[SOLVED] Re: [gentoo-user] msmtp vs. nullmailer
OK, I finally solved this, albeit a bit differently... by switching to nullmailer. The TL/DR summary is: use the right tool for the job. Some more details follow below. Nullmailer was very easy to set up (the deceptively short HOWTO is pretty much all that is needed). The only problem is that there is no way to rewrite the envelope sender, which is required by my email provider. I solved that... creatively. *However* the master branch contains a change that introduces the allmailfrom control file [0], so once version 1.14 is out I can remove the hack. This choice came about because I switched from fcron to systemd-cron, which runs its mail_on_failure script as user nobody, which caused my current passwordeval command (cat somefile, somefile having a mode mask of 0600) to fail due to insufficient access rights. I really didn't want to deal with how to properly solve that, and I don't think it's possible (at least not with msmtp). I mean, the problem statement is basically How do I securely give every user access to the password?. Once stated that way, I think the difficulty with the problem becomes fairly obvious. With nullmailer the remotes file is 0640, with group nullmailer, so only root or nullmailer can access it. It's also simple enough that I simply didn't add it to git. So the password is in plain text, but access is strictly limited. But really, I *should* have been tipped off by the package description: An SMTP client and SMTP plugin for mail user agents such as Mutt. The above problem simply doesn't exist when running msmtp as a normal user (in which case you probably don't even have an /etc/msmtprc). [0] https://github.com/bruceg/nullmailer/commit/da55b71b6136bcefc7aa784a7f9fd45987670a7a -- Marc Joliet -- People who think they know everything really annoy those of us who know we don't - Bjarne Stroustrup pgpEvOZMu7xHY.pgp Description: Digitale Signatur von OpenPGP
Re: [SOLVED] Re: [gentoo-user] msmtp vs. nullmailer
On Mon, Jul 20, 2015 at 01:21:56PM +0200, Marc Joliet wrote This choice came about because I switched from fcron to systemd-cron, which runs its mail_on_failure script as user nobody, which caused my current passwordeval command (cat somefile, somefile having a mode mask of 0600) That is the wrong, wrong, wrong way to do it. to fail due to insufficient access rights. I really didn't want to deal with how to properly solve that, and I don't think it's possible (at least not with msmtp). I mean, the problem statement is basically How do I securely give every user access to the password?. Once stated that way, I think the difficulty with the problem becomes fairly obvious. The correct question is how do I allow user 'nobody' to execute a one-off command as another user. The solution is sudoers. Emerge sudo and set up a file in /etc/sudoers.d. I use /etc/sudoers.d/001 because I'm not creative with filenames. Here is an example entry... waltdnes d531 = (root) NOPASSWD: /usr/sbin/hibernate The explanation... waltdnes(the user being allowed to run the command) d531(the machine name in /etc/hosts) (root) (the user privilege to run as) NOPASSWD: (password is not required; no ugly cat somefile hack) /usr/sbin/hibernate (the command to run) As regular user waltdnes, I execute the command... sudo /usr/sbin/hibernate ...and I get the system to hibernate, which normally requires root level privileges. I'm lazy, so I set up a script ~/bin/hb that runs the above command. I only have to execute hb to hibernate. This approach is very granular, because it can be set up to allow one user to execute one specifc command. If you wish, you can use wildcards, and the special ALL word to open up privileges more widely. -- Walter Dnes waltd...@waltdnes.org I don't run desktop environments; I run useful applications
[gentoo-user] Re: In the fear of getting hacked (WLAN setup)
On 18/07/2015 08:43 μμ, Andrew Savchenko wrote: On Sat, 18 Jul 2015 06:47:21 +0300 Nikos Chantziaras wrote: The problem I (possibly needless) see is: While I am tinkering and testing the configuration I may setup an open Wifi access point without noticing it in first glance and BANG! get hacked ... in the worst case: unrecognized... If you don't have any daemons running that provide network services (have opened listen ports), you can't get hacked. Yes and no. If user enabled network interface and has no network daemons running, kernel still listens to that interface (ARP, icmp and so on) and may be hacked using vulnerabilities in network stack, protocol handlers or even network device drivers. Which is not a realistic scenario. We can assume that for all intents and purposes, the OP is safe.
Re: [gentoo-user] Re: In the fear of getting hacked (WLAN setup)
On Mon, Jul 20, 2015 at 10:37 AM, Nikos Chantziaras rea...@gmail.com wrote: On 18/07/2015 08:43 μμ, Andrew Savchenko wrote: Yes and no. If user enabled network interface and has no network daemons running, kernel still listens to that interface (ARP, icmp and so on) and may be hacked using vulnerabilities in network stack, protocol handlers or even network device drivers. Which is not a realistic scenario. We can assume that for all intents and purposes, the OP is safe. It is a completely realistic scenario and has in fact happened in the past (ping of death and so on). That said, all you can do to protect against it is update your kernel when a vulnerability is discovered, unless you want to go funding your own kernel audit. This scenario applies to virtually any router in existence to some degree - at least with a linux router you build yourself you know for sure what is running on it and it is easy to update if a vulnerability does get discovered. Just run a supported kernel and you should be fine. You'll probably want a longterm kernel on something like a router. So, it isn't a reason to panic, but you could conceivably have a linux router whose only userspace process is an init that sets up iptables/iproute/etc and then just does an idle loop, and it could still have a vulnerability. The kernel is software like anything else, and it can contain bugs. That shouldn't make you afraid to use linux, but as with any networked device you should understand security and ensure that if there is a problem you'll find out about it and be able to fix it. That is true of linux, any embedded OS, or of almost any device that contains RAM. -- Rich
