Re: [gentoo-dev] New Manifest Hashes
The change has been made. Please remember to cvs up metadata/layout.conf and update portage (if necessary) before committing. Thanks
Re: [gentoo-dev] Re: GLEP draf for cross-compile support in multilib profiles
On 07/01/2012 01:41 PM, Thomas Sachau wrote: I guess, you are mixing cross-compile support in multilib profiles and cross-compile support with cross-toolchains, multilib-portage is for the first one, while crossdev is for the second one. My suggestion does not support e.g. compiling for ppc with an amd64 profile, on amd64 it only can support x86 and x32. Since all of these binaries can run with an amd64 kernel and you build for at least one target, you always have a binary around, no need for an extra HOST dependency. You can run an arm binary on amd64 (through binfmt+qemu-user static) I dont know, what exactly you mean with play properly with ld and cross-vs-host paths, so cannot respond to those. multilib works because the runtime linker picked is the right one for each ABI, thanks to qemu makes no difference if that ABI is native or not. cross vs host paths is an annoying problem due the slightly different behaviour between native and cross compiler toolchains, it tends to ignore environment variables and other small differences making dropping an native cross compiler in a qemu chroot, QUITE a creative activity. lu -- Luca Barbato Gentoo/linux http://dev.gentoo.org/~lu_zero
[gentoo-dev] Kernel compiles and you
Hi! Recently, I have again bumped into the question whether one should compile the kernel as root. One of the things that puzzles me is why almost every HowTo, blog post and book recommends building as non-root -- yet basically no distribution /helps/ the user with doing that. I've discussed this with a few people on #gentoo-dev and they've provided valuable insight (thanks AxS, Chainsaw and WilliamH), so I have gathered the results so far here: http://blog.i-no.de/archives/2012/07/index.html#e2012-07-04T19_28_32.txt Feel free to comment (ideally here). Note that I'm aiming for a solution that is not (overly) Gentoo-specific. Thanks, Tobias (aka Blackb|rd on Freenode) -- Sent from aboard the Culture ship GSV Just Read The Instructions
Re: [gentoo-dev] Kernel compiles and you
On Wed, 4 Jul 2012 19:46:47 +0200 Tobias Klausmann klaus...@gentoo.org wrote: Recently, I have again bumped into the question whether one should compile the kernel as root. One of the things that puzzles me is why almost every HowTo, blog post and book recommends building as non-root -- yet basically no distribution /helps/ the user with doing that. I've discussed this with a few people on #gentoo-dev and they've provided valuable insight (thanks AxS, Chainsaw and WilliamH), so I have gathered the results so far here: http://blog.i-no.de/archives/2012/07/index.html#e2012-07-04T19_28_32.txt Feel free to comment (ideally here). Note that I'm aiming for a solution that is not (overly) Gentoo-specific. There's a very simple yet custom solution I'm using. Shortly saying: checkout the kernel git to /usr/src/linux and chown to your user. As far as it goes, it's superior to having kernel sources installed by ebuilds. I just have to remember to do 'git fetch' from time to time and 'git merge' whenever a new version is tagged. -- Best regards, Michał Górny signature.asc Description: PGP signature
Re: [gentoo-dev] Kernel compiles and you
