Re: [gentoo-user] /dev/sda* missing at boot
On Thu, Sep 8, 2011 at 4:05 PM, Alan McKinnon alan.mckin...@gmail.com wrote: On Thu, 08 Sep 2011 19:11:04 +0200 Michael Schreckenbauer grim...@gmx.de wrote: Then design the correct solution and implement it. If it's technically sound, it will prevail. I think it's a rather complicated problem with a non trivial solution, but the code is there if you feel like give it a try. Where did I write, that I am in the position to write such a beast? I only take the freedom to name this a design flaw in udev. It needs things from userspace, which are not yet available at the point it requests them. An initramsfs is a workaround for this, not a proper fix. If that is the argument from the udev devs you just quoted, then I do not understand it at all. Why can there not be a restriction that udev may only run code in the traditional / space (i.e. it will not attempt to run code in the /usr or /home spaces)? Device nodes are a root function; root is the only user that should dictate how device nodes are created; root is the only user that can normally write to / and thereby create udev's rules and rulesets. In what valid way does access to /usr become something that udev may be required to support? It is a matter of what else do you end having in /bin and /lib. Remember that udev rules can execute arbitrary code. Do all that code needs to be moved to /bin and /lib also? I keep telling: it is a difficult problem. Regards. -- Canek Peláez Valdés Posgrado en Ciencia e Ingeniería de la Computación Universidad Nacional Autónoma de México
Re: [gentoo-user] /dev/sda* missing at boot
Am Donnerstag, 8. September 2011, 22:05:36 schrieb Alan McKinnon: On Thu, 08 Sep 2011 19:11:04 +0200 Michael Schreckenbauer grim...@gmx.de wrote: Then design the correct solution and implement it. If it's technically sound, it will prevail. I think it's a rather complicated problem with a non trivial solution, but the code is there if you feel like give it a try. Where did I write, that I am in the position to write such a beast? I only take the freedom to name this a design flaw in udev. It needs things from userspace, which are not yet available at the point it requests them. An initramsfs is a workaround for this, not a proper fix. If that is the argument from the udev devs you just quoted, then I do not understand it at all. It's my understanding, that this is their point. Why can there not be a restriction that udev may only run code in the traditional / space (i.e. it will not attempt to run code in the /usr or /home spaces)? Yes. I really wonder, why we have /bin, /sbin and /lib Device nodes are a root function; root is the only user that should dictate how device nodes are created; root is the only user that can normally write to / and thereby create udev's rules and rulesets. In what valid way does access to /usr become something that udev may be required to support? As udev is able to run arbitrary scripts, there *might* be some code, that requires something from /usr/*. So they want this beast be mounted, before udev starts doing it's job. Not arguing with *you* here Michael, just wondering about the validity of the position you quoted Understood :) Regards, Michael
Re: [gentoo-user] /dev/sda* missing at boot
Am Donnerstag, 8. September 2011, 22:56:07 schrieb Alan McKinnon: On Thu, 08 Sep 2011 22:40:07 +0200 Michael Schreckenbauer grim...@gmx.de wrote: Am Donnerstag, 8. September 2011, 22:05:36 schrieb Alan McKinnon: On Thu, 08 Sep 2011 19:11:04 +0200 Michael Schreckenbauer grim...@gmx.de wrote: Then design the correct solution and implement it. If it's technically sound, it will prevail. I think it's a rather complicated problem with a non trivial solution, but the code is there if you feel like give it a try. Where did I write, that I am in the position to write such a beast? I only take the freedom to name this a design flaw in udev. It needs things from userspace, which are not yet available at the point it requests them. An initramsfs is a workaround for this, not a proper fix. If that is the argument from the udev devs you just quoted, then I do not understand it at all. It's my understanding, that this is their point. Why can there not be a restriction that udev may only run code in the traditional / space (i.e. it will not attempt to run code in the /usr or /home spaces)? Yes. I really wonder, why we have /bin, /sbin and /lib The / partition may contain, at a absolute minimum, only that software required to boot and start userspace. So you find mount, fsck and sh in there. snip Thanks, Alan http://en.wikipedia.org/wiki/Rhetorical_question ;) Best, Michael
[gentoo-user] License question for jdk
My update world today produced [nomerge ] dev-java/icedtea-6.1.10.3 USE=hs20 nsplugin nss webstart xrender -cacao -debug -doc -examples -jamvm -javascript -nio2 -pulseaudio -systemtap -zero [nomerge ] dev-java/ant-nodeps-1.8.1 [ebuild NS] virtual/jre-1.7.0 [1.6.0] 0 kB [ebuild NS]virtual/jdk-1.7.0 [1.6.0] 0 kB [ebuild N F ] dev-java/oracle-jdk-bin-1.7.0 USE=X alsa -derby -doc -examples -jce -nsplugin 92,746 kB [snip] The following license changes are necessary to proceed: #required by virtual/jdk-1.7.0, required by virtual/jre-1.7.0, required by dev-java/xalan-2.7.1, required by dev-java/icedtea-6.1.10.3, required by @selected, required by @world (argument) =dev-java/oracle-jdk-bin-1.7.0 Oracle-BCLA-JavaSE NOTE: This --autounmask behavior can be disabled by setting EMERGE_DEFAULT_OPTS=--autounmask=n in make.conf. Use --autounmask-write to write changes to config files (honoring CONFIG_PROTECT). So I need the Oracle-BCLA-JavaSE license. But I don't see where it tells me how to do this. Previous license requests said something like * go to URL xxx * click on YYY * store it in distfiles/ZZZ (As an aside I had thought idedtea replaced the need for oracle/sun 's jdk. I do have installed sun/oracle 's java-sdk-docs.) thanks, allan
Re: [gentoo-user] License question for jdk
Allan Gottlieb writes: My update world today produced [nomerge ] dev-java/icedtea-6.1.10.3 USE=hs20 nsplugin nss webstart xrender -cacao -debug -doc -examples -jamvm -javascript -nio2 -pulseaudio -systemtap -zero [nomerge ] dev-java/ant-nodeps-1.8.1 [ebuild NS] virtual/jre-1.7.0 [1.6.0] 0 kB [ebuild NS]virtual/jdk-1.7.0 [1.6.0] 0 kB [ebuild N F ] dev-java/oracle-jdk-bin-1.7.0 USE=X alsa -derby -doc -examples -jce -nsplugin 92,746 kB [snip] The following license changes are necessary to proceed: #required by virtual/jdk-1.7.0, required by virtual/jre-1.7.0, required by dev-java/xalan-2.7.1, required by dev-java/icedtea-6.1.10.3, required by @selected, required by @world (argument) =dev-java/oracle-jdk-bin-1.7.0 Oracle-BCLA-JavaSE NOTE: This --autounmask behavior can be disabled by setting EMERGE_DEFAULT_OPTS=--autounmask=n in make.conf. Use --autounmask-write to write changes to config files (honoring CONFIG_PROTECT). So I need the Oracle-BCLA-JavaSE license. But I don't see where it tells me how to do this. Previous license requests said something like * go to URL xxx * click on YYY * store it in distfiles/ZZZ That is something different, when portage is not able to download stuff. What you need to do is to tell portage you accept the license by putting the =dev-java/... line into /etc/portage/package.license. Or you could add the --autounmask-write switch to your emerge command, and then use etc-update/dispatch-conf/cfg-update or whatever you use to update the config files. Wonko
Re: [gentoo-user] License question for jdk
Hi, Allan Gottlieb wrote: My update world today produced [nomerge ] dev-java/icedtea-6.1.10.3 USE=hs20 nsplugin nss webstart xrender -cacao -debug -doc -examples -jamvm -javascript -nio2 -pulseaudio -systemtap -zero [nomerge ] dev-java/ant-nodeps-1.8.1 [ebuild NS] virtual/jre-1.7.0 [1.6.0] 0 kB [ebuild NS]virtual/jdk-1.7.0 [1.6.0] 0 kB [ebuild N F ] dev-java/oracle-jdk-bin-1.7.0 USE=X alsa -derby -doc -examples -jce -nsplugin 92,746 kB [snip] The following license changes are necessary to proceed: #required by virtual/jdk-1.7.0, required by virtual/jre-1.7.0, required by dev-java/xalan-2.7.1, required by dev-java/icedtea-6.1.10.3, required by @selected, required by @world (argument) =dev-java/oracle-jdk-bin-1.7.0 Oracle-BCLA-JavaSE NOTE: This --autounmask behavior can be disabled by setting EMERGE_DEFAULT_OPTS=--autounmask=n in make.conf. Use --autounmask-write to write changes to config files (honoring CONFIG_PROTECT). So I need the Oracle-BCLA-JavaSE license. But I don't see where it tells me how to do this. Previous license requests said something like but it does:Use --autounmask-write to write changes to config files so you just have to do this: `emerge -va dev-java/oracle-jdk-bin --autounmask-write` followed by `etc-update` and then you can emerge it `emerge -va dev-java/oracle-jdk-bin` or you could just `echo dev-java/oracle-jdk-bin Oracle-BCLA-JavaSE /etc/portage/package.license` Rudmer
Re: [gentoo-user] License question for jdk
On Saturday, 10. September 2011 16:50:30 Alex Schuster wrote: Allan Gottlieb writes: My update world today produced [nomerge ] dev-java/icedtea-6.1.10.3 USE=hs20 nsplugin nss webstart xrender -cacao -debug -doc -examples -jamvm -javascript -nio2 -pulseaudio -systemtap -zero [nomerge ] dev-java/ant-nodeps-1.8.1 [ebuild NS] virtual/jre-1.7.0 [1.6.0] 0 kB [ebuild NS]virtual/jdk-1.7.0 [1.6.0] 0 kB [ebuild N F ] dev-java/oracle-jdk-bin-1.7.0 USE=X alsa -derby -doc -examples -jce -nsplugin 92,746 kB [snip] The following license changes are necessary to proceed: #required by virtual/jdk-1.7.0, required by virtual/jre-1.7.0, required by dev-java/xalan-2.7.1, required by dev-java/icedtea-6.1.10.3, required by @selected, required by @world (argument) =dev-java/oracle-jdk-bin-1.7.0 Oracle-BCLA-JavaSE NOTE: This --autounmask behavior can be disabled by setting EMERGE_DEFAULT_OPTS=--autounmask=n in make.conf. Use --autounmask-write to write changes to config files (honoring CONFIG_PROTECT). So I need the Oracle-BCLA-JavaSE license. But I don't see where it tells me how to do this. Previous license requests said something like * go to URL xxx * click on YYY * store it in distfiles/ZZZ That is something different, when portage is not able to download stuff. What you need to do is to tell portage you accept the license by putting the =dev-java/... line into /etc/portage/package.license. Or you could add the --autounmask-write switch to your emerge command, and then use etc-update/dispatch-conf/cfg-update or whatever you use to update the config files. Ah. This /etc/portage/package.license thing is new to me. I use ACCEPT_LICENSE in make.conf. You know, what's the difference (if any)? Wonko Thanks, Michael
Re: [gentoo-user] Anyone can afford information about build kernel?
On 10/09/2011 06:25 AM, Lavender wrote: It seems that no matter I build gentoo manually or with genkernel I can't have a fine-working kernel finally. Obviously I must solve it by myself , so I determined to build entire kernel all manually , it requests a lot of linux knowlege . All for that, I hope someone could tell me where to get this information , I haven't found them on gentoo.org , so please lead me to the correct direction, thank you for you all ! If you're new to building kernel, it will take some time to learn what modules you need what options you should enable, etc. You're building gentoo on some host Linux os, so you can use that os's lsmod utility to know what modules you require. Also, if some modules may be compiled right into the kernel you may not be able to see them in the lsmod produces, instead use lspci -v for that. One important thing I learnt the hard way while building gentoo for a server- Always compile the critical modules like disk controllers, RAID, also don't forget to use RAID autodetection if you're not going to use an initramfs and filesystems (involved at boot) statically. While citing my experience about building gentoo on a server, you have to do the things invisibly, so you can't see what the kernel emits befor panic. It turned out that I'd disabled RAID autodetection and wasn't using an initramfs either (which will load the arrays using mdadm). -- Nilesh Govindarajan http://nileshgr.com
Re: [gentoo-user] Anyone can afford information about build kernel?
Thanks a lot ! The e-book is nice ! Hmm, Linux Kernel in a Nutshell , I haven't heard it before , would you like to recommend more books about linux kernel ? -- Original -- From: Volker Armin Hemmannvolkerar...@googlemail.com; Date: Sun, Oct 9, 2011 02:21 PM To: gentoo-usergentoo-user@lists.gentoo.org; Subject: Re: [gentoo-user] Anyone can afford information about build kernel? Am Sonntag 09 Oktober 2011, 08:55:55 schrieb Lavender: It seems that no matter I build gentoo manually or with genkernel I can't have a fine-working kernel finally. Obviously I must solve it by myself , so I determined to build entire kernel all manually , it requests a lot of linux knowlege . All for that, I hope someone could tell me where to get this information , I haven't found them on gentoo.org , so please lead me to the correct direction, thank you for you all ! http://www.kroah.com/lkn/ there. You can download it there. It helps you with building. btw: make -jX make modules_install install With make all modules_install install or make make modules_install you only have one make instance. Which is very slow. -- #163933
Re: [gentoo-user] Anyone can afford information about build kernel?
Am Sonntag 09 Oktober 2011, 17:49:25 schrieb Lavender: Thanks a lot ! The e-book is nice ! Hmm, Linux Kernel in a Nutshell , I haven't heard it before , would you like to recommend more books about linux kernel ? no, I don't know any other book (well.. one - linux/unix Kurzreferenz - all the commands, comaprism of shells, plus how to get out of vi(m) without going insanse, awk etc pp.. in one nice book). -- Original -- From: Volker Armin Hemmannvolkerar...@googlemail.com; Date: Sun, Oct 9, 2011 02:21 PM To: gentoo-usergentoo-user@lists.gentoo.org; Subject: Re: [gentoo-user] Anyone can afford information about build kernel? Am Sonntag 09 Oktober 2011, 08:55:55 schrieb Lavender: It seems that no matter I build gentoo manually or with genkernel I can't have a fine-working kernel finally. Obviously I must solve it by myself , so I determined to build entire kernel all manually , it requests a lot of linux knowlege . All for that, I hope someone could tell me where to get this information , I haven't found them on gentoo.org , so please lead me to the correct direction, thank you for you all ! http://www.kroah.com/lkn/ there. You can download it there. It helps you with building. btw: make -jX make modules_install install With make all modules_install install or make make modules_install you only have one make instance. Which is very slow. -- #163933 -- #163933
Re: [gentoo-user] Re: this is spam (was: Re: [gentoo-user] 回复: [gentoo-user] Anyone can afford information about build kernel?)
On Tue, 11 Oct 2011 19:16:56 -0400 Matthew Finkel matthew.fin...@gmail.com wrote: I understand why you would think the OP is a spammer, but the topic just seems too genuine (to me at least) for this to actually be spam. It definitely would have been more polite if Lavender had replied to the other suggestions, but (assuming the thread is not spam) you don't know what is going on in their life and it may take a few days to respond. Just because the person is from China, doesn't mean we should assume they're a spammer (following Alan's last reply). Dealing with foreign users can be interesting, triply so if they are not European/Caucasian. I have about 150 or so technical users throughout Africa (Nigerians are especially interesting) and their Support requests routinely end up in spam folders. These are ISP employees, you'd think the mail lines would work smoothly. Ah, not so. Until you work with foreign cultures you won't believe the many varied ways communication can veer off course. In some cultures it's considered rude for a junior to respond in any way to a senior (replies have to go through intermediaries). -- Alan McKinnnon alan.mckin...@gmail.com
Re: [gentoo-user] Which desktop antivirus?
Mick wrote:
Is there an overlay that offers AVG or bitdefender?
