-requirements-warning/


rgrds,
cm.

‐‐‐ Original Message ‐‐‐
On Friday, November 1, 2019 1:44 AM, Alan Grimes  wrote:

> Ok, it's about 2:45 AM, I thoughtlessly did something absurdly risky,
> resize a chromium browser pane by clicking on the edge of the window and
> dragging it a few pixels, so naturally X11 goes down taking my number
> theory code with it. Reminder: I had run that code from May 1 through
> last week and only voluntarily rebooted my machine
>
> ##
> GAH
> dev-util/meson:0
>
>   (dev-util/meson-0.52.0:0/0::gentoo, ebuild scheduled for merge)
> conflicts with
>      (gnome-base/dconf-0.32.0-r1:0/0::gentoo, installed)
>     ^   
> #
>
> So I decided to do an emergency system update and reboot the damn thing
> completely and hopefully things would get a little better.
>
> In this state, my frame of mind was to just keep hitting the damn thing
> with the heaviest, bluntest object I could get my hands on until I got
> it to work and I could go to bed... I gave up at 4:15 am... My goal is a
> 3 AM bed time... Basically I was being fast and ruthless with emerge
> --unmerge, clearing useflags, masking crap, etc... I did not do anything
> I regret today but still...
>
> (also, the goddamned fake indian recruiters who only try to get you to
> agree to let them represent you in your job negotiations with some
> random company in some random state had called me ten times that day,
> and another 7 times today for that matter... I found that if I emphasize
> that I'm on the virge of a nervous breakdown they might, reluctantly
> remove me from their database but usually they just laugh...)
>
> I've spent a whole day wrestling with it at this point.
>
> CHROMIUM WILL NOT LOAD AT ALL. It fails a good 30 minutes into the
> build, the packages involved are quite archane... Ninja?!?!?! V8?!?!?!?
>
> My theory about chromium is that the release frequency seems to be
> faster than the time it actually takes to build the thing. I think they
> do this to avoid bug reports as they will be ten versions further on by
> the time any actual bug reports make it back upstream... The only way
> this could be possible is to run builds across maybe a dozen machines 
> in a datacenter, starting a new build every 30 minutes and then
> releasing the ones that complete...
>
> KDE is similar, in that the releases are much more frequent than any
> conceivable development cycle for that number of packages. Many of which
> are probably being version bumped just for grins and giggles... Damnit
> guys, give it a rest until you've made stuff like Akregator actually
> work without crashing...
>
> (Nuno Silva) wrote:
>
> > Alan Grimes' e-mail address seems to be from Verizon, which is, if I
> > understand correctly, Yahoo Mail.
>
> Worse, AOL mail.
>
>
> 
>
> Clowns feed off of funny money;
> Funny money comes from the FED
> so NO FED -> NO CLOWNS!!!
>
> Powers are not rights.

[gentoo-user] The Full Story.

[Alan Grimes]

Ok, it's about 2:45 AM, I thoughtlessly did something absurdly risky,
resize a chromium browser pane by clicking on the edge of the window and
dragging it a few pixels, so naturally X11 goes down taking my number
theory code with it. Reminder: I had run that code from May 1 through
last week and only voluntarily rebooted my machine

##
GAH
dev-util/meson:0

  (dev-util/meson-0.52.0:0/0::gentoo, ebuild scheduled for merge)
conflicts with
    
> Alan Grimes' e-mail address seems to be from Verizon, which is, if I
> understand correctly, Yahoo Mail.

Worse, AOL mail.


-- 
Clowns feed off of funny money;
Funny money comes from the FED
so NO FED -> NO CLOWNS!!! 

Powers are not rights.

[gentoo-user] Compiling full featured doxygen...replacing CLisp

[tuxic]

Hi,

For a test to create all documentation for the LUFA library
(USB/Arduino: http://fourwalledcubicle.com/LUFA.php) with doxygen,
I enabled all USE-flags for that package and start compiling.

One package failed to build: CLisp.
But I have working installation of sbcl installed, which
is as to my knowledge also common list compatible.

Before digging into the problems, why CLisp does not compile
and installing a second common lisp package (which I dont
use...I have sbcl and I am happy with it:)   :

Is there a way to explain emerge/portage just to use sbcl instead
of CLisp?

Thanks a lot for any help in advance!
Cheers
Meino

Re: [gentoo-user] Re: Full system encryption on Gentoo

[Markus Kaindl]

Am Donnerstag, 31. Dezember 2015, 00:15:33 schrieb Jeremi Piotrowski:
> This will lead to you having to enter the password
> twice - once when grub starts and once when the initramfs is setting up /.

If, and ONLY if, your /boot is inside your LUKS-encrypted volume, you can also 
add a keyfile for your LUKS-volume (I used another keyslot for that, but you 
can also use the password, you use for manual unlocking..) to your crypttab 
and your dracut-initrd:

% cat /etc/crypttab 
mySSD.cryptUUID=2850e418-f325-47b6-b42b-82a60055a0c6   
/root/mySSD.lukskey   discard,luks

crypttab-format: (Name  Path/Spec   /path/to/keyoptions) (see man 5 
crypttab)

% cat /etc/dracut.conf.d/luks.conf 
install_items+="/etc/crypttab /root/mySSD.lukskey"

check if the permissions for your initrd are save, aka only readable for root, 
dracut automatically sets them to 600 and root:root here, but better save than 
sorry..

with that setup you do not need to enter the password twice, because your 
initrd is able to open the luks-device with the keyfile.

Re: [gentoo-user] Re: Full system encryption on Gentoo

[Jeremi Piotrowski]

On Thu, Dec 31, 2015 at 10:38:45AM +1000, Hans wrote:
> I have a working VM with Gentoo on LVM on top of LUKS. Works fine in 
> change root, Just can't get it to boot. Probably somewhere missed 
> something. Will start from scratch using your 10 steps with dracut 
> instead of genkernel.

I just tried the steps and indeed I forgot to mention a couple of things.

You should generate the initramfs with dracut before you run
grub2-mkconfig - that way grub will find the initramfs.

The other issue is that of naming the root partition on the kernel
cmdline. When you open the luks partition using `cryptsetup open` you
give it a device-mapper name. In some cases grub will save this name in
grub.cfg. So grub's kernel cmdline would contain e.g.

root=/dev/mapper/crypto

dracut will by default open the luks partition with a name of the form
luks-. This mismatch will prevent root from mounting.

To overcome this and guarantee a predictable name add an /etc/crypttab
entry of the form

 UUID=

then generate the initramfs with dracut again, and it will copy this file
and use it to name the luks partition upon opening. Just make sure you use
the same name during installation and in crypttab - this is not mandatory
but it makes things easier.

Howver, sometimes grub will generate a cmdline entry of the form
`root=UUID=` if it finds an initramfs which will prevent this issue.
Also remember that there are two things: the uuid of the encrypted luks
partition (this needs to go in crypttab), and the uuid of the decrypted
partition inside luks (this needs to go in fstab and the root cmdline).

