Re: [gentoo-dev] Incoming >=sys-libs/timezone-data-2020d[zic-slim] breakage

2020-10-29 Thread Toralf Förster

On 10/29/20 10:14 AM, Sergei Trofimovich wrote:

   You can enable new default explicitly with USE=zic-slim switch.


will do it here at the tinderbox

--
Toralf
PGP 23217DA7 9B888F45


OpenPGP_0x23217DA79B888F45.asc
Description: application/pgp-keys


OpenPGP_signature
Description: OpenPGP digital signature


Re: [gentoo-dev] newsitem: k8s split packages returning

2020-10-04 Thread Toralf Förster

On 10/4/20 12:11 AM, William Hubbs wrote:

And either the enw Thunderbirds GPG sucks or your key does not match the 
sender name :-(


--
Toralf
PGP 23217DA7 9B888F45



Re: [gentoo-dev] How to stabilize packages with frequent release cycles?

2020-09-15 Thread Toralf Förster
On 9/15/20 8:42 AM, Michał Górny wrote:
> Do you have any suggestions how we could improve this?
A (naive) approach would be to have something like auto_stable_after_x_days=n 
somewhere and a bot which checks whether a bug was opened related to the last 
version.

However this doesn't cover bugs filed a while ago and are not be fixed in 
current stable.


-- 
Toralf
PGP 23217DA7 9B888F45



signature.asc
Description: OpenPGP digital signature


Re: [gentoo-dev] xorg-x11 RDEPEND changes without revisions

2020-08-07 Thread Toralf Förster
On 8/7/20 8:25 PM, Michael Orlitzky wrote:
> 
> I have too many other things to do to waste time reverse-engineering
> these fuck-ups. Get it together.

I'm just curious if you refer to commit d8c442ba8 - b/c that was made by 
someone at Wed Oct 16 19:41:02 2019 + and I do wonder why nobody else run 
into that issue since that time?

-- 
Toralf
PGP 23217DA7 9B888F45



signature.asc
Description: OpenPGP digital signature


Re: [gentoo-dev] Bug #733802, USE 'scp' now defaults to off in net-misc/openssh

2020-07-26 Thread Toralf Förster
On 7/26/20 2:05 AM, Rich Freeman wrote:
> The two appropriate ways to communicate something like this are
> einfo/ewarn/etc or news.  Never hurts to use news.  Ideally I'd point
> to a substitute, and I'd suggest one myself if I were aware of one...

ewarn please, einfo is too weak

-- 
Toralf
PGP 23217DA7 9B888F45



signature.asc
Description: OpenPGP digital signature


[gentoo-dev] Re: Add commit to pull request

2020-06-21 Thread Toralf Förster
On 6/21/20 6:49 PM, Toralf Förster wrote:
> On 6/21/20 6:48 PM, Samuel Bernardo wrote:
>> Is it possible to add the commit to that pull request or I need to open
>> a new pull request?
> yes
> 
, you can add additional material to the same commit. It will be
automatically handled by GitHub (and GitLab does simialr too FWIW)

-- 
Toralf
PGP 23217DA7 9B888F45



signature.asc
Description: OpenPGP digital signature


[gentoo-dev] Re: Add commit to pull request

2020-06-21 Thread Toralf Förster
On 6/21/20 6:48 PM, Samuel Bernardo wrote:
> Is it possible to add the commit to that pull request or I need to open
> a new pull request?
yes

> I already try to get help in gentoo-dev channel but I haven't voice there...
ask in #git :-)

-- 
Toralf
PGP 23217DA7 9B888F45



signature.asc
Description: OpenPGP digital signature


Re: [gentoo-dev] Value of Continuous integration vs Code Review / Pull Requests

2020-05-27 Thread Toralf Förster
On 5/27/20 2:16 PM, Thomas Deutschmann wrote:
> The problem when doing review on Github
> for me is, that we usually create new revisions. Therefore we don't see
> what's changed in new revision versus previous revision. 
That's my main concern with the current behaviour: a "git diff" often doesn't 
show a diff against the previous (ebuild) file, it shows a diff against 
/dev/null :-/

-- 
Toralf
PGP 23217DA7 9B888F45



signature.asc
Description: OpenPGP digital signature


Re: [gentoo-dev] [RFC] Anti-spam for goose

2020-05-21 Thread Toralf Förster
On 5/21/20 11:43 AM, Michał Górny wrote:
> On Thu, 2020-05-21 at 11:17 +0200, Toralf Förster wrote:
>> On 5/21/20 10:47 AM, Michał Górny wrote:
>>> TL;DR: I'm looking for opinions on how to protect goose from spam,
>>> i.e. mass fake submissions.
>>>
>>
>> I'd combine IP-limits with proof-of-work.
>> CAPTCHA should be the very last option IMO.
>>
> 
> To be honest, I don't see the point for proof-of-work if we have IP
> limits.
> 

The POW has to be made for every submission and should (somehow) include the 
IP-address.
So you have 2 barriers. None of both is perfect but their combination is 
expensive.

