[gentoo-user] htop showing black screen
Hello everyone, I've recently installed 64bit hardened gentoo server in VirtualBox on our main server and I've emerged htop. After running it I *got only the black screen*, i wasn't able to kill it with ctrl+c and after that even *'kill -9' stopped working* from any other console/ssh session. I wasn't even able to run 'ps' or 'top', I could only end the ssh session. After losing some bunch of hairs I've *recompiled sys-process/procps* and everything went back to normal with htop happily working. So I'm just writing to let anyone know in case you run into some similar problem. I am curious if anyone has any explanation, but I've personally sorted that problem into weird-and-not-to-be-curious-about-anymore group. Regards, Peter
Re: [gentoo-user] Re: Is it possible to move from hardened profile?
Well, hardened profile really did add some peace of mind to me, very rarely I found some app to be terminated thanks to stack smashing protection. I would like to have safe working environment, but the incompatibility cost me quite some time. Hardened would be the only choice for me if it was a server solution, but for notebook workstation with KDE it is quite inconvenient. ATI fglrx drivers have problems on hardened kernel (even with GrSec and PAX disabled, just thanks to other hardened patches), VirtualBox cannot be compiled using hardened gcc profile, when trying to emerge wxMaxima some of its dependencies refuse to be compiled on hardened profile (was it gnuplot? I am really not sure)... These are usually small amounts of time which I have to invest, but there is quite a bunch of them. On server I have no such problems and I am using hardened profile with lots of security features turned on without problems, but on desktop workstation it is quite a pain. Anyway I have already creates a partition and in some free time I have been installing Gentoo with default profile via chroot. When I have complete environment and all my data moved, I'll try to convert the profile, just out of curiosity... Peter
[gentoo-user] Is it possible to move from hardened profile?
Hello, I wonder whether it is possible to convert hardened desktop box into box with non-hardened profile? I guess I would have to recompile world with vanilla compiler (no hardening) and compile gentoo-sources kernel (no prob with those), but how can I get clean, non-hardened profile for portage (if it is even possible)? Thanks for any clues, Peter
[gentoo-user] Re: Error emerging ati-drivers-11.11
I finally found an unconfirmed bug about this - https://bugs.gentoo.org/show_bug.cgi?id=392753 Unfortunately without solution. Any tips? 2011/12/24 czernitko czerni...@gmail.com Hello everyone! I've got a problem that makes me lose my hair for about two days already. Emerging ati-drivers results in ebuild error, but ati proprietary installer works just fine. Last version of ati-drivers that compiles just fine is 11.6. All following versions of the driver (11.7-11.12) fail to compile. I haven't found any appropriate bug, so I guess there is more probably some problem with my environment. I am using hardened profile, by the way, but without PaX or GrSecurity. Does anyone have any clue about a solution? Or should I fill a bug at bugs.gentoo.org as this seems not to be an upstream bug? Thanks for any advice! Peter gethexis ~ # emerge -pqv =x11-drivers/ati-drivers-11.11 [ebuild U] x11-drivers/ati-drivers-11.11 [11.6] USE=modules (multilib) qt4 -debug (-opencl) gethexis ~ # emerge --info =x11-drivers/ati-drivers-11.11 Portage 2.1.10.41 (hardened/linux/amd64, gcc-4.5.3-hardenednopie, glibc-2.13-r4, 3.0.4-hardened-r1 x86_64) = System Settings = System uname: Linux-3.0.4-hardened-r1-x86_64-Intel-R-_Core-TM-_i7_CPU_Q_720_@ _1.60GHz-with-gentoo-2.0.3 Timestamp of tree: Sat, 24 Dec 2011 09:15:01 + app-shells/bash: 4.1_p9 dev-java/java-config: 2.1.11-r3 dev-lang/python: 2.6.6-r2, 2.7.2-r3, 3.1.4-r3 dev-util/cmake: 2.8.6-r4 dev-util/pkgconfig: 0.26 sys-apps/baselayout: 2.0.3 sys-apps/openrc: 0.9.4 sys-apps/sandbox: 