Just make sure everything is consistent.

Re: [gentoo-user] Re: Full system encryption on Gentoo

[Jeremi Piotrowski]

On Thu, Dec 31, 2015 at 02:49:42PM +0100, Jeremi Piotrowski wrote:
> I just tried the steps and indeed I forgot to mention a couple of things.

And one more: don't format the full disk as luks, because there won't be
any space for grub and grub2-install will error out. Make a single
partition (default should be offset 2048 sectors from the beginning of the
disk) which leaves plenty of space for grub's bootstrap, and format that
as luks.

[gentoo-user] Re: Full system encryption on Gentoo

[James]

Jeremi Piotrowski  gmail.com> writes:


> On Thu, Dec 31, 2015 at 02:49:42PM +0100, Jeremi Piotrowski wrote:
> > I just tried the steps and indeed I forgot to mention a couple 
 > > of things.

> And one more: don't format the full disk as luks, because there won't be
> any space for grub and grub2-install will error out. Make a single
> partition (default should be offset 2048 sectors from the beginning of the
> disk) which leaves plenty of space for grub's bootstrap, and format that
> as luks.


It would be fantastic, if this thread and other updated  and relevant
information made it's way to the gentoo wiki. My specific interest is
similar, but for minimized or embedded gentoo  on other hardware platforms
(arm64 and other 64 bit chips).


Also, here is a linux kernel (not a fork?) that has peaked my curiosity,
as I try to ascertain the implications that are relevant to gentoo ::

http://www.zdnet.com/article/matthew-garrett-is-not-forking-linux/


Forking of the linux kernel for specific needs has not been necessary in the
past, as one would just not choose to use specific features, by natural
selection. But now it seems, even some of the lkm devs are asserting that
forking to add new/test/biased codes to the linux kernel sources presents a
very interesting and viable pathway for tightly focused development of
kernel sources. I think others will soon find this an interesting approach
for BoF to collect around cleaner kernel sources which are more focused on
the needs of a sub-group. As systemd and cluster codes both progress at a
rapid pace, there are tons of conflicts related to performance enhancements
and lowest level allocation/control of resources that is creating a need for
linux kernel forks. Some folks in the Hi Performance Computing communities
are already doing so, privately. I have been personally notified by one such
group that they are going to 'open source' their work, in detail, hopefully
early 2016, but as soon as practical. Speed optimized, dynamic cluster
formation and 100% encrypt-able platforms seem to be converging, imho.


hth,
James

[gentoo-user] Re: Full system encryption on Gentoo

[Roman Dobosz]

On Wed, 30 Dec 2015 07:34:52 +1000
Hans  wrote:

> Is it possible to fully encrypt a Gentoo system as can be done with 
> Fedora, Suse, Arch Linux, Debian and Ubunto without using a unencrypted 
> USB boot stick or unencrypted /boot partition?
> 
> If yes, where can I find instructions that really work on a BIOS only 
> box without UEFI, EFI, systemd using EXT4 file system?

It's definitely possible - for both usb stick or ordinary boot
partition, although it's not quite the same as in distros you've
mentioned, since it require either custom made initramfs or some
utility which would made one for you (like dracut, genkernel etc).

There is several guides which might be useful, just google for one.
It doesn't have to be gentoo specific, since the install procedure is
almost the same, the only difference is the choice of medium for
booting up the encrypted system, bootloader and fstab configuration,
partition layout (with/without lvm) and so on. One of teh most
comprehensive guide about the topic is the Sakaki's EFI Install
Guide [1]. Yeah, I know there is "EFI" word, but it doesn't matter -
you can just skip the part with efi partition and make your own
pendrive (using syslinux) or create unencrypted boot partition :)

[1] https://wiki.gentoo.org/wiki/Sakaki%27s_EFI_Install_Guide

-- 
  -^-  _   something is grinding the emptiness:
   _ /O)_\//   Kohina - 4-Mat - Saturday - C64 (6581r4)
  (_(|__(_(_) grf. http://www.kohina.com

[gentoo-user] Re: Full system encryption on Gentoo

[Hans]

On 31/12/15 09:15, Jeremi Piotrowski wrote:

On Thu, Dec 31, 2015 at 07:45:29AM +1000, Hans wrote:

I can't follow Sakaki's_EFI_Install_Guide. The system will run in
VirtualBox and only have BIOS. No UEFI, EFI, USB stick as boot or key disk.


You should still atleast read the guide to figure out how to get the
encryption part right. You can skip the USB stuff and fallback to BIOS
equivalents of EFI concepts.


I just have to find a way to get the same result using Gentoo with
OpenRC and if possible without LVM.  Entering the pass phrase several
times is no problem.


The steps are more or less the following:

1.  cryptsetup your whole device
2.  mkfs
3.  chroot
4.  install grub with device-mapper flag
5.  install dracut and cryptsetup.
6.  add GRUB_ENABLE_CRYPTODISK=y to /etc/default/grub
7.  grub2-install
8.  set 'hostonly="yes"' in /etc/dracut.conf OR add the output of
`dracut --print-cmdline` to GRUB_CMDLINE_LINUX_DEFAULT in
/etc/default/grub
9.  grub2-mkconfig -o /boot/grub/grub.cfg
10. dracut --regenerate-all

Somewhere between step 3 and 10 you need to build the kernel with atleast the
dm_crypt module. This will lead to you having to enter the password twice -
once when grub starts and once when the initramfs is setting up /.

Check the arch wiki article on the topic [1] for more info, but don't
blindly trust the boot loader part because that is specific to arch's
initramfs generator.

[1]: https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system




I have a working VM with Gentoo on LVM on top of LUKS. Works fine in 
change root, Just can't get it to boot. Probably somewhere missed 
something. Will start from scratch using your 10 steps with dracut 
instead of genkernel.


Have a nice New Year
Hans

[gentoo-user] Re: Full system encryption on Gentoo

[Jeremi Piotrowski]

On Thu, Dec 31, 2015 at 07:45:29AM +1000, Hans wrote:
> I can't follow Sakaki's_EFI_Install_Guide. The system will run in 
> VirtualBox and only have BIOS. No UEFI, EFI, USB stick as boot or key disk.

You should still atleast read the guide to figure out how to get the
encryption part right. You can skip the USB stuff and fallback to BIOS
equivalents of EFI concepts.

> I just have to find a way to get the same result using Gentoo with 
> OpenRC and if possible without LVM.  Entering the pass phrase several 
> times is no problem.