Re: [SOLVED] Re: [gentoo-user] msmtp vs. nullmailer
On Monday 20 Jul 2015 15:23:30 Walter Dnes wrote: On Mon, Jul 20, 2015 at 01:21:56PM +0200, Marc Joliet wrote This choice came about because I switched from fcron to systemd-cron, which runs its mail_on_failure script as user nobody, which caused my current passwordeval command (cat somefile, somefile having a mode mask of 0600) That is the wrong, wrong, wrong way to do it. to fail due to insufficient access rights. I really didn't want to deal with how to properly solve that, and I don't think it's possible (at least not with msmtp). I mean, the problem statement is basically How do I securely give every user access to the password?. Once stated that way, I think the difficulty with the problem becomes fairly obvious. The correct question is how do I allow user 'nobody' to execute a one-off command as another user. The solution is sudoers. Emerge sudo and set up a file in /etc/sudoers.d. I use /etc/sudoers.d/001 because I'm not creative with filenames. Here is an example entry... waltdnes d531 = (root) NOPASSWD: /usr/sbin/hibernate The explanation... waltdnes(the user being allowed to run the command) d531(the machine name in /etc/hosts) (root) (the user privilege to run as) NOPASSWD: (password is not required; no ugly cat somefile hack) /usr/sbin/hibernate (the command to run) As regular user waltdnes, I execute the command... sudo /usr/sbin/hibernate ...and I get the system to hibernate, which normally requires root level privileges. I'm lazy, so I set up a script ~/bin/hb that runs the above command. I only have to execute hb to hibernate. This approach is very granular, because it can be set up to allow one user to execute one specifc command. If you wish, you can use wildcards, and the special ALL word to open up privileges more widely. This is all good and dandy, but letting user nobody read your mail accoutn passwd may not be the safest approach to sending email messages from your machine. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
[gentoo-user] Re: How can I check for haveing an ethernet device
Alan McKinnon alan.mckinnon at gmail.com writes: More like your mail client/browser/whatever decided to not show what was successfully delivered brain_fart...scuz me The first one came through here just fine, now I have 2 Yes, I now have (2) cups of coffee in front of me. It is Monday.. James
[gentoo-user] Re: How can I check for haveing an ethernet device
wraeth wraeth at wraeth.id.au writes: On Mon, Jul 20, 2015 at 04:38:52AM +0200, Meino.Cramer at gmx.de wrote: on an embedded system I want to check, whether I have an eth0 device (ok, I know, it is not an device in the usual way...), when I attach an USB2Ethernet gadget via OTG-cable to it and whether all needed drivers are already there... It's tricky. Being embedded usually means you have less on the system; so let's just try a few things to see. 1. lspci 2. dmesg | grep eth 3. netstat -nr Others:: ifconfig, lswh, mii-tool, ethtool etc etc depending on what you've installed. hth, James
[gentoo-user] Re: How can I check for haveing an ethernet device
Meino.Cramer at gmx.de writes: on an embedded system I want to check, whether I have an eth0 device (ok, I know, it is not an device in the usual way...), when I attach an USB2Ethernet gadget via OTG-cable to it and whether all needed drivers are already there... Strange Gmane dropped what I wrote the first time It's tricky. Being embedded usually means you have less on the system; so let's just try a few things to see. 1. lspci 2. dmesg | grep eth 3. netstat -nr Others:: ifconfig, lswh, mii-tool, ethtool etc etc depending on what you've installed. hth, James
Re: [gentoo-user] Re: How can I check for haveing an ethernet device
On 20/07/2015 18:20, James wrote: Meino.Cramer at gmx.de writes: on an embedded system I want to check, whether I have an eth0 device (ok, I know, it is not an device in the usual way...), when I attach an USB2Ethernet gadget via OTG-cable to it and whether all needed drivers are already there... Strange Gmane dropped what I wrote the first time It's tricky. Being embedded usually means you have less on the system; so let's just try a few things to see. 1. lspci 2. dmesg | grep eth 3. netstat -nr Others:: ifconfig, lswh, mii-tool, ethtool etc etc depending on what you've installed. hth, James More like your mail client/browser/whatever decided to not show what was successfully delivered :-) The first one came through here just fine, now I have 2 -- Alan McKinnon alan.mckin...@gmail.com
Re: [SOLVED] Re: [gentoo-user] msmtp vs. nullmailer
On Mon, Jul 20, 2015 at 06:49:00PM +0100, Mick wrote This is all good and dandy, but letting user nobody read your mail accoutn passwd may not be the safest approach to sending email messages from your machine. I think you missed the point. The NOPASSWD: option means that this one particular user nobody ***DOES NOT NEED THE ROOT PASSWORD*** to execute this one particular command which normally requires root level privileges. I repeat, it has no need for the password. This is done with a sudoers entry like the following example. michael michaelsmachine = (root) NOPASSWD: /usr/sbin/nullmailer The only problem might be convincing your program that the mail command is... sudo /usr/sbin/nullmailer You can tell it to run a script that contains that command. Having passwords floating around on disk in clear text is a *BAD* idea. Some user friendly distros, like Ubuntu, let you run *ANY* command as root if you prefix it with sudo. That can be done with the keyword ALL michael michaelsmachine = (root) NOPASSWD: ALL I do not like it on general principle. It gives away the store as far as security is concerned. -- Walter Dnes waltd...@waltdnes.org I don't run desktop environments; I run useful applications
Re: [gentoo-user] sys-fs/static-dev-0.1 Cannot install on udev/devfs tmpfs.