2.5 sys-devel/autoconf: 2.13, 2.68 sys-devel/automake: 1.9.6-r3, 1.10.3, 1.11.1 sys-devel/binutils: 2.21.1-r1 sys-devel/gcc: 4.5.3-r1 sys-devel/gcc-config: 1.4.1-r1 sys-devel/libtool: 2.4-r1 sys-devel/make: 3.82-r1 sys-kernel/linux-headers: 2.6.39 (virtual/os-headers) sys-libs/glibc: 2.13-r4 Repositories: gentoo x-portage ACCEPT_KEYWORDS=amd64 ACCEPT_LICENSE=* -@EULA PUEL Oracle-BCLA-JavaSE CBUILD=x86_64-pc-linux-gnu CFLAGS=-O2 -pipe -march=core2 CHOST=x86_64-pc-linux-gnu CONFIG_PROTECT=/etc /usr/share/config /usr/share/gnupg/qualified.txt /usr/share/maven-bin-3.0/conf /usr/share/themes/oxygen-gtk/gtk-2.0 /var/lib/hsqldb CONFIG_PROTECT_MASK=/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5.3/ext-active/ /etc/php/cgi-php5.3/ext-active/ /etc/php/cli-php5.3/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c CXXFLAGS=-O2 -pipe -march=core2 DISTDIR=/usr/portage/distfiles EMERGE_DEFAULT_OPTS=--autounmask=n --keep-going FEATURES=assume-digests binpkg-logs distlocks ebuild-locks fixlafiles news parallel-fetch protect-owned sandbox sfperms splitdebug strict unknown-features-warn unmerge-logs unmerge-orphans userfetch FFLAGS=-O2 -pipe -march=core2 -funroll-all-loops GENTOO_MIRRORS=http://ftp.fi.muni.cz/pub/linux/gentoo/; LANG=cs_CZ.UTF-8 LDFLAGS=-Wl,-O1 -Wl,--as-needed LINGUAS=cs en MAKEOPTS=-j9 PKGDIR=/usr/portage/packages PORTAGE_CONFIGROOT=/ PORTAGE_RSYNC_OPTS=--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages PORTAGE_TMPDIR=/var/tmp PORTDIR=/usr/portage PORTDIR_OVERLAY=/usr/local/portage SYNC=rsync://rsync.cz.gentoo.org/gentoo-portage USE=3dnow 3dnowext X aac acl acpi alsa amd64 amr aol apache2 autoipd avahi bash-completion berkdb bluetooth branding bugzilla bzip2 cdr clamav cli consolekit cracklib crypt cups cvs cxx dbus dhcp dirac directfb disk-partition dri dvd eap-tls embedded encode exif extensions extras ffmpeg firefox flac fontconfig fortran ftp fuse gcj gcrypt gd gdbm geolocation gif gimp git gnutls gpg gphoto2 gpm gpu graphviz groupwise handbook hardened hddtemp iconv icq icu imagemagick imap inifile innodb inotify ipv6 jabber java javascript jpeg jpeg2k justify kde kerberos kipi lame laptop latex lcms lensfun libnotify lm_sensors lzma lzo mad matroska matrox mercurial mhash mime mjpeg mmap mmx mmxext mng modplug modules mono mozilla mp3 mp4 mpeg mpi mplayer msn mudflap multilib mysql mysqli ncurses networkmanager nls nntp nocd nodrm nptl nptlonly nsplugin nspluginwrapper odbc ogg openal opengl openmp osc oscar pam pax_kernel pcntl pcre pdf perl php pic plasma png policykit posix pppd prediction private-headers pulseaudio python qq qt3support qt4 quicktime radius raw rdesktop readline recode redeyes reports rss samba sasl schroedinger scp sdl seamonkey semantic-desktop session sftp sharedext sharedmem silc skey skype slp smp snmp soap sockets socks5 source spell
[gentoo-user] Full disk encryption
Hello! I would like to set up an encrypted partition for my /home directories on Gentoo Hardened. Which approach do you recommend? Thanks, Peter
Re: [gentoo-user] Full disk encryption
Hello, thanks for your response, Neil! As for dmcrypt usage, what do you think about truecrypt or pgp whole disk encryption as alternatives to dmcrypt? I would like to have only one partition with all home directories on it, and I would like to avoid usage of initrd as I don't use it now and I would like to keep it that way if possible. Peter 2011/11/30 Neil Bothwick n...@digimed.co.uk On Wed, 30 Nov 2011 16:19:18 +0100, czernitko wrote: I would like to set up an encrypted partition for my /home directories on Gentoo Hardened. Which approach do you recommend? Do you want a single encrypted filesystem, or separately encrypted home directories for each user. for the former, emerge cryptsetup, use it to create the encrypted block device and set it up in /etc/conf.d/dmcrypt. For individually encrypted home directories, using ecryptfs on top of a standard filesystem, as used by Ubuntu, is probably the best way. -- Neil Bothwick You want us to do WHAT? - Ancient Chinese wall engineer.