The steps are more or less the following:

1.  cryptsetup your whole device
2.  mkfs
3.  chroot
4.  install grub with device-mapper flag
5.  install dracut and cryptsetup.
6.  add GRUB_ENABLE_CRYPTODISK=y to /etc/default/grub
7.  grub2-install
8.  set 'hostonly="yes"' in /etc/dracut.conf OR add the output of 
   `dracut --print-cmdline` to GRUB_CMDLINE_LINUX_DEFAULT in 
   /etc/default/grub
9.  grub2-mkconfig -o /boot/grub/grub.cfg
10. dracut --regenerate-all

Somewhere between step 3 and 10 you need to build the kernel with atleast the
dm_crypt module. This will lead to you having to enter the password twice -
once when grub starts and once when the initramfs is setting up /.

Check the arch wiki article on the topic [1] for more info, but don't
blindly trust the boot loader part because that is specific to arch's
initramfs generator.

[1]: https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system

[gentoo-user] Re: Full system encryption on Gentoo

[Hans]

I can't follow Sakaki's_EFI_Install_Guide. The system will run in 
VirtualBox and only have BIOS. No UEFI, EFI, USB stick as boot or key disk.


OpenSuse 42.1 boots from a encrypted single LVM volume on a MSDOS drive, 
single partition, using grub2 as boot manager, and systemd.


I just have to find a way to get the same result using Gentoo with 
OpenRC and if possible without LVM.  Entering the pass phrase several 
times is no problem.


Hans


On 31/12/15 03:53, Roman Dobosz wrote:

On Wed, 30 Dec 2015 07:34:52 +1000
Hans  wrote:


Is it possible to fully encrypt a Gentoo system as can be done with
Fedora, Suse, Arch Linux, Debian and Ubunto without using a unencrypted
USB boot stick or unencrypted /boot partition?

If yes, where can I find instructions that really work on a BIOS only
box without UEFI, EFI, systemd using EXT4 file system?


It's definitely possible - for both usb stick or ordinary boot
partition, although it's not quite the same as in distros you've
mentioned, since it require either custom made initramfs or some
utility which would made one for you (like dracut, genkernel etc).

There is several guides which might be useful, just google for one.
It doesn't have to be gentoo specific, since the install procedure is
almost the same, the only difference is the choice of medium for
booting up the encrypted system, bootloader and fstab configuration,
partition layout (with/without lvm) and so on. One of teh most
comprehensive guide about the topic is the Sakaki's EFI Install
Guide [1]. Yeah, I know there is "EFI" word, but it doesn't matter -
you can just skip the part with efi partition and make your own
pendrive (using syslinux) or create unencrypted boot partition :)

[1] https://wiki.gentoo.org/wiki/Sakaki%27s_EFI_Install_Guide

Re: [gentoo-user] Re: Full disk encryption

[Neil Bothwick]

On Sat, 3 Dec 2011 00:44:18 +, David W Noon wrote:

 The reason for that working is that the fsck command loads fsck.ext2,
 not e2fsck.  That used to be a symlink to e2fsck, but these days it is
 a separate copy (byte-for-byte identical).

Doh!


-- 
Neil Bothwick

Does fuzzy logic tickle?


signature.asc
Description: PGP signature

Re: [gentoo-user] Re: Full disk encryption

[David W Noon]

On Thu, 1 Dec 2011 14:03:18 +, Neil Bothwick wrote about Re:
[gentoo-user] Re: Full disk encryption:

 On Thu, 1 Dec 2011 13:43:01 +, David W Noon wrote:
[snip]
  I need to fsck / before I mount /usr, /var and everything else.
 
 Now it makes sense, but can't you use busybox fsck?

AFAIAA, busybox does not have an fsck command.  If it did, it would
only be a transparent loader for filesystem-specific programs, such as
e2fsck or reiserfsck; this is how the standard fsck program works too.
-- 
Regards,

Dave  [RLU #314465]
*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
dwn...@ntlworld.com (David W Noon)
*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*


signature.asc
Description: PGP signature

Re: [gentoo-user] Re: Full disk encryption

[Neil Bothwick]

On Fri, 2 Dec 2011 22:00:18 +, David W Noon wrote:

  Now it makes sense, but can't you use busybox fsck?  
 
 AFAIAA, busybox does not have an fsck command.  If it did, it would
 only be a transparent loader for filesystem-specific programs, such as
 e2fsck or reiserfsck; this is how the standard fsck program works too.

Busybox does have an fsck, it doesn't recognise the filesystem type, you
have to give it as an argument. A quick Google suggest that it does
indeed pass the work on to e2fsck, however, I tried renaming /sbin/e2fsck
and then running busybox fsck -t ext2 /dev/summat and it worked.


-- 
Neil Bothwick

Copy from another: plagiarism. Copy from many: research.


signature.asc
Description: PGP signature

Re: [gentoo-user] Re: Full disk encryption

[David W Noon]

On Fri, 2 Dec 2011 23:24:29 +, Neil Bothwick wrote about Re:
[gentoo-user] Re: Full disk encryption:

[snip]
 Busybox does have an fsck, it doesn't recognise the filesystem type,
 you have to give it as an argument. A quick Google suggest that it
 does indeed pass the work on to e2fsck, however, I tried
 renaming /sbin/e2fsck and then running busybox fsck -t
 ext2 /dev/summat and it worked.

The reason for that working is that the fsck command loads fsck.ext2,
not e2fsck.  That used to be a symlink to e2fsck, but these days it is
a separate copy (byte-for-byte identical).
-- 
Regards,

Dave  [RLU #314465]
*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
dwn...@ntlworld.com (David W Noon)
*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*


signature.asc
Description: PGP signature

Re: [gentoo-user] Re: Full disk encryption

[Neil Bothwick]

On Thu, 1 Dec 2011 00:27:06 +, David W Noon wrote:

  Why not mount root read-only, just like in a non-initramfs system?
  
  Any e2fsck commands will be run during the boot runlevel, before
  remounting root rw.  
 
 Unfortunately, the system does not work that way.  When running inside
 an initramfs, one cannot load executable content from mount points --
 only from within the initramfs.  So, while it is perfectly possible to
 do ls /mnt/root/sbin/e2fsck (assuming the root partition has been
 mounted ro as /mnt/root), it is not possible to load and execute that
 program. [And, yes, I have adjusted the PATH and LD_LIBRARY_PATH shell
 variables to address the program and library directories on the mounted
 root partition.] After performing a switch_root to the actual root
 partition, this restriction is lifted.

I understand that, but not why you need to run e2fsck before the
switch_root. Is this to do with the way your system is set up? The object
of the initramfs is only to get the system into a state where / can be
mounted and switch_root run, I assume you are trying to do more than that
with it.


-- 
Neil Bothwick

WORM: (n.) acronym for Write Once, Read Mangled. Used to describe a
  normally-functioning computer disk of the very latest design.


signature.asc
Description: PGP signature

Re: [gentoo-user] Re: Full disk encryption

[David W Noon]

On Thu, 1 Dec 2011 08:47:27 +, Neil Bothwick wrote about Re:
[gentoo-user] Re: Full disk encryption:

On Thu, 1 Dec 2011 00:27:06 +, David W Noon wrote:
[snip]
 Unfortunately, the system does not work that way.  When running
 inside an initramfs, one cannot load executable content from mount
 points -- only from within the initramfs.  So, while it is perfectly
 possible to do ls /mnt/root/sbin/e2fsck (assuming the root
 partition has been mounted ro as /mnt/root), it is not possible to
 load and execute that program. [And, yes, I have adjusted the PATH
 and LD_LIBRARY_PATH shell variables to address the program and
 library directories on the mounted root partition.] After performing
 a switch_root to the actual root partition, this restriction is
 lifted.