I found these:
root@fireball / # eix avast
* app-antivirus/avast4workstation
Available versions: ~1.3.0-r2!m[1] ~1.3.0-r2!m[2]
Homepage:
http://www.avast.com/eng/avast-for-linux-workstation.html
Description: avast! Linux Home Edition
[1] gentoo-china layman/gentoo-china
[2] gentoo-zh layman/gentoo-zh
root@fireball / # eix avg
* media-libs/shivavg
Available versions: [M]~0.2.1
Homepage:http://shivavg.sourceforge.net
Description: open-source implementation of the Khronos'
OpenVG specification
* www-apache/mod_loadavg
Available versions: ~0.0.1
Homepage:http://defunced.de/
Description: Apache module executing CGI-Requests
depending on the load of the server
Found 2 matches.
root@fireball / # eix bitdefend
* app-antivirus/bitdefender-scanner
Available versions: ~7.6.4-r1!f[1] ~7.6.4-r1!f[2]
{bash-completion examples gtk}
Homepage:
http://www.bitdefender.com/PRODUCT-80-en--BitDefender-Antivirus-Scanner-for-Unices.html
Description: Antivirus and antispyware scanner for both
UNIX-based and Windows-based partitions
[1] gentoo-china layman/gentoo-china
[2] gentoo-zh layman/gentoo-zh
root@fireball / #
So, avast is in gentoo-zh overlay, no AVG, and bitdefender-scanner is
in, drum roll please, gentoo-zh overlay. The guy keeping up with
gentoo-zh is busy on virus tools. lol
Oh, how did I get that you ask? This little command is neat.
eix-remote update
Note that gets cleared the next time you sync. At least it did here.
Hope that helps.
Dale
:-) :-)
Re: [gentoo-user] emerge --update behavior
On 01/02/12 12:06, Michael Mol wrote: That's the purpose of the emerge -p step. Presumably, you would see that there's a package in the list that you're not comfortable with removing, you'd decide you didn't want it removed, and you'd add it back to your world set. Yeah, I'm not sure I can remove any of them. The only way I see to determine what's necessary at this point is to remove it and see if stuff breaks. If you're not comfortable removing *any* package that's in your world set, then, no, there's no way to tell the difference. From this point forward, your best bet is to modify EMERGE_DEFAULT_OPTS to reflect the safest practice for your environment. And start keeping a list of packages installed to meet customers' requests. Portage apparently supports your desired workflow, but it needs to be set up for it. As to recovering from your current scenario...there might be some way to watch your apache processes to identify which files get used over a three-month span, from that list derive a list of which packages were used, and from *that* list, derive a list of which packages weren't used. (Or make an ebuild explicitly identifying the utilized dependencies, and let depclean handle the rest) That's probably more work than copying everything to another box, emptying the world file, and adding things back until stuff works. Either way the current situation is you're kinda screwed which is why I proposed avoiding it in the future (for others, too) by fixing --update.
Re: [gentoo-user] emerge --update behavior
On Mon, Jan 2, 2012 at 12:39 PM, Michael Orlitzky mich...@orlitzky.com wrote: On 01/02/12 12:06, Michael Mol wrote: That's the purpose of the emerge -p step. Presumably, you would see that there's a package in the list that you're not comfortable with removing, you'd decide you didn't want it removed, and you'd add it back to your world set. Yeah, I'm not sure I can remove any of them. The only way I see to determine what's necessary at this point is to remove it and see if stuff breaks. If you're not comfortable removing *any* package that's in your world set, then, no, there's no way to tell the difference. From this point forward, your best bet is to modify EMERGE_DEFAULT_OPTS to reflect the safest practice for your environment. And start keeping a list of packages installed to meet customers' requests. Portage apparently supports your desired workflow, but it needs to be set up for it. As to recovering from your current scenario...there might be some way to watch your apache processes to identify which files get used over a three-month span, from that list derive a list of which packages were used, and from *that* list, derive a list of which packages weren't used. (Or make an ebuild explicitly identifying the utilized dependencies, and let depclean handle the rest) That's probably more work than copying everything to another box, emptying the world file, and adding things back until stuff works. Either way the current situation is you're kinda screwed which is why I proposed avoiding it in the future (for others, too) by fixing --update. I hope you don't take this as a kind of disrespect, but this really feels more like administrator error than tool error. As someone else remarked, it's portage's job to do what you tell it to do; you point the gun, pull the trigger, it delivers the projectile. The biggest bug I can see in this whole mess is that the man page might stand some editing for clarity. -- :wq
Re: [gentoo-user] Strange outbound requests
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 21.01.2012 01:12, Grant wrote:
If the machine is running linux, then 'watch lsof -n|grep
TCP|grep 3680' as root is a sloppy but effective way to find
it. There's probably some way to set up a firewall rule on the
host in question that logs out the user and (possibly) PID of
the connection, but I don't know.
lsof -i is easier, it only shows network connections :)
catching it when it happens (if it is very briefly connected)
could be hard with lsof... Maybe setup a tarpit firewall rule on
that box so the connection stays open for a long time.
The connections are only attempted a few times throughout the day.
Is a tarpit firewall rule the only way to do this? Can anyone tell
me what package 'watch' belongs to if that would work?
- Grant
I get:
equery b watch
* Searching for watch ...
net-irc/irssi-0.8.15-r1 (/usr/share/irssi/help/watch)
sys-process/procps-3.2.8_p11 (/usr/bin/watch)
x11-themes/gnome-themes-standard-3.3.4
(/usr/share/cursors/xorg-x11/Adwaita/cursors/watch)
First and third can be ruled out, I think. So one candidate remains:
sys-process/procps
Available versions: 3.2.8 (~)3.2.8-r1 3.2.8-r2 (~)3.2.8_p10-r1
3.2.8_p11 {unicode}
Installed versions: 3.2.8_p11(00:15:18 22.12.2011)(unicode)
Homepage:http://procps.sourceforge.net/
Description: Standard informational utilities and
process-handling tools
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.18 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJPGghBAAoJEJwwOFaNFkYc22gH/1hx7MQb/exllk3GhkQSQes/
P6XFg/8dJy3Kag0FReAN/xN6or9SHPHXgUiVUsN+XIYV6Vt94Gbm/ZUHfwkzckJG
DP3/z+pQ0E0+xle32Gabo5Hpt47chgzsThdyghVkWVefMqQdkJwJPGwHcQ3yCzC5
LIXgZzmKoPUx5I9BaFnl/KkxRGbtTDYieWdpaxkOPjHiMZ+8wDPO6XDfhSggJPdR
4hMFik2B/04s7OTlqA9Qfvk1PZszSPnFN5t4Ick1PHwi/ZesobJGR5eeBlUfq5av
Y9STFvDojCAo3Mjf2IiXWCP8j8Fs9e7ToXvwmhn55t4XjS0v9Y+qhq8B3IsSl7o=
=gaPQ
-END PGP SIGNATURE-
Re: [gentoo-user] Strange outbound requests
On Jan 23, 2012 12:10 PM, Pandu Poluan pa...@poluan.info wrote: On Jan 23, 2012 12:57 AM, Grant emailgr...@gmail.com wrote: - 8 snip Also the MAC indicated in the firewall log is 14 blocks long and the local system in question has a MAC address 6 blocks long according to ifconfig, but the 6 blocks from ifconfig do match 6 of the blocks reported by the firewall. Does this make sense to anyone? It's (source MAC):(dest MAC):(payload type) (payload type) is usually 08:00 unless you're using SNAP/LLC Rgds, Oops, sorry, it's the other way around (dest):(source):(type). It's the representation of the first 14 octets of the Ethernet frame. Rgds, On Jan 23, 2012 12:10 PM, Pandu Poluan pa...@poluan.info wrote: On Jan 23, 2012 12:57 AM, Grant emailgr...@gmail.com wrote: - 8 snip Also the MAC indicated in the firewall log is 14 blocks long and the local system in question has a MAC address 6 blocks long according to ifconfig, but the 6 blocks from ifconfig do match 6 of the blocks reported by the firewall. Does this make sense to anyone? It's (source MAC):(dest MAC):(payload type) (payload type) is usually 08:00 unless you're using SNAP/LLC Rgds,
Re: [gentoo-user] Somewhat OT: Any truth to this mess?
On 2/18/2012 5:26 AM, Dale wrote: Howdy, I ran across this and though it was a joke. Did a news search and sure enough, it is reported in lots of places. Random linky: http://www.dailymail.co.uk/news/article-2102856/Will-FBI-shut-Internet-March-8-virus-concerns.html?ito=feeds-newsxml Is there any truth to this mess? My bigger and better question, how is shutting down the internet going to fix this? When the net comes back up, they are still going to be infected. Right? As usual, the headline has things completely backwards; if you actually read the article and ignore the headline you will get something closer to reality: * There is a fairly large botnet that works by hijacking the DNS settings of the machines it infects, and redirecting them to rogue DNS servers. * The rogue DNS servers resolve all DNS requests by returning the IPs of various scam sites etc. that the botnet owners get paid for. * The FBI and the Dutch national police, stepped in and arrested those in charge of the botnet. * 120 days ago -- Nov 8 -- they dismantled the botnet's core network and replaced the rogue DNS servers with legitimate ones serving legitimate DNS zone information. * On March 8 the FBI will turn off their stand-in DNS servers. If you aren't infected by this botnet you won't notice anything. If you are still infected by this botnet your DNS servers will vanish (and, in theory, someone could step in and replace them, depending on what happens to the allocated IPs). --Mike
[gentoo-user] Re: Problem with printing
2012/3/25 Алексей Мишустин shum...@shumkar.ru: Hi List, I have got a problem with printing. Cups logs are showing Create-Job successful-ok and Send-Document successful-ok if I print as root and Create-Job client-error-not-authorized if I print as a regular user. Cups jobs are showing root's commands: EPSON_Stylus_Photo_2100-6 news_1 root 2k 1 completed at Sun Mar 25 00:39:25 2012 BUT in both cases nothing is being printed. Root and the user are added to the lp group. Please tell me what could I have missed? My /etc/cup/cupsd.conf is the default one: ... # lpstat -a EPSON_Stylus_Photo_2100 accepting requests since Sun 25 Mar 2012 00:39:25 The printer is connected via USB. USB printers support is enabled in kernel. From dmesg: [ 1200.008016] usb 8-2: new high-speed USB device number 4 using ehci_hcd [ 1200.149954] usb 8-2: New USB device found, idVendor=04b8, idProduct=0007 [ 1200.149957] usb 8-2: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1200.149960] usb 8-2: Product: USB2.0 Printer (Hi-speed) [ 1200.149963] usb 8-2: Manufacturer: EPSON [ 1200.149965] usb 8-2: SerialNumber: L53030308071122370 [ 1200.159486] usblp0: USB Bidirectional printer dev 4 if 0 alt 0 proto 2 vid 0x04B8 pid 0x0007 -- Regards, Alex
[gentoo-user] Virtualbox - Bridged networking not working with broadcom-sta driver
Hi, I'm running Gentoo on an Acer Travelmate 7750 laptop. This particular laptop has a Broadcom wireless NIC that only works with the proprietary Broadcom wl driver as provided by the broadcom-sta ebuild. Wireless by itself works perfectly fine, but when I use virtualbox with the virtual NIC bridged to my wlan0 interface, networking in the guest OS doesn't work properly. I have made the following observations: * when the guest OS is configured to use DHCP it doesn't get an IP from my DHCP server, but get an autoconfig IP instead * however, I can see the DHCP requests towards my DHCP server in Gentoo when monitoring the wlan0 interface with # tcpdump -i wlan0 * when I configure a static IP on the guest OS, I cannot ping from the guest to the Gentoo host or my default gateway, but pinging from the Gentoo host or my gateway to the guest OS works fine I manage my wireless NIC through /etc/conf.d/net, using wpa_supplicant with the wext driver. I also tried using networkmanager, but that gave the exact same result. Under Ubuntu 12.04 the network bridge between the vbox NIC and the wireless NIC works fine. This is also with the proprietary wl driver, same version and all. Anyone an idea what might be wrong with my setup? Best, Tommy
Re: [gentoo-user] Virtualbox - Bridged networking not working with broadcom-sta driver
On Mon, Jul 16, 2012 at 8:45 AM, Tommy Bongaerts tommy.bongae...@gmail.com wrote: Hi, I'm running Gentoo on an Acer Travelmate 7750 laptop. This particular laptop has a Broadcom wireless NIC that only works with the proprietary Broadcom wl driver as provided by the broadcom-sta ebuild. Wireless by itself works perfectly fine, but when I use virtualbox with the virtual NIC bridged to my wlan0 interface, networking in the guest OS doesn't work properly. I have made the following observations: * when the guest OS is configured to use DHCP it doesn't get an IP from my DHCP server, but get an autoconfig IP instead * however, I can see the DHCP requests towards my DHCP server in Gentoo when monitoring the wlan0 interface with # tcpdump -i wlan0 * when I configure a static IP on the guest OS, I cannot ping from the guest to the Gentoo host or my default gateway, but pinging from the Gentoo host or my gateway to the guest OS works fine I manage my wireless NIC through /etc/conf.d/net, using wpa_supplicant with the wext driver. I also tried using networkmanager, but that gave the exact same result. Under Ubuntu 12.04 the network bridge between the vbox NIC and the wireless NIC works fine. This is also with the proprietary wl driver, same version and all. Anyone an idea what might be wrong with my setup? Just guesses: 1) ebroute rules blocking packets? 2) I've heard before that wireless bridging has issues. I can't explain the discrepancy between your experience on Ubuntu 12.04 and Gentoo. What kernel sources package are you using on Gentoo? Which kernel version are you using on Gentoo and on Ubuntu? -- :wq
Re: [gentoo-user] Apache forked itself to death...
On 16-Sep-12 20:06, Michael Hampicke wrote: * Each Apache process is consuming 80-100MB of RAM. * Squid is consuming 666MB of RAM * memcached is consuming 822MB of RAM * mysqld is consuming 886MB of RAM * The kernel is using 110MB of RAM for buffers * The kernel is using 851MB of RAM for file cache (which benefits squid). As Jerry did not specify which content his apache is serving, I used 12MB of RAM per apache process (as a general rule of thumb). But if it's dynamic content generated by a scripting language like php it could be a lot more. But I think 80-100MB of RAM with php in the back should be a good guess. Important thing is: MaxClients x memory footprint per apache process available memory :-) If you have lots of concurrent requests you may be better suited with something lighter like lighttpd. Or start caching of some sort, like Michael does. Thank you for all tipstweaks. My apache is serving mostly dynamic content (drupal cms), and single apache process has ~35-40MB RES It is on VPS, with 1GB/2GB soft/hard RAM limits, only apache mysql running. Mysqld needs ~100-200MB, and caching is covered by apc. I reduced maxclients down to 40, it should never run out of memory. BTW, how's that someone has apache process 10-20MB, and me 40MB? I'd like to reduce its size, but do not know how... Jarry -- ___ This mailbox accepts e-mails only from selected mailing-lists! Everything else is considered to be spam and therefore deleted.