Re: [gentoo-user] Full disk encryption
Ok, it seems I'll stick with dmcrypt using http://en.gentoo-wiki.com/wiki/DM-Crypt. Thanks for your responses guys! Peter 2011/11/30 Felix Kuperjans fe...@desaster-games.com Hello Peter, dmcrypt works perfectly without initrd as long as you do not encrypt the root filesystem. So for encrypted home directories, you can just create and use a LUKS volume with dmcrypt (AFAIK the fastest and easy-to-use way). Regarding other techniques like gpg or truecrypt, you should keep in mind, that dmcrypt works directly in the kernelspace, so it may be a lot faster with the same encryption strength (but it don't know any benchmark about that). Regards, Felix . Am 30.11.2011 16:40, schrieb czernitko: Hello, thanks for your response, Neil! As for dmcrypt usage, what do you think about truecrypt or pgp whole disk encryption as alternatives to dmcrypt? I would like to have only one partition with all home directories on it, and I would like to avoid usage of initrd as I don't use it now and I would like to keep it that way if possible. Peter 2011/11/30 Neil Bothwick n...@digimed.co.uk On Wed, 30 Nov 2011 16:19:18 +0100, czernitko wrote: I would like to set up an encrypted partition for my /home directories on Gentoo Hardened. Which approach do you recommend? Do you want a single encrypted filesystem, or separately encrypted home directories for each user. for the former, emerge cryptsetup, use it to create the encrypted block device and set it up in /etc/conf.d/dmcrypt. For individually encrypted home directories, using ecryptfs on top of a standard filesystem, as used by Ubuntu, is probably the best way. -- Neil Bothwick You want us to do WHAT? - Ancient Chinese wall engineer.
Re: [gentoo-user] Re: Full disk encryption
Yup, establishing encrypted partition for /home was easy as a pie using cryptsetup. I was considering using truecrypt as it offers multiplatform support, so I could access encrypted partition even from my dualbooted windoze, but I didn't want to put effort into something not as well documented (how-toed) as dmcrypt. As for initrd, I believe it has a lot of advantages, but as long as I can avoid it, I don't see any reason why to spend time learning that stuff and making my kernel deployment more complicated. I know that one day I will have to learn that stuff. But as far as it is not today, it makes my day even better :) Thanks for all your responses! Peter
Re: [gentoo-user] Re: Full disk encryption
I wonder whether it is posible to simply resize the dm-crypt encrypted partition? Or do I have to create new, bigger partition with required size and move the data? Peter
Re: [gentoo-user] Unable to login to gentoo
Well, if nothing else, you could use binfmt support in kernel to execute 64bit code on 32bit OS, as same as you can execute ARM or other arch binaries. On the other hand, booting 64bit live system would be much easier, faster and better approach, I guess :) If you don't want to mess with chroot from Fedora, you can use Gentoo amd64 Live DVD, which can be downloaded from http://gentoo.osuosl.org//releases/amd64/11.0/ Best regards, Peter 2011/11/1 Sebastian Beßler sebast...@darkmetatron.de Am 01.11.2011 20:51, schrieb Dale: Don't boot a 32 bit OS and chroot into a 64 bit one. That can be done but it requires some additional commands. I always thought that is impossibl because the 32bit libs and kernel are unable to execute 64bit code. You could do the other way round with no probs but a 64bit cpu in 32bit mode with 32bit libs and kernel? I really would like to know more about that. Greetings Sebastian Beßler
Re: [gentoo-user] Re: How to cross compile Perl for ARM?