I understand that, but not why you need to run e2fsck before the
switch_root. Is this to do with the way your system is set up? The
object of the initramfs is only to get the system into a state where /
can be mounted and switch_root run, I assume you are trying to do more
than that with it.

The objective is to get /, /usr, /var and any other directory path the
user feels is needed mounted before udev starts.  This is a
continuation of the udev now sucks thread from a few months ago.

I need to fsck / before I mount /usr, /var and everything else.  This
is because the mount point directories could be zombies that would be
removed by fsck, thus invalidating the mount.  We all hope that /usr
and /var are not zombies, but fsck won't take my word for it.
-- 
Regards,

Dave  [RLU #314465]
==
dwn...@ntlworld.com (David W Noon)
==


signature.asc
Description: PGP signature

Re: [gentoo-user] Re: Full disk encryption

[Neil Bothwick]

On Thu, 1 Dec 2011 13:43:01 +, David W Noon wrote:

 I understand that, but not why you need to run e2fsck before the
 switch_root. Is this to do with the way your system is set up? The
 object of the initramfs is only to get the system into a state where /
 can be mounted and switch_root run, I assume you are trying to do more
 than that with it.  
 
 The objective is to get /, /usr, /var and any other directory path the
 user feels is needed mounted before udev starts.  This is a
 continuation of the udev now sucks thread from a few months ago.
 
 I need to fsck / before I mount /usr, /var and everything else.

Now it makes sense, but can't you use busybox fsck?


-- 
Neil Bothwick

An expert is nothing more than an ordinary person away from home.


signature.asc
Description: PGP signature

Re: [gentoo-user] Re: Full disk encryption

[Dale]

Neil Bothwick wrote:

On Thu, 1 Dec 2011 13:43:01 +, David W Noon wrote:


I understand that, but not why you need to run e2fsck before the
switch_root. Is this to do with the way your system is set up? The
object of the initramfs is only to get the system into a state where /
can be mounted and switch_root run, I assume you are trying to do more
than that with it.

The objective is to get /, /usr, /var and any other directory path the
user feels is needed mounted before udev starts.  This is a
continuation of the udev now sucks thread from a few months ago.

I need to fsck / before I mount /usr, /var and everything else.

Now it makes sense, but can't you use busybox fsck?




I thought the file system was mounted ro, then the file system checks 
done, then remounted rw and boot continues on?  I see mine do this 
without the init thingy and from what I see as things zoom by, that is 
what it does.  What am I missing here?


Just curious.  No flaming please.

Dale

:-)  :-)

--
I am only responsible for what I said ... Not for what you understood or how 
you interpreted my words!

Re: [gentoo-user] Re: Full disk encryption

[Neil Bothwick]

On Thu, 01 Dec 2011 08:13:24 -0600, Dale wrote:

  I need to fsck / before I mount /usr, /var and everything else.  
  Now it makes sense, but can't you use busybox fsck?
 
   
 
 I thought the file system was mounted ro, then the file system checks 
 done, then remounted rw and boot continues on?  I see mine do this 
 without the init thingy and from what I see as things zoom by, that is 
 what it does.  What am I missing here?

That's how it normally happens, with or without an initramfs, but
mounting /usr on / without checking / first could possibly be problematic
if / turns out to be corrupt. That is the situation David is trying to
guard against.

I'm not sure it's a big deal, because if / is badly corrupt, the main
init will bail out soon enough anyway.  


-- 
Neil Bothwick

Love is grand. Divorce is a few grand more.


signature.asc
Description: PGP signature

Re: [gentoo-user] Re: Full disk encryption

[Michael Mol]

On Wed, Nov 30, 2011 at 8:23 PM, David W Noon dwn...@ntlworld.com wrote:
 On Wed, 30 Nov 2011 19:39:11 -0500, Michael Mol wrote about Re:
 [gentoo-user] Re: Full disk encryption:

 [snip]
Stupid question...Would using LZMA and a tarball reduce the size of
your initeamfs?

 Not really.  I am already using gzip -9, and binaries don't compress
 especially well.  Moreover, the archiver *must* be cpio, not tar.

I don't understand initrd that well, but I understand you run an
init-type script inside it.

My thought was:
1) Include enough in your cpio blob to extract a .tar.xz file. Even
better if you can use a self-extracting, statically-linked LZMAball.
2) launch a second-stage init sequence from the subsequently-extracted data.

Large groups of binaries can compress pretty well, but, obviously, it
depends greatly on the data in question.

Also, wasn't there an ELF-specific compressor making the rounds a few
months ago? And I take it there are no existing tools to take a
dynamically-linked binary, pack in all the pulled-in files, rewrite
symbol tables to include only the symbols used, pull the thing all
into a single now-statically-linked binary, and perform something like
COMDAT folding to remove duplicate functions? It would seem possible,
at least.

-- 
:wq

Re: [gentoo-user] Re: Full disk encryption

[David W Noon]

On Thu, 1 Dec 2011 11:41:50 -0500, Michael Mol wrote about Re:
[gentoo-user] Re: Full disk encryption:

 On Wed, Nov 30, 2011 at 8:23 PM, David W Noon dwn...@ntlworld.com
 wrote:
  On Wed, 30 Nov 2011 19:39:11 -0500, Michael Mol wrote about Re:
  [gentoo-user] Re: Full disk encryption:
 
  [snip]
 Stupid question...Would using LZMA and a tarball reduce the size of
 your initeamfs?
 
  Not really.  I am already using gzip -9, and binaries don't compress
  especially well.  Moreover, the archiver *must* be cpio, not tar.
 
 I don't understand initrd that well, but I understand you run an
 init-type script inside it.
 
 My thought was:
 1) Include enough in your cpio blob to extract a .tar.xz file. Even
 better if you can use a self-extracting, statically-linked LZMAball.
 2) launch a second-stage init sequence from the
 subsequently-extracted data.
 
 Large groups of binaries can compress pretty well, but, obviously, it
 depends greatly on the data in question.

The initramfs is already a compressed archive.  It can be compressed
using gzip, bzip2 or lzma/xz.  All of these give only modest reduction
in size.

 Also, wasn't there an ELF-specific compressor making the rounds a few
 months ago? And I take it there are no existing tools to take a
 dynamically-linked binary, pack in all the pulled-in files, rewrite
 symbol tables to include only the symbols used, pull the thing all
 into a single now-statically-linked binary, and perform something like
 COMDAT folding to remove duplicate functions? It would seem possible,
 at least.