-- 
Toralf
PGP 23217DA7 9B888F45



signature.asc
Description: OpenPGP digital signature


Re: [gentoo-dev] [RFC] Anti-spam for goose

2020-05-21 Thread Toralf Förster
On 5/21/20 10:47 AM, Michał Górny wrote:
> TL;DR: I'm looking for opinions on how to protect goose from spam,
> i.e. mass fake submissions.
> 

I'd combine IP-limits with proof-of-work.
CAPTCHA should be the very last option IMO.

-- 
Toralf
PGP 23217DA7 9B888F45



signature.asc
Description: OpenPGP digital signature


Re: [gentoo-dev] [RFC] Ideas for gentoostats implementation

2020-05-05 Thread Toralf Förster
On 5/5/20 10:26 PM, Daniel Pielmeier wrote:
> Actually the maintainer decided to continue the project.
> The code is now hosted at Github [1].
> The site moved to a new server and the upload is working again.
> 
> [1] https://github.com/portagefilelist
> 
> -- 
> Best regards
> Daniel

Indeed - I'm reactivating the pfl logic in the tinderbox script.

-- 
Toralf
PGP 23217DA7 9B888F45



signature.asc
Description: OpenPGP digital signature


Re: [gentoo-dev] [RFC] Ideas for gentoostats implementation

2020-05-05 Thread Toralf Förster
On 4/26/20 10:08 AM, Michał Górny wrote:
> I don't think we really want to try to investigate
> which files are actually used but focus on what's installed.
Hi,

I do wonder if the http://www.portagefilelist.de/site/start (package 
app-portage/pfl) would be part of that or not?
The maintainer of the pfl stopped the import of new data last year due to lack 
fo time to maintain that project and is looking for a usccessor.

-- 
Toralf
PGP 23217DA7 9B888F45



signature.asc
Description: OpenPGP digital signature


Re: [gentoo-dev] [RFC] Ideas for gentoostats implementation

2020-04-26 Thread Toralf Förster
On 4/26/20 12:25 PM, Michał Górny wrote:
> On Sun, 2020-04-26 at 12:15 +0200, Toralf Förster wrote:
>> On 4/26/20 10:52 AM, Michał Górny wrote:
>>> Do you have any other idea for spam protection then?
>>
>> IMO there're 2 types of spam:
>>
>> 1. made by accident (eg. "* * * * *" instead "@weekly" in crontab)
>> 2. made intentionlly
>>
>> The 1st can be handled by UUID - just drop any old related dataset from 
>> inbox when a new one arrived
>> For the 2nd: what about accepting only datasets from "valid" UUIDs, meaning 
>> where just 1 dataset/week/IPv4 (maybe /16 block) in the mean did arrived in 
>> the last few weeks/months ?
>>
> 
> I'm sorry but could you rephrase that in more sentences?  I don't
> understand what you mean.
> 

Well, inspired by what Tor people do with Tor bridge stats:

- Create an UUID (never published, known only at the client and at the gentoo 
stats server)
- Calculate a hash of it. The hash is allowed to be published. The hash may be 
related with contact informations. The contact data may or may not be 
published. The hash is used for contacting people in case of questions.

The stats sent by the client contains the UUID.
Stats are send to a stats server in an area where they do live fore a while 
(days).
If a new stats file was got then the stats server deletes all older stats file 
of thet UUID in the stats area.

Stats are be trusted if they meet conditions already mentioned by Brian Dolbec.

IMO do not care about detecting spam, just try to detect valid UUIDs.

-- 
Toralf
PGP 23217DA7 9B888F45



signature.asc
Description: OpenPGP digital signature


Re: [gentoo-dev] [RFC] Ideas for gentoostats implementation

2020-04-26 Thread Toralf Förster
On 4/26/20 10:52 AM, Michał Górny wrote:
> Do you have any other idea for spam protection then?

IMO there're 2 types of spam:

1. made by accident (eg. "* * * * *" instead "@weekly" in crontab)
2. made intentionlly

The 1st can be handled by UUID - just drop any old related dataset from inbox 
when a new one arrived
For the 2nd: what about accepting only datasets from "valid" UUIDs, meaning 
where just 1 dataset/week/IPv4 (maybe /16 block) in the mean did arrived in the 
last few weeks/months ?

Well, other than that maybe spamassassin or Tor peolple have more theory and 
generic approaches?
:-)

-- 
Toralf
PGP 23217DA7 9B888F45



signature.asc
Description: OpenPGP digital signature


Re: [gentoo-dev] [RFC] Ideas for gentoostats implementation

2020-04-26 Thread Toralf Förster
On 4/26/20 11:09 AM, Ulrich Mueller wrote:
> Instead of using the IP address, you could generate a UUID when
> installing the tool. 

like the pfl tool did ?

-- 
Toralf
PGP 23217DA7 9B888F45



signature.asc
Description: OpenPGP digital signature


Re: [gentoo-dev] [RFC] Ideas for gentoostats implementation

2020-04-26 Thread Toralf Förster
On 4/26/20 10:08 AM, Michał Górny wrote:
> .  This
> involves accepting a privacy policy and setting up a cronjob.  The tool
> would suggest a (random?) time for submission to take place periodically
> (say, every week).

Well, something like "@weekly" should be preferred over eg "42 23 * * *" b/c 
the later might be too late for desktop users.


> We could set a limit of, say, 10 submissions per IPv4 address per week.

If the output do not differ (too much) then the limit isn't needed, or?