Re: [gentoo-user] no X blank screen after upgrading xorg-server
On 11/18/12 21:56, Joseph wrote: I've upgraded to xorg-server-1.13.0 run emerge -1av $(qlist -I -C x11-drivers) but I don't get any display not even a command line, I have to log-in via ssh. I've downgraded to xorg-server-1.12.2 run: emerge -1av $(qlist -I -C x11-drivers) The system appears to be booting OK, no errors during compilations but I get a black screen when, no login manager, I'm using slim try xdm as well nothing helps. Here is an entry from xdm.log nouveau:0x00f0 nouveau:0x nouveau:0x00f0 xdm info (pid 3102): Shutting down XIO: fatal IO error 11 (Resource temporarily unavailable) on X server :0 after 176 requests (169 known processed) with 0 events remaining. xdm info (pid 3102): display :0 is being disabled nouveau: kernel rejected pushbuf: Invalid argument nouveau: ch3: krec 0 pushes 1 bufs 1 relocs 0 nouveau: ch3: buf 000b 0006 0006 nouveau: ch3: psh 0002b0 0002c4 nouveau:0x00107b00 nouveau:0x nouveau:0x202a nouveau:0x0001 nouveau:0x1000f010 Server terminated successfully (0). Closing log file. xdm info (pid 3102): Exiting -- Joseph
Re: [gentoo-user] can not print pdf w/e-document viewer
On Thu, Jan 24, 2013 at 09:43:06AM -0700, Joseph wrote: I have a document letter size in landscape mode and I'm trying to print it with e-document viewer 4-pages per side and it will not print. Some documents prints OK but this one will not print it. Are there better programs in Linux for printing pdf files? pdfinfo Biol_321_2013_Lec_06_Biogeography_1_per.pdf Title: Microsoft PowerPoint - Biol 321 2013 Lec 06 Biogeography.pptx Author: hproctor Creator:PScript5.dll Version 5.2.2 Producer: Acrobat Distiller 7.0.5 (Windows) CreationDate: Wed Jan 23 17:43:54 2013 ModDate:Wed Jan 23 17:43:54 2013 Tagged: no Pages: 18 Encrypted: no Page size: 612 x 792 pts (letter) File size: 961318 bytes Optimized: yes PDF version:1.4 lp still does a good job for me: mingdao@workstation ~ $ lpstat -a Officejet_Pro_8500_A910 accepting requests since Wed 23 Jan 2013 02:52:15 PM CST mingdao@workstation ~ $ lp -d Officejet_Pro_8500_A910 -o scaling=75 HOW-TO/apcupsd.pdf request id is Officejet_Pro_8500_A910-19 (1 file(s)) Bruce -- Happy Penguin Computers ') 126 Fenco Drive ( \ Tupelo, MS 38801 ^^ supp...@happypenguincomputers.com 662-269-2706 662-205-6424 http://happypenguincomputers.com/ Don't top-post: http://en.wikipedia.org/wiki/Top_post#Top-posting
Re: [gentoo-user] can not print pdf w/e-document viewer
On 01/24/13 11:25, Bruce Hill wrote: On Thu, Jan 24, 2013 at 09:43:06AM -0700, Joseph wrote: I have a document letter size in landscape mode and I'm trying to print it with e-document viewer 4-pages per side and it will not print. Some documents prints OK but this one will not print it. Are there better programs in Linux for printing pdf files? pdfinfo Biol_321_2013_Lec_06_Biogeography_1_per.pdf Title: Microsoft PowerPoint - Biol 321 2013 Lec 06 Biogeography.pptx Author: hproctor Creator:PScript5.dll Version 5.2.2 Producer: Acrobat Distiller 7.0.5 (Windows) CreationDate: Wed Jan 23 17:43:54 2013 ModDate:Wed Jan 23 17:43:54 2013 Tagged: no Pages: 18 Encrypted: no Page size: 612 x 792 pts (letter) File size: 961318 bytes Optimized: yes PDF version:1.4 lp still does a good job for me: mingdao@workstation ~ $ lpstat -a Officejet_Pro_8500_A910 accepting requests since Wed 23 Jan 2013 02:52:15 PM CST mingdao@workstation ~ $ lp -d Officejet_Pro_8500_A910 -o scaling=75 HOW-TO/apcupsd.pdf request id is Officejet_Pro_8500_A910-19 (1 file(s)) Bruce The document prints OK from windows but Linux drivers are not up to standard :-/ I'm trying lpr but the following command does not print the pages I want, it prints all pages instead of 1-8 lpr -o media=Letter -o landscape -o number-up=4 -o page-ranges=1-8 -o number-up-layout=btlr I think -o number-up=4 can not be combine with: -o page-ranges=1-8 -- Joseph
Re: [gentoo-user] Creating accounts in Thunderbird
On 07/02/2013 23:07, Tanstaafl wrote: Which is silly, as username+hostname is not guaranteed to be a singleton in any universe. ? I can't think of any way that username+incoming-hostname can result in anything other than a single, individual users account, so I guess I'm totally missing what you are saying. it A few examples off the top of my head: 1. Two imap servers on the same host running on different ports and no reason why a user can't have accounts on both servers 2. port forwarding on localhost to a variety of impa servers somewhere else (port forwarding gets around corporate firewall rules that Thunderbird can't deal with) 3. Because I can and there's no legitimate reason for a mail client to get in my way 4. Corporate sysadmins like me use tricks like this all the time to a) fix real problems b) comply with frantic business requests c) stay within budget d) get around stupid rules proclaimed by idiot managers with single figure IQs There are more valid reasons why this setup can occur and I have a lack of mentions in RFCs to prove it. There are no valid reasons for a mail client to get in my way like this and I have a lack of RFC mentions that allow it to prove -- Alan McKinnon alan.mckin...@gmail.com
Re: [gentoo-user] pam_get_uid: no such user
On 14/02/2013 18:51, Paul Klos wrote: Op donderdag 14 februari 2013 04:56:53 schreef Stroller: On 14 February 2013, at 04:13, Daniel Frey wrote: ... I've poked into this a bit more, and every 60 seconds 5 attempts at logon are being made… This weekend I'll reformat reinstall. Excuse me if this is a dumb question, but does this machine have any ports open to the internet? This thread reminds me of how we sometimes hear of logfiles full of many ssh attempts made by script kiddies and botnets. Stroller. Same here, I've seen multitudes of messages like this, with different user names, in log files on servers with open ports 22. As long as you don't allow interactive logins you shoud be fine, right? I think there might also be some advanced iptables hacking that might help you block too many requests from the same source IP. This is still on my list of stuff to look at 'some time'. One thing I have used with apparent succes is access a different port on the outside, and redirect that to 22 on the inside. It's security through obscurity, I know, but it seemed quite effective nonetheless. That's fuzzy-feel-good security, the kind where you feel all warm and fuzzy and think you have protection. You don't, not even a little bit. All the l33t h@ckzor scripts out there can deal with simple port redirection. The solution you want is denyhosts, fail2ban, etc. There's a lot of software in that general category and it gets the job done properly. If you want to persist with obfuscated redirection, implement port knocking. It works, but it gets to be a pain rather quickly. -- Alan McKinnon alan.mckin...@gmail.com
Re: [gentoo-user] {OT} RAM apache MaxClients (rock a hard place)
I can probably dump a lot of apache config. I still need SSL on both servers even though only nginx faces the user? Perhaps you need Apache for certain pages otherwise this is simply a quick fix which is fair enough, we always like those at times but it sounds to me like you could have gained more by simply switching Apache for nginx or tuning your max. My apache processes run pretty heavy so raising MaxClients opens the potential for an OOM condition. I would love to completely switch to nginx from apache but I need apache for certain stuff. That is something I will look into in the future though. Running both is actually wasting a little memory though you may have gained over just Apache. I can say that before nginx, top was filled with relatively memory-laden apache processes and now there is only a short list. How web proxies with optional caches usually work such as OpenBSDs relayd is to keep track of requests perhaps using higher layer info and share the load among multiple web servers, perhaps adding headers to keep everything functional. nginx seems much faster than apache which I think is a good reason to switch over as much stuff as possible. - Grant
Re: [gentoo-user] How to prevent a dns amplification attack
On Thu, 28 Mar 2013 17:04:25 -0400 Michael Mol mike...@gmail.com wrote: listened to the dangers and even now simply redesigned DNSSEC. Or they could fudge it by making every request requiring padding larger than the response. Bandwidth would increase astronomically but amp attacks would have to find other avenues. Infeasible; the requester cannot know the size of the response in advance. If a packet comes in, and the response is larger than the request, is it really an amp packet, did the client not know, or is the server misconfigured and not limiting the response data as much as it could? I'm certainly not saying it's a good idea, hence the 'fudge' and 'making every request' which would mean non updateable clients or non updated routers (90%) needing special treatment. I'm sure there are probably other hurdles to it but it is certainly possible to make a request much larger than any potential response similar to the anti-spam system that makes creating a message take a lot of cpu and then only accepting messages from those that do (hsomething I think, only works too if all take part but would eliminate spam almost completely). However thinking about it, considering the want for dns to provide larger things like encryption keys, huge requests may be the best long term solution for a DNSSEC which seemingly refuses out of pride to add something like DNSCURVE to prevent spoofing. Similar to firewalls only sending a single syn ack (less than or equalise)
Re: [gentoo-user] Removing pulseaudio
On Sunday 28 Apr 2013 18:12:49 Alan McKinnon wrote: On 28/04/2013 18:11, Canek Peláez Valdés wrote: What we complain about here is basic low-level software changes that affect much more than just their own little universe, and will do it ON ALL LINUX MACHINES NOW AND IN THE FUTURE. The source is out there NOW AND IN THE FUTURE. If there is enough developers interested in maintaining something, it will be maintained; but you cannot force no developer to maintain nothing. You keep saying this, over and over in many places for many reasons. But it just is not true. It's easy to get a dev to support something - you just ask them. Have you ever asked a dev to support something you needed? Egocentric/maniac devs just listen to their own infallible desires, which *they* call logic rather than the requests of their users. In such cases, those of us who have neither the capability nor the time to start coding the next fork which complies better with *nix design principles and common sense, have to wait for some sensible solution to appear (e.g. eudev) and run with that where available. Ultimately, if some other dev(s) create /better/ code than Poettering that closer matches the desires of many, I expect the monolithic initrd+udev+systemd+what-ever will be ditched in favour of something more flexible that suits a lot of us Gentoo users. I can't wait for this to happen sooner, but since I can't code I can only but hope. :-) -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] IPTables - Going Stateless
Hello Everyone, Thank you so much for your responses. I agree Alan, total pain in the neck!!! But it's a ticket that was passed down to me. We moved the stateful firewalls inside the network, broken down to each department. But as a first on site defense on our BGP router running Quagga, we only require stateless for performance reasons. Jerry, thank you so much! I might need some additional help with the three way handsahkes. What I did to stay scalable was: Define a chain: -N TCP Handle two way for a specific service: -A TCP -p tcp -m tcp -s 192.168.2.0/24 -d 192.168.2.5 --dport 22 -j ACCEPT -A TCP -p tcp -m tcp -s 192.168.2.5 --sport 22 -d 192.168.2.0/24 -j ACCEPT -A TCP -p tcp -m tcp -s 0.0.0.0/0 -d 192.168.2.5 --dport 22 -j DROP Accepting Input and output requests to services included in the chain: #echo -e- Accepting input TCP traffic to open ports -A INPUT -i $INTIF1 -p tcp -j TCP #echo -e- Accepting output TCP traffic to open ports -A OUTPUT -o $INTIF1 -p tcp -j TCP Dropping Everything Else: #echo -e- Dropping input TCP to closed ports $IPTABLES -A INPUT -i $INTIF1 -p tcp -j REJECT --reject-with tcp-rst #echo -e- Dropping output TCP traffic to closed ports $IPTABLES -A OUTPUT -o $INTIF1 -p tcp -j REJECT --reject-with tcp-rst #echo -e- Dropping input traffic to remaining protocols sent to closed ports $IPTABLES -A INPUT -i $INTIF1 -j REJECT --reject-with icmp-proto-unreachable #echo -e- Dropping output traffic to remaining protocols sent to closed ports $IPTABLES -A OUTPUT -o $INTIF1 -j REJECT --reject-with icmp-proto-unreachable Hope this keeps me scalable enough to keep the world of pain at bay as much as possible... N.
Re: [gentoo-user] {OT} backups... still backups....
Isn't that a gaping security hole? I think this amounts to granting the backup server root read access (and write access if you want to restore) on each client? How can you backup system files without root read access? You are granting this to s specific user, one without a login shell, on the server. If the backup server is infiltrated, the infiltrator would have root read access to each of the clients, correct? If the clients push to the backup server instead, their access on the server can be restricted to the backup directory. Yes, but with push you have to secure each machine whereas with pull backups it's only the server to secure. And you'd still need to grant access to the server from the clients, which could be escalated. With backuppc, the server does not need to be accessible from the Internet at all, all requests are outgoing. If the server machine serves other purposes and needs to be net-accessible, run the backup server in a chroot or VM. I'm planning to rsync --fake-super the important files from each client to a particular folder on the backup server as an unprivileged user and then have the backup server run rdiff-backup locally to maintain a history of those files. authorized_keys on the server would restrict the clients to a particular rsync command in a particular directory. That way if the backup server is infiltrated, the clients aren't exposed in any way, and if a client is infiltrated, the only extra exposure is the rsync'ed copy of the files on the server which isn't a real vulnerability because of the rdiff-backup history. I'd also like to have a secondary backup server pull those same rsync'ed files from the primary backup server and run its own rdiff-backup repository on them. That way all copies of any system's backups are never made vulnerable by the break-in of a single system. Doesn't that compare favorably to a layout like backuppc's? - Grant
Re: [gentoo-user] k3b burning BD-Disk pretends to fail at 99.99%
Hi, michaelkintz...@gmail.com: Hi Thomas, this problem can either be fixed by patching growisofs as you suggest, or by changing k3b to use cdrtools in preference to growisofs Joerg will heavily object, but my sincere opinion as technical expert on this field is that growisofs is the better choice. I mentioned in this thread what i dislike about it. Joerg added the fact that it is unmaintained since 5 years. But aside from that, i cannot point to any reason why growisofs is an inferior burn backend compared with my own software which i try hard to make as good as possible. Joerg keeps his code up to date Yep. Joerg and i seem to be the only active developers on this field. But there has nothing new happened with optical media since Andy left the playground. If not for this BD-R bug, nobody would care that growisofs is unmaintained. Currently i have the impression that in most distros the whole topic of optical media and their filesystems is unmaintained or at least under-maintained. cdrecord on DVD and BD suffers from Joerg's peculiar way to read the specs (and to not disclose which paragraphs exactly, when his understanding is brought into question). His and my understanding of MMC seem fundamentally incompatible. Obviously Andy Polykov read the same specs as i, when he created dvd+rw-tools. If people need technical support about growisofs, then i am ready to help. I am subscribed to cdwr...@other.debian.org which is the official place to submit bug reports and requests for dvd+rw-tools. Have a nice day :) Thomas
[gentoo-user] gentoo-systemd-only deprecation
William Hubbs closed bug #409385[1] as fixed, introducing virtual/service-manager and adding it to the @system set, and dropping OpenRC from baselayout's post dependencies. Therefore, as of today, anyone can have a Gentoo machine with only systemd, with no OpenRC installed. Since that was the raison d'être of the gentoo-systemd-only overlay[2], I'm deprecating it soon. If you install dracut you will also pull sysvinit (it's needed for killall5, IIRC), and installing baselayout (instead of systemd-baselayout) will make orphans of some systemd configuration files (like /etc/vconsole.conf and /etc/machine-info); but I consider those only minor problems, and I would strongly recommend to *anyone* using my gentoo-systemd-only overlay to drop it and use the official mechanism in the tree to install only systemd, replacing completely OpenRC. Also, without OpenRC we don't have /etc/init.d/functions.sh , but you can use the alternatives provided in my overlay or in bug #373219[3]. I'm pretty sure someone will close that bug pretty soon. Basically, systemd is now a first class citizen in Gentoo (on par with OpenRC), and therefore there is no need at all for using my overlay. Thanks to all the people who helped me with pull requests and comments; the deprecation of the overlay is great news, since now it's officially possible in Gentoo to ditch OpenRC and switch completely to systemd. Regards. [1] https://bugs.gentoo.org/show_bug.cgi?id=409385 [2] https://github.com/canek-pelaez/gentoo-systemd-only [3] https://bugs.gentoo.org/show_bug.cgi?id=373219 -- Canek Peláez Valdés Posgrado en Ciencia e Ingeniería de la Computación Universidad Nacional Autónoma de México
Re: [gentoo-user] gentoo-systemd-only deprecation
On 28.07.2013 10:22, Canek Peláez Valdés wrote: William Hubbs closed bug #409385[1] as fixed, introducing virtual/service-manager and adding it to the @system set, and dropping OpenRC from baselayout's post dependencies. Therefore, as of today, anyone can have a Gentoo machine with only systemd, with no OpenRC installed. Since that was the raison d'être of the gentoo-systemd-only overlay[2], I'm deprecating it soon. If you install dracut you will also pull sysvinit (it's needed for killall5, IIRC), Seems like the bin/pidof - ../sbin/killall5 dependency is removed in git: https://git.kernel.org/cgit/boot/dracut/dracut.git/commit/?id=45ef8eb7234dbad60e39ce1e7791c8e9ad7d920b and installing baselayout (instead of systemd-baselayout) will make orphans of some systemd configuration files (like /etc/vconsole.conf and /etc/machine-info); but I consider those only minor problems, and I would strongly recommend to *anyone* using my gentoo-systemd-only overlay to drop it and use the official mechanism in the tree to install only systemd, replacing completely OpenRC. Also, without OpenRC we don't have /etc/init.d/functions.sh , but you can use the alternatives provided in my overlay or in bug #373219[3]. I'm pretty sure someone will close that bug pretty soon. Basically, systemd is now a first class citizen in Gentoo (on par with OpenRC), and therefore there is no need at all for using my overlay. Thanks to all the people who helped me with pull requests and comments; the deprecation of the overlay is great news, since now it's officially possible in Gentoo to ditch OpenRC and switch completely to systemd. Regards. [1] https://bugs.gentoo.org/show_bug.cgi?id=409385 [2] https://github.com/canek-pelaez/gentoo-systemd-only [3] https://bugs.gentoo.org/show_bug.cgi?id=373219
Re: [gentoo-user] Can't ping remote system
+1 on Alan's hunch. I have not used Squid to comment on the specifics and also Grant stated that another proxy gave him similar symptoms. From my limited knowledge a proxy could be stalling because of cache configuration problems, like running out fs space, or inodes and also running out of memory if it has to process simultaneous requests from too many clients at a time. If the problem also manifests when the clients are within the same subnet, then this is unlikely to be a network issue. Which hunch was that? I snipped a lot above but I couldn't find it in there. It was Alan's statement that this problem is not related to your ATT router. I have to come back to this. I tried the www.google.com/nexus/ you mentioned and noticed that the page eats up 1.3MB to load fully, before it starts downloading a flash video. So seems to be a relatively large amount of data that brings up this problem and this could point to tcp window scaling. It also happens on very lightweight sites, but never on squid-cache.org for some reason. echo 0 /proc/sys/net/ipv4/tcp_window_scaling This is typically enabled, but if you notice that a connection stalls and then later on it works fine again, it could be related to a firewall/router not responding as it should to tcp_window_scaling. In this case disabling this would fix the problem when traversing problematic nodes. If you saw no difference, this suggests that window scaling is not an issue. I just tested again and 'echo 0 /proc/sys/net/ipv4/tcp_window_scaling' on both the client and server did not fix the stalls. I would start with the simplest tests first, which involve isolating suspect system components one at a time. Trying to use the same laptop-desktop machines within the LAN, takes the router out the equation - full 1500 byte MTU will be used by both laptop and desktop. OK I will try this as soon as I'm back in that location. Thanks a lot, Grant
Re: [gentoo-user] do subslots improve user-experience?