The problem with that is that internal references within a .so library
are somewhat ambiguous, because the address constants have already been
partially relocated, eliminating symbol dictionary lookups (i.e.
references that were originally external have been made internal by
symbol dictionary lookup and then the symbol converted into an offset
within the load library).

In contrast, an ar-format library is simply a collection of object
decks (old mainframe term) indexed by their external symbols.  Thus the
linker is forced to keep doing symbol dictionary lookups and object
code extraction from libraries until all the external references have
been resolved.  There are no unresolved external references left in a
correctly linked .so library, so this process cannot be repeated.

The only feasible option I can think of is to use a full delinker on
the main program. [I wrote one of these delinkers for the IBM mainframe
back in the 1980s, so it's a technology I understand fairly well.] This
would reverse all the partially relocated addresses back to external
references by a reverse lookup in the symbol dictionary and relocation
dictionary.  This could restore the original object deck(s) of the main
program and it/they could be relinked using the static libraries (if
they exist).
-- 
Regards,

Dave  [RLU #314465]
*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
dwn...@ntlworld.com (David W Noon)
*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*


signature.asc
Description: PGP signature

Re: [gentoo-user] Re: Full disk encryption

[Pandu Poluan]

On Dec 1, 2011 3:32 AM, David W Noon dwn...@ntlworld.com wrote:


- 8 snip


 I have a working initramfs layout, but currently it is too large
 (32MiB) for my /boot partition.  The problem package is e2fsprogs, as
 it requires dynamic linkage and, consequently, a full-sized glibc.
 This sucks, so I need to patch the Makefile(s) to build a more sensible
 set of executables for an initramfs.

 All of the code I have written myself compiles and links statically,
 typically using klibc, so my finished code is tiny.

 I haven't been working on this for a couple of months now, because the
 need for it is not really pressing.  The assertion that udev would
 require /usr and /var (plus the kitchen sink) really soon is unfounded,
 at least for those of us who run more elderly hardware.

 Anyhow, when I'm finished there will be a zsh script that will build an
 initramfs image, and even install it to /boot, with a single command.

You know, Debian has an e2fsck-static package. Why don't Gentoo,  I
wonder...

That said, you *can* have an almost-static e2fsck if you compile it
yourself.

Rgds,

[gentoo-user] Re: Full disk encryption

[Jack Byer]

czernitko wrote:


 I would like to have only one partition with all home directories on it,
 and I would like to avoid usage of initrd as I don't use it now and I
 would like to keep it that way if possible.

You don't need an initramfs but you might want to reconsider not using one 
at some point. I avoided them for a long time but when I wanted to do whole 
disk encrypted I learned how to make my own (not particularly difficult) and 
later started using dracut which basically just works.

Re: [gentoo-user] Re: Full disk encryption

[Dale]

Jack Byer wrote:

czernitko wrote:



I would like to have only one partition with all home directories on it,
and I would like to avoid usage of initrd as I don't use it now and I
would like to keep it that way if possible.

You don't need an initramfs but you might want to reconsider not using one
at some point. I avoided them for a long time but when I wanted to do whole
disk encrypted I learned how to make my own (not particularly difficult) and
later started using dracut which basically just works.






Did you use a howto for Dracut?  If so, have a link you could post?  I 
tried making a init thingy and after about 20 failed reboots, I scraped 
the idea.  I was trying to follow the howto on the Gentoo wiki I think.  
The unofficial wiki.


Thanks.

Dale

:-)  :-)

--
I am only responsible for what I said ... Not for what you understood or how 
you interpreted my words!

Re: [gentoo-user] Re: Full disk encryption

[czernitko]

Yup, establishing encrypted partition for /home was easy as a pie using
cryptsetup. I was considering using truecrypt as it offers multiplatform
support, so I could access encrypted partition even from my dualbooted
windoze, but I didn't want to put effort into something not as well
documented (how-toed) as dmcrypt.
As for initrd, I believe it has a lot of advantages, but as long as I can
avoid it, I don't see any reason why to spend time learning that stuff and
making my kernel deployment more complicated. I know that one day I will
have to learn that stuff. But as far as it is not today, it makes my day
even better :)

Thanks for all your responses!

Peter

Re: [gentoo-user] Re: Full disk encryption

[Neil Bothwick]

On Wed, 30 Nov 2011 12:31:00 -0600, Dale wrote:

 Did you use a howto for Dracut?  If so, have a link you could post?  I 
 tried making a init thingy and after about 20 failed reboots, I scraped 
 the idea.  I was trying to follow the howto on the Gentoo wiki I
 think.  

That worked for me (dracut didn't). If it fails, make sure you have set
ity to drop you into a rescue shell as described on the wiki. Adding a
few echo and ls commands to the init script helps too.


-- 
Neil Bothwick

Blessed be the pessimist for he hath made backups.


signature.asc
Description: PGP signature

Re: [gentoo-user] Re: Full disk encryption

[Aljosha Papsch]

Am Mittwoch, den 30.11.2011, 19:32 +0100 schrieb czernitko:
 Yup, establishing encrypted partition for /home was easy as a pie
 using cryptsetup. I was considering using truecrypt as it offers
 multiplatform support, so I could access encrypted partition even from
 my dualbooted windoze, but I didn't want to put effort into something
 not as well documented (how-toed) as dmcrypt.

You can use FreeOTFE[0] for that. I don't use Windows, so I can't tell
whether you need to install the filesystem driver for Windows.

[0] http://www.freeotfe.org/

Re: [gentoo-user] Re: Full disk encryption

[Dale]

Neil Bothwick wrote:

On Wed, 30 Nov 2011 12:31:00 -0600, Dale wrote:


Did you use a howto for Dracut?  If so, have a link you could post?  I
tried making a init thingy and after about 20 failed reboots, I scraped
the idea.  I was trying to follow the howto on the Gentoo wiki I
think.

That worked for me (dracut didn't). If it fails, make sure you have set
ity to drop you into a rescue shell as described on the wiki. Adding a
few echo and ls commands to the init script helps too.




I did.  It failed so badly even the rescue didn't work.  I did get some 
flashing lights and introduced to the reset button tho.  We all know 
what happened the last time I had to hit the reset button.  :/


Dale

:-)  :-)

--
I am only responsible for what I said ... Not for what you understood or how 
you interpreted my words!

Re: [gentoo-user] Re: Full disk encryption

[czernitko]

I wonder whether it is posible to simply resize the dm-crypt encrypted
partition? Or do I have to create new, bigger partition with required size
and move the data?

Peter

Re: [gentoo-user] Re: Full disk encryption

[David W Noon]

On Wed, 30 Nov 2011 12:31:00 -0600, Dale wrote about Re: [gentoo-user]
Re: Full disk encryption:

[snip]
 I tried making a init thingy and after about 20 failed reboots, I
 scraped the idea.  I was trying to follow the howto on the Gentoo
 wiki I think. The unofficial wiki.