-- 
Toralf
PGP 23217DA7 9B888F45



signature.asc
Description: OpenPGP digital signature


[gentoo-dev] reduce load of tinderox' bug reprots to bugs.gentoo.org

2020-03-22 Thread Toralf Förster
I was asked about possible changes of the way how tinderbox detected bugs shall 
be filed, eg. to reduce the amount of attached files. There were ideas to store 
eg. logs et al at AWS s3 and use b.g.o. only for the bug report itself.

I started with the tinderbox being a 1-liner serving my purpose. It grewed up 
by the needs of other devs. So maybe it is time for changes?

I do use pybugz to create bugs. Before I do manually check whether it is 
aalredy reported (yes, this is error prone). Reporting a bug once is my 
preferred solution. Bercause it is a little bit uncomfortable for me to attach 
files later manually at individual request.

I'm open for any opinions / ideas.

-- 
Toralf
PGP 23217DA7 9B888F45



signature.asc
Description: OpenPGP digital signature


Re: [gentoo-dev] Vanilla sources

2020-01-03 Thread Toralf Förster
On 1/3/20 3:46 PM, Rich Freeman wrote:
> If OpenRC contains a vulnerability wouldn't it make more sense to set
> this as part of OpenRC,
Indeed.

Furthermore there's a nifty page 
https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings
which yields for me to this /etc/sysctl.d/local.conf :


#   Restrict potential illegal access via links
# 
fs.protected_hardlinks = 1
fs.protected_symlinks = 1 

#
# https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project#CONFIGs
#

# Try to keep kernel address exposures out of various /proc files (kallsyms, 
modules, etc).
kernel.kptr_restrict = 1

# Avoid kernel memory address exposures via dmesg.
kernel.dmesg_restrict = 1

# Block non-uid-0 profiling (needs distro patch, otherwise this is the same as 
"= 2")
kernel.perf_event_paranoid = 3

# Turn off kexec, even if it's built in.
kernel.kexec_load_disabled = 1

# Avoid non-ancestor ptrace access to running processes and their credentials.
kernel.yama.ptrace_scope = 1

# Disable User Namespaces, as it opens up a large attack surface to 
unprivileged users.
user.max_user_namespaces = 0

# Turn off unprivileged eBPF access.
kernel.unprivileged_bpf_disabled = 1

# Turn on BPF JIT hardening, if the JIT is enabled.
net.core.bpf_jit_harden = 2


-- 
Toralf
PGP 23217DA7 9B888F45



signature.asc
Description: OpenPGP digital signature


Re: [gentoo-dev] Vanilla sources

2020-01-03 Thread Toralf Förster
On 1/3/20 3:37 PM, Michael Orlitzky wrote:
> The gentoo-sources aren't 100% safe either, but the exploitable scenario
> is less common thanks to fs.protected_{hardlinks,symlinks}=1.

But this can be easily achieved w/o installing gentoo-sources, or?

-- 
Toralf
PGP 23217DA7 9B888F45



signature.asc
Description: OpenPGP digital signature


Re: [gentoo-dev] Output of ANSI escape sequences in ebuilds

2019-12-14 Thread Toralf Förster
On 12/14/19 8:16 AM, Ulrich Mueller wrote:
> These prevent NOCOLOR in make.conf or emerge --color=n from working
> correctly, and I guess they are also problematic from an accessibility
> point of view.
+1


Good idea Ulrich !
The SGR control sequences are annoying in script based grepping of issues of 
log streams.

-- 
Toralf
PGP 23217DA7 9B888F45



signature.asc
Description: OpenPGP digital signature


Re: [gentoo-dev] [News item review] amd64 17.1 profiles are now stable

2019-05-19 Thread Toralf Förster
On 5/19/19 8:59 AM, Michał Górny wrote:
> This item will be published along with
> the profiles being marked stable, and the old one will be removed.

Does the stage3 files use the new profile asap after stabilising the profile?
/me just wonders about the impact at my setup script of tinderbox images.

-- 
Toralf
PGP 23217DA7 9B888F45



signature.asc
Description: OpenPGP digital signature


Re: [gentoo-dev] rfc: cron.* and modern cron implementations

2019-03-03 Thread Toralf Förster
On 3/3/19 1:05 AM, William Hubbs wrote:
> /etc/cron.{hourly,daily,weekly,monthly} structure to run repeating cron jobs?
I'm not 100% but IMO for a desktop this seems works whereas @daily or @weekly 
in crontab works only for systems running 24h per day, isn't it?

-- 
Toralf
PGP 23217DA7 9B888F45



signature.asc
Description: OpenPGP digital signature


Re: [gentoo-dev] [RFC] adding more entries to profiles/info_pkgs

2018-12-16 Thread Toralf Förster
On 12/15/18 3:00 AM, Georgy Yakovlev wrote:
> that should be enough to provide a bit more to initial information without 
> going crazy and clobbering output too much.
> 
> Thoughts?
At least for the tinderbox image issues I was asked by devs in the past to 
include bits for the following software in #comment0:

  cat << EOF >> $issuedir/issue
gcc-config -l:
$(gcc-config -l   )
$( [[ -x /usr/bin/llvm-config ]] && echo llvm-config: && llvm-config --version )
$(eselect python  list 2>/dev/null)
$(eselect rubylist 2>/dev/null)
$(eselect rustlist 2>/dev/null)
$( [[ -x /usr/bin/java-config ]] && echo java-config: && java-config 
--list-available-vms --nocolor )
$(eselect java-vm list 2>/dev/null)

...