Alan McKinnon wrote: On 20/07/2015 21:17, Dale wrote: Howdy, New emerge failure. It seems static-dev does not like udev,devfs or tmpfs for some mount point, not sure which that is tho. This make no sense to me. eudev is a dynamic /dev manager so you don't have to deal with doing it statically static-dev is a static /dev manager so you don;t have to put up with {,e}udev is you don't need/want it. They seem mutually incompatible, how can you have both? I know you want eudev from past postings, so what is pulling in static-dev on your system? This is what I have found since the last message: root@fireball / # equery d sys-fs/static-dev * These packages depend on sys-fs/static-dev: virtual/dev-manager-0 (sys-fs/static-dev) root@fireball / # And this depends on that: root@fireball / # equery d virtual/dev-manager * These packages depend on virtual/dev-manager: sys-kernel/gentoo-sources-3.11.6 (virtual/dev-manager) sys-kernel/gentoo-sources-3.13.6 (virtual/dev-manager) sys-kernel/gentoo-sources-3.14.0 (virtual/dev-manager) sys-kernel/gentoo-sources-3.16.0 (virtual/dev-manager) sys-kernel/gentoo-sources-3.16.3 (virtual/dev-manager) sys-kernel/gentoo-sources-3.18.5 (virtual/dev-manager) sys-kernel/gentoo-sources-3.18.7 (virtual/dev-manager) sys-kernel/gentoo-sources-3.18.9 (virtual/dev-manager) sys-kernel/gentoo-sources-3.18.12 (virtual/dev-manager) sys-kernel/gentoo-sources-3.18.14 (virtual/dev-manager) sys-kernel/gentoo-sources-3.19.7 (virtual/dev-manager) root@fireball / # And I have to have a kernel. So, I thought to check the world file. I'm sure eudev is in there but I also found out that virtual/udev is in there. I don't recall putting that there but I must have and I bet there was a reason for it, at that time. I have this set to NOT add to world file unless I use the --select y option. So, it was intentionally put there. I commented it out and tried again, still fails and updates nothing else. I don't know if it is related or not but I'm also having trouble building media-video/mkvtoolnix-7.3.0 as well. Since it is a video package, I doubt it is related. Just thought it worth a mention. Just for giggles. Info from world file: root@fireball / # cat /var/lib/portage/world | grep dev dev-lang/python:3.4 dev-util/strace media-video/devede sys-fs/eudev #virtual/udev root@fireball / # Info from emerge: root@fireball / # emerge -uvaDNt world ... done! [ebuild U ~] media-video/mkvtoolnix-7.3.0::gentoo [6.6.0::gentoo] USE=qt5%* wxwidgets -debug -pch (-qt4%*) 0 KiB [ebuild U ] www-client/seamonkey-2.33.1-r1::gentoo [2.32::gentoo] USE=chatzilla dbus gmp-autoupdate ipc roaming startup-notification -crypt -custom-cflags -custom-optimization -debug -gstreamer -minimal -pulseaudio (-selinux) -system-cairo -system-icu -system-jpeg -system-libvpx -system-sqlite {-test} -wifi (-jit%*) LINGUAS=-be -ca -cs -de -en_GB -es_AR -es_ES -fi -fr -gl -hu -it -ja -lt -nb_NO -nl -pl -pt_PT -ru -sk -sv_SE -tr -uk -zh_CN -zh_TW 0 KiB [nomerge ] virtual/dev-manager-0::gentoo [ebuild N ] sys-fs/static-dev-0.1::gentoo 0 KiB Total: 3 packages (2 upgrades, 1 new), Size of downloads: 0 KiB WARNING: One or more updates/rebuilds have been skipped due to a dependency conflict: sys-fs/eudev:0 (sys-fs/eudev-3.1.2-r10:0/0::gentoo, ebuild scheduled for merge) conflicts with =sys-fs/eudev-1.5.3-r1:0/0[abi_x86_64(-),gudev(-),introspection(-)] required by (virtual/libgudev-215-r3:0/0::gentoo, installed) Would you like to merge these packages? [Yes/No] I think this is what triggered this whole mess: root@fireball / # equery list -p static-dev * Searching for static-dev ... [-P-] [ ] sys-fs/static-dev-0.1:0 root@fireball / # It seems that there was a update and the old package was removed. According to the -t output above, nothing is pulling it in. It just has to update because it is the only one left in the tree. Oh, gentoo-sources: root@fireball / # emerge -vp gentoo-sources These are the packages that would be merged, in order: Calculating dependencies... done! [ebuild R] sys-kernel/gentoo-sources-3.18.16:3.18.16::gentoo USE=-build -deblob -experimental -symlink 0 KiB Total: 1 package (1 reinstall), Size of downloads: 0 KiB root@fireball / # As you say, this makes no sense. It's like running in circles or something. Mostly or something. If you need more info, let me know. I'm pretty much clueless here. Thanks. Dale :-) :-)
Re: [gentoo-user] sys-fs/static-dev-0.1 Cannot install on udev/devfs tmpfs.
On 20/07/2015 22:45, Dale wrote: Alan McKinnon wrote: On 20/07/2015 21:17, Dale wrote: Howdy, New emerge failure. It seems static-dev does not like udev,devfs or tmpfs for some mount point, not sure which that is tho. This make no sense to me. eudev is a dynamic /dev manager so you don't have to deal with doing it statically static-dev is a static /dev manager so you don;t have to put up with {,e}udev is you don't need/want it. They seem mutually incompatible, how can you have both? I know you want eudev from past postings, so what is pulling in static-dev on your system? This is what I have found since the last message: root@fireball / # equery d sys-fs/static-dev * These packages depend on sys-fs/static-dev: virtual/dev-manager-0 (sys-fs/static-dev) root@fireball / # And this depends on that: root@fireball / # equery d virtual/dev-manager * These packages depend on virtual/dev-manager: sys-kernel/gentoo-sources-3.11.6 (virtual/dev-manager) sys-kernel/gentoo-sources-3.13.6 (virtual/dev-manager) sys-kernel/gentoo-sources-3.14.0 (virtual/dev-manager) sys-kernel/gentoo-sources-3.16.0 (virtual/dev-manager) sys-kernel/gentoo-sources-3.16.3 (virtual/dev-manager) sys-kernel/gentoo-sources-3.18.5 (virtual/dev-manager) sys-kernel/gentoo-sources-3.18.7 (virtual/dev-manager) sys-kernel/gentoo-sources-3.18.9 (virtual/dev-manager) sys-kernel/gentoo-sources-3.18.12 (virtual/dev-manager) sys-kernel/gentoo-sources-3.18.14 (virtual/dev-manager) sys-kernel/gentoo-sources-3.19.7 (virtual/dev-manager) root@fireball / # And I have to have a kernel. So, I thought to check the world file. I'm sure