On 11/02/2013 12:04 PM, hasufell wrote: Another round of questioning the users here. more specifically: * how often do you experience useless rebuilds? not enough to notice, mostly using server based installs not desktop * do you really have a problem with running revdep-rebuild/haskell-updater/perl-cleaner etc after every emerge? only ever used to run revdep rebuild if things were broken, and while now i'm a little more aware of this kind of thing suddenly finding that x program doesn't work due to bad library can be scary; especially if you rely on x program. preserved build was a genius idea if you ask me as this at least allows things to continue working * do you think it's worth the effort to add more stuff to the PM, so that you don't have to run revdep-rebuild that often? with preserved rebuild there is at least notification that revdep rebuild is needed; as a noob i didn't realise the significance of the program quite so much, expecting portage to just take care of dependencies. * do you trust the other methods like subslots or preserved-rebuild to work reliably? (as in: do you still use revdep-rebuild?) subslots to me just work like magic and i'm content for the moment to allow them to remain a mystery to me. looking at other responses i'm glad i'm not the only one(!) i get it on the surface but have never played with them so don't fully understand. as i said earlier preserved rebuild is great because a) you get notification of revdeprebuild requirement and b) things don't break after upgrade If you want my opinion on subslots: # grep EMERGE_DEFAULT_OPTS /etc/portage/make.conf EMERGE_DEFAULT_OPTS=--ignore-built-slot-operator-deps=y /me politely requests more info and goes to google to find some too
Re: [gentoo-user] Re: Can we get users more involved in specific testing?
On 11/14/2013 12:21 AM, James wrote: hasufell hasufell at gentoo.org writes: Our arch testers are understaffed and often don't really do general runtime tests (it's mostly assumed the maintainer knows about runtime issues). I have often had a hard time to get some random users comment on certain packages or even assist on some runtime tests. I don't even know how many people use the package I maintain. When a new package is installed or upgraded, there are notes that the installer is optioned (and notified upon installation) about the package. Might it be a good idea to put your testing pleadings in the notes for those how install the package (stable, testing, experimental or overlay) about how to contact whoever related to the specific testing you want done? I. E. eselect news or is this a bad idea? JFFNMS is one of my favorite packages, so surely I'd respond on that one. Hell, I often go and find the patches and post bugs pleading to get documented patches installed on my favorite package. hth, James I think people will not like having that in eselect news. There could be a similar thing like: eslect test-requests but the question is if that will get bloated and other stuff I'm not sure about. The easiest thing I can think of is a project site on our wiki which would also point to relevant bugs. Then again... who really wants to maintain that. All other ideas are even more advanced. I wonder if we could add a keyword on bugzie like REQUSERTEST... so bored users could easily get a list of such bugs. But who would really use that?
[gentoo-user] [OT] XNest and embedded system: Kaboom! (sometimes)
Hi, I want to display the X-display of my embedded Linux system (a Beaglebone black) on my PC. For that I started XNest on display 1 on my PC (option: -ac) and set DISPLAY on the embedded system (running an XServer also) accordingly. I could run openbox, urxvt, gnumeric, tgif (for example) via this setup nicely. But when I started hatari (an AtariST-Emulator) on the embedded system, XNest on the PC stops running/crashes. Running hatari on the XServer of the embedded system runs nicely though. On the X-point-of-view hatari should be nothing else but just another X application...or? The output of XNest after such sudden stop is: homepc:/home/userXnest -ac :1 _XSERVTransSocketOpenCOTSServer: Unable to open socket for inet6 _XSERVTransOpen: transport open failed for inet6/homepc:1 _XSERVTransMakeAllCOTSServerListeners: failed to open listener for inet6 Initializing built-in extension Generic Event Extension Initializing built-in extension SHAPE Initializing built-in extension XInputExtension Initializing built-in extension XTEST Initializing built-in extension BIG-REQUESTS Initializing built-in extension SYNC Initializing built-in extension XKEYBOARD Initializing built-in extension XC-MISC Initializing built-in extension XINERAMA Initializing built-in extension XFIXES Initializing built-in extension RENDER Initializing built-in extension RANDR Initializing built-in extension DAMAGE Initializing built-in extension MIT-SCREEN-SAVER Initializing built-in extension DOUBLE-BUFFER Initializing built-in extension RECORD Initializing built-in extension X-Resource Initializing built-in extension XVideo Initializing built-in extension XVideo-MotionCompensation ## (above the output until I started hatari) ## (below the output after I started hatari) X Error of failed request: BadMatch (invalid parameter attributes) Major opcode of failed request: 1 (X_CreateWindow) Serial number of failed request: 3486 Current serial number in output stream: 3491 What went wrong here? How can I fix it? Thank you very much in advance for any help! Best regards, mcc
Re: [gentoo-user] Portage performance dropped considerably
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/30/2014 07:15 PM, Stroller wrote: On 30 Jan 2014, at 03:50 am, hasufell hasuf...@gentoo.org wrote: I just tried paludis again (after some time). ... * you cannot unmask USE flags at all, not without hackery... and that is really non-trivial for unmasking abi_x86_32 globally, because those masks are scattered across a lot of files in profiles/ The explanation from the paludis developer is simply wrong: http://paludis.exherbo.org/trac/ticket/817 WONTFIX: you can hack around it with your own profile if you need to deal with Gentoo not following its own policies correctly. Yes, that's the Ciaran McCreesh I remember. Stroller. The thread gets funny. I guess this is not so much about NIH, but rather about the fact that no one wants to work with him or that no one wants to be one of his users and gets his feature requests all RESOLVED WONTFIX. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJS7AKzAAoJEFpvPKfnPDWzKAkIAKEIAx/4l690pHYvxvKkaypJ XWPs+LRokNboyzXyeZLEgWhEIJ5LzflBMgcnn0KRRn3p81JYaERQ+Cnx3yBtL148 7ovlZug12dxLO+nWVajrOWP3YWcHV12Kla6q7qTWrTO4RxZbfNEncyyMc4uMzCyk mQ13nBP7gooNdRx5pN61POKI23OPyK4Z/AnlJdMq6aForVuY788vOUZq8q/n96MU tdkx7npzJVJ/OGgwIF5AqIn1G1NmzmkQ3R8hKnPN/0W+l6jlChoocq+9tELTnJ/r UtXmVwdlsHCnG4rY+RxeVBIfLMi0f9xce1/ckENbLIiyoj5xMNkZ3/+6dyI/VhU= =FIJW -END PGP SIGNATURE-
Re: [gentoo-user] Debian just voted in systemd for default init system in jessie
On Tue, February 18, 2014 10:47, Alan McKinnon wrote: On 18/02/2014 05:46, Mark David Dumlao wrote: I used to use cherokee. Fast, light, awesome, and with a web admin. The init script always failed me. /etc/init.d/cherokee stop was not a guaranteed stop to all forked cherokee processes - the parent pid dies, but some forked process or something, usually related to rrdtool, doesn't. Or the parent does exit and erases the pid file but it returns control immediately and its not yet done exiting. Something like that or other. Point is, I've several times had to ps aux|grep ... kill; zap; start - on production servers. Valid point. Other than vixie-cron (damn thing just never seems to die properly on any platform so restarts always fail) I don't really run into these issues Interesting, I have never had issues with restarting vixie-cron using the supplied init-scripts. What I do run into is daemons that drop privs on start up, like tac_plus. Unwary new sysadmins always try start/stop it as root, causing an unholy mess. Root the owns the log and pid files, when tac_plus drops privs it can't record it's state so continues to service requests but fails to log any of them. For an auth daemon, that's a serious issue. Shouldn't sysadmins use the init-scripts for that? If done correctly, permissions should not be an issue. Restarting services without keeping file ownership into account will always cause issues. Regardless of the init-system used. And tac_plus not checking if it is allowed to write to the log during the initialization phase should be considered a bug. -- Joost
Re: [gentoo-user] Re: Debian just voted in systemd for default init system in jessie
On 20/02/2014 13:53, Yuri K. Shatroff wrote:
I don't need such 'solutions' to non-existent problems. But if there
were a *real* necessity to pretty-print a log's tail in service status,
I think it would have been a matter of a proper setup (i.e. the service
using syslog, hence a defined log format) and not a heck more complicated.
Definetly not a 5-minutes job.
5 minutes is even too much to type sort of
tail -${LINES} ${SERVICE}.log
if you know where to look up LINES and SERVICE.
You've never actually tried this, right?
Your idea instantly fails as the rc-service author has no idea of what
you defined ${SERVICE} to be and no way to determine what it is now.
How are you going to deal with the situation with a big busy daemon that
immediately starts serving requests when started (i.e. with very little
delay)?
By the time grep, sed, awk and friends have gotten around to making
their way through a log file of varying size, the entries that apply to
restart can easy be many hundreds of log lines prior.
I have done this, and it does not work. I got a result and it's
relaible, but you don't want to know what it took. It's also highly
customized and useless to anything other than my highly customized setup.
--
Alan McKinnon
alan.mckin...@gmail.com
Re: [gentoo-user] Debian just voted in systemd for default init system in jessie
Tom Wijsman wrote: On Thu, 20 Mar 2014 17:25:18 -0400 Tanstaafl tansta...@libertytrek.org wrote: On 3/20/2014 4:14 PM, Tom Wijsman tom...@gentoo.org wrote: Tom - please STOP CC'ing me on these emails. I am on the list and don't need two copies. Use 'Reply-To-List' function (or equivalent - or worst case, delete my direct email manually yourself) in your email program. Like everyone else, use the 'Filter duplicates' function in your email program or procmail; these requests aren't remembered, given that email programs don't provide a function to do this selectively. For more insight: http://www.unicom.com/pw/reply-to-harmful.html http://woozle.org/~neale/papers/reply-to-still-harmful.html So let's get this straight. You want most everyone on this list to change what they have to do to remove dups caused by you, instead of you changing what you do to fix the problem? To put it another way, you want to inconvenience everyone else instead of doing things the way everyone else does it and has done it for a long time? Here's a hint. I can see a LOT of people adding you to their blacklist. You could very well end up talking to yourself on this mailing list. Why not send messages in html while at it? That should finish off you getting your messages read. Just something to think about. Dale :-) :-) P. S. CC this message to me and I get a dup, I won't get the next one. I can fix the issue for you on a more permanent basis. -- I am only responsible for what I said ... Not for what you understood or how you interpreted my words!
Re: [gentoo-user] Debian just voted in systemd for default init system in jessie
On Fri, 21 Mar 2014 12:27:09 + Neil Bothwick n...@digimed.co.uk wrote: On Fri, 21 Mar 2014 12:13:28 +0100, Tom Wijsman wrote: Use 'Reply-To-List' function (or equivalent - or worst case, delete my direct email manually yourself) in your email program. Like everyone else, use the 'Filter duplicates' function in your email program or procmail; these requests aren't remembered, given that email programs don't provide a function to do this selectively. Don't they? Then why did you only get one copy of this reply, via the list? Most posters here do not have this problem, Did I receive a reply? Who says I am even subscribed to the list? Of course, if you don't want people to bother reading your mails, continue to piss them off. All I'm doing is making sure this message gets to you; every notion you give to it beyond that, is what that 0.1% thinks of it. Not my problem. -- With kind regards, Tom Wijsman (TomWij) Gentoo Developer E-mail address : tom...@gentoo.org GPG Public Key : 6D34E57D GPG Fingerprint : C165 AF18 AB4C 400B C3D2 ABF0 95B2 1FCD 6D34 E57D signature.asc Description: PGP signature
Re: [gentoo-user] ssh authkeys log invalid
On 04/21/2014 08:02 PM, thegeezer wrote: Hi all, i was looking up the gentoo wiki on fail2ban [1] to have it look at it's own log file fail2ban.log in order to block repeat offenders for longer as abuse@offender doesn't really seem to help these days. then i saw a warning saying fail2ban not blocking all requests which i followed to github [2] wihch has a paste of his logfiles [3] now this i commented at github saying it looks similar to something i discovered when trying to setup authkeys on ssh - namely invalid keys give you no log file entry saying invalid keys can anyone tell me if they know how to make the log file entry show that it was an invalid key? i only know that it is this from my experience -- when i was using the wrong key or auth keys file had wrong permission i had only similar entries in my logs. i did try to find the answer myself at that time but was unable to. thanks in advance! [1] http://wiki.gentoo.org/wiki/Fail2ban [2] https://github.com/fail2ban/fail2ban/issues/643 [3] http://bpaste.net/show/188261/ hey so i've been doing some digging and for openssh to log public key failures you have to set loglevel to minimum of VERBOSE please see my email to openssh mailing list. [4] is this something that could be implemented as a gentoo specific patch ? if so how would i go about requesting it ? i don't know about you all but i'm a little concerned that ssh is not logging bruteforce public keys, they might be harder to crack but if they are invisible in the logs then this could go on silently for a long time. [4] http://marc.info/?l=openssh-unix-devm=139871423503774w=3
Re: [gentoo-user] media-gfx/blender-2.71 dependencies
On Wed, Jul 09, 2014 at 03:14:51PM +0200, Alan McKinnon wrote: On 09/07/2014 09:54, List Reader wrote: On Wed, Jul 09, 2014 at 01:18:27AM -0400, Dan O. wrote: I don't believe you pasted everything you meant to. That paste doesn't show what packages would need to be emerged. -- Dan Oriani redchops.com (Website forever under construction) On Wed, 9 Jul 2014, List Reader wrote: Hello again kind friends, I'm not sure how to resolve the requirements for merging media-gfx/blender-2.71 emerge -pvf media-gfx/blender http://bpaste.net/show/447617/ The reqired ebuilds seem to be in portage, but emerge says the're not available. Any insight would be grearly apreciated. Kind regards cinder Whoops! Sorry, try this emerge -pvq =media-gfx/blender-2.71 21 http://bpaste.net/show/447969/ Please stop using pastebin services. It makes it very hard to help you as I now have to do extra work to inline your output where it can be seen and make sense: The following keyword changes are necessary to proceed: (see package.accept_keywords in the portage(5) man page for more details) # required by media-gfx/blender-2.71[python_single_target_python3_4] # required by =media-gfx/blender-2.71 (argument) =dev-lang/python-3.4.1 ~amd64 # required by =media-gfx/blender-2.71 (argument) =media-gfx/blender-2.71 ~amd64 # required by media-gfx/blender-2.71 # required by =media-gfx/blender-2.71 (argument) =dev-lang/python-exec-2. ** # required by media-gfx/blender-2.71 # required by =media-gfx/blender-2.71 (argument) =dev-python/requests-2.3.0 ~amd64 # required by media-gfx/blender-2.71 # required by =media-gfx/blender-2.71 (argument) =dev-python/numpy-1.8.1 ~amd64 The following USE changes are necessary to proceed: (see package.use in the portage(5) man page for more details) # required by media-gfx/blender-2.71 # required by =media-gfx/blender-2.71 (argument) =dev-python/requests-2.3.0 python_targets_python3_4 # required by media-gfx/blender-2.71 # required by =media-gfx/blender-2.71 (argument) =dev-python/numpy-1.8.1 python_targets_python3_4 emerge: there are no ebuilds to satisfy =dev-python/chardet-2.2.1[python_targets_python2_7(-)?,python_targets_python3_3(-)?,python_targets_python3_4(-)?,python_targets_pypy(-)?,-python_single_target_python2_7(-),-python_single_target_python3_3(-),-python_single_target_python3_4(-),-python_single_target_pypy(-)]. (dependency required by dev-python/requests-2.3.0 [ebuild]) (dependency required by media-gfx/blender-2.71 [ebuild]) (dependency required by =media-gfx/blender-2.71 [argument]) Just do exactly what the output says. The first chunk gets copied exactly into package.accept_keywords The second chunk gets copied exactly into package.use The third chunk is information to assist you. It is saying that according to your setup, portage cannot find a way to install chardet that satisfies blender's requirements, the first two chunks are how to make it possible (portage will never make these changes automatically). The third chunk does not mean that the listed ebuilds are missing, it means they cannot be satisfied. -- Alan McKinnon alan.mckin...@gmail.com I am terribly sorry for using wgetpaste, it won't happen again. I was only following the official Gentoo Wiki. When seeking help, it's best to come prepared. Someone volunteering their time doesn't want to waste that time fumbling about. That's where wgetpaste comes in handy. Make sure you have merged app-text/wgetpaste, and then you're ready to be helped. https://wiki.gentoo.org/wiki/Troubleshooting#Collecting_Additional_Information I have added the keywords and use flags to package.accept_keywords package.use respectively, but I still... emerge: there are no ebuilds to satisfy =dev-python/chardet-2.2.1[python_targets_python2_7(-)?,python_targets_python3_3(-)?,python_targets_python3_4(-)?,python_targets_pypy(-)?,-python_single_target_python2_7(-),-python_single_target_python3_3(-),-python_single_target_python3_4(-),-python_single_target_pypy(-)]. (dependency required by dev-python/requests-2.3.0 [ebuild]) (dependency required by media-gfx/blender-2.71 [ebuild]) (dependency required by =media-gfx/blender-2.71 [argument]) What does it mean to satisfy =dev-python/chardet-2.2.1? equery g =dev-python/chardet-2.2.1 * Searching for chardet2.2.1 in dev-python ... * dependency graph for dev-python/chardet-2.2.1 `-- dev-python/chardet-2.2.1 amd64 `-- dev-python/setuptools-2.2 (dev-python/setuptools) amd64 [python_targets_python2_6(-)? python_targets_python2_7(-)? python_targets_python3_2(-)? python_targets_python3_3(-)? python_targets_python3_4(-)? python_targets_pypy(-)? -python_single_target_python2_6(-) -python_single_target_python2_7(-) -python_single_target_python3_2(-) -python_single_target_python3_3(-) -python_single_target_python3_4(-) -python_single_target_pypy
[gentoo-user] Do I really need to install new packages during upgrade?