-- 
Toralf
PGP 23217DA7 9B888F45



signature.asc
Description: OpenPGP digital signature


Re: [gentoo-dev] [PATCH] systemd.eclass: set BDEPEND for EAPI 7

2018-08-06 Thread Toralf Förster
On 08/06/2018 10:09 PM, Alec Warner wrote:
> 
> They do not even do so by convention; there are numerous EAPIs in the
> wild that are non-numeric.

Then this line

 if [[ ${EAPI} == [0123456] ]]; then

is a short-term solution, right?

-- 
Toralf
PGP 23217DA7 9B888F45



signature.asc
Description: OpenPGP digital signature


[gentoo-dev] I broke my IRC config in KDE konversation

2018-07-27 Thread Toralf Förster
and I'm too stupid to fix it quickly.

For any important things pls just email me.

Thx.


-- 
Toralf
PGP 23217DA7 9B888F45



signature.asc
Description: OpenPGP digital signature


Re: [gentoo-dev] News Item: Portage rsync hardlink support

2018-07-08 Thread Toralf Förster
On 07/08/2018 08:08 AM, Zac Medico wrote:
> Please review.
>
> Title: Portage rsync hardlink support
> Author: Zac Medico 
> Posted: 2018-07-11
> Revision: 1
> News-Item-Format: 2.0
> Display-If-Installed: sys-apps/portage
> IMO there's another heads-up for users having an unsual configuration:

So we do speak about files under /usr/portage itself and not about that
dir (==changing its inode number), right?

B/c  otherwise there's another heads-up for people bind-mounting
/usr/portage onto chrooted images.

-- 
Toralf
PGP 23217DA7 9B888F45




signature.asc
Description: OpenPGP digital signature


Re: [gentoo-dev] Gentoo-dev whitelisting

2018-05-13 Thread Toralf Förster
On 05/13/2018 08:57 PM, Alec Warner wrote:
> Dear Gentoo Community,
>
> Gentoo-dev whitelisting[1][2] is nearly ready for deployment. The new
> posting guidelines to post on gentoo-dev@lists.gentoo.org
>  the following:
>
>  - You must be a member of the list to post.
>  - You must be on the whitelist to post.
>
> The whitelist automatically whitelists all @gentoo.org
>  addresses. Additions of addresses to the
> whitelist can be made by any developer. To modify the whitelist,
> please read this wiki page for instructions:
>
> https://wiki.gentoo.org/wiki/Project:Infrastructure/Mailing_Lists#Managing_the_Gentoo-Dev_whitelist
> 
>
> [1] https://bugs.gentoo.org/650964 
> [2] The whitelist is not yet live, but I wanted to give folks an
> opportunity to populate the whitelist before enabling it; so have at it.
>
>
Hi,


why is "anta...@gentoo.org" at the whtielist. IMO that is superfluous, or ?

-- 
Toralf
PGP 23217DA7 9B888F45



signature.asc
Description: OpenPGP digital signature


Re: [gentoo-dev] Regarding the State of PaX in the tree

2018-04-16 Thread Toralf Förster
On 04/16/2018 11:14 AM, Hanno Böck wrote:
> There's also another question related to this: What's the future for
> Gentoo hardened?
> From what I can tell hardened consists of:
> * the things that try to make it compatible with grsec/pax
>   (more or less obsolete).
> * things that are now in default profiles anyway (aslr, stack
>   protector).
> * things that probably should be in default profiles (relro, now linker
>   flags)
> * -fstack-check, which should eventually be replaced with
>   -fstack-clash-protection (only available in future gcc's) and that
>   should probably also go into default profiles.
> * Furthermore hardened disables some useful features due to their
>   incompatibility with pax (e.g. sanitizers).

Which let me wonder, what I would lose today by a switch from
17.0-hardened + USE-flags to 17.0/desktop/plasma at my KDE desktop?

-- 
Toralf
PGP 23217DA7 9B888F45




signature.asc
Description: OpenPGP digital signature


Re: [gentoo-dev] things becoming better and better

2018-03-20 Thread Toralf Förster
On 03/19/2018 08:07 PM, M. J. Everitt wrote:
> Hopefully, moving forward there will be less
> human effort required to extend and maintain the tree of packages on
> which we depend, and together with QA, huge strides forward are being
> made to achieve this end.

Indeed,

automation of QA and other checks is a big step towards to have the tree
in a good shape.

(BTW I like the funny name "croaker" in IRC) - and IMO a lot of
improvement was made in that area.

-- 
Toralf
PGP 23217DA7 9B888F45




signature.asc
Description: OpenPGP digital signature


[gentoo-dev] things becoming better and better

2018-03-19 Thread Toralf Förster
honestly.


When I started with my tinderbox 2 or 3 years ago I had often a fair
amount of manual work to made to get an image up and running - moslty
tweaking USE flags to get blockers being solved. This yielded into a
growing list of fixed USE flags settings for certain packages.

But over the time this list became small and smaller and eventually this
month I kicked off the last few lines (famous last words?).