eudev is in there but I also found out that virtual/udev is in there. I don't recall putting that there but I must have and I bet there was a reason for it, at that time. I have this set to NOT add to world file unless I use the --select y option. So, it was intentionally put there. I commented it out and tried again, still fails and updates nothing else. So here's what's going on. From the virtual/dev-manager ebuild: DEPEND= RDEPEND=|| ( virtual/udev sys-apps/busybox[mdev] sys-fs/devfsd sys-fs/static-dev sys-freebsd/freebsd-sbin ) The default is whatever virtual/udev you picked and put in world. If you have none of those in world, it picks the next from the list that applies, in your case this is static-dev (FreeBSD is the only place I've seen devfs since about 2004 or so) The kernel comes into the mix because it needs one of them. Your problem is that you have too many, or the wrong ones. Solution: Remove ALL dev-managers from world and add only eudev back in. Be specific, for a /dev manager, you do NOT want portage to install what it thinks might be best. Let portage fix itself with -uND world I don't know if it is related or not but I'm also having trouble building media-video/mkvtoolnix-7.3.0 as well. Since it is a video package, I doubt it is related. Just thought it worth a mention. I could never get mkvtoolnix-7 to build anywhere. The machine I put it on are all v6 or thereabouts. The build errors were weird and made no sense, I forget the details Just for giggles. Info from world file: root@fireball / # cat /var/lib/portage/world | grep dev dev-lang/python:3.4 dev-util/strace media-video/devede sys-fs/eudev #virtual/udev root@fireball / # Info from emerge: root@fireball / # emerge -uvaDNt world ... done! [ebuild U ~] media-video/mkvtoolnix-7.3.0::gentoo [6.6.0::gentoo] USE=qt5%* wxwidgets -debug -pch (-qt4%*) 0 KiB [ebuild U ] www-client/seamonkey-2.33.1-r1::gentoo [2.32::gentoo] USE=chatzilla dbus gmp-autoupdate ipc roaming startup-notification -crypt -custom-cflags -custom-optimization -debug -gstreamer -minimal -pulseaudio (-selinux) -system-cairo -system-icu -system-jpeg -system-libvpx -system-sqlite {-test} -wifi (-jit%*) LINGUAS=-be -ca -cs -de -en_GB -es_AR -es_ES -fi -fr -gl -hu -it -ja -lt -nb_NO -nl -pl -pt_PT -ru -sk -sv_SE -tr -uk -zh_CN -zh_TW 0 KiB [nomerge ] virtual/dev-manager-0::gentoo [ebuild N ] sys-fs/static-dev-0.1::gentoo 0 KiB Total: 3 packages (2 upgrades, 1 new), Size of downloads: 0 KiB WARNING: One or more updates/rebuilds have been skipped due to a dependency conflict: sys-fs/eudev:0 (sys-fs/eudev-3.1.2-r10:0/0::gentoo, ebuild scheduled for merge) conflicts with =sys-fs/eudev-1.5.3-r1:0/0[abi_x86_64(-),gudev(-),introspection(-)] required by (virtual/libgudev-215-r3:0/0::gentoo, installed) Would you like to merge these packages? [Yes/No] I think this is what triggered this whole mess: root@fireball / # equery list -p static-dev * Searching for static-dev ... [-P-] [ ] sys-fs/static-dev-0.1:0 root@fireball / # It seems that there was a update
Re: [gentoo-user] sys-fs/static-dev-0.1 Cannot install on udev/devfs tmpfs.
On Mon, Jul 20, 2015 at 4:45 PM, Dale rdalek1...@gmail.com wrote: As you say, this makes no sense. It's like running in circles or something. Mostly or something. If you need more info, let me know. I'm pretty much clueless here. What do you have in ACCEPT_KEYWORDS? Are you mixing arch and ~arch packages? If so, please make sure you have all of the following in pacakge.keywords: sys-fs/eudev virtual/libgudev dev-libs/libgudev For more information, see bug 552036. https://bugs.gentoo.org/show_bug.cgi?id=552036
Re: [gentoo-user] sys-fs/static-dev-0.1 Cannot install on udev/devfs tmpfs.
Mike Gilbert wrote: On Mon, Jul 20, 2015 at 4:45 PM, Dale rdalek1...@gmail.com wrote: As you say, this makes no sense. It's like running in circles or something. Mostly or something. If you need more info, let me know. I'm pretty much clueless here. What do you have in ACCEPT_KEYWORDS? Are you mixing arch and ~arch packages? If so, please make sure you have all of the following in pacakge.keywords: sys-fs/eudev virtual/libgudev dev-libs/libgudev For more information, see bug 552036. https://bugs.gentoo.org/show_bug.cgi?id=552036 That fixed it. I had eudev in there already. I had to because when it first came out, they were all keyworded. I didn't have the other two in there tho. I just wonder, why didn't portage figure that out? Oh well. Now I'm only left wondering about mkvtoolnix package. It still fails. Going to see what depends on that and remove it if I can. Thanks much. Thanks to Alan as well. Dale :-) :-)
Re: [gentoo-user] sys-fs/static-dev-0.1 Cannot install on udev/devfs tmpfs.
On Mon, Jul 20, 2015 at 6:05 PM, Dale rdalek1...@gmail.com wrote: Mike Gilbert wrote: On Mon, Jul 20, 2015 at 4:45 PM, Dale rdalek1...@gmail.com wrote: As you say, this makes no sense. It's like running in circles or something. Mostly or something. If you need more info, let me know. I'm pretty much clueless here. What do you have in ACCEPT_KEYWORDS? Are you mixing arch and ~arch packages? If so, please make sure you have all of the following in pacakge.keywords: sys-fs/eudev virtual/libgudev dev-libs/libgudev For more information, see bug 552036. https://bugs.gentoo.org/show_bug.cgi?id=552036 That fixed it. I had eudev in there already. I had to because when it first came out, they were all keyworded. I didn't have the other two in there tho. I just wonder, why didn't portage figure that out? Oh well. Portage tries very hard not to install new packages when attempting to satisfy an || dep, especially when doing so would involve changing USE flags. When it has no other choice, it sometimes picks the wrong || dep to satisfy. In this case, it was trying to solve the conflict by switching from eudev to static-dev, instead of installing libgudev. By upgrading to virtual/libgudev-230, we remove that possibility from its set of possible solutions.
[gentoo-user] sys-fs/static-dev-0.1 Cannot install on udev/devfs tmpfs.