Hi! On Wed, 04 Jul 2012, Michał Górny wrote: There's a very simple yet custom solution I'm using. Shortly saying: checkout the kernel git to /usr/src/linux and chown to your user. As far as it goes, it's superior to having kernel sources installed by ebuilds. I just have to remember to do 'git fetch' from time to time and 'git merge' whenever a new version is tagged. It is also beyond the package manager's control. That means users who want to just configure their kernel (and run point releases otherwise) have to actively check for new tags/versions. Aside from that the git tree is not exactly lightweight: my current 2.6 checkout weighs in at 1.4G whereas the unpacked tar is 512M. I'll amend the blog post, though. Regards, Tobias -- Sent from aboard the Culture ship GSV Just Read The Instructions
Re: [gentoo-dev] Kernel compiles and you
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/04/2012 01:58 PM, Michał Górny wrote: On Wed, 4 Jul 2012 19:46:47 +0200 Tobias Klausmann klaus...@gentoo.org wrote: Recently, I have again bumped into the question whether one should compile the kernel as root. One of the things that puzzles me is why almost every HowTo, blog post and book recommends building as non-root -- yet basically no distribution /helps/ the user with doing that. I've discussed this with a few people on #gentoo-dev and they've provided valuable insight (thanks AxS, Chainsaw and WilliamH), so I have gathered the results so far here: http://blog.i-no.de/archives/2012/07/index.html#e2012-07-04T19_28_32.txt Feel free to comment (ideally here). Note that I'm aiming for a solution that is not (overly) Gentoo-specific. There's a very simple yet custom solution I'm using. Shortly saying: checkout the kernel git to /usr/src/linux and chown to your user. As far as it goes, it's superior to having kernel sources installed by ebuilds. I just have to remember to do 'git fetch' from time to time and 'git merge' whenever a new version is tagged. Honestly I'm not certain if there is an easy way to do this Obvious easy way, make the ebuilds install the kernel sources and chown root.users then chmod g+w. Of course, after this any user could trojan the kernel... We could allow writes in the directories but not to the kernel source files themselves... that seems moderately sane even as the source files don't need to be written to be compiled, only the dir's need write permissions... Thoughts? - -Zero -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJP9IlzAAoJEKXdFCfdEflK2r0P/1vM8la8nR6ZmZ4jkvMwSTnL pEdbHKtYB3BbwBySpGPDWslxZ+CGAAlpsTTXDKhSnIB73IKZL1zzWylD7VVrIt/s ezpB2LDnZx2uae46CBMYh7fIzt3d4/so4Yprfpx45H89lcoTkfKai3xVkb2T/cQC uP8XmeM0CO5wcwOEJD1FADmkThkOa1tunphr+jWZ3S09hJ9UZ/Zbk+zZr7+XTHG8 xJui8G6cdOsLOXdcQALIJzGDvUID++hJ4LVMr+JIGwfvrjQkwrGikB8WMH61Ftcs Qvc1cidsTQEw4UZeGtYBy8BELpJaH00PTtoupCcOxq7luIz6F4QYQm8X2nIBliHX rpnwll08tbAZl5Dt1XsndHWiEevn8VWUIQrJSeeV/McayCjTUJAV9gcbksKASS6V XXaJfUpeinUbOzjTIXscBOyd5HM60lU0IdprvczXop/q8nOUovQt04u69J3v6Fkc W9Z8mugrRLTGr5XP6pMpfeLGzrmMYNRzPVx6eZb3a2+b/vi1gS0KlDeMbaed7CPI BIBZbrn7rUWjnOv8bifcJZ6FIRhTpqG4azcLrb9RXyR7OxO+1rA82uc1+GLMhBHI YYFVWUijIIE8lgcremmEYSqHpyGUWUNYBz7M+7MHA9I1hG7VMvbuPpnlXPZxuvqI 5nyGGNnZtPtf1Pc+csKC =8V1a -END PGP SIGNATURE-
Re: [gentoo-dev] Kernel compiles and you
On Wed, Jul 04, 2012 at 02:20:36PM -0400, Rick Zero_Chaos Farina wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/04/2012 01:58 PM, Michał Górny wrote: On Wed, 4 Jul 2012 19:46:47 +0200 Tobias Klausmann klaus...@gentoo.org wrote: Recently, I have again bumped into the question whether one should compile the kernel as root. One of the things that puzzles me is why almost every HowTo, blog post and book recommends building as non-root -- yet basically no distribution /helps/ the user with doing that. I've discussed this with a few people on #gentoo-dev and they've provided valuable insight (thanks AxS, Chainsaw and WilliamH), so I have gathered the results so far here: http://blog.i-no.de/archives/2012/07/index.html#e2012-07-04T19_28_32.txt Feel free to comment (ideally here). Note that I'm aiming for a