I have just tried to upgrade my system (which I do almost every day) and found out that portage wants to install 6 new python packages that seem to be unnecessary because for example # equery depends dev-python/pyopenssl reports that no other package depends on this one. The same situation is with all the other python packages. # emerge --update --deep --with-bdeps=y --newuse --backtrack=60 --ask world These are the packages that would be merged, in order: Calculating dependencies... done! [ebuild U ] app-admin/eselect-ruby-20131227 [20100603] [ebuild N ] dev-python/pyopenssl-0.13.1 USE=-doc PYTHON_TARGETS=python2_7 python3_3 (-pypy) -python3_2 [ebuild N] dev-python/ndg-httpsclient-0.3.2 PYTHON_TARGETS=python2_7 (-pypy) [ebuild N ] dev-python/pyasn1-0.1.7 USE=-doc PYTHON_TARGETS=python2_7 python3_3 (-pypy) -python3_2 (-python3_4) [ebuild N ] dev-python/chardet-2.2.1 PYTHON_TARGETS=python2_7 python3_3 (-pypy) -python3_2 (-python3_4) [ebuild N ] dev-python/requests-2.3.0 PYTHON_TARGETS=python2_7 python3_3 (-pypy) (-python3_4) [ebuild N] dev-python/ssl-fetch-0.2 PYTHON_TARGETS=python2_7 python3_3 (-pypy) (-python3_4) [ebuild U ] app-portage/mirrorselect-2.2.2 [2.2.0.1] PYTHON_TARGETS=(-python3_4) Would you like to merge these packages? [Yes/No]
[gentoo-user] Re: [OT] Linus Torvalds on systemd
Rich Freeman rich0 at gentoo.org writes: Uh, the only thing the Linux kernel does is spawn a single process as PID 1 and offer a VERY STABLE system call interface for that and future processes to make requests. Nobody is going to break sysvinit if that happens to be the thing you tell Linux to execute as PID 1. OK, where are your performance studies on how wonderful systemd is? Simple (2) identical system except for systemd only on one. Run a wide variety of tests, publish the data. Publish perfomanced metrics; Choice; Unreasonable? Whether anybody else actually supports sysvinit is a different matter. I'm sure it will be around in Gentoo for a long time, and those with official Gentoo support contracts will get the same care they are used to. :) I'm not sure if this is a threat, a promise or are you just trash talkin with me now? Besides, there is another thing you are not considering. The world of embedded linux user linux. So, the embedded designers are all wonderfully in line with systemd? Have you been to any of those forums? They live by cgroups, because a few folks showed them how to minimize embedded systems with age old state diagrams. Have you offered them the systemd or highway plan yet? It's not me, Rich, it lots of other technically astute folks that are not happy. I just want choice. I hope systemd is wildly successful, but I'm old school, so you and others are going to have to show me. James
Re: [gentoo-user] Re: [OT] Linus Torvalds on systemd
On Sep 18, 2014 5:19 AM, James wirel...@tampabay.rr.com wrote: Rich Freeman rich0 at gentoo.org writes: Uh, the only thing the Linux kernel does is spawn a single process as PID 1 and offer a VERY STABLE system call interface for that and future processes to make requests. Nobody is going to break sysvinit if that happens to be the thing you tell Linux to execute as PID 1. OK, where are your performance studies on how wonderful systemd is? Simple (2) identical system except for systemd only on one. Run a wide variety of tests, publish the data. Publish perfomanced metrics; Choice; Unreasonable? The classic open source answer to being told to do a lot of work on publicly available data is do it yourself, youre not paying my bills you entitled . (paraphrased from code talks) Whether anybody else actually supports sysvinit is a different matter. I'm sure it will be around in Gentoo for a long time, and those with official Gentoo support contracts will get the same care they are used to. :) I'm not sure if this is a threat, a promise or are you just trash talkin with me now? Besides, there is another thing you are not considering. The world of embedded linux user linux. So, the embedded designers are all wonderfully in line with systemd? Have you been to any of those forums? They live by cgroups, because a few folks showed them how to minimize embedded systems with age old state diagrams. Have you offered them the systemd or highway plan yet? last i checked, systemd uses cgroups - its a central part of the service management bits. so what the frack are you on about? It's not me, Rich, it lots of other technically astute folks that are not happy. I just want choice. I hope systemd is wildly successful, but I'm old school, so you and others are going to have to show me. James
Re: [gentoo-user] ceph on btrfs
Hi, On Wed, 22 Oct 2014 20:05:48 + (UTC) James wrote: Hello, So looking at the package sys-cluster/ceph, I see these flags: cryptopp debug fuse gtk +libaio libatomic +nss radosgw static-libs tcmalloc xfs zfs No specific flags for btrfs? Ceph is optimized for btrfs by design, it has no configure options to enable or disable btrfs-related stuff: https://github.com/ceph/ceph/blob/master/configure.ac No configure option = no use flag. ceph-0.67.9 is marked stable, while 0.67.10 and 0.80.5 are marked (yellow) testing and * is marked (red) masked. So what version would anyone recommend, with what flags? [1] Just use the latest (0.80.7 ATM). You may just nerame and rehash 0.80.5 ebuild (usually this works fine). Or you may stay with 0.80.5, but with fewer bug fixes. Ceph will be the DFS on top of a (3) node mesos+spark cluster. btrfs is being set up with 2 disks in raid 1 on each system. Btrfs seems to be keenly compatible with ceph [2]. If raid is supposed to be read more frequently than written to, then my favourite solution is raid-10-f2 (2 far copies, perfectly fine for 2 disks). This will give you read performance of raid-0 and robustness of raid-1. Though write i/o will be somewhat slower due to more seeks. Also it depends on workload: if you'll have a lot of independent read requests, raid-1 will be fine too. But for large read i/o from a single or few clients raid-10-f2 is the best imo. Guidance and comments, warmly requested, James [1] http://ceph.com/docs/v0.78/rados/configuration/filesystem-recommendations/ [2] http://ceph.com/docs/master/release-notes/#v0-80-firefly Best regards, Andrew Savchenko pgpUJMy39uiEh.pgp Description: PGP signature
[gentoo-user] Re: ceph on btrfs
Andrew Savchenko bircoph at gmail.com writes: Ceph is optimized for btrfs by design, it has no configure options to enable or disable btrfs-related stuff: https://github.com/ceph/ceph/blob/master/configure.ac No configure option = no use flag. Good to know; nice script. Just use the latest (0.80.7 ATM). You may just nerame and rehash 0.80.5 ebuild (usually this works fine). Or you may stay with 0.80.5, but with fewer bug fixes. So just download from ceph.com, put it in distfiles and copy-edit ceph-0.80.7 in my /usr/local/portage, or is there an overlay somewhere I missed? If raid is supposed to be read more frequently than written to, then my favourite solution is raid-10-f2 (2 far copies, perfectly fine for 2 disks). This will give you read performance of raid-0 and robustness of raid-1. Though write i/o will be somewhat slower due to more seeks. Also it depends on workload: if you'll have a lot of independent read requests, raid-1 will be fine too. But for large read i/o from a single or few clients raid-10-f2 is the best imo. Interesting. For now I'm going to stay with simple mirroring. After some time I might migrate to a more agressive FS arrangement, once I have a better idea of the i/o needs. With spark(RDD) on top of mesos, I shooting for mostly in-memory usage so i/o is not very heavily used. We'll just have to see how things work out. Last point. I'm using openrc and not systemd, at this time; any ceph issues with openrc, as I do see systemd related items with ceph. Andrew Savchenko Very good advice. Thanks, James
[gentoo-user] Re: World update and changed PYTHON_TARGETS
On Thu, 27 Nov 2014 08:59:28 +1100 wraeth wra...@wraeth.id.au wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 27/11/14 06:28, thegeezer wrote: On 26/11/14 18:23, Marc Joliet wrote: Am Tue, 25 Nov 2014 04:35:37 +0100 schrieb Frank Steinmetzger war...@gmx.de: during yesterday's upgrade I read the news about python 3.4 being the new profile default. Furthermore, eselect news shows that the news entry got deleted, too: yeah i noticed this too - that was naughty should have been a news item saying oops surely - From what I understand from IRC chatter, the consensus is no user intervention is required, so they've elected to not post a news item. For reference, the change was reverted as per [1], though there's been no further significant followup from that that I'm aware of. [1]: http://article.gmane.org/gmane.linux.gentoo.devel/93899 Thanks -- somehow I'd missed that post. I think these are the bugs to watch for progress: (python-3.4) [TRACKER] Python 3.4 incompatible packages https://bugs.gentoo.org/show_bug.cgi?id=504336 (python-3.4-stable) [TRACKER] Python 3.4 stable requests https://bugs.gentoo.org/show_bug.cgi?id=530258
[gentoo-user] question/feature request: First fetch, then compile...
Hi, On my embedded systems (beaglebone black, 2 x Arietta G25) I installed Gentoo (of course!:). Since these systems and especially the Ariettas are not as fast as a PC the greater update, which additionally includes C++ sources to compile takes time (read: hours) to finish. Often I run this over night. Since my PC do the forwarding of requests to the internet, it has to run the whole time also. To circumvent this I access the embedded systems via abduco/dvtm, so I can log out while the process keeps running. The current (shorted decription) workflow is eix-sync emerge ... -f (fetching all items, so the connection to the internet is no longer needed) emerge ...(starting the compilation, logout and shutdown the PC) This includes Calculating dependencies twice of the same set of data, which also takes a longer time. This is -- technically -- not needed. Is it possible, to do ONE call to emerge, which asks (according to option -a, if set ) and given a yes first fetches ALL necessary files and data and compiles then everything? This would save one Calculating dependencies and also reduces writes to the flash memory. Is it currently possible somehow and if not: I would like to have it included as new feature into an upcoming release of emerge?!?! Thanks a lot in advance! 8) Best regards, Meino
Re: [gentoo-user] question/feature request: First fetch, then compile...
meino.cra...@gmx.de wrote: Hi, On my embedded systems (beaglebone black, 2 x Arietta G25) I installed Gentoo (of course!:). Since these systems and especially the Ariettas are not as fast as a PC the greater update, which additionally includes C++ sources to compile takes time (read: hours) to finish. Often I run this over night. Since my PC do the forwarding of requests to the internet, it has to run the whole time also. To circumvent this I access the embedded systems via abduco/dvtm, so I can log out while the process keeps running. The current (shorted decription) workflow is eix-sync emerge ... -f (fetching all items, so the connection to the internet is no longer needed) emerge ...(starting the compilation, logout and shutdown the PC) This includes Calculating dependencies twice of the same set of data, which also takes a longer time. This is -- technically -- not needed. Is it possible, to do ONE call to emerge, which asks (according to option -a, if set ) and given a yes first fetches ALL necessary files and data and compiles then everything? This would save one Calculating dependencies and also reduces writes to the flash memory. Is it currently possible somehow and if not: I would like to have it included as new feature into an upcoming release of emerge?!?! Thanks a lot in advance! 8) Best regards, Meino You may want to set this in your make.conf file: FEATURES=parallel-fetch What that does, as soon as you start the emerge process, it starts to download the needed files. It doesn't wait until it is ready to work on the package to download it. I've had that set for so long, no idea if anything has changed as far as defaults. I just know it works that way here. If you set that, you should be able to sync, start emerge and when it downloads the last files/tarballs it needs, you can then remove your internet connection. You can monitor that with this command. tail -f /var/log/emerge-fetch.log Hope that helps. Dale :-) :-)
Re: [gentoo-user] Open Question: The feasibility of a complete portage binhost
On Thu, 22 Jan 2015 16:43:32 +0800, Sam Bishop wrote: I'll quote from the binpkg docs: Next to these, portage will check if the binary package is built using the same USE flags as expected on the client. If a package is built with a different USE flag combination, portage will either ignore the binary package (and use source-based build) or fail, depending on the options passed on to emerge So I'm fairly sure that implies they can coexist based on the directory structure. - http://wiki.gentoo.org/wiki/Binary_package_guide#The_PKGDIR_layout The package name is the same as the ebuild name but with a .tbz2 extension, so how could portage cope with multiple variants with different USE flags when there is only one name? There can be only one package per ebuild and either the USE flags match exactly or they do not. You could get away with this with a limited set of profiles by having a different $PKGDIR for each profile but to do it with random combinations would require some sort of middleware to handle the requests and place the specified packages where portage expects to find them. I think the check for USE flags is done using the IUSE and USE settings in the package metadata, so even if a USE flag you don't use is added to an ebuild, the package will no longer match. ISTR having to hack metadata in /var/db in the past to avoid a rebuild of *Office. -- Neil Bothwick When companies ship Styrofoam, what do they pack it in? pgppgIhzUwDYu.pgp Description: OpenPGP digital signature
Re: [gentoo-user] netbook connects to Internet automatically, desktop doesn't
150210 Mick wrote: On Tuesday 10 Feb 2015 03:36:19 Philip Webb wrote: Dec 31 19:00:29 localhost dhcpcd[1346]: enp1s0: using IPv4LL address 169.254.91.169 Your netbook has it enabled. It self-configures an IP address and then every so many seconds broadcasts on the wire to find if there is a DHCP server listening. When it finds one it requests an IP address from it. Your desktop hasn't. When the link comes up again nothing kicks in to either request an IP address from the DHCP server or to self-configure one temporarily. Either enable IPv4LL or install ifplug/netplug to achieve the same end result. Thanks for the suggestion, but I still don't know how to proceed. I assume that the absence of the line above + this line Dec 31 19:00:29 localhost dhcpcd[1346]: enp1s0: adding route to 169.254.0.0/16 results in the desktop machine killing the Dhcpcd process : # PP : 'ioff', remove conn'n dhcpcd[11404]: sending signal ARLM to pid 997 dhcpcd[11404]: waiting for pid 997 to exit dhcpcd[997]: received signal ALRM from PID 11404, releasing dhcpcd[997]: enp5s0: removing interface dhcpcd[997]: enp5s0: releasing lease of 192.168.1.2 dhcpcd[997]: enp5s0: deleting route to 192.168.1.0/24 dhcpcd[997]: enp5s0: deleting default route via 192.168.1.1 dhcpcd[997]: exited which then has to be restarted via 'dhcpcd' after replugging the conn'n. However, even after searching thro' /etc again, Googling etc, AFAICS there's no difference in config files between the 2 machines. So how do I enable IPv4LL' (smile) ? -- ,, SUPPORT ___//___, Philip Webb ELECTRIC /] [] [] [] [] []| Cities Centre, University of Toronto TRANSIT`-O--O---' purslowatchassdotutorontodotca
Re: [gentoo-user] netbook connects to Internet automatically, desktop doesn't
On Tuesday 10 Feb 2015 22:36:00 Philip Webb wrote: 150210 Mick wrote: On Tuesday 10 Feb 2015 03:36:19 Philip Webb wrote: Dec 31 19:00:29 localhost dhcpcd[1346]: enp1s0: using IPv4LL address 169.254.91.169 Your netbook has it enabled. It self-configures an IP address and then every so many seconds broadcasts on the wire to find if there is a DHCP server listening. When it finds one it requests an IP address from it. Your desktop hasn't. When the link comes up again nothing kicks in to either request an IP address from the DHCP server or to self-configure one temporarily. Either enable IPv4LL or install ifplug/netplug to achieve the same end result. Thanks for the suggestion, but I still don't know how to proceed. I assume that the absence of the line above + this line Dec 31 19:00:29 localhost dhcpcd[1346]: enp1s0: adding route to 169.254.0.0/16 results in the desktop machine killing the Dhcpcd process : # PP : 'ioff', remove conn'n dhcpcd[11404]: sending signal ARLM to pid 997 dhcpcd[11404]: waiting for pid 997 to exit dhcpcd[997]: received signal ALRM from PID 11404, releasing dhcpcd[997]: enp5s0: removing interface dhcpcd[997]: enp5s0: releasing lease of 192.168.1.2 dhcpcd[997]: enp5s0: deleting route to 192.168.1.0/24 dhcpcd[997]: enp5s0: deleting default route via 192.168.1.1 dhcpcd[997]: exited which then has to be restarted via 'dhcpcd' after replugging the conn'n. However, even after searching thro' /etc again, Googling etc, AFAICS there's no difference in config files between the 2 machines. So how do I enable IPv4LL' (smile) ? If you are using dhcpcd it is enabled by default, unless you use -L (-- noipv4ll) in /etc/conf.d/net Have you disabled this in your desktop, or are you not using dhcpcd? -- Regards, Mick signature.asc Description: This is a digitally signed message part.