Howdy, New emerge failure. It seems static-dev does not like udev,devfs or tmpfs for some mount point, not sure which that is tho. Unpacking source... Source unpacked in /var/tmp/portage/sys-fs/static-dev-0.1/work Compiling source in /var/tmp/portage/sys-fs/static-dev-0.1/work ... Source compiled. Test phase [not enabled]: sys-fs/static-dev-0.1 Install static-dev-0.1 into /var/tmp/portage/sys-fs/static-dev-0.1/image/ category sys-fs Completed installing static-dev-0.1 into /var/tmp/portage/sys-fs/static-dev-0.1/image/ ./ Done. * checking 0 files for package collisions Merging sys-fs/static-dev-0.1 to / * We have detected that you currently use udev or devfs or devtmpfs * and this ebuild cannot install to the same mount-point. * ERROR: sys-fs/static-dev-0.1::gentoo failed (preinst phase): * Cannot install on udev/devfs tmpfs. * * Call stack: * ebuild.sh, line 93: Called pkg_preinst * environment, line 200: Called abort * environment, line 184: Called die * The specific snippet of code: * die Cannot install on udev/devfs tmpfs. * * If you need support, post the output of `emerge --info '=sys-fs/static-dev-0.1::gentoo'`, * the complete build log and the output of `emerge -pqv '=sys-fs/static-dev-0.1::gentoo'`. * The complete build log is located at '/var/tmp/portage/sys-fs/static-dev-0.1/temp/build.log'. * The ebuild environment file is located at '/var/tmp/portage/sys-fs/static-dev-0.1/temp/environment'. * Working directory: '/var/tmp/portage/._portage_reinstall_.4Kleab/pym' * S: '/var/tmp/portage/sys-fs/static-dev-0.1/work/static-dev-0.1' !!! FAILED preinst: 1 I use eudev if that matters. Here is fstab: root@fireball / # cat /etc/fstab # /etc/fstab: static file system information. # fs mountpointtype opts dump/pass # NOTE: If your BOOT partition is ReiserFS, add the notail option to opts. LABEL=root / ext4defaults0 1 LABEL=boot /boot ext2defaults1 2 LABEL=usr /usrext4defaults0 2 LABEL=var /varext4defaults0 2 LABEL=swap noneswapsw 0 0 LABEL=Home2 /home ext4defaults0 2 tmpfs /var/tmp/portage tmpfs noatime 0 0 tmpfs /runtmpfs size=256m,mode=1777 0 0 # glibc 2.2 and above expects tmpfs to be mounted at /dev/shm for # POSIX shared memory (shm_open, shm_unlink). # (tmpfs is a dynamically expandable/shrinkable ramdisk, and will # use almost no memory if not populated with files) shm /dev/shmtmpfs nodev,nosuid,noexec 0 0 root@fireball / # I removed some of the commented lines since they wouldn't change anything. Here is the results of mount: root@fireball / # mount rootfs on / type rootfs (rw) proc on /proc type proc (rw,nosuid,nodev,noexec,relatime) sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime) devtmpfs on /dev type devtmpfs (rw,nosuid,size=10240k,nr_inodes=2055159,mode=755) devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620) tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev,noexec) tmpfs on /run type tmpfs (rw,size=262144k,mode=755) /dev/sda6 on / type ext4 (rw,relatime,data=ordered) /dev/mapper/OS-usr on /usr type ext4 (rw,relatime,data=ordered) mqueue on /dev/mqueue type mqueue (rw,nosuid,nodev,noexec,relatime) debugfs on /sys/kernel/debug type debugfs (rw,nosuid,nodev,noexec,relatime) fusectl on /sys/fs/fuse/connections type fusectl (rw,nosuid,nodev,noexec,relatime) /dev/sda1 on /boot type ext2 (rw) /dev/mapper/OS-var on /var type ext4 (rw) /dev/mapper/Home2-Home2 on /home type ext4 (rw) tmpfs on /var/tmp/portage type tmpfs (rw,noatime) shm on /dev/shm type tmpfs (rw,nodev,nosuid,noexec) binfmt_misc on /proc/sys/fs/binfmt_misc type binfmt_misc (rw,nodev,noexec,nosuid) /dev/mapper/backup-backup on /backup type ext2 (rw) root@fireball / # Anyone know what this is about? I don't see anything odd in my fstab so I would assume it is talking about something that is a default. I do have portage's work directory on tmpfs. Is that what it is complaining about? Surely not since it only builds there but intsalls to /. Thoughts?? Dale :-) :-)
Re: [gentoo-user] sys-fs/static-dev-0.1 Cannot install on udev/devfs tmpfs.
On 20/07/2015 21:17, Dale wrote: Howdy, New emerge failure. It seems static-dev does not like udev,devfs or tmpfs for some mount point, not sure which that is tho. This make no sense to me. eudev is a dynamic /dev manager so you don't have to deal with doing it statically static-dev is a static /dev manager so you don;t have to put up with {,e}udev is you don't need/want it. They seem mutually incompatible, how can you have both? I know you want eudev from past postings, so what is pulling in static-dev on your system? -- Alan McKinnon alan.mckin...@gmail.com
Re: [gentoo-user] installing gentoo with a systemd profile
On Mon, Jul 20, 2015 at 8:02 PM, gottl...@nyu.edu wrote: On Sat, Jul 18 2015, Canek Peláez Valdés wrote: On Sat, Jul 18, 2015 at 8:00 PM, gottl...@nyu.edu wrote: I am installing gentoo on a new laptop. I am a gnome, hence systemd, user. I also use lvm (I have / and /usr combined on a non-lvm partition). At the point where you choose a profile (// wiki.gentoo.org/wiki/Handbook:AMD64/Full/Installation#Choosing_the_right_profile ) I selected [5] default/linux/amd64/13.0/desktop/gnome/systemd * But now I get merge conflicts since I have sys-fs/udev installed. I can't depclean udev. Should I have just used the default/linux/amd64/13.0 profile and switched later after the installation is complete. Fortunately, I don't need to used the new machine immediately so I don't mind starting the installation over from the beginning In a similar vein, my systems have PORTDIR=/var/portage. Am I correct in now believing that it is better to do the install with the default PORTDIR=/usr/portage and then switching after the dust settles What I usually do is: 1. Extract the stage 3 tarball 2. Sync the portage tree 3. Switch to the systemd profile 4. emerge -uDNvp world (this usually solves the systemd/udev conflicts) 5. emerge --depclean 6. Switch to the GNOME/systemd profile 7. Emerge gnome-base/gnome In my experience, if you switch directly to the GNOME/systemd profile, you get many conflicts. I certainly did. I will try your indirect root to gnome/systemd. If it works (and given the source I strongly suspect it will), I will try to get it included in the systemd wiki. You'll probably still get some circular dependencies by USE flags, but those should be few and portage will tell you how to break the cycle. Regards. -- Canek Peláez Valdés Profesor de asignatura, Facultad de Ciencias Universidad Nacional Autónoma de México
Re: [gentoo-user] installing gentoo with a systemd profile
2015-07-20 19:13 GMT-06:00 gottl...@nyu.edu: I tried via depclean. I wanted to ask here before actually trying --unmerge, which seems rather brutal. I actually had a tiny part in the systemd wiki and remember that you could switch from an openrc system to systemd without unmerging. Instead, you either changed use flags (+systemd and -consolekit) or went to the a systemd profile (recommended). It is needed to remove sys-fs/udev in order to get apps-sytem/systemd, remember is the same code base the difference is you only compile one part when emerging sys-fs/udev, not unmerging would cause file conflicts, at install time. sys-fs/udev/udev-222.ebuild: SRC_URI=https://github.com/systemd/systemd/archive/v${PV}.tar.gz - ${P}.tar.gz
Re: [gentoo-user] Catastrophic bug in the firefox 'ProfileManager' function
Rich Freeman wrote: On Mon, Jul 20, 2015 at 8:20 PM, Dale rdalek1...@gmail.com wrote: This wouldn't help with some of the things you lost but it will with your passwords at least. For passwords, this will help and you can use it somewhere else as well since it is portable, sort of. https://lastpass.com/ ++ I was chatting with somebody in my LUG about it and I described it as the most secure password solution people are likely to actually use. You can do better, but most don't. I now have separate random-generated passwords for virtually every service I use now, and when one gets compromised I just log in and change it to a new random-generated password. I periodically backup the list in a csv file to someplace safe. I use the random generator too. Some older sites, forums or something that isn't really sensitive, may still have my old passwords but sites like banking and such each have their own random generated one. I also try to generate the longest and most complex password the site will allow. Some sites don't allow the characters above the number keys. Another thing, I was at my brothers once and needed to login to a site. I installed lastpass, typed in my email and master password and I could go anywhere I wanted just as if I was sitting at my own puter. If it wasn't for lastpass, I would have had to come home and do what needed doing. So far, this is the best solution I have found and I only use the free part. ;-) Dale :-) :-)
Re: [gentoo-user] Catastrophic bug in the firefox 'ProfileManager' function
2015-07-20 17:18 GMT-06:00 walt w41...@gmail.com: Lesson learned: if you need to start firefox with a fresh profile, just move your ~/.mozilla directory out of the way and let firefox create a new one from scratch. Using firefox sync is also an option, and If you don't want Mozilla having stored the info(According to what I have read it is encrypted), you can run the sync server on your own(I been wanting to put together the ebuilds necessary to emerge it easily but always procrastinate about it.)