I posted a couple of months ago that you should watch this space for a
small and simple initramfs solution.  That still applies.

I have a working initramfs layout, but currently it is too large
(32MiB) for my /boot partition.  The problem package is e2fsprogs, as
it requires dynamic linkage and, consequently, a full-sized glibc.
This sucks, so I need to patch the Makefile(s) to build a more sensible
set of executables for an initramfs.

All of the code I have written myself compiles and links statically,
typically using klibc, so my finished code is tiny.

I haven't been working on this for a couple of months now, because the
need for it is not really pressing.  The assertion that udev would
require /usr and /var (plus the kitchen sink) really soon is unfounded,
at least for those of us who run more elderly hardware.

Anyhow, when I'm finished there will be a zsh script that will build an
initramfs image, and even install it to /boot, with a single command.
-- 
Regards,

Dave  [RLU #314465]
*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
dwn...@ntlworld.com (David W Noon)
*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*


signature.asc
Description: PGP signature

Re: [gentoo-user] Re: Full disk encryption

[Neil Bothwick]

On Wed, 30 Nov 2011 21:19:51 +0100, czernitko wrote:

 I wonder whether it is posible to simply resize the dm-crypt encrypted
 partition? Or do I have to create new, bigger partition with required
 size and move the data?

Enlarge the partition then use cryptsetup resize to enlarge the encrypted
device (man cryptsetup has the details). Then resize the filesystem to
fit.


-- 
Neil Bothwick

Keyboard: (n.) a device used by programmers to write software for a mouse
or joystick and by operators for playing games such as 'word processing.'


signature.asc
Description: PGP signature

Re: [gentoo-user] Re: Full disk encryption

[Neil Bothwick]

On Wed, 30 Nov 2011 20:28:28 +, David W Noon wrote:

 I have a working initramfs layout, but currently it is too large
 (32MiB) for my /boot partition.  The problem package is e2fsprogs, as  
 it requires dynamic linkage and, consequently, a full-sized glibc.

Why do you need e2fsprogs on an initramfs?


-- 
Neil Bothwick

mpeg@11..


signature.asc
Description: PGP signature

Re: [gentoo-user] Re: Full disk encryption

[David W Noon]

On Wed, 30 Nov 2011 21:47:33 +, Neil Bothwick wrote about Re:
[gentoo-user] Re: Full disk encryption:

 On Wed, 30 Nov 2011 20:28:28 +, David W Noon wrote:
 
  I have a working initramfs layout, but currently it is too large
  (32MiB) for my /boot partition.  The problem package is e2fsprogs,
  as it requires dynamic linkage and, consequently, a full-sized
  glibc.
 
 Why do you need e2fsprogs on an initramfs?

One needs e2fsck to do a preen prior to mounting the required
volume(s).
-- 
Regards,

Dave  [RLU #314465]
*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
dwn...@ntlworld.com (David W Noon)
*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*


signature.asc
Description: PGP signature

Re: [gentoo-user] Re: Full disk encryption

[Neil Bothwick]

On Wed, 30 Nov 2011 22:07:35 +, David W Noon wrote:

  Why do you need e2fsprogs on an initramfs?  
 
 One needs e2fsck to do a preen prior to mounting the required
 volume(s).

Why not mount root read-only, just like in a non-initramfs system?

Any e2fsck commands will be run during the boot runlevel, before
remounting root rw.


-- 
Neil Bothwick

Top Oxymorons Number 21: Now, then ...


signature.asc
Description: PGP signature

Re: [gentoo-user] Re: Full disk encryption

[David W Noon]

On Wed, 30 Nov 2011 23:26:56 +, Neil Bothwick wrote about Re:
[gentoo-user] Re: Full disk encryption:

 On Wed, 30 Nov 2011 22:07:35 +, David W Noon wrote:
 
   Why do you need e2fsprogs on an initramfs?  
  
  One needs e2fsck to do a preen prior to mounting the required
  volume(s).
 
 Why not mount root read-only, just like in a non-initramfs system?
 
 Any e2fsck commands will be run during the boot runlevel, before
 remounting root rw.

Unfortunately, the system does not work that way.  When running inside
an initramfs, one cannot load executable content from mount points --
only from within the initramfs.  So, while it is perfectly possible to
do ls /mnt/root/sbin/e2fsck (assuming the root partition has been
mounted ro as /mnt/root), it is not possible to load and execute that
program. [And, yes, I have adjusted the PATH and LD_LIBRARY_PATH shell
variables to address the program and library directories on the mounted
root partition.] After performing a switch_root to the actual root
partition, this restriction is lifted.

When running without (or with the default) initramfs, the root
partition itself becomes the active filesystem, so loading programs
from /sbin or /bin and libraries from /lib works as expected.

This might be one of Dale's problems, if he was trying to use commands
from the root filesystem within the initramfs.
-- 
Regards,

Dave  [RLU #314465]
*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
dwn...@ntlworld.com (David W Noon)
*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*


signature.asc
Description: PGP signature

Re: [gentoo-user] Re: Full disk encryption

[Dale]

David W Noon wrote:
This might be one of Dale's problems, if he was trying to use commands 
from the root filesystem within the initramfs. 


I don't think that was the issue.  I had nano, busybox and that was it.  
Basically, I just wanted it to be able to load enough that it could boot 
even if /usr and /var was on a separate partition.  Nothing real fancy, 
just the basics.  I was going to save the fancy stuff for later.


Still, it didn't work.  I fixed one error only to have another.  The 
last error, I couldn't find a fix for.  I don't even recall what it was 
now.


Dale

:-)  :-)

--
I am only responsible for what I said ... Not for what you understood or how 
you interpreted my words!

Re: [gentoo-user] Re: Full disk encryption

[Michael Mol]

Stupid question...Would using LZMA and a tarball reduce the size of your
initeamfs?

ZZ
On Nov 30, 2011 7:30 PM, David W Noon dwn...@ntlworld.com wrote:

 On Wed, 30 Nov 2011 23:26:56 +, Neil Bothwick wrote about Re:
 [gentoo-user] Re: Full disk encryption:

  On Wed, 30 Nov 2011 22:07:35 +, David W Noon wrote:
 
Why do you need e2fsprogs on an initramfs?
  
   One needs e2fsck to do a preen prior to mounting the required
   volume(s).
 
  Why not mount root read-only, just like in a non-initramfs system?
 
  Any e2fsck commands will be run during the boot runlevel, before
  remounting root rw.

 Unfortunately, the system does not work that way.  When running inside
 an initramfs, one cannot load executable content from mount points --
 only from within the initramfs.  So, while it is perfectly possible to
 do ls /mnt/root/sbin/e2fsck (assuming the root partition has been
 mounted ro as /mnt/root), it is not possible to load and execute that
 program. [And, yes, I have adjusted the PATH and LD_LIBRARY_PATH shell
 variables to address the program and library directories on the mounted
 root partition.] After performing a switch_root to the actual root
 partition, this restriction is lifted.