Thank you James! I totally missed the existence of gentoo-embedded list, I I'll post my questions there. 2011/10/16 James wirel...@tampabay.rr.com czernitko czernitko at gmail.com writes: Hello!I started playing a little bit with cross compilation for ARM architecture. Using crossdev I created a toolchain for arm-none-linux-gnueabi tuple.Now I'd like to emerge some more packages, but perl constantly refuses to emerge and it is needed by many packages. You have the right idea using the gentoo embedded handbook as your guide. http://www.gentoo.org/proj/en/base/embedded/handbook/ You may want to join/post to the gentoo-embedded list where you'll find much more expertise on ARM and cross-compiling issues. hth, James
Re: [gentoo-user] How to cross compile Perl for ARM?
Hi Leho! Thanks for many links, Jude Pereira's work totally missed my search results. In fact I focused on playing with Qemu. First approach was to emulate whole board (using qemu-system-arm) which works so far best of all, but is painfully slow (but not more than other options). As for chrooted environment, I used armv5tel stage3 tarballs available at my university site: http://ftp.fi.muni.cz/pub/linux/gentoo/releases/arm/autobuilds/current-stage3-armv5tel/- it is one of official gentoo mirrors and stage3 tarball contains everything necessary already compiled, including fully operational perl 5.12.3. I had no problems emerging any other packages, but as I said, compilation takes ages. Then I tried to move contents of my emulated folder to my ARM target machine and on the machine try to chroot inside it. No problem with compiling/emerging in chrooted environment directly on target machine, but speed is maybe even lower. The last approach I tried was using binfmt support to be able to run arm binaries on my x64 box without the necessity to emulate whole board - I hoped to have much better performance than when using qemu-system-arm. Unfortunately it seems that qemu-arm does not support some system calls or whatever. I untared stage3 on my x64 machine, chrooted into the folder and tried running emerge - simple arm binaries were running fine, but emerge ended with errors like qemu: Unsupported syscall: 242... And last of all, I started documenting my approach on google sites: https://sites.google.com/site/czernitko/cross-compilation/cross-compiling-perl-for-arm-architecture Peter 2011/10/16 Leho Kraav l...@kraav.com i have managed to cross-compile a pretty complete stage3 for arm i believe with perl-5.10.1 from http://git.overlays.gentoo.org/gitweb/?p=proj/embedded-cross.git;a=tree;f=dev-lang/perl overall the cross-compile experience was a nightmare, esp. re perl and python. many packages obscurely fail, but not enough for you to immediately give up. so it keeps sucking you back in and waste even more time. at the time i discovered that embedded-cross overlay had mostly done all the difficult work for me, but it seems it is no longer updated for recent stuff. i think guys in #gentoo-embedded told me it is a lot of effort to patch these large packages like perl and python to sanely cross-compile, and since i think their product thing didn't work out too well, they weren't going to sink any more time into maintaining for newer versions. but jude pereira i believe is doing something with arm stages at least semi-actively http://judepereira.com/blog/gentoo-linux-uclibc-stage3-2010-for-embedded/and it is definitely a lot of fun booting pretty much full blown gentoo on things like Nokia N8x0 internet tablets https://github.com/slonopotamus/n8x0-overlay
Re: [gentoo-user] How to cross compile Perl for ARM?