Re: [SOLVED] Re: [gentoo-user] msmtp vs. nullmailer
On 21/07/2015 00:24, Mick wrote: On Monday 20 Jul 2015 22:50:31 Walter Dnes wrote: On Mon, Jul 20, 2015 at 06:49:00PM +0100, Mick wrote This is all good and dandy, but letting user nobody read your mail accoutn passwd may not be the safest approach to sending email messages from your machine. I think you missed the point. The NOPASSWD: option means that this one particular user nobody ***DOES NOT NEED THE ROOT PASSWORD*** to execute this one particular command which normally requires root level privileges. I repeat, it has no need for the password. I have not missed the point you are raising. My concern was that nobody is a user account without a login shell, to which you give access to a user file that has a login shell and in particular to a file that contains the email account passwd of that user. Given that public servers and daemons often run as nobody:nogroup I would be cautious about this. I do not have an exact script in mind which could potentially cause privilege escalation, but someone more skilled that I in the dark arts could well do. The main danger in that scenario (there are several) is that the shell script can be suspended (Ctrl-Z) or offer a means to escape to a shell. Do that, be root. A good rule of thumb is to only put compiled programs into sudoers, never scripts or wrappers. It is very very hard to write a script that disables all those nasty features that made scripts so useful and friendly -- Alan McKinnon alan.mckin...@gmail.com
Re: [gentoo-user] installing gentoo with a systemd profile
On Sat, Jul 18 2015, Canek Peláez Valdés wrote: On Sat, Jul 18, 2015 at 8:00 PM, gottl...@nyu.edu wrote: I am installing gentoo on a new laptop. I am a gnome, hence systemd, user. I also use lvm (I have / and /usr combined on a non-lvm partition). At the point where you choose a profile (// wiki.gentoo.org/wiki/Handbook:AMD64/Full/Installation#Choosing_the_right_profile ) I selected [5] default/linux/amd64/13.0/desktop/gnome/systemd * But now I get merge conflicts since I have sys-fs/udev installed. I can't depclean udev. Should I have just used the default/linux/amd64/13.0 profile and switched later after the installation is complete. Fortunately, I don't need to used the new machine immediately so I don't mind starting the installation over from the beginning In a similar vein, my systems have PORTDIR=/var/portage. Am I correct in now believing that it is better to do the install with the default PORTDIR=/usr/portage and then switching after the dust settles What I usually do is: 1. Extract the stage 3 tarball 2. Sync the portage tree 3. Switch to the systemd profile 4. emerge -uDNvp world (this usually solves the systemd/udev conflicts) 5. emerge --depclean 6. Switch to the GNOME/systemd profile 7. Emerge gnome-base/gnome In my experience, if you switch directly to the GNOME/systemd profile, you get many conflicts. I certainly did. I will try your indirect root to gnome/systemd. If it works (and given the source I strongly suspect it will), I will try to get it included in the systemd wiki. Regards. -- Canek Peláez Valdés Thank you, allan
Re: [gentoo-user] installing gentoo with a systemd profile
On Sun, Jul 19 2015, Neil Bothwick wrote: On Sat, 18 Jul 2015 21:00:54 -0400, gottl...@nyu.edu wrote: I am installing gentoo on a new laptop. I am a gnome, hence systemd, user. I also use lvm (I have / and /usr combined on a non-lvm partition). At the point where you choose a profile (//wiki.gentoo.org/wiki/Handbook:AMD64/Full/Installation#Choosing_the_right_profile) I selected [5] default/linux/amd64/13.0/desktop/gnome/systemd * But now I get merge conflicts since I have sys-fs/udev installed. I can't depclean udev. Did you read this part? https://wiki.gentoo.org/wiki/Handbook:AMD64/Full/Installation#Optional:_Using_systemd Yes I did and had the systemd wiki page on a chromium tab while installing. It's been some months since I last did this, but I don't recall any serious conflicts. Why not just unmerge udev to avoid the blockage? I tried via depclean. I wanted to ask here before actually trying --unmerge, which seems rather brutal. I actually had a tiny part in the systemd wiki and remember that you could switch from an openrc system to systemd without unmerging. Instead, you either changed use flags (+systemd and -consolekit) or went to the a systemd profile (recommended). allan
Re: [gentoo-user] Catastrophic bug in the firefox 'ProfileManager' function
On Mon, Jul 20, 2015 at 8:20 PM, Dale rdalek1...@gmail.com wrote: This wouldn't help with some of the things you lost but it will with your passwords at least. For passwords, this will help and you can use it somewhere else as well since it is portable, sort of. https://lastpass.com/ ++ I was chatting with somebody in my LUG about it and I described it as the most secure password solution people are likely to actually use. You can do better, but most don't. I now have separate random-generated passwords for virtually every service I use now, and when one gets compromised I just log in and change it to a new random-generated password. I periodically backup the list in a csv file to someplace safe. -- Rich
Re: [SOLVED] Re: [gentoo-user] msmtp vs. nullmailer
On Monday 20 Jul 2015 22:50:31 Walter Dnes wrote: On Mon, Jul 20, 2015 at 06:49:00PM +0100, Mick wrote This is all good and dandy, but letting user nobody read your mail accoutn passwd may not be the safest approach to sending email messages from your machine. I think you missed the point. The NOPASSWD: option means that this one particular user nobody ***DOES NOT NEED THE ROOT PASSWORD*** to execute this one particular command which normally requires root level privileges. I repeat, it has no need for the password. I have not missed the point you are raising. My concern was that nobody is a user account without a login shell, to which you give access to a user file that has a login shell and in particular to a file that contains the email account passwd of that user. Given that public servers and daemons often run as nobody:nogroup I would be cautious about this. I do not have an exact script in mind which could potentially cause privilege escalation, but someone more skilled that I in the dark arts could well do. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] media-video/mkvtoolnix-7.3.0 fails to configure it seems