Said that Gentoo has IMO a lot of success stories to tell too (beside
the usual grumblings and annoyances) - and the quality of the Gentoo
tree is IMO an example of that.


/me was just in the mood for a statement like this

-- 
Toralf
PGP 23217DA7 9B888F45




signature.asc
Description: OpenPGP digital signature


Re: [gentoo-dev] SAT-based dependency solver: request for test cases

2018-02-08 Thread Toralf Förster
On 02/06/2018 11:52 AM, Michael Lienhardt wrote:
>
> To help, you can send us the tar generated by this bash script:
> https://raw.githubusercontent.com/HyVar/gentoo_to_mspl/master/benchmarks/get_installation.sh
>
> This bash script extracts your world file, the USE flags and keywords
> configuration of your system and the list of installed packages you
> have (it should not take more than few seconds).
> With this, we will see if our solver is able to recreate your system
> and how much time it takes.
>
> You can send everything to my professional email: mlien...@di.unito.it
>
Just send an email to that with an uunencoded tar.xz file from one of
the tinderbox images [1] I do run.

I can adapt the scripts to send the result file of each of the currently
7 running images daily.


[1] https://zwiebeltoralf.de/tinderbox.html

-- 
Toralf
PGP 23217DA7 9B888F45



signature.asc
Description: OpenPGP digital signature


Re: [gentoo-dev] Masking 4.12

2017-12-30 Thread Toralf Förster
On 12/30/2017 07:52 AM, Alice Ferrazzi wrote:
> Hello,
>
> We recently dropped the stable keywords for 4.14,
> but 4.12 (the next stable in gentoo-sources) is no more
> maintained from upstream.
>
> The last update that 4.12 got from upstream was 2017-09-20,
> and upstream is no more backporting security fixes since then.
> Because of this, we will proceed to mask 4.12.
>
> Keep in mind: If 4.14 works for you, you can keyword it and
> continue to use it, if you need a more stable kernel, please
> move to 4.9.
>
At the LKML you can read that Linus Torvalds blames Gentoo GCC patch
set  for few issues related to 4.14.9


-- 
Toralf
PGP 23217DA7 9B888F45




signature.asc
Description: OpenPGP digital signature


Re: [gentoo-dev] Dropping stable USE flags for 4.14

2017-12-29 Thread Toralf Förster
On 12/29/2017 02:58 PM, Alice Ferrazzi wrote:
> While not all issues are present in gentoo-sources-4.14.8-r1 we are
> concerned about the current stability/quality of the 4.14.x branch in

4.14.9 prevents both my desktop and my server from being boot, hangs
very early in the process before dmesg could start.

Tried to bisect itm, w/o too much success, would have much more
difficulties to bisect the remote headless server.

Whilst both systems boot now again (I mainly had to switch to the
generic CPU instead the Intel MCORE2 config option and removed few extra
sanity chekcs and the GCC plugin and so on) I second you about the
quality of the current 4.1.4.X tree, especially for X>=9.

I complaint already at the LKML.


-- 
Toralf
PGP 23217DA7 9B888F45




signature.asc
Description: OpenPGP digital signature


Re: [gentoo-dev] RFC: news item for the 17.0 profiles

2017-11-29 Thread Toralf Förster
On 10/10/2017 11:27 PM, Nils Freydank wrote:
> It looks to me as there isn’t any emtytree world rebuild necessary, as long 
> as 
> someone comes from hardened with PIE enabled.

Furthermore I do wonder if even rebuilding GCC is necessary - except for
changed USE flags - for a hardened user already having PIE enabled ?

-- 
Toralf
PGP 23217DA7 9B888F45




signature.asc
Description: OpenPGP digital signature


Re: [gentoo-dev] RFC: news item for the 17.0 profiles

2017-10-09 Thread Toralf Förster
On 10/09/2017 11:40 PM, Pacho Ramos wrote:
> Could anyone with enough knowledge finally give a look to the patched vapier

s/patched/patches/

or ? :-)

-- 
Toralf
PGP 23217DA7 9B888F45




signature.asc
Description: OpenPGP digital signature


Re: [gentoo-dev] default entries for ALSA_CARDS, INPUT_DEVICES and VIDEO_CARDS

2017-08-18 Thread Toralf Förster
On 08/18/2017 09:47 AM, Andrew Savchenko wrote:
> If yes, such testing will be quite useful, if no, it will give
> false failures.

woops, good point,so I removed them entirely for now form the make.conf.

-- 
Toralf
PGP 23217DA7 9B888F45




signature.asc
Description: OpenPGP digital signature


[gentoo-dev] default entries for ALSA_CARDS, INPUT_DEVICES and VIDEO_CARDS

2017-08-13 Thread Toralf Förster
I do currently hard coded this for make.conf for every chroot imageat
the tinderbox [1]:


ALSA_CARDS="hda-intel"
INPUT_DEVICES="evdev libinput"
VIDEO_CARDS="intel"


I think it is time to enhance that entries to vary it a little bit more
and/or to leave it blank.Any suggestions ?