solution that is not (overly) Gentoo-specific. There's a very simple yet custom solution I'm using. Shortly saying: checkout the kernel git to /usr/src/linux and chown to your user. As far as it goes, it's superior to having kernel sources installed by ebuilds. I just have to remember to do 'git fetch' from time to time and 'git merge' whenever a new version is tagged. Honestly I'm not certain if there is an easy way to do this Obvious easy way, make the ebuilds install the kernel sources and chown root.users then chmod g+w. Of course, after this any user could trojan the kernel... There is no need to chown or chmod anything. /usr/src/linux* is always world readable. We could allow writes in the directories but not to the kernel source files themselves... that seems moderately sane even as the source files don't need to be written to be compiled, only the dir's need write permissions... Actually the directories do not need write permissions either. Take a look at the O= option documented in /usr/src/linux/README. William pgpd90SjW3nS8.pgp Description: PGP signature
Re: [gentoo-dev] Kernel compiles and you
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 07/04/2012 08:56 PM, William Hubbs wrote: On Wed, Jul 04, 2012 at 02:20:36PM -0400, Rick Zero_Chaos Farina wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/04/2012 01:58 PM, Michał Górny wrote: We could allow writes in the directories but not to the kernel source files themselves... that seems moderately sane even as the source files don't need to be written to be compiled, only the dir's need write permissions... Actually the directories do not need write permissions either. Take a look at the O= option documented in /usr/src/linux/README. William Um, well, users can then write the the compiled files (.o in the tree). You can also set `chmod -R g+w /` and gave everyone full access. I think running kernels from non-root checkouts is a pretty big security hole. Michael - -- Gentoo Dev http://xmw.de/ -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iF4EAREIAAYFAk/0lFQACgkQknrdDGLu8JD3AwD8CWdFJemXSh4O4xS94AXfo1Bw 6XwIhGspPvP/EGI/+7cBAI486fBSopMQxB/IaFyDnwVxriLZxOan5SrqMJXWa8b5 =+ocR -END PGP SIGNATURE-
[gentoo-dev] Short bugzilla outage today between 2100-2200 UTC
All, bugs.gentoo.org will be down for 30 minutes sometime between 2100 and 2200 UTC. We are migrating the database replication to newer and faster boxes. Apologies for the short notice. We'll let you know with a newer announcement when it is finished. the Gentoo Infrastructure team signature.asc Description: This is a digitally signed message part.
Re: [gentoo-dev] Kernel compiles and you
Michael Weber wrote: I think running kernels from non-root checkouts is a pretty big security hole. Suggest think again. The Linux kernel should not and really must not be built as root. This is neither supported nor recommended nor tested by upstream. You may recall there was a kernel build system bug which ran -rf / which would be bad if you built as root. The administrator usually has a normal user account somewhere. Use that to build. -sources ebuilds installing 755 root:root to /usr/src/linux is fine, but best avoid building in-tree in that case. //Peter
Re: [gentoo-dev] Liblo 0.26 wrong ebuild license
On 07/02/2012 11:51 AM, Natanael Olaiz wrote:
It is LGPL, not GPL.
diff -aru liblo_original/liblo-0.26.ebuild liblo/liblo-0.26.ebuild
--- liblo_original/liblo-0.26.ebuild2011-09-12 20:38:28.0 +0200
+++ liblo/liblo-0.26.ebuild 2012-07-02 10:43:29.0 +0200
@@ -8,7 +8,7 @@
HOMEPAGE=http://plugin.org.uk/liblo;
SRC_URI=mirror://sourceforge/${PN}/${P}.tar.gz
-LICENSE=GPL-2
+LICENSE=LGPL-2.1
SLOT=0
KEYWORDS=amd64 ppc ppc64 x86 ~ppc-macos
IUSE=doc ipv6 static-libs
Best regards,
Natanael.