Alec Ten Harmsel wrote: On Jul 16, 2015, at 1:15 PM, Dale rdalek1...@gmail.com wrote: Anyone else running into this? No. checking if linking against libMatroska works and if it requires -DMATROSKA_DLL... yes, without -MATROSKA_DLL checking for ZLIB... yes checking for wx-config... /usr/lib64/wx/config/gtk2-unicode-3.0 checking for wxWidgets 2.8.0 or newer... 3.0.2 ok checking for wxWidgets class wxBitmapComboBox... yes checking for wxMenuBar member function SetMenuLabel... yes checking for wxMenuItem member function SetItemlabel... yes checking for moc-qt5... no checking for moc... /usr/bin/moc checking for the Qt version /usr/bin/moc uses... too old: 4.8.7 !!! Please attach the following file when seeking support: !!! /var/tmp/portage/media-video/mkvtoolnix-7.3.0/work/mkvtoolnix-7.3.0/config.log * ERROR: media-video/mkvtoolnix-7.3.0::gentoo failed (configure phase): * econf failed * * Call stack: * ebuild.sh, line 93: Called src_configure * environment, line 3004: Called econf '--disable-debug' '--enable-qt' '--enable-wxwidgets' '--disable-precompiled-headers' '--with-wx-config=/usr/lib64/wx/config/gtk2-unicode-3.0' '--disable-optimization' '--docdir=/usr/share/doc/mkvtoolnix-7.3.0' '--with-boost=/usr' '--with-boost-libdir=/usr/lib64' '--without-curl' *phase-helpers.sh, line 662: Called __helpers_die 'econf failed' * isolated-functions.sh, line 117: Called die * The specific snippet of code: * die $@ * * If you need support, post the output of `emerge --info '=media-video/mkvtoolnix-7.3.0::gentoo'`, * the complete build log and the output of `emerge -pqv '=media-video/mkvtoolnix-7.3.0::gentoo'`. * The complete build log is located at '/var/tmp/portage/media-video/mkvtoolnix-7.3.0/temp/build.log'. * The ebuild environment file is located at '/var/tmp/portage/media-video/mkvtoolnix-7.3.0/temp/environment'. * Working directory: '/var/tmp/portage/media-video/mkvtoolnix-7.3.0/work/mkvtoolnix-7.3.0' * S: '/var/tmp/portage/media-video/mkvtoolnix-7.3.0/work/mkvtoolnix-7.3.0' root@fireball / # It appears that qtchooser is to old but the one I have is the only one in the tree. root@fireball / # equery list -p dev-qt/qtchooser * Searching for qtchooser in dev-qt ... [IP-] [ ] dev-qt/qtchooser-0_p20150102:0 root@fireball / # How can it be to old if it is the only one available? If it is checking for qt in general, this is what I have installed. root@fireball / # equery list qt* * Searching for qt* ... [IP-] [ ] dev-qt/qt3support-4.8.7:4 [IP-] [ ] dev-qt/qtchooser-0_p20150102:0 [IP-] [ ] dev-qt/qtcore-4.8.7:4 [IP-] [ ] dev-qt/qtcore-5.4.2:5 [IP-] [ ] dev-qt/qtdbus-4.8.7:4 [IP-] [ ] dev-qt/qtdbus-5.4.2:5 [IP-] [ ] dev-qt/qtdeclarative-4.8.7:4 [IP-] [ ] dev-qt/qtgui-4.8.7:4 [IP-] [ ] dev-qt/qtgui-5.4.2-r1:5 [IP-] [ ] dev-qt/qtmultimedia-4.8.7:4 [IP-] [ ] dev-qt/qtopengl-4.8.7:4 [IP-] [ ] dev-qt/qtscript-4.8.7:4 [IP-] [ ] dev-qt/qtsql-4.8.7:4 [IP-] [ ] dev-qt/qtsvg-4.8.7:4 [IP-] [ ] dev-qt/qttest-4.8.7:4 [IP-] [ ] dev-qt/qttranslations-4.8.7:4 [IP-] [ ] dev-qt/qtwebkit-4.8.7:4 [IP-] [ ] dev-qt/qtwidgets-5.4.2:5 [IP-] [ ] dev-qt/qtxmlpatterns-4.8.7:4 [IP-] [ ] media-libs/qt-gstreamer-1.2.0:0 [IP-] [ ] x11-libs/qtscriptgenerator-0.2.0:0 root@fireball / # There is some qt5 pulled in by something. So maybe it needs to notice I have a newer version installed?? Any way past this problem or just mask and wait for another update? I've had this error for about a week now. I thought maybe I just caught a bad sync or something. Found nothing with google or on the forums either. It's picking on ME, again. lol Thanks. Dale :-) :-) It’s not picking up that you have Qt 5. I have not done a whole lot of work with Qt, but they install all their binaries into /usr/lib/qt$ver/bin (at least for Qt4), and everything in /usr/bin is just a symlink to qtchooser, which then launches the correct tool and version and stuff. This looks like an upstream bug, since they should test for “moc -qt=5”, not just “moc” and/or use qtchooser to determine the available version(s) of Qt (or whatever Qt’s recommended way is). The easiest way to deal this this right now as far as I can tell would be to disable the Qt gui and go with the wxWidgets gui. You could also build it manually. Alec After some digging, I figured out how to work around this. Tell it not to look for qt5 at all. I added this to the package.use file: media-video/mkvtoolnix -qt5 With that, it looks for qt4 and doesn't look for qt5. I figure this will break something in the future tho. It always seems to bite back later. I like it when I get this: root@fireball / # emerge -uvaDN world These are the packages that would be merged, in order: Calculating dependencies... done! Total: 0 packages, Size of downloads: 0 KiB Nothing to merge; quitting. root@fireball /
[gentoo-user] Catastrophic bug in the firefox 'ProfileManager' function
I suspect most people don't even know firefox has a ProfileManager, but I'm here to warn you not to use it. It just cost me years of bookmarks and saved passwords. For testing purposes I invoked firefox-bin with the -ProfileManager flag (don't do this, it's broken!) and created a fresh firefox profile with the name temp as I've been doing for years. I ran the temp profile while doing my testing, quit firefox and then re-invoked firefox with the -ProfileManager flag and used it to delete the temp profile because I didn't need it any more. Unfortunately, deleting temp also deleted the default profile I've been using for years, which had all of my bookmarks and saved passwords and maybe other stuff I haven't even thought about yet. I'm copying an old firefox profile from another machine that's four years out of date. Maybe I can rescue an ort here or there. What a fscking disaster. Lesson learned: if you need to start firefox with a fresh profile, just move your ~/.mozilla directory out of the way and let firefox create a new one from scratch.