Hi Raffaele, how far did you get with compiling rootfs? Do you have complete gentoo installation including kernel compiled for ARM? Would it be possible to make vmdk/any other image for Qemu in which it could be run? I guess it would ease quite many things... As for my progress: I found out that patches from Cross directory does not work, but configure script has some options for cross compilation so I wrote ebuild with different parameters for perl Configure script. It assumes that you have ARM machine ready on network and with ssh daemon running - it uses ssh to transfer cross compiled binaries, run them remotely and uses the output to continue compiling on host pc. I had no problem with establishing that, but configure script still tries to run few binaries compiled for ARM on my x64 host machine. Fight continues! Stay tuned :) Peter 2011/10/14 Raffaele BELARDI raffaele.bela...@st.com On 10/14/2011 01:14 PM, czernitko wrote: Hello! I started playing a little bit with cross compilation for ARM architecture. Using crossdev I created a toolchain for arm-none-linux-gnueabi tuple. Now I'd like to emerge some more packages, but perl constantly refuses to emerge and it is needed by many packages. Not a direct answer to your question, but I managed to cross-build a functional linux rootfs (including X11/Xfbdev and QTEmbedded) for ARM using buildroot. I found buildroot much easier to use than trying to follow the now-deprecated Gentoo Cross Development Guide. Also, I used CodeSourcery's toolchain instead of building my own.
Re: [gentoo-user] How to cross compile Perl for ARM?
Hello Jonas! there is probably a better way to do this, but it should be possible to make a local overlay and modify the ebuild's src_compile to do emake in the Cross directory. http://devmanual.gentoo.org/ebuild-writing/index.html So far this seems to me to be the most reasonable way. I would like to stick to the gentoo way of doing cross compilation, even if it encounters some minor hacks. I'll try it, thanks for pointing me there. are you documenting your progress somewhere? Nope, but for quite a while I'm considering to put up some blog (or something on google sites)... can you please point me to the documents that helped you put together the cross compilation toolchain? In fact only embedded gentoo documentationhttp://www.gentoo.org/proj/en/base/embedded/and trial and error method. I succeeded with crossdev --b 2.21.1 --g 4.5.3 --l 2.11.3 --k 2.6.36 -t arm-none-linux-gnueabi which compiled succesfully and created toolchain that can create binaries compatible with my Netgear Stora. So far I haven't tried emerged packages as I am not sure if they will run unless built statically, but sample C program compiled with cross compiler runs ok. that actually sounds like it successfully cross-compiled try.c, but *of course* it does not run on your host platform! that check is probably omitted in Cross/Makefile which might why they are telling you to run that one. I agree, I hope I can make some workaround in a short time for that. Using my own overlay seems to be the most appropriate way, I'll write back as soon as I have working ebuild limited to arm architecture... Peter
Re: [gentoo-user] How to cross compile Perl for ARM?
Hi Raffaele, Gentoo Cross Development Guide is deprecated in favour of Gentoo Embedded project, which so far seems to suit my needs. I had a quick look on CodeSourcery's products a few days ago, but in freely available version they don't seem to offer me more than toolchain compiled with crossdev. Maybe I'm wrong and if I'll get stuck I'll give them a go. AFAIK the biggest disadvantage of crossdev-created toolchain, compared to other cross compilation tools, is that without usage of emulator (like qemu-user) it is not possible to compile things that use in their configure scipts checks that need to be run on the target architecture (like Perl). Sticking to arm-none-linux-gnueabi-emerge offers quite a lot of comfort so far, so I'll see where I can get. Thanks for your tips! Peter 2011/10/14 Raffaele BELARDI raffaele.bela...@st.com On 10/14/2011 01:14 PM, czernitko wrote: Hello! I started playing a little bit with cross compilation for ARM architecture. Using crossdev I created a toolchain for arm-none-linux-gnueabi tuple. Now I'd like to emerge some more packages, but perl constantly refuses to emerge and it is needed by many packages. Not a direct answer to your question, but I managed to cross-build a functional linux rootfs (including X11/Xfbdev and QTEmbedded) for ARM using buildroot. I found buildroot much easier to use than trying to follow the now-deprecated Gentoo Cross Development Guide. Also, I used CodeSourcery's toolchain instead of building my own.