[1] https://zwiebeltoralf.de/tinderbox.html

-- 
Toralf
PGP 23217DA7 9B888F45



signature.asc
Description: OpenPGP digital signature


Re: [gentoo-dev] Revisions for USE flag changes

2017-08-12 Thread Toralf Förster
On 08/12/2017 11:57 AM, Michael Orlitzky wrote:
> There is no single example. Things only get simpler if *all* USE changes
> come with a new revision.

IMO  every significant(*) change should yield into a revision bump.


(*) == comments and echo arguments changes are not significantly, all
others however are

-- 
Toralf
PGP 23217DA7 9B888F45



signature.asc
Description: OpenPGP digital signature


Re: [gentoo-dev] libressl blocker

2017-08-02 Thread Toralf Förster
On 08/02/2017 05:55 PM, James Cloos wrote:
> Bug 626298 should block 561854 (the LibreSSL tracker).
>
> Could someone with the required perms mark it so?
>
> Thanks,
>
> -JimC

Done,


next time just ask the bug reporter (hint:: it's me ;) )

-- 
Toralf
PGP 23217DA7 9B888F45




signature.asc
Description: OpenPGP digital signature


Re: [gentoo-dev] libressl: proposing a new project and calling for help

2016-02-16 Thread Toralf Förster
Anthony G. Basile:
> Before I put up a project page, can I ask who is interested in this?
> 
If I can help with my tinderbox [1] - I'd appreciate it.


[1] http://www.zwiebeltoralf.de/tinderbox/index.html

-- 
Toralf
PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7



Re: [gentoo-dev] Automatic Bug Assignment

2016-02-06 Thread Toralf Förster
On 02/06/2016 10:35 AM, Andrew Savchenko wrote:
> Automation can go further: if there are multiple maintainers,
> assign bug to the first one and CC others.
Which is exactly what I'm doing in my tinderbox:


  # get assignee and cc, GLEP 67 simplifies it
  #
  m=$(equery --no-color meta -m $curr 2>/dev/null | grep '@' | xargs)
  if [[ -z "$m" ]]; then
m="maintainer-nee...@gentoo.org"
  fi
  echo "$m" | cut -f1  -d ' '   > $issuedir/assignee

  echo "$m" | grep -q ' '
  if [[ $? -eq 0 ]]; then
echo "$m" | cut -f2- -d ' ' | tr ' ' ','  > $issuedir/cc
  else
echo "" > $issuedir/cc
  fi


:-D

-- 
Toralf
PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7



[gentoo-dev] [PATCH] pym/portage/news.py: let slackers copy+paste the news read command

2015-02-02 Thread Toralf Förster
Signed-off-by: Toralf Förster toralf.foers...@gmx.de
---
 pym/portage/news.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pym/portage/news.py b/pym/portage/news.py
index 2c45f85..ec10feb 100644
--- a/pym/portage/news.py
+++ b/pym/portage/news.py
@@ -421,5 +421,5 @@ def display_news_notifications(news_counts):
 
if newsReaderDisplay:
print(colorize(WARN,  *), end=' ')
-   print(Use  + colorize(GOOD, eselect news) +  to read 
news items.)
+   print(Use  + colorize(GOOD, eselect news read) +  to 
view new items.)
print()
-- 
2.2.2




Re: [gentoo-dev] [PATCH] pym/portage/news.py: let slackers copy+paste the news read command

2015-01-31 Thread Toralf Förster
On 01/30/2015 12:55 PM, Bob Wya wrote:
 A timely idea when a Gentoo user has already been caught out by the CPU
 flags move. Nice one!
indeed ...

-- 
Toralf
pgp key: 7B1A 07F4 EC82 0F90 D4C2  8936 872A E508 0076 E94E




[gentoo-dev] [PATCH] pym/portage/news.py: let slackers copy+paste the news read command

2015-01-29 Thread Toralf Förster
Signed-off-by: Toralf Förster toralf.foers...@gmx.de
---
 pym/portage/news.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pym/portage/news.py b/pym/portage/news.py
index 2c45f85..c5aa2b5 100644
--- a/pym/portage/news.py
+++ b/pym/portage/news.py
@@ -421,5 +421,5 @@ def display_news_notifications(news_counts):
 
if newsReaderDisplay:
print(colorize(WARN,  *), end=' ')
-   print(Use  + colorize(GOOD, eselect news) +  to read 
news items.)
+   print(Use  + colorize(GOOD, eselect news read new) +  to 
read new items.)
print()
-- 
2.2.2




Re: [gentoo-dev] how to use spare server resources

2014-10-30 Thread Toralf Förster
On 10/30/2014 11:19 AM, Luca Barbato wrote:
 On 29/10/14 19:03, Toralf Förster wrote:
 I own a dedicated server (i-3770, 4 real + 4 HT cores w/ 3.4 GHz)
 with 16 GB RAM and 2 x 3 TB hard disk, 1 GBit/s network.

 Currently 7.6 cpus do run idle at 1.6 GHz (cpu governor ondemand), 10
 GB RAM are unused and 4.5 TB disk are not even allocated. It might be
 that I oversized it for the current purpose.

 I'm wondering how to use the spare CPU cycles. Compile-test of the
 kernel (make randconfig) made sense in the past, but during the
 last few years it became fruitless. Currently I do polish my BOINC
 rank for Einstein@Home and World Community Grid.

 What came into my mind; what's about chroot's test scenarios and so
 on. Any ideas and/or links ?