Bugs should be reported to http://bugs.gentoo.org/ instead of here.
Seriously. With that said, liblo is now fixed.
Re: [gentoo-dev] Kernel compiles and you
On Wed, 4 Jul 2012 20:06:58 +0200 Tobias Klausmann klaus...@gentoo.org wrote: Hi! On Wed, 04 Jul 2012, Michał Górny wrote: There's a very simple yet custom solution I'm using. Shortly saying: checkout the kernel git to /usr/src/linux and chown to your user. As far as it goes, it's superior to having kernel sources installed by ebuilds. I just have to remember to do 'git fetch' from time to time and 'git merge' whenever a new version is tagged. It is also beyond the package manager's control. That means users who want to just configure their kernel (and run point releases otherwise) have to actively check for new tags/versions. True. I think that's the direction I should look into improving. Aside from that the git tree is not exactly lightweight: my current 2.6 checkout weighs in at 1.4G whereas the unpacked tar is 512M. Well, that's the other problem. On the other hand, you usually have to have that 1G free anyway unless you intend to manually unmerge the previous *-sources before installing the new one. And the time needed to do that... git is so much faster. -- Best regards, Michał Górny signature.asc Description: PGP signature
[gentoo-dev] Re: Short bugzilla outage today between 2100-2200 UTC
On Wed, Jul 4, 2012 at 10:16 PM, Theo Chatzimichos tampak...@gentoo.org wrote: All, bugs.gentoo.org will be down for 30 minutes sometime between 2100 and 2200 UTC. We are migrating the database replication to newer and faster boxes. Apologies for the short notice. We'll let you know with a newer announcement when it is finished. the Gentoo Infrastructure team Finished, everything seems fine again. Please let us know if you notice any weird behavior
Re: [gentoo-dev] Kernel compiles and you
On Wed, Jul 04, 2012 at 07:46:47PM +0200, Tobias Klausmann wrote: Hi! Recently, I have again bumped into the question whether one should compile the kernel as root. One of the things that puzzles me is why almost every HowTo, blog post and book recommends building as non-root -- yet basically no distribution /helps/ the user with doing that. Most distros don't have to do anything, they are not requiring users to build their own kernels :) So in reality, they all do help their users with this, it's trivial to build a kernel as a user on those distros. Actually, it is also on Gentoo, there's no need to ever put a kernel anywhere except in your home directory when building it. Oh, and one more reason you never want to build your kernel as root, a few years ago, the kernel build process had a bug where it accidentally tried to do a 'rm -rf /*' on your filesystem. None of the kernel developers ever noticed that as they didn't build a kernel as root, and the bug stuck around for a relativly long time (weeks at least.) There was also some semi-serious talk about leaving it in the build as well, just to catch people who were doing this, but sanity prevailed and it was fixed. But, you never know if that old bug might slip back in one day :) good luck, greg k-h
Re: [gentoo-dev] Kernel compiles and you
On Wed, Jul 4, 2012 at 7:49 PM, Maxim Kammerer m...@dee.su wrote: The KBUILD_OUTPUT / O= option seems like the best solution to me (especially so as I build three kernel images from a single sources tree), and it works well, except that it sometimes doesn't with especially monstrous and hard to configure packages such as virtualbox-guest-additions — see bug #424816. From a compatibility and simplicity standpoint simply making the directory group-writable seems like the simplest solution. However, the group should be something dedicated - not users. While I can see how build system bugs might be bad when running as root, you have to keep in mind that chances are that once you're done with building the kernel you're going to execute it in ring-0. When you run make modules_install that is also going to need to run as root and it could clobber things as well. About the only really safe approach would be to run as a limited user, install it into some offset/chroot, package it, and then install it using portage as a binpkg. That actually has advantages on many levels, and it basically is what we do with everything else. Rich