[gentoo-user] MediaTomb - sorting images by exif rating
Hello there! I am using Mediatomb with my telly which is so far the best DLNA server I've tried. I use the telly to present images from my DSLR camera and I'd like to be able to list only images that have rating over 4. By rating, I mean EXIF tag 0x4746 (Exif.Image.Rating). Does anybody know how to force MediaTomb to create such virtual folders? Thanks for your responses! Peter
Re: [gentoo-user] MediaTomb - sorting images by exif rating
Thanks for your answer, Michael. I have already read the web page you posted, but my problem is that libextractor extracts various EXIF metadata from jpeg files EXCEPT for exif rating. So I wonder whether there is any workaround/any way to do this in some different way? Or maybe some way to teach libextractor to extract those data? I tried to find some configuration for libextractor/exiv2 but unforutnately without any success. Peter 2011/10/2 Michael Mol mike...@gmail.com On Sun, Oct 2, 2011 at 5:50 AM, czernitko czerni...@gmail.com wrote: Hello there! I am using Mediatomb with my telly which is so far the best DLNA server I've tried. I use the telly to present images from my DSLR camera and I'd like to be able to list only images that have rating over 4. By rating, I mean EXIF tag 0x4746 (Exif.Image.Rating). Does anybody know how to force MediaTomb to create such virtual folders? MediaTomb builds the virtual folder set via JavaScript. Take a peek under /usr/share/mediatomb/js , and at http://mediatomb.cc/pages/scripting -- :wq
Re: [gentoo-user] Software for LCD Data Center
Ok, you were right guys! I installed MediaTomb per your recommendations, and it works like a charm! Installation and configuration was easy as a pie thanks to Gentoo's portage and MediaTomb's web UI. Moreover its DLNA is compatible with my telly! Yay! :) Streaming of video, conversion of unsupported formats and everything just works in five minutes of work! And it is much better than Twonky Media Server which is the only officially supported software by Panasonic. Thanks for all your time guys! Peter
Re: [gentoo-user] Software for LCD Data Center
Thanks for all your answers guys! And sorry for not responding for three days, I was away on holiday. From what you say I will give DLNA a try (no other choice, I simply want to watch movies stored on my pc). I found some list of DLNA software on http://www.rbgrn.net/content/21-how-to-choose-dlna-media-server-windows-mac-os-x-or-linuxbut I will give a try to ushare and MediaTomb first. I'll go through the list and try each piece of software and see which one works best with my telly x gentoo combination. I'll let you know as soon as I have more info! Cheers, Peter
[gentoo-user] Software for LCD Data Center
Hello list! I've recently bought LCD television from Panasonic (TX-L32E30E Viera). It is connected to my home LAN and it should be able to access data on local computers using some Data Center feature. From what I've heard, it is something little bit different than common NFS/Samba sharing. It should be natively supported by Win7 and there may be some applications for WinXP. Unfortunately no applications were shipped on CD with the telly. I wonder whether there is some way to connect my home Gentoo server to the telly? Is there any linux application/specific Samba configuration/...? Have anyone tried anything similar? Peter
Re: [gentoo-user] Where be the hardened Stage3?
There was an answer to this question from Alan McKinnon some day ago regarding this topic: alan's quote The few times I've seen this discussed in public it's usually been something mundane like package X in system won't build for hardened so we omitted that stage till it's fixed or we ran out of time The next stage run usually has them again, so highly unlikely to be anything to be worried about. You can still use the previous version which is about one week older. /alan's quote he posted this to gentoo-user list. From what was answered you can find packages at http://gentoo.osuosl.org/releases/amd64/autobuilds/ regards, Petr Černý 2011/6/6 Pandu Poluan pa...@poluan.info On Mon, Jun 6, 2011 at 05:55, Michael Orlitzky mich...@orlitzky.com wrote: I asked on the hardened list and haven't heard anything for a few days. We might just have to wait until someone notices and fixes it. Thanks. Pray tell us when there's nows and/or explanation :) Rgds, -- Pandu E Poluan ~ IT Optimizer ~ Visit my Blog: http://pepoluan.posterous.com