[gentoo-user] Re: blockage
Alan McKinnon alan.mckinnon at gmail.com writes: Sounds like you're volunteering, Alan. I do have some of the required skills, and I have free time right now. Ah; stepping up are we? I'll be hoping you are taking requests on the 'portage thingy' ? How'z about extending emerge with a few extra commands operands :: ? that installs a new gentoo system (image) via an ansible file(s)? Stephan put some stuff up a while back, but I have not gotten back around to testing it. I recall you had some early workings too? There's even some open source work on an ansible gui [1]: If we have some quick way to install, then systems could be setup, customized, used for testing and torn down again, all in a few hours? I'd focus on simple, minimized installs and it would give the user base a way to duplicate systems for problem verification and resolution. Also, as clusters, clouds and various virtualizations continue to mature, it could also aid in other forms of gentoo image debugging and verification if bugs exist only in virtualized form or also in traditional installs. Just a few thoughts; no big deal. If you step back a bit there are many ways to approach portage/ebuild enhancements. Maybe I'll have a deeper look into portage's code with a view to improving this area. No promises thought The dev repos and project repos are good places to start [2,3]: James [1] https://github.com/ansible-semaphore/semaphore [2] http://gitweb.gentoo.org/ [3] http://gitweb.gentoo.org/proj/
Re: [gentoo-user] New Firefox-38.1.0 headers, or is Google getting smarter?
Mick wrote: On Saturday 01 Aug 2015 05:08:04 Volker Armin Hemmann wrote: Am 31.07.2015 um 11:31 schrieb Mick: I used Firefox to login to Gmail and suddenly received a message from Google, advising me: New sign-in from Firefox on Linux Hi Michael,Your Google Account x was just used to sign in from Firefox on Linux. Have you noticed something similar and should we be changing anything on the new FF configuration, or is this Gmail getting smarter? seriously? Have you never heard that browsers send tons of data to the server? Like browser version, OS, language... ? Mozilla/5.0 (X11; Linux x86_64) KHTML/4.14.10 (like Gecko) Konqueror/4.14 that is, for example what MY konqueror setup currently sends. Thanks Volker, I know that browsers send agent data to the server, but I had never received such an email from Gmail before. Most that had happened in the past is to receive an email to confirm I am the real owner of the account when I tried to connect using IMAP4 while overseas. So this tells me that Google are also logging the IP addresses I am connecting from and check my geographic location for aheam! security purposes. Facebook does this too. I was testing tor once and it had me showing as coming from Africa somewhere. Anyway, it wouldn't let me in even with my password. After I disabled tor so that it would show my real location, I had a warning that someone had tried to login from a foreign country. It wanted me to change my password etc etc etc. Google isn't the only one that does this. I suspect that most all sites do this to some extent. After all, how can you visit a website and it not know your IP address and such? It has to know where to send your requests too. ;-) Dale :-) :-)
Re: [gentoo-user] update problems
On Sun, Sep 20, 2015 at 11:28 AM, lee <l...@yagibdah.de> wrote: > > Should I make feature requests? > First, don't believe every post you read in gentoo-user. Just as you can post anything you want here, so can anybody else. People offer advice they think is helpful. That doesn't mean it is necessarily correct, and that statement isn't directed at anybody in particular. Anytime there is a post on -user you'll see about 5 right answers and 5 wrong answers, and the person who knows the least (the person asking the question) gets to decide which one is which. Short of moderating the list we don't really have a solution for that. Something like stack exchange might be useful here. As I already said (in one of the emails you haven't replied to yet), we're fairly aware that portage output isn't very helpful here, and it is something people are interested in changing. I don't really see the point in asking for a feature request, since it is already well-known. I would recommend trying out my suggestion of adding --backtrack=50 before doing anything else. If that doesn't work, then try emerge -1'ing the various packages listed as requiring the older version of the library. -- Rich
Re: [gentoo-user] Fwd: [gentoo-dev] Package up for grabs: sys-boot/gummiboot
On 05/25/2016 06:09 PM, Peter Humphrey wrote: > > Well, considering the importance of gummiboot to some of us, I might be > willing to take it on - if I just knew a bit more about package maintenance. > As I've said many times in recent years, my days of coding expired about 25 > years ago, and then it was in very different systems from Linux. > These days it's a lot easier to get practice because you don't have to deal with CVS. If you clone our git repo as your $PORTDIR, then you can make your changes and `repoman commit` just like the rest of us. If you're okay with Github, you can create pull requests there from that same clone. You should probably read through the entire devmanual once, but there's no substitute for practice and asking questions. There are a lot of easy bugs open on bugs.gentoo.org that you could fix to get experience. If you fix something in a maintainer-needed package and post a pull request, I don't see why we couldn't just merge it. You'll get good feedback that way. In fact, in the worst case, if gummiboot drops to maintainer-needed, you could fix bugs and make version bumps that way without the commitment of being the maintainer.
Re: [gentoo-user] Fwd: [gentoo-dev] Package up for grabs: sys-boot/gummiboot
On 26/05/16 08:19, Michael Orlitzky wrote: > On 05/25/2016 06:09 PM, Peter Humphrey wrote: >> >> Well, considering the importance of gummiboot to some of us, I might be >> willing to take it on - if I just knew a bit more about package maintenance. >> As I've said many times in recent years, my days of coding expired about 25 >> years ago, and then it was in very different systems from Linux. >> > > These days it's a lot easier to get practice because you don't have to > deal with CVS. If you clone our git repo as your $PORTDIR, then you can > make your changes and `repoman commit` just like the rest of us. If > you're okay with Github, you can create pull requests there from that > same clone. > > You should probably read through the entire devmanual once, but there's > no substitute for practice and asking questions. > > There are a lot of easy bugs open on bugs.gentoo.org that you could fix > to get experience. If you fix something in a maintainer-needed package > and post a pull request, I don't see why we couldn't just merge it. > You'll get good feedback that way. In fact, in the worst case, if > gummiboot drops to maintainer-needed, you could fix bugs and make > version bumps that way without the commitment of being the maintainer. I'll also mention the Proxy Maintainers project[0] here. Yes this is intended to facilitate people taking maintainership of a package, but my point is that there is a project dedicated to facilitating contributors without push access both in offering ebuilding support and committing package changes. If anyone is interested in becoming the nominal maintainer of this, let us know. :) [0] https://wiki.gentoo.org/wiki/Project:Proxy_Maintainers Cheers; -- Sam Jorna (wraeth) <wra...@gentoo.org> GnuPG Key: D6180C26 signature.asc Description: OpenPGP digital signature
Re: [gentoo-user] Fwd: [gentoo-dev] Package up for grabs: sys-boot/gummiboot
On Wednesday 25 May 2016 18:19:38 Michael Orlitzky wrote: > On 05/25/2016 06:09 PM, Peter Humphrey wrote: > > Well, considering the importance of gummiboot to some of us, I might be > > willing to take it on - if I just knew a bit more about package > > maintenance. As I've said many times in recent years, my days of coding > > expired about 25 years ago, and then it was in very different systems > > from Linux. > These days it's a lot easier to get practice because you don't have to > deal with CVS. If you clone our git repo as your $PORTDIR, then you can > make your changes and `repoman commit` just like the rest of us. If > you're okay with Github, you can create pull requests there from that > same clone. Aye, there's the rub. Git is a closed book to me at the moment. Having to learn how to use it would at least triple my time to get up to speed. Time, I have plenty of (DV, as they say in religious circles), but my brain doesn't go nearly as well as it did 40 years ago. > You should probably read through the entire devmanual once, but there's > no substitute for practice and asking questions. Sounds like good advice - I'll go and find it now. > There are a lot of easy bugs open on bugs.gentoo.org that you could fix > to get experience. If you fix something in a maintainer-needed package > and post a pull request, I don't see why we couldn't just merge it. > You'll get good feedback that way. In fact, in the worst case, if > gummiboot drops to maintainer-needed, you could fix bugs and make > version bumps that way without the commitment of being the maintainer. Thanks for the encouragement. I'll muse awhile. -- Rgds Peter
Re: [gentoo-user] Fwd: [gentoo-dev] Package up for grabs: sys-boot/gummiboot
On Thu, 26 May 2016 09:32:26 +0100, Peter Humphrey wrote: > > These days it's a lot easier to get practice because you don't have to > > deal with CVS. If you clone our git repo as your $PORTDIR, then you > > can make your changes and `repoman commit` just like the rest of us. > > If you're okay with Github, you can create pull requests there from > > that same clone. > > Aye, there's the rub. Git is a closed book to me at the moment. Having > to learn how to use it would at least triple my time to get up to > speed. Time, I have plenty of (DV, as they say in religious circles), > but my brain doesn't go nearly as well as it did 40 years ago. You don't have to use git, I uploaded my ebuild changes to b.g.o - it needs a dev to commit them anyway. > > You should probably read through the entire devmanual once, but > > there's no substitute for practice and asking questions. > > Sounds like good advice - I'll go and find it now. devmanual.gentoo.org - you also need to read man 5 ebuild. -- Neil Bothwick WinErr 01F: Reserved for future mistakes of our developers. pgpdFCJV8aMUe.pgp Description: OpenPGP digital signature
Re: [gentoo-user] Re: java.awt.AWTError
On 02/03/2016 01:34 PM, Helmut Jarausch wrote: > On 02/03/2016 02:04:32 PM, Jörg Schaible wrote: >> Hi Helmut, >> >> Helmut Jarausch wrote: >> >>> Hi, >>> >>> when emerging sci-geosciences/josm- I get a Java error : >>> >>> >>> java.awt.AWTError: Can't connect to X11 window server using ':0' as >> the >>> value of the DISPLAY variable. >>> >>> >>> This is on a local machine using DISPLAY :0 >>> >>> Would anybody please shed some light on this error. >>> >>> (Emerge version 9060 proceeds just fine) >>> >>> Many thanks for a hint, >>> Helmut >> >> during the ebuild a Java application is running that requests the >> presence >> of X. So you're either on a machine without X or your JDK has no X >> support. >> E.g. the icedtea variants have a flag 'headless-awt' wich turns off X >> suport >> if active (and the name and meaning of the flag recently changed from >> 'X'). >> >> As another alternative you may try to fix the ebuild by running the >> java >> application in question with system property >> "-Djava.headless.awt=true". >> This can succeed if the application just initializes AWT, but does not >> use >> it to display something. >> > > Thanks Jörg! > > My icedtea doesn't have the headless-awt use flag. > I've replaced > eant dist-optimized > by > eant -Djava.headless.awt=true dist-optimized > in the ebuild, but it didn't help. > > Helmut > > > > Another possible reason for this is that X is running as your user and not root. I am not very familiar with how X and displays work, but I've stumbled upon similar errors before when trying to run certain GUI programs through root or sudo. I've usually solved this by giving my regular user some permissions (usually just groups) and ran it as my user. Though if this happens as part of emerge I've no idea how to go about fixing it. It might be that what I've seen earlier is just my own FUBAR sys and config. signature.asc Description: OpenPGP digital signature
Re: [gentoo-user] Re: {OT} Allow work from home?