Re: [gentoo-dev] Kernel compiles and you
On 07/04/2012 07:58 PM, Rich Freeman wrote: On Wed, Jul 4, 2012 at 7:49 PM, Maxim Kammerer m...@dee.su wrote: The KBUILD_OUTPUT / O= option seems like the best solution to me (especially so as I build three kernel images from a single sources tree), and it works well, except that it sometimes doesn't with especially monstrous and hard to configure packages such as virtualbox-guest-additions — see bug #424816. From a compatibility and simplicity standpoint simply making the directory group-writable seems like the simplest solution. However, the group should be something dedicated - not users. A similar problem occurs in sys-freebsd/virtio-kmod. The ebuild works around it by copying all of the files into the build directory like what FreeBSD Ports does. We were able to improve on that by only copying the files that were needed and using hard links whenever possible. It should be possible to do the same here. signature.asc Description: OpenPGP digital signature
Re: [gentoo-dev] Kernel compiles and you
On Thu, 2012-07-05 at 02:49 +0300, Maxim Kammerer wrote: On Wed, Jul 4, 2012 at 9:56 PM, William Hubbs willi...@gentoo.org wrote: Actually the directories do not need write permissions either. Take a look at the O= option documented in /usr/src/linux/README. The KBUILD_OUTPUT / O= option seems like the best solution to me (especially so as I build three kernel images from a single sources tree), and it works well, except that it sometimes doesn't with especially monstrous and hard to configure packages such as virtualbox-guest-additions — see bug #424816. I've experimented with O= in the past. It seems like a good solution, however... There are kernel-dependent packages that (seem to) always look for configuration options, symbols, etc. in /usr/src/linux. When you use O= then those features do not exist in /usr/src/linux and thus those packages will fail. So I have basically abandoned using O=. Might it be better if you could tell portage to look for kernel builds in another location than /usr/src/linux. Perhaps you can already and I'm not aware. If not, then this just be a lot of work and perhaps the benefits do not outweigh the effort involved? Anyway, just something to think about. -a
Re: [gentoo-dev] Kernel compiles and you
On Wednesday 04 July 2012 21:36:02 Albert W. Hopkins wrote: Might it be better if you could tell portage to look for kernel builds in another location than /usr/src/linux. Perhaps you can already and I'm not aware. export KBUILD_OUTPUT=... -mike signature.asc Description: This is a digitally signed message part.
Re: [gentoo-dev] Kernel compiles and you
On Thu, Jul 5, 2012 at 4:36 AM, Albert W. Hopkins
mar...@letterboxes.org wrote:
There are kernel-dependent packages that (seem to) always look for
configuration options, symbols, etc. in /usr/src/linux. When you use O=
then those features do not exist in /usr/src/linux and thus those
packages will fail. So I have basically abandoned using O=.
Try setting KBUILD_OUTPUT in /etc/make.conf — it will be used by
linux-info.eclass (and linux-mod.eclass) automatically, so most kernel
module-compiling ebuilds will do the right thing. There are
exceptions, such as the VirtualBox packages above, which want access
to the build tree outside module compilation for whatever reason, but
I already found a fix for that specific problem
(--with-linux=${KV_OUT_DIR}), so count me as a fan of O=.
You can also apparently set KERNEL_DIR to something other than
/usr/src/linux, but with eselect kernel available, this variable is
probably best left alone.
--
Maxim Kammerer
Liberté Linux: http://dee.su/liberte
Re: [gentoo-dev] grub:2 keywords
On Tue, Jul 3, 2012 at 9:20 AM, Jeroen Roovers j...@gentoo.org wrote: On Mon, 2 Jul 2012 15:02:28 -0400 Mike Gilbert flop...@gentoo.org wrote: That is exactly what Doug (cardoe) proposed, and he is working on the docs for that. Ah yes, it's been a long-winded thread. :) jer I got a little busier this past weekend than I had intended (loving that leap second bug) but here's the first draft: http://dev.gentoo.org/~cardoe/docs/grub2-migration.xml It will be integrated into the official Gentoo doc set once I get a nod from the docs guys. -- Doug Goldstein