 When running without (or with the default) initramfs, the root
 partition itself becomes the active filesystem, so loading programs
 from /sbin or /bin and libraries from /lib works as expected.

 This might be one of Dale's problems, if he was trying to use commands
 from the root filesystem within the initramfs.
 --
 Regards,

 Dave  [RLU #314465]
 *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
 dwn...@ntlworld.com (David W Noon)
 *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*

Re: [gentoo-user] Re: Full disk encryption

[David W Noon]

On Wed, 30 Nov 2011 19:39:11 -0500, Michael Mol wrote about Re:
[gentoo-user] Re: Full disk encryption:

[snip]
Stupid question...Would using LZMA and a tarball reduce the size of
your initeamfs?

Not really.  I am already using gzip -9, and binaries don't compress
especially well.  Moreover, the archiver *must* be cpio, not tar.
-- 
Regards,

Dave  [RLU #314465]
==
dwn...@ntlworld.com (David W Noon)
==


signature.asc
Description: PGP signature

[gentoo-user] /dev full of pty* tty* - is it normal?

[Jarry]

Hi,
I just noticed I have *a lot of* tty/pty files in dev:

obelix ~ # ls -l /dev/pty* | wc -l
256
obelix ~ # ls -l /dev/tty* | wc -l
325

They have names from /dev/ptya0 till /dev/ptyzf, then
pty0-pty63, and ttya0-ttyzf. Is this normal? I thought
udev creates device-files as they are needed, so I'm
surprised to see so much of them...

Jarry
--
___
This mailbox accepts e-mails only from selected mailing-lists!
Everything else is considered to be spam and therefore deleted.

Re: [gentoo-user] /dev full of pty* tty* - is it normal?

[Alex Schuster]

Jarry writes:

 I just noticed I have *a lot of* tty/pty files in dev:
 
 obelix ~ # ls -l /dev/pty* | wc -l
 256
 obelix ~ # ls -l /dev/tty* | wc -l
 325
 
 They have names from /dev/ptya0 till /dev/ptyzf, then
 pty0-pty63, and ttya0-ttyzf. Is this normal? I thought
 udev creates device-files as they are needed, so I'm
 surprised to see so much of them...

Seems to be normal, I get the same output on two of my Gentoo machines.

Wonko

Re: [gentoo-user] /dev full of pty* tty* - is it normal?

[Jarry]

On 26. 1. 2010 18:57, Alex Schuster wrote:


I just noticed I have *a lot of* tty/pty files in dev:

obelix ~ # ls -l /dev/pty* | wc -l
256
obelix ~ # ls -l /dev/tty* | wc -l
325

They have names from /dev/ptya0 till /dev/ptyzf, then
pty0-pty63, and ttya0-ttyzf. Is this normal? I thought
udev creates device-files as they are needed, so I'm
surprised to see so much of them...


Seems to be normal, I get the same output on two of my Gentoo machines.
Wonko


Thanks for info. FYI I just checked some debian-machine and
it has only 63 tty's and none pty. I always thought it had
something to do with number of terminals started by inittab.
Anyway, it looks so that udev is not dynamic for all kind
of dev-files...

Jarry

--
___
This mailbox accepts e-mails only from selected mailing-lists!
Everything else is considered to be spam and therefore deleted.

Re: [gentoo-user] /dev full of pty* tty* - is it normal?

[Dirk Heinrichs]

Am Dienstag 26 Januar 2010 19:20:27 schrieb Jarry:

 Anyway, it looks so that udev is not dynamic for all kind
 of dev-files...

Well, it is. Lookup /lib/udev/rules.d/50-udev-default.rules, you'll find the 
rules for creating [pt]ty nodes there. Debian may have different rules in 
place.

Bye...

Dirk

Re: [gentoo-user] /dev full of pty* tty* - is it normal?

[Dale]

Alex Schuster wrote:

Jarry writes:

  

I just noticed I have *a lot of* tty/pty files in dev:

obelix ~ # ls -l /dev/pty* | wc -l
256
obelix ~ # ls -l /dev/tty* | wc -l
325

They have names from /dev/ptya0 till /dev/ptyzf, then
pty0-pty63, and ttya0-ttyzf. Is this normal? I thought
udev creates device-files as they are needed, so I'm
surprised to see so much of them...



Seems to be normal, I get the same output on two of my Gentoo machines.

Wonko

  


Same thing here.  It's a old install so I expected some old things 
before udev took over.  I guess udev cleaned it up some. 


Seems normal tho.

Dale

:-)  :-) 

Re: [gentoo-user] /dev full of pty* tty* - is it normal?

[Stefan Schulte]

Looks different on my machine:

# ls -l /dev/pty* | wc -l
zsh: no matches found: /dev/pty*
0
# ls -l /dev/tty* | wc -l
65

It may have something to do with your kernel settings.
Device Drivers-Character devices-Unix98 PTY support is enabled
Device Drivers-Character devices-Legacy (BSD) PTY support is disabled
here

-Stefan

On Tue, Jan 26, 2010 at 06:57:33PM +0100, Alex Schuster wrote:
 Jarry writes:
 
  I just noticed I have *a lot of* tty/pty files in dev:
  
  obelix ~ # ls -l /dev/pty* | wc -l
  256
  obelix ~ # ls -l /dev/tty* | wc -l
  325
  
  They have names from /dev/ptya0 till /dev/ptyzf, then
  pty0-pty63, and ttya0-ttyzf. Is this normal? I thought
  udev creates device-files as they are needed, so I'm
  surprised to see so much of them...
 
 Seems to be normal, I get the same output on two of my Gentoo machines.
 
   Wonko
 


pgpCEg6oTcCJ1.pgp
Description: PGP signature

Re: [gentoo-user] Re: full shutdown

[Simon]

I know, -P for powerdown after halt.  but it doesnt change anything on
both PC that have this issue and seems to have no effect on the one
that works fine with just -h

(Besides, with the number of people using linux, how many would want
to shutdown -h without powering down?)

On Sat, Mar 28, 2009 at 9:42 PM, ABCD en.a...@gmail.com wrote:
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

 Simon wrote:
 Hi there,
   this must be simple (it always is) but I can't figure out by myself.
  I have one of the first eeepc (4gb) and when issuing `shutdown -h
 now` the computer shutdown perfectly but forgets to cut the current.
 I have to press the power button 4 sec to cut it manually.

   I'm recompiling the kernel almost as often as I breathe and i wonder
 if I'm not missing some steps (during or after)...  I have acpi
 installed and init.d/acpi is started.  acpi support was compiled in
 kernel and i tried with and without the CONFIG_ACPI_ASUS with no
 difference.  I'm using kernel 2.6.24 (for several drivers that are
 most compatible with this one).  I have almost the same install on 2
 different PCs (with obvious tweakings in kernel options and /etc) and
 the most recent one shuts down correctly, the older one does the same
 thing as my eeepc...