On Fri, 22 Jan 2016 11:51:45 -0800, Grant wrote: > > To talk to this computer from another of my machines over ZT I would > > use the 10.252... address. If you tried that address, you'd get > > nowhere as you are not connected to my network. > So if 10.252.252.6 were configured as a router, could I join your ZT > network and use iptables to route my example.com 80/443 requests to > 10.252.252.6, thereby granting me access to my web apps which are > configured to only allow your machine's WAN IP? You don't need a bridge in a network to join it. If I want you to join it, I give you the network ID and you simply join it, although you can't actually connect to it until I authorise the connection. However, if this machine were configured as a bridge, then once you had joined my network you would have access to all of my LAN, rather like an OpenVPN connection. It seems that the man difference between this and a traditional VPN is that all of the setup work is done on the one computer, connecting extra clients is just a matter of connecting them to the network. Note that I haven't actually tried this, every machine on my LAN that I want to be able to connect to is running ZT so is directly accessible. > Is it possible (easy?) to run your own "core node" and so not interact > with the official core nodes at all? It is definitely possible, and you skip the "only ten clients for free" limit as that only applies to using their servers. Once again, it isn't something I've tried yet, but it is on my list of "things to do when I find some time". I'm quite happy using their discovery servers so this would be only an exercise in trying it "because I can". -- Neil Bothwick MUPHRY'S LAW: The principle that any criticism of the writing of others will itself contain at least one grammatical error. pgpW52yseiUCN.pgp Description: OpenPGP digital signature
[gentoo-user] Re: A Glitch in the Matrix or just another burb of emerge... ;)
On 05/10/2016 04:03 PM, Alan McKinnon wrote: > On 10/05/2016 18:14, meino.cra...@gmx.de wrote: >> >> >> (sys-devel/gcc-4.4.7:4.4/4.4::gentoo, installed) pulled in by >> sys-devel/gcc:4.4 required by @selected > >> (cross-armv7a-hardfloat-linux-gnueabi/gcc-4.5.4:4.5/4.5::x-portage, >> installed) pulled in by >> cross-armv7a-hardfloat-linux-gnueabi/gcc:4.5 required by @selected > > It's a hard problem to solve, and portage doesn't really know the > solution. It likely knows how to make itself shut up (remove the low > version compilers) but that's unlikely to *solve* it. Maybe you really > want to have 4.4 and 4.9, portage doesn't know how it can give that to > you so it brain dumps everything it's got and tells you to figure it out. > In this case, you explicitly told portage that you want to keep sys-devel/gcc:4.4 and cross-armv7a-hardfloat-linux-gnueabi/gcc:4.5 installed, as they are in the @selected set (defined by your world file). This means that portage's normal resolution mechanism (remove the packages that break things) won't work, as that won't satisfy your requests (as it knows them to be). I haven't looked into why gcc 4.9 blocks older versions now, although I know it didn't always do so. -- Jonathan Callen signature.asc Description: OpenPGP digital signature
Re: [gentoo-user] llvm / clang compile error
On 08/17/2016 10:24 AM, siefke_lis...@web.de wrote: On Wed, 17 Aug 2016 08:36:12 -0400 james <gar...@verizon.net> wrote: On 08/16/2016 04:43 PM, Silvio Siefke wrote: Please submit a full bug report https://bugs.gentoo.org/show_bug.cgi?id=591514 Silvio Reading the bug, here is a request for specific info:: " Alex Xu (Hello71) 2016-08-17 15:26:17 UTC please attach example build.log" If you work with the requests on BGO, then they are much more likely to work on your bug, or at least process. If there are other similar bugs in BGO, then stay on top of them too. I've only mildly used clang, at this point, so it'll take somebody else to spot what's wrong, or who knows clang more deeply. But, now you can keep your posts short and precise in gentoo-user and reference your but like this BGO#591514. Also, if you are not copied on the postings to your bug, go ahead and add yourself directly to the "cc list". You can also use gentoo forums or an appropriate gentoo irc channel to look for CLANG/llvm types of folks, referring them to your posted bug too, so your posts there can be short and easy to read. [1] [1] https://wiki.gentoo.org/wiki/Google_Summer_of_Code/2016/Ideas/Clang_native_support hth, James
Re: [gentoo-user] nx / nxclient - replacement
On 02/06/2017 01:55 AM, Helmut Jarausch wrote: > On 02/06/2017 08:53:19 AM, the...@sys-concept.com wrote: >> Are there any good replacement for "nx / nxclient" in Linux? >> NX is long time gone from portage. I hope, I can still install them >> from atic. >> This was another reason I wasn't upgrading for a long time as I need >> them to access remote boxes in GUI. >> > > I have net-misc/x2goclient (and net-misc/x2goserver) installed. > But I think, x2goserver has to be installed on the remote system. > > Yes, x2goserver needs to be installed on the remote system. But I do believe you need something installed on the remote system to listen for nx/vnc requests anyway. I switched to x2goserver/x2goclient maybe two years ago from xvnc/tigervnc as it was getting to be a real chore to install again xorg-x11 at the time. It has some benefits, one of them being it spawns a new session when you log in, like Terminal Server/Remote Desktop Services on Windows - meaning you don't attach to an existing user that's logged on. It also has some downsides. As in not all desktops are fully supported. I had to switch to MATE on the server for reliability issues. KDE5 is not supported, as an example. They do support other desktops besides MATE, it's just the one I stuck with. It does, however, feel back-asswards compared to KDE, as a primarily KDE-user. Dan
Re: [gentoo-user] nx / nxclient - replacement
Thelma On 02/06/2017 08:55 AM, Daniel Frey wrote: > On 02/06/2017 01:55 AM, Helmut Jarausch wrote: >> On 02/06/2017 08:53:19 AM, the...@sys-concept.com wrote: >>> Are there any good replacement for "nx / nxclient" in Linux? >>> NX is long time gone from portage. I hope, I can still install them >>> from atic. >>> This was another reason I wasn't upgrading for a long time as I need >>> them to access remote boxes in GUI. >>> >> >> I have net-misc/x2goclient (and net-misc/x2goserver) installed. >> But I think, x2goserver has to be installed on the remote system. >> >> > > Yes, x2goserver needs to be installed on the remote system. But I do > believe you need something installed on the remote system to listen for > nx/vnc requests anyway. > > I switched to x2goserver/x2goclient maybe two years ago from > xvnc/tigervnc as it was getting to be a real chore to install again > xorg-x11 at the time. > > It has some benefits, one of them being it spawns a new session when you > log in, like Terminal Server/Remote Desktop Services on Windows - > meaning you don't attach to an existing user that's logged on. > > It also has some downsides. As in not all desktops are fully supported. > I had to switch to MATE on the server for reliability issues. KDE5 is > not supported, as an example. They do support other desktops besides > MATE, it's just the one I stuck with. It does, however, feel > back-asswards compared to KDE, as a primarily KDE-user. > > Dan Any experience, how do they compare speed-wise net-misc/remmina vs. x2goserver of GUI to remote PC over the internet? -- Thelma
Re: [gentoo-user] Re: Strive for zero swap usage?
> Looking at the times, it looks a lot like you are having higher iowait > only at around 2:00 and 4:20 which are pretty standard cron job times. > These probably run niced or ioniced. It's normal that you are seeing > higher iowait for such processes. > > You may want to try setting your io scheduler to deadline (or even noop > if you are using a RAID controller with bbu and write cache). Since you > seem to prefer response times over throughput you should be using > deadline io scheduler anyways. Actually, don't use the default CFQ if > your server is virtualized. At least in my tests, CFQ seems to work a > lot against what virtualized IO seems to achieve. I'm using CFQ now, no virtualization. I should use CFQ if I prefer throughput and deadline for response time? > I also suggest using maybe XFS as a filesystem. Which one are you using? I'm using ext3 but I plan to move to ZFS. > If your server is a web server and it starts swapping, there is not > much you can do against it. Tuning swappiness will probably not help at > all. Get more RAM or lower your memory usage. If, for example, MySQL > runs on the same host, either move it or lower it's memory usage. > Reduce the amount of apache application processes running at the same > time (PHP, Perl, whatever), use a layered application stack: One > frontend for handling static files, one middleware server for handling > requests over to PHP and doing the request dispatch queue, and reduce > memory/IO footprint of your backend. Changing swappiness from 60 to 30 has drastically reduced swap usage but I'm not sure how much it has done for iowait and response times. I'll know more in a few days. If swap usage stays very low and I'm still not happy with the consistency of response times, I would think reducing memory usage won't help. - Grant
Re: [gentoo-user] Infrastructure?
Probably should clarify that I wasn't talking about patches. I just remember the big git migration and was wondering if the syncing process itself would be moved under anongit.gentoo.org at some point so that we could avoid relying on github (per social contact thingy) On Tue, Sep 20, 2016 at 12:36 AM, Daniel Campbell <z...@gentoo.org> wrote: > On 09/19/2016 10:54 AM, Raymond Jennings wrote: > > Just curious, but how are gentoo's infra assets organized? > > > > Do you guys use VMs on top of hardware machines and whatnot? > > > > Reasons for asking: > > > > * general curiosity > > * wondering how a migration to use anongit.gentoo.org > > <http://anongit.gentoo.org> instead of github would go, particularly if > > it would help ease pressure on the rsync servers if demand went down > > - I heard something about a social contract where relying on third > > parties was a frowny point. > > > > Popping in to #gentoo-infra and chatting with the folks there may get > you a faster response. > > As far as I know, we accept pull requests from the GitHub mirror *or* a > standard `git format-patch` e-mail. > > We do have a social contract[1] which indicates that we will not depend > on proprietary software. That said, the GitHub mirror is there for > convenience; I'm betting part of why we use it on the side is because it > already meshes well with Git to begin with and can be a good 'gateway' > for new contributors. > > We also accept patches on the gentoo-dev ML or (depending on the > developer) personal e-mails or Bugzilla bugs. You might want to check > out a few pages on the wiki regarding how we handle contributions, or > pop in #gentoo-proxy-maint on Freenode. > > [1] https://gentoo.org/get-started/philosophy/social-contract.html > -- > Daniel Campbell - Gentoo Developer > OpenPGP Key: 0x1EA055D6 @ hkp://keys.gnupg.net > fpr: AE03 9064 AE00 053C 270C 1DE4 6F7A 9091 1EA0 55D6 > >
Re: [gentoo-user] Infrastructure?
On 09/19/2016 10:54 AM, Raymond Jennings wrote: > Just curious, but how are gentoo's infra assets organized? > > Do you guys use VMs on top of hardware machines and whatnot? > > Reasons for asking: > > * general curiosity > * wondering how a migration to use anongit.gentoo.org > <http://anongit.gentoo.org> instead of github would go, particularly if > it would help ease pressure on the rsync servers if demand went down > - I heard something about a social contract where relying on third > parties was a frowny point. > Popping in to #gentoo-infra and chatting with the folks there may get you a faster response. As far as I know, we accept pull requests from the GitHub mirror *or* a standard `git format-patch` e-mail. We do have a social contract[1] which indicates that we will not depend on proprietary software. That said, the GitHub mirror is there for convenience; I'm betting part of why we use it on the side is because it already meshes well with Git to begin with and can be a good 'gateway' for new contributors. We also accept patches on the gentoo-dev ML or (depending on the developer) personal e-mails or Bugzilla bugs. You might want to check out a few pages on the wiki regarding how we handle contributions, or pop in #gentoo-proxy-maint on Freenode. [1] https://gentoo.org/get-started/philosophy/social-contract.html -- Daniel Campbell - Gentoo Developer OpenPGP Key: 0x1EA055D6 @ hkp://keys.gnupg.net fpr: AE03 9064 AE00 053C 270C 1DE4 6F7A 9091 1EA0 55D6 signature.asc Description: OpenPGP digital signature
Re: [gentoo-user] What Firefox (what browser) for Online-Banking?
On Sat, 07 Jan 16:51:41 +0100
meino.cra...@gmx.de wrote:
Hi,
what Firefox-Version/what browser is the most secure one for Online-Banking?
Who is able to tell about that? I think nobody which has evaluated this
for every version (if some really has) is reading this list.
I would recommended at least a separate well configured browser profile
for the banking purpose and to strip off all unnecessary connections.
The latter can be achieved by using a Proxy Auto Config (PAC) file [1].
Have a look at [2] for more background information on this — even when
it’s quite old.
For Mozilla Firefox create a file (e.g. “proxy.pac”) with following
content for example (don’t copy ’n paste, the spaces aren’t such):
function FindProxyForURL(url, host) {
// Proxy bypass logic
if (
dnsDomainIs(host, '.your-bank.com')
// || dnsDomainIs(host, 'addons.cdn.mozilla.net')
// || dnsDomainIs(host, 'addons.mozilla.org')
) { return 'DIRECT'; }
// Redirect all other requests through localhost which should always
// fail due no listen server.
return 'PROXY 127.0.0.1:65535';
}
and place it in the root of your browser profile, apply it due property
“network.proxy.autoconfig_url” or via GUI by using the “file:” protocol
in about:preferences#advanced > Network > Connection Settings.
Before you ask, I’ve never tried to use a relative path definition which
may be important on an USB device nor can say if it’ll also work.
Notice the comment lines for the mozilla domains. Comment those out if
you really need to use add-ons in a banking profile and want to have a
more comfortable way to update them. But you know, comfort/add-ons and
security is often like fire and water nowadays.
To test that only your banking connection is possible invoke:
/usr/bin/firefox --private-window "https://www.example.com/" --no-remote -P
banking.profile
[1] <https://calomel.org/proxy_auto_config.html>
[2]
<https://web.archive.org/web/20040821144727/http://developer.netscape.com/docs/manuals/proxy/adminux/>
--
Best regards,
Floyd Anderson
[gentoo-user] DNS from dialup or wifi for broadband connection?
Starting a separate topic, rather than hijack the main thread... On Fri, Mar 10, 2017 at 01:50:26PM -0600, Corbin Bird wrote > > 6 # : ISP is starting to filter customers web access. The ISP is > deciding what sites customers are allowed to see. ( look up the > practice called "ransom" ). Does this consist of grabbing outbound traffic to port 53? If so, I wonder if the following is possible... * Can a POTS dialup or a wifi connection co-exist with a broadband connection? It would make the network config and route config more complex. * If yes, can iptables be used to redirect only outbound-to-port-53 traffic to the dialup/wifi connection, with everything else going to the broadband connection? * Another option, if you know the alternate DNS server address in advance, set up routing of the /32 (for the alternate DNS server) to ppp0 or wlan0 with higher priority than the default route. This doesn't require any iptables magic. * Can the standard linux network stack handle this properly, and use incoming DNS responses from the dialup/wifi connection for the IP addresses of websites, etc to be accessed via broadband? DNS traffic is low volume, usually fitting into 1 packet. So it would be feasible to divert DNS requests to a lower-speed connection. The broadband ISP would handle all the highspeed website, etc, traffic but it would not see any DNS traffic, and would not be able to intercept it. -- Walter Dnes <waltd...@waltdnes.org> I don't run "desktop environments"; I run useful applications
Re: [gentoo-user] Re: what about dracut and systemd?
On Sun, Jul 30, 2017 at 12:27 PM, Ian Zimmerman <i...@very.loosely.org> wrote: > On 2017-07-29 06:25, Rich Freeman wrote: > >> IMO unless you really need to read them offline it is probably just as >> easy to just browse the git repository. I find github provides the >> nicest viewer > > But which one? There is gentoo/gentoo _and_ gentoo-mirror/gentoo. TBH > the existence of both doesn't give me a warm & fuzzy feeling. > Git is a distributed vcs, so there are lots of copies floating around. Both should give you the same history for anything you actually care about. The first is just a clone of the official Gentoo repository. The second adds metadata to it, so it will have the same history with some delay, but with an extra commit adding all the metadata to it. The first is best for submitting pull requests. The second is best for syncing /usr/portage from as it: 1. Contains pre-built metadata (like the rsync mirrors), which means emerge will run faster. It isn't absolutely essential since emerge will just build it on the fly if it has to, but it is slower. 2. The default stable branch does a repoman QA check before pulling which means that if a dev makes an obvious error it pauses the repository until it is fixed. So, if you sync from this you won't errors like your stable system trying to pull in an unstable dependency, which usually go away if you re-sync because by then the dev in question has usually been beaten back into submission. The most recent commit is guaranteed to pass the automated QA checks at least. Other than the gentoo-mirror one being a little behind (or more behind if a dev did cause a QA issue), the histories are going to be the same. -- Rich
Re: [gentoo-user] Error while starting Docker daemon
On Sun, Oct 8, 2017 at 11:10 AM, Mick <michaelkintz...@gmail.com> wrote: > > From what I see above you are running btrfs. It may be worth compiling in > your kernel this module you have left out, because I've read somewhere it > prevents fs corruption (Rich seems to know a lot about BTRFS, so I leave it to > him to confirm its usefulness): > > # CONFIG_BTRFS_FS_CHECK_INTEGRITY is not set > I wouldn't look much further than the config docs on this one: Btrfs with integrity check tool compiled in (DANGEROUS) ...Enabling this functionality is not intended for normal use. In most cases, unless you are a btrfs developer who needs to verify the integrity of (super)-block write requests during the run of a regression test, say N. It looks like it is intended only for regression testing. I didn't dig too deep into the docs, but it probably turns on some assertions and probably doesn't have much in the way of recovery if they are triggered. Granted, if they trigger you probably have issues anyway, but they might not be as severe as whatever happens when this is turned on. Of course, in theory it shouldn't do anything other than waste RAM/CPU, since assertions aren't supposed to be triggered. So, no, you don't want this on a real system. -- Rich
Re: [gentoo-user] why zfs and friends want to update to 9999?