 
 If you want to help us (libav) providing additional test instances[1]
 would be quite nice =) asan and valgrind instances are hungry =)
 
 [1] https://www.libav.org/fate.html#Automated-Tests
 
Hhm, sounds as a nifty starting point.

There's a chicken-egg problem at that web page I do wonder about: How do I get 
the fate.sh script (via git clone ?) to fetch the git sources ?

;-)

Well, will use the already fetched package here at my desktop ...


-- 
Toralf
pgp key: 0076 E94E




[gentoo-dev] how to use spare server resources

2014-10-29 Thread Toralf Förster
I own a dedicated server (i-3770, 4 real + 4 HT cores w/ 3.4 GHz) with 16 GB 
RAM and 2 x 3 TB hard disk, 1 GBit/s network.

Currently 7.6 cpus do run idle at 1.6 GHz (cpu governor ondemand), 10 GB RAM 
are unused and 4.5 TB disk are not even allocated. It might be that I oversized 
it for the current purpose.

I'm wondering how to use the spare CPU cycles. Compile-test of the kernel 
(make randconfig) made sense in the past, but during the last few years it 
became fruitless. Currently I do polish my BOINC rank for Einstein@Home and 
World Community Grid.

What came into my mind; what's about chroot's test scenarios and so on. Any 
ideas and/or links ?

-- 
Toralf
pgp key: 0076 E94E




[gentoo-dev] why does net-misc/tor enables Log notice syslog ?

2014-09-06 Thread Toralf Förster
After a recent discussion at #tor an #gentoo-dev /me wonders if the syslog 
level of net-misc/tor should at least be changed from notice to warn -or 
better - be fully unset like upstream does it ?


-- 
Toralf
pgp key: 0076 E94E




Re: [gentoo-dev] why does net-misc/tor enables Log notice syslog ?

2014-09-06 Thread Toralf Förster
On 09/06/2014 01:57 PM, Anthony G. Basile wrote:
 On 09/06/14 06:44, Toralf Förster wrote:
 After a recent discussion at #tor an #gentoo-dev /me wonders if the
 syslog level of net-misc/tor should at least be changed from notice
 to warn -or better - be fully unset like upstream does it ?


 I can entertain that, but this should be in a bug report: 1) While
 anyone is welcome to discuss the issue, I don't think most gentoo devs
 care about this.  2) A bug report leaves behind a record of what's going
 on which can later be easily searched for using bugizlla's magic.
 
yep:  https://bugs.gentoo.org/show_bug.cgi?id=522256

-- 
Toralf
pgp key: 0076 E94E




[gentoo-dev] /sys/fs/cgroup/openrc/???/tasks sometimes missing

2014-06-03 Thread Toralf Förster
If I boot a 32 bit stable Gentoo Linux as a user mode linux guest with current 
kernels (host is a 32 bit stable Gentoo too), then I do observe sometimes 
during the boot process error messages from the init system of Gentoo (OpenRC) 
like the following (for subsystem rngd in this example) :

 * Starting haveged ... 
  [ ok ]
/lib/rc/sh/rc-cgroup.sh: line 87: /sys/fs/cgroup/openrc/rngd/tasks: No such 
file or directory
 * Starting rngd ...
  [ ok ]

And indeed, that directory is missing. A restart of the appropriate service 
however creates those entries. The Gentoo bug entry 
https://bugs.gentoo.org/show_bug.cgi?id=489386 tells me :

It's known race in cgroups, I'm going to address this issue on one of the 
following weekends. The problem is that issue is not reproducible on my 
systems.

but  that's all since 5 months. Now I'm wondering if this just happens for an 
UML guest and who knows how to fix it ?

-- 
Toralf




Re: [gentoo-dev] Akamai secure memory allocator for OpenSSL?

2014-04-21 Thread Toralf Förster
On 04/14/2014 10:48 AM, Tiziano Müller wrote:
 Am 13.04.2014 22:42, schrieb Joshua Kinard:
 So one of the side-discussions happening after Heartbleed was the fact that
 OpenSSL has its own memory allocator code that effectively mitigates any C
 library-provided exploit mitigations (as discussed on the openbsd-misc ML at
 [1] and Ted Unangst's blogs at [2] and [3]).  This is partially why there's
 so much interesting data to be sniffed from a server's memory via the
 heartbleed response packets -- that memory wasn't really initialized to
 random data or zero'd upon malloc(), nor garbage-collected upon free().

 Taking place over on the openssl-users ML, someone from Akamai posted a new
 secure memory allocator patch[4][5] that they have been using in production
 for about a decade.  That patch was cleaned up, diff'ed against
 openssl-1.0.1g, and posted to openssl-dev here:
 https://marc.info/?l=openssl-devm=139733477712798q=p5

 It basically provides a secure memory area protected by guard pages for
 sensitive data, like RSA private keys, so that if another Heartbleed-like
 event occurs, things won't be as bad.  Hopefully...

 Is this something we want to look at adding to our openssl copy via an
 optional USE flag (default off)?
 
 Not really, no. I would rather wait until other people have reviewed
 and/or it has been pulled into openssl.
 