   When recompiling the kernel, I do: make  make modules_install;
 then I recompile the drivers i have and install them, is there
 anything else i should recompile, like should i re-emerge acpi?

   Also, I dont think it's related but, when doing 'startx', after,
 when shutting down, the console screen doesnt update and is stuck on
 the x11 and fvwm2 messages... it doesnt show the progress, any ideas?
 (this is secondary though)

 Thanks in advance guys!
   Simon


 This probably isn't the problem, but try doing `shutdown -hP now`, and
 see if that works - if it does, then there probably is a configuration
 issue somewhere (but I'm not sure where that would be...).

 - --
 ABCD
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v2.0.11 (GNU/Linux)
 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

 iEYEARECAAYFAknO0iEACgkQOypDUo0oQOpgtwCgsSQMLhxzqtJ3fc7Ot5fUznja
 CLgAn2y0fPM8YvSzcPSq4+kxdGUXfdJM
 =c5U0
 -END PGP SIGNATURE-






-- 
When Earth was the only inhabited planet in the Galaxy, it was a
primitive place, militarily speaking.  The only weapon they had ever
invented worth mentioning was a crude and inefficient nuclear-reaction
bomb for which they had not even developed the logical defense. -
Asimov

[gentoo-user] Re: full shutdown

[ABCD]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Simon wrote:
 Hi there,
   this must be simple (it always is) but I can't figure out by myself.
  I have one of the first eeepc (4gb) and when issuing `shutdown -h
 now` the computer shutdown perfectly but forgets to cut the current.
 I have to press the power button 4 sec to cut it manually.
 
   I'm recompiling the kernel almost as often as I breathe and i wonder
 if I'm not missing some steps (during or after)...  I have acpi
 installed and init.d/acpi is started.  acpi support was compiled in
 kernel and i tried with and without the CONFIG_ACPI_ASUS with no
 difference.  I'm using kernel 2.6.24 (for several drivers that are
 most compatible with this one).  I have almost the same install on 2
 different PCs (with obvious tweakings in kernel options and /etc) and
 the most recent one shuts down correctly, the older one does the same
 thing as my eeepc...
 
   When recompiling the kernel, I do: make  make modules_install;
 then I recompile the drivers i have and install them, is there
 anything else i should recompile, like should i re-emerge acpi?
 
   Also, I dont think it's related but, when doing 'startx', after,
 when shutting down, the console screen doesnt update and is stuck on
 the x11 and fvwm2 messages... it doesnt show the progress, any ideas?
 (this is secondary though)
 
 Thanks in advance guys!
   Simon
 

This probably isn't the problem, but try doing `shutdown -hP now`, and
see if that works - if it does, then there probably is a configuration
issue somewhere (but I'm not sure where that would be...).

- --
ABCD
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAknO0iEACgkQOypDUo0oQOpgtwCgsSQMLhxzqtJ3fc7Ot5fUznja
CLgAn2y0fPM8YvSzcPSq4+kxdGUXfdJM
=c5U0
-END PGP SIGNATURE-

Re: [gentoo-user] Re: full shutdown

[Saphirus Sage]

On Mar 28, 2009, at 9:42 PM, ABCD en.a...@gmail.com wrote:


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Simon wrote:

Hi there,
 this must be simple (it always is) but I can't figure out by myself.
I have one of the first eeepc (4gb) and when issuing `shutdown -h
now` the computer shutdown perfectly but forgets to cut the current.
I have to press the power button 4 sec to cut it manually.

 I'm recompiling the kernel almost as often as I breathe and i wonder
if I'm not missing some steps (during or after)...  I have acpi
installed and init.d/acpi is started.  acpi support was compiled in
kernel and i tried with and without the CONFIG_ACPI_ASUS with no
difference.  I'm using kernel 2.6.24 (for several drivers that are
most compatible with this one).  I have almost the same install on 2
different PCs (with obvious tweakings in kernel options and /etc) and
the most recent one shuts down correctly, the older one does the same
thing as my eeepc...

 When recompiling the kernel, I do: make  make modules_install;
then I recompile the drivers i have and install them, is there
anything else i should recompile, like should i re-emerge acpi?

 Also, I dont think it's related but, when doing 'startx', after,
when shutting down, the console screen doesnt update and is stuck on
the x11 and fvwm2 messages... it doesnt show the progress, any ideas?
(this is secondary though)

Thanks in advance guys!
 Simon



This probably isn't the problem, but try doing `shutdown -hP now`, and
see if that works - if it does, then there probably is a configuration
issue somewhere (but I'm not sure where that would be...).

- --
ABCD
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAknO0iEACgkQOypDUo0oQOpgtwCgsSQMLhxzqtJ3fc7Ot5fUznja
CLgAn2y0fPM8YvSzcPSq4+kxdGUXfdJM
=c5U0
-END PGP SIGNATURE-


I always use shutdown now -hP or it won't power down. I just figured  
that was standard. 

Re: [gentoo-user] Re: full shutdown

[Dale]

Saphirus Sage wrote:


 On Mar 28, 2009, at 9:42 PM, ABCD en.a...@gmail.com wrote:



 This probably isn't the problem, but try doing `shutdown -hP now`, and
 see if that works - if it does, then there probably is a configuration
 issue somewhere (but I'm not sure where that would be...).



 I always use shutdown now -hP or it won't power down. I just figured
that was standard.


I don't use the -p option and mine shuts down fine.  I did run into this
one time a lot time ago.  I had to change something in my kernel but I
can't remember what it was now.  I looked but couldn't find anything
either. 

Sorry I can't remember what it was.  Maybe it will come to me later on. 
Like right after hitting send.  lol

Dale

:-)  :-) 

Re: [gentoo-user] / is full

[Bastian Balthazar Bux]

James wrote:
 I had not emerged a gentoo system for a while now / is filled up.
 
 Looking for large files to remove, I found in /proc:
 
 -r   1 root   root   1073672192 May 13 22:31 kcore
  
 
 I guess this is not a good file to remove?
 
 Kernel images are only this big:
 -rw---  1 root root 2298699 Apr 30 00:17 kernel-2.6.11-gentoo-r6B
 
 
 the kcore file is killing a 500 M partion.
 
 Ideas on what to do?
 
 
 James
 
 
 
 
As sayd ignore it or understud it, you can look at
/usr/src/linux/Documentation/filesystems/proc.txt .
kcore   Kernel core image (can be ELF or A.OUT(deprecated in 2.4))

another note: your kcore is very big (five times mine) ypu may want to
optimize what is compiled in modifying the kernelconfig before to build
it (and for this google is your friend ;)

ciao francesco

-- 
 
. These pages are best viewed by coming to my house and looking at   .
. my monitor. [S. Lucas Bergman (on his website)].
 
-- 
gentoo-user@gentoo.org mailing list