Re: [gentoo-user] Catastrophic bug in the firefox 'ProfileManager' function
walt w41...@gmail.com wrote: I suspect most people don't even know firefox has a ProfileManager, but I'm here to warn you not to use it. It just cost me years of bookmarks and saved passwords. For testing purposes I invoked firefox-bin with the -ProfileManager flag (don't do this, it's broken!) and created a fresh firefox profile with the name temp as I've been doing for years. I ran the temp profile while doing my testing, quit firefox and then re-invoked firefox with the -ProfileManager flag and used it to delete the temp profile because I didn't need it any more. Unfortunately, deleting temp also deleted the default profile I've been using for years, which had all of my bookmarks and saved passwords and maybe other stuff I haven't even thought about yet. I'm copying an old firefox profile from another machine that's four years out of date. Maybe I can rescue an ort here or there. What a fscking disaster. Lesson learned: if you need to start firefox with a fresh profile, just move your ~/.mozilla directory out of the way and let firefox create a new one from scratch. THX for your hint. But there is a much more important lesson to learn: Always backup your important data on a regular basis! -- Regards wabe
Re: [gentoo-user] Catastrophic bug in the firefox 'ProfileManager' function
walt wrote: I suspect most people don't even know firefox has a ProfileManager, but I'm here to warn you not to use it. It just cost me years of bookmarks and saved passwords. For testing purposes I invoked firefox-bin with the -ProfileManager flag (don't do this, it's broken!) and created a fresh firefox profile with the name temp as I've been doing for years. I ran the temp profile while doing my testing, quit firefox and then re-invoked firefox with the -ProfileManager flag and used it to delete the temp profile because I didn't need it any more. Unfortunately, deleting temp also deleted the default profile I've been using for years, which had all of my bookmarks and saved passwords and maybe other stuff I haven't even thought about yet. I'm copying an old firefox profile from another machine that's four years out of date. Maybe I can rescue an ort here or there. What a fscking disaster. Lesson learned: if you need to start firefox with a fresh profile, just move your ~/.mozilla directory out of the way and let firefox create a new one from scratch. This wouldn't help with some of the things you lost but it will with your passwords at least. For passwords, this will help and you can use it somewhere else as well since it is portable, sort of. https://lastpass.com/ I use that because I use Seamonkey, Firefox and other browsers. Also, if I am somewhere else, I can use that to get my passwords. If my hard drive dies and I lose everything, all I have to do is install the plugin after the repairs and re-install, type in my email and master password and I'm back in business. I been using it for a good while and so far, it works fairly well. Every once in a while I run up on a site that doesn't fill in automatically but it does when I right click and tell it too. It may at least be something worth looking at. Dale :-) :-)
Re: [SOLVED] Re: [gentoo-user] msmtp vs. nullmailer
On 20/07/2015 23:50, Walter Dnes wrote: On Mon, Jul 20, 2015 at 06:49:00PM +0100, Mick wrote [snip] You can tell it to run a script that contains that command. Having passwords floating around on disk in clear text is a *BAD* idea. Some user friendly distros, like Ubuntu, let you run *ANY* command as root if you prefix it with sudo. That can be done with the keyword ALL michael michaelsmachine = (root) NOPASSWD: ALL [snip] Lets be fair to Ubuntu - the above is not how it ships. On Ubuntu, all users in the admin group can run any command with sudo, and sudoers ships with a cpnfig that *requires* the user's password. This is a very normal config and an excellent starting point. The first user added during the install is added to the admin group (as obviously it is root doing the installation), all other users must be added to the group by root manually. What you describe is most certainly not how Ubuntu ships (but idiots who will do it, or follow howtos that say to do it, do exist) -- Alan McKinnon alan.mckin...@gmail.com
[gentoo-user] Re: Catastrophic bug in the firefox 'ProfileManager' function
On Mon, 20 Jul 2015 16:18:44 -0700 walt w41...@gmail.com wrote: I suspect most people don't even know firefox has a ProfileManager, but I'm here to warn you not to use it. It just cost me years of bookmarks and saved passwords. For testing purposes I invoked firefox-bin with the -ProfileManager flag (don't do this, it's broken!) and created a fresh firefox profile with the name temp as I've been doing for years. I ran the temp profile while doing my testing, quit firefox and then re-invoked firefox with the -ProfileManager flag and used it to delete the temp profile because I didn't need it any more. Unfortunately, deleting temp also deleted the default profile I've been using for years, which had all of my bookmarks and saved passwords and maybe other stuff I haven't even thought about yet. I'm sorry you had this trouble, and I can't explain it. I've used the profile manager to delete temporary profiles at least once a twice a week for the past many years without problems. I compile firefox instead of using firefox-bin, but that shouldn't make any difference. I guess you've already looked, but just in case, make sure the default profile directory is really gone. If you're very lucky, only the profile.ini file got corrupted.