And for the same reason I'd like to see that the hpn USE flag in the
package openssh would have the default value off
(recent discussion at the mailing list around 3/29)


 To cite the Akamai dev who posted the patch [1]:
 Let me restate that: *do not just take this patch and put it into
 production without careful review.*
 
 Best,
 Tiziano
 
 [1] http://thread.gmane.org/gmane.comp.encryption.openssl.user/51243?resub=1
 
 


-- 
Toralf




Re: [gentoo-dev] Why is IUSE=hpn mandatory in openssh ?

2014-03-31 Thread Toralf Förster
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 03/31/2014 01:15 PM, Alex Xu wrote:
 On 31/03/14 03:36 AM, Dirkjan Ochtman wrote:
 So, I'm interested... How widely used is the HPN patch set? Are there
 any good indications that it doesn't negatively impact security?
 
 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=292932
 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693424
 
 https://lists.fedoraproject.org/pipermail/devel/2007-July/105570.html
 
 https://aur.archlinux.org/packages/openssh-hpn/
 
 https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/162253
 

Those bug reports are good arguments to have HPN as a feature in openssh.

And most of them now many years old and still open.

That's an argument to rethink if HPN should be activated quietly.


- -- 
MfG/Sincerely
Toralf Förster
pgp finger print:1A37 6F99 4A9D 026F 13E2 4DCF C4EA CDDE 0076 E94E
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iF4EAREIAAYFAlM5p3QACgkQxOrN3gB26U6MqAD/RYVZv8On17mFPrVW324H7DxT
pkhSnIOCr/WEn1OaLaQA/3F4zjXdCvV0i7R56KeVunef/Wb7o68yHi9EBmKnfrZn
=NdCj
-END PGP SIGNATURE-



[gentoo-dev] Why is IUSE=hpn mandatory in openssh ?

2014-03-29 Thread Toralf Förster
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

WRT to but 504616 I'd like to address my questions made in 
https://bugs.gentoo.org/show_bug.cgi?id=504616#c6 to this list again :

Since the Debian debakel with fixing an uninitialized memeory I'm 
very skeptical to distribution specific corrections which are not included 
upstream. At least I'm wondering if the USE flag hpn should be enabled by the 
user explicitely - currently it is in  IUSE already.



- -- 
MfG/Sincerely
Toralf Förster
pgp finger print:1A37 6F99 4A9D 026F 13E2 4DCF C4EA CDDE 0076 E94E
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iF4EAREIAAYFAlM2m1kACgkQxOrN3gB26U4q+AD9EDAhx1aPXxu7kaHA80Dskyol
5ha1qFBG1b9Hx2Lcp/MBAI1T6VEjok7qXbOw50f4EFmGMJOOhsO+fcNcHq+a3hYY
=/RPN
-END PGP SIGNATURE-



Re: [gentoo-dev] Why is IUSE=hpn mandatory in openssh ?

2014-03-29 Thread Toralf Förster
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 03/29/2014 08:12 PM, Tom Wijsman wrote:
 On Sat, 29 Mar 2014 07:15:14 -0400 Alex Xu alex_y...@yahoo.ca
 wrote:
 
 On 29/03/14 06:07 AM, Toralf Förster wrote:
 WRT to but 504616 I'd like to address my questions made in 
 https://bugs.gentoo.org/show_bug.cgi?id=504616#c6 to this list 
 again :
 
 Since the Debian debakel with fixing an uninitialized 
 memeory I'm very skeptical to distribution specific
 corrections which are not included upstream. At least I'm
 wondering if the USE flag hpn should be enabled by the user
 explicitely - currently it is in  IUSE already.
 
 1. Please use a spelling checker.
 
 2. IUSE doesn't mean what you think it means. 
 http://devmanual.gentoo.org/quickstart/#ebuild-with-use-flags
 
 Toralf wants to indicate that it is implicitly enabled by default
 (by the '+' character); and thus, he would like to see it become
 disabled by default, such that the user can explicitly enable it.
 
Yes - that's what I want.

At least an einfo should be added to the package IMO telling the user
that HPN is enabled by default.


- -- 
MfG/Sincerely
Toralf Förster
pgp finger print:1A37 6F99 4A9D 026F 13E2 4DCF C4EA CDDE 0076 E94E
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iF0EAREIAAYFAlM3RjsACgkQxOrN3gB26U5MqQD+Lvo4RUNmEE4YombGSzgFqI4C
gOF7B1hD1j0S4/LjN5YA9ixAma2C12HUjBAnHndlR2SSBpDFwt/E6s4EWOlp2KE=
=fhiX
-END PGP SIGNATURE-



[gentoo-dev] remove USE flag ldap from profile desktop

2014-03-22 Thread Toralf Förster
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

IMO it is the choice of users to opt in for LDAP, not to opt out for it.
I'm convinced that the majority of Gentoo users does not need it per default.


- -- 
MfG/Sincerely
Toralf Förster
pgp finger print:1A37 6F99 4A9D 026F 13E2 4DCF C4EA CDDE 0076 E94E
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iF4EAREIAAYFAlMtTgIACgkQxOrN3gB26U5H+AD9GQda4AzVCbXIHXXTchVm5jk2
/f4n0MVFBZkKGLNqB8QA/RyHnTy1O2MGF/FgKxJHSYYbkRcM8DpIgQlHx0dFkXwW
=Pz4r
-END PGP SIGNATURE-