On Wednesday, October 11, 2017 11:34:48 AM CEST John Covici wrote: > On Wed, 11 Oct 2017 04:50:20 -0400, > > J. Roeleveld wrote: > > On Wednesday, October 11, 2017 9:54:05 AM CEST John Covici wrote: > > > Hi. In my latest world update, I have sys-fs/zfs and friends at > > > 0.7.1 and they all want to update to . Does anyone know why this > > > should be -- normally is not in the normal update sequence. > > > > > > I am using the unstable gentoo, updated about 3 weeks ago. No harm > > > has come yet, but I have not done the update till I can figure out > > > what is happening here -- particularly if I need a rescue cd which is > > > using zfs 0.7.1. > > > > > > Thanks in advance for any ideas. > > > > check your keywords, how did you unmask zfs? > > > > Here are mine: > > > > $ grep -r zfs /etc/portage > > /etc/portage/sets/zfs:sys-fs/zfs > > /etc/portage/sets/zfs:sys-fs/zfs-kmod > > /etc/portage/package.keywords/zfs:=sys-fs/zfs-kmod-0.7.1 ~amd64 > > /etc/portage/package.keywords/zfs:=sys-fs/zfs-0.7.1 ~amd64 > > $ grep -r spl /etc/portage > > /etc/portage/sets/zfs:sys-kernel/spl > > /etc/portage/package.keywords/zfs:=sys-kernel/spl-0.7.1 ~amd64 > > Yep, I think you are correct, I had the in package.keywords and I > think this is what made portage do that. > When I commented them out, things are back to normal. > > Thanks again. That might have happened automatically as portage tends to want to unmask the latest version if it can't find an unmasked version that matches requirements. I always answer "no" to those requests and copy/paste the actual lines myself after checking they are really what I want. -- Joost
Re: [gentoo-user] [OT] Being Facebook member: How to anon?
tu...@posteo.de wrote: > On 10/22 01:58, J. Roeleveld wrote: >> On 22 October 2017 10:50:01 GMT+02:00, tu...@posteo.de wrote: >>> Hi, >>> >>> for its invasive nature and its data gathering I really dont like >>> facebook. >>> >>> And now it seems that I cant with out it: >>> There is a HUGE user group for the Creality CR-10 3D printer there >>> and veryone and everything is referencing it. >>> >>> My question is: >>> Are there ways (and which ones) to become member of facebook >>> just to read and write to this user grout (like a mailinglist) >>> and keep the impact on privacy an personal fingerprinting as >>> small as ever possible? >>> >>> Every help is very appreciated! >>> Cheers >>> Meino >> Run a dedicated browser in a dedicated user account. This should isolate any >> tracking cookies from going into your main account. >> >> -- >> Joost >> -- >> Sent from my Android device with K-9 Mail. Please excuse my brevity. >> > Hi Joost, > > thanks for your help. > > Does "dedicated browser" means "Firefox -NewInstance -P Facebookprofle" or > does it mean "another browser than the installed firefox" ? > > Cheers > Meino > I would think that would work. I think I get where Joost is coming from. Another thought, what about using Tor to make it so it can't track IPs as well? Joost, you have a thought on that? Also, I've read where some people have had to prove who they are. Facebook requests the info and if it is not provided, they suspend the account until it is provided. It's never happened to me but I've talked to people who it did happen too. How does one get around it if that happens? Dale :-) :-)
[gentoo-user] Pointers are not supported: KDEDModule
I'm trying to understand why X crashes at login, with this error in .xsession- errors: QDBusAbstractAdaptor: Cannot relay signal KDEDModule::moduleDeleted(KDEDModule*): Pointers are not supported: KDEDModule* QDBusAbstractAdaptor: Cannot relay signal KDEDModule::moduleDeleted(KDEDModule*): Pointers are not supported: KDEDModule* QDBusAbstractAdaptor: Cannot relay signal KDEDModule::moduleDeleted(KDEDModule*): Pointers are not supported: KDEDModule* QDBusAbstractAdaptor: Cannot relay signal KDEDModule::moduleDeleted(KDEDModule*): Pointers are not supported: KDEDModule* QDBusAbstractAdaptor: Cannot relay signal KDEDModule::moduleDeleted(KDEDModule*): Pointers are not supported: KDEDModule* QDBusAbstractAdaptor: Cannot relay signal KDEDModule::moduleDeleted(KDEDModule*): Pointers are not supported: KDEDModule* QDBusAbstractAdaptor: Cannot relay signal KDEDModule::moduleDeleted(KDEDModule*): Pointers are not supported: KDEDModule* QDBusAbstractAdaptor: Cannot relay signal KDEDModule::moduleDeleted(KDEDModule*): Pointers are not supported: KDEDModule* startkde: Done. The X11 connection broke (error 1). Did the X11 server die? QThread: Destroyed while thread is still running Closing SQL connection: "kactivities_db_resources_139787921024832_readwrite" The X11 connection broke: I/O error (code 1) XIO: fatal IO error 4 (Interrupted system call) on X server ":0" after 2408 requests (2408 known processed) with 0 events remaining. If I restart xdm the user able to login, but the first time more often than not fails as above. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] Pointers are not supported: KDEDModule
On Sunday, 21 January 2018 20:33:54 GMT R0b0t1 wrote: > On Sun, Jan 21, 2018 at 9:45 AM, Mick <michaelkintz...@gmail.com> wrote: > > I'm trying to understand why X crashes at login, with this error in > > .xsession- errors: > > > > QDBusAbstractAdaptor: Cannot relay signal > > KDEDModule::moduleDeleted(KDEDModule*): Pointers are not supported: > > KDEDModule* > > QDBusAbstractAdaptor: Cannot relay signal > > KDEDModule::moduleDeleted(KDEDModule*): Pointers are not supported: > > KDEDModule* > > QDBusAbstractAdaptor: Cannot relay signal > > KDEDModule::moduleDeleted(KDEDModule*): Pointers are not supported: > > KDEDModule* > > QDBusAbstractAdaptor: Cannot relay signal > > KDEDModule::moduleDeleted(KDEDModule*): Pointers are not supported: > > KDEDModule* > > QDBusAbstractAdaptor: Cannot relay signal > > KDEDModule::moduleDeleted(KDEDModule*): Pointers are not supported: > > KDEDModule* > > QDBusAbstractAdaptor: Cannot relay signal > > KDEDModule::moduleDeleted(KDEDModule*): Pointers are not supported: > > KDEDModule* > > QDBusAbstractAdaptor: Cannot relay signal > > KDEDModule::moduleDeleted(KDEDModule*): Pointers are not supported: > > KDEDModule* > > QDBusAbstractAdaptor: Cannot relay signal > > KDEDModule::moduleDeleted(KDEDModule*): Pointers are not supported: > > KDEDModule* > > startkde: Done. > > The X11 connection broke (error 1). Did the X11 server die? > > QThread: Destroyed while thread is still running > > Closing SQL connection: > > "kactivities_db_resources_139787921024832_readwrite" The X11 connection > > broke: I/O error (code 1) > > XIO: fatal IO error 4 (Interrupted system call) on X server ":0" > > > > after 2408 requests (2408 known processed) with 0 events remaining. > > > > If I restart xdm the user able to login, but the first time more often > > than > > not fails as above. > > This seems very similar: > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797979. There is > also https://forums.gentoo.org/viewtopic-t-1056258-start-0.html with > no replies. > > Which display manager are you using? Are you using more than one monitor? > > Cheers, > R0b0t1 Hmm ... yes, reads rather similar to mine. The box in question is using sddm as a login manager, with which I have nothing but grief on various boxen and two monitors. This problem started with the latest sddm update. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] Pointers are not supported: KDEDModule
On Sun, Jan 21, 2018 at 9:45 AM, Mick <michaelkintz...@gmail.com> wrote: > I'm trying to understand why X crashes at login, with this error in .xsession- > errors: > > QDBusAbstractAdaptor: Cannot relay signal > KDEDModule::moduleDeleted(KDEDModule*): Pointers are not supported: > KDEDModule* > QDBusAbstractAdaptor: Cannot relay signal > KDEDModule::moduleDeleted(KDEDModule*): Pointers are not supported: > KDEDModule* > QDBusAbstractAdaptor: Cannot relay signal > KDEDModule::moduleDeleted(KDEDModule*): Pointers are not supported: > KDEDModule* > QDBusAbstractAdaptor: Cannot relay signal > KDEDModule::moduleDeleted(KDEDModule*): Pointers are not supported: > KDEDModule* > QDBusAbstractAdaptor: Cannot relay signal > KDEDModule::moduleDeleted(KDEDModule*): Pointers are not supported: > KDEDModule* > QDBusAbstractAdaptor: Cannot relay signal > KDEDModule::moduleDeleted(KDEDModule*): Pointers are not supported: > KDEDModule* > QDBusAbstractAdaptor: Cannot relay signal > KDEDModule::moduleDeleted(KDEDModule*): Pointers are not supported: > KDEDModule* > QDBusAbstractAdaptor: Cannot relay signal > KDEDModule::moduleDeleted(KDEDModule*): Pointers are not supported: > KDEDModule* > startkde: Done. > The X11 connection broke (error 1). Did the X11 server die? > QThread: Destroyed while thread is still running > Closing SQL connection: "kactivities_db_resources_139787921024832_readwrite" > The X11 connection broke: I/O error (code 1) > XIO: fatal IO error 4 (Interrupted system call) on X server ":0" > after 2408 requests (2408 known processed) with 0 events remaining. > > If I restart xdm the user able to login, but the first time more often than > not fails as above. This seems very similar: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797979. There is also https://forums.gentoo.org/viewtopic-t-1056258-start-0.html with no replies. Which display manager are you using? Are you using more than one monitor? Cheers, R0b0t1
[gentoo-user] Replacement for gcruft: gcrud
gcruft seems to have died off (https://www.google.com/search?q=gcruft only returns ebuild results). I was using it quite a lot and wrote many exception files. It's gone now with no way for my or anyone else's ebuild to get the original source. I did preserve it though, here: https://gitlab.com/Tatsh/gcruft I wrote a replacement in C named gcrud. It only needs GLib2 installed to work. It's much faster than gcruft ever was. The code is here: https://gitlab.com/Tatsh/gcrud https://github.com/Tatsh/gcrud I am placing preference in GitLab for issues and merge requests, but I will accept PRs from GitHub. The whitelist https://gitlab.com/Tatsh/gcrud/blob/master/whitelist.c is currently hard-coded and limited but the results are satisfactory for now in my use cases. Type use case: sudo ./gcrud | sort -u > out.log Examine out.log for things you can delete. There are absolutely zero calls to delete files from the machine in my code and never will be any kind of automation support. If anyone tries it out I certainly would like to see your output and get some bug reports or suggestions. The main feature planned is reading from a configuration file for exact file paths and regexs. -- Andrew signature.asc Description: OpenPGP digital signature
Re: [gentoo-user] [SOLVED] Emerge --sync fails on excluded stuff
On Tue, 23 Oct 2018 16:13:35 +0100, Mick wrote: > > > > You can also add "sync-rsync-verify-metamanifest = no" to the > > > > gentoo entry in /etc/portage/repos.conf - I use this when syncing > > > > from a local mirror. > > > > > > > That looks easier, but... /etc/portage/repos.conf is a directory > > > on my > > > > > > system. > > > > That's right, and in there is an entry for the gentoo repo, edit it. > > > > Most files in /etc/portage can be directories, although some utilities > > get confused if make.conf is, portage just considers the contents as a > > single file. > > I'm also using a local mirror to avoid loading the public gentoo > mirrors with multiple requests from my machines and have not yet had a > problem with portage verification in the client machines ... :-/ > > What am I doing wrong? :-) Nothing, at least not in this respect ;-) The verification doesn't cause a problem with a local mirror, it is just unnecessary. The computer hosting the mirror verifies each sync, doing so again is a waste of time. If someone were to gain root access to the mirror host, a corrupted portage tree would be the least of my worries :-O -- Neil Bothwick I stayed up all night playing poker with tarot cards. I got a full house and four people died. pgpX0wwfdGq0s.pgp Description: OpenPGP digital signature
[gentoo-user] Re: net-nntp/inn - This package is masked and could be removed soon!
On 2018-11-25, R0b0t1 wrote: > On Sun, Nov 25, 2018 at 1:28 PM Grant Taylor > wrote: >> >> Hi, >> >> I happily use net-nntp/inn on my server and was surprised to find that >> it is now masked and apparently up for removal. It looks like >> maintenance has dropped off on the package. >> >> I've never maintained a portage overlay or otherwise contributed to >> Gentoo (save for mailing lists). As such I don't know what I can do to >> help. >> >> I did skim the Proxy Maintainers page [1] and don't know that I'm ready >> to tackle that much responsibility. Is there something else that I can >> do to help avoid the removal of the net-nntp/inn package? Possibly at >> least keep it around as a masked package? >> >> Does anyone have any recommendations before blindly diving head first >> into something I'll regret by assuming responsibility that I'm not sure >> I'm ready for? >> >> Thanks for any pointers in advance. >> > > It depends why it is up for removal. Fix that issue and submit a pull > requests via GitHub or via email to gentoo-dev. If using gentoo-dev > there is the possibility that it will never be allowed through the > filter, so perhaps ask about it on IRC as well. Why not bugzilla? Is there some new rule suggesting that bugzilla shouldn't be used? You might have just forgotten to mention it, that's okay -- I'm just asking because bugzilla bugs 601032, 660966 and 663432 have made me wonder if there is something going on, and I want to be sure I didn't miss anything. Especially 601032, which is about to turn 1 year old. > In the rare chance that the package is just being removed because it's > old, making gentoo-dev aware that you use it should be enough. > Otherwise bump the version. -- Nuno Silva
Re: [gentoo-user] net-nntp/inn - This package is masked and could be removed soon!
On Sun, Nov 25, 2018 at 1:28 PM Grant Taylor wrote: > > Hi, > > I happily use net-nntp/inn on my server and was surprised to find that > it is now masked and apparently up for removal. It looks like > maintenance has dropped off on the package. > > I've never maintained a portage overlay or otherwise contributed to > Gentoo (save for mailing lists). As such I don't know what I can do to > help. > > I did skim the Proxy Maintainers page [1] and don't know that I'm ready > to tackle that much responsibility. Is there something else that I can > do to help avoid the removal of the net-nntp/inn package? Possibly at > least keep it around as a masked package? > > Does anyone have any recommendations before blindly diving head first > into something I'll regret by assuming responsibility that I'm not sure > I'm ready for? > > Thanks for any pointers in advance. > It depends why it is up for removal. Fix that issue and submit a pull requests via GitHub or via email to gentoo-dev. If using gentoo-dev there is the possibility that it will never be allowed through the filter, so perhaps ask about it on IRC as well. In the rare chance that the package is just being removed because it's old, making gentoo-dev aware that you use it should be enough. Otherwise bump the version. Cheers, R0b0t1
Re: [gentoo-user] Amdgpu-pro, anyone?
On Friday, 15 March 2019 16:35:50 GMT Rich Freeman wrote: > On Fri, Mar 15, 2019 at 12:22 PM Peter Humphrey > wrote: > > Can anyone help me with installing the proprietary amdgpu-pro driver, > > please? > > > > I've downloaded the package from the AMD site; it contains 50-odd .deb > > files and an installation script. I can't use the script directly, of > > course, because it wants to install in a Ubuntu or Steam system. > > I can't vouch for it and the wiki article seems out of date, but the > repo does contain dev-libs/amdgpu-pro-opencl. > > That seems like a good starting point if it is current. The last > update was in Jan, and it appears to use an ubuntu tarball and unpack > one of the deb files. Yes, I have that installed already. There's no sign of GPU activity other than as a display driver (as shown by radeonpro). Watching the BOINC log I see numerous requests for GPU jobs by several projects, but none arrive. So I supposed I must have something missing, whence the query. I've been through all my projects and made sure they really were all set up to use the GPU. Still no jobs received. I'd better take it up with the offending projects - thanks for your help, Rich. -- Regards, Peter.
Re: Re: Re: [gentoo-user] upgrading (profiles, too)
On 2019.05.31 11:49, n952...@web.de wrote: > Gesendet: Freitag, 31. Mai 2019 um 00:02 Uhr > Von: "Dale" > An: gentoo-user@lists.gentoo.org > Betreff: Re: Aw: Re: [gentoo-user] upgrading (profiles, too) > > Mick wrote: > > On Thursday, 30 May 2019 02:18:01 BST Dale wrote: to do. > > If I recall correctly, I did a merge -e world when I switched to 17.0. > There are some things that I'd rather rebuild everything just to be > sure. When it is winter time, why not, I need the heat anyway. ;-) > > Dale > > :-) :-) > > Compiling is not the problem. Knowing what USE and KEYWORD flags to set is what scares me. At least those. I get all these dire warnings from the system and I don't know what I did wrong. I'm certainly not in the experimental class. I try to do the most standard, stable things. You may not have done anything wrong. How dire an emerge warning is is up to interpretation. One way I sometimes deal with an update that throws lots of warnings and requests to change masks or keywords or use flags is to look carefully at the list of packages that would be updated, and pick one, and just try to update that one. I even sometimes find it easier to just "emerge -1 package" (instead of -u) because that seems less likely to try to include updates not needed for the package you selected. Also - I don't think you ever said which (or at least how many) packages you already have in packages.keyword. Often, having one package in that file (especially if it is not for a single version) will want testing versions of dependencies, so you either have to add those, or not use the testing version of the first package. Portage asking for changes to USE flags is likely far less of an issue - sometimes packages are changed so that a dependency now requires a particular use flag setting which is not the default (or may be affected by some USE flag you have set (or unset) in make.conf.
Re: [gentoo-user] Netgear AC1750 C7 V2 and IPv6
On Monday, 13 January 2020 19:38:33 GMT Dale wrote: > I hope I did this right. If not, tell me what to run. This is what I > get and I changed a few parts so I don't get hacked, or them trying to > at least. > > > root@fireball / # traceroute6 2606:4700:1::6813:894b > traceroute to 2606:4700:1::6813:894b (2606:4700:1::6813:894b), 30 hops > max, 80 byte packets > 1 2602:304:abab:9029:d66e:eff:fe42:55cf > (2602:304:abab:9029:d66e:eff:fe42:55cf) 0.769 ms 0.750 ms 0.745 ms > 2 * * * > 3 * * * [snip ...] > 30 * * * > root@fireball / # > > > I'm not real good on traceroute but I'd assume the first hit is my > puter. The next step should be the router but it seems to die there. I > been suspecting the router anyway. The first hope would normally be the router. Instead of assuming check the IPv6 addresses and confirm. > What next? Ideas? The remaining hops in your test do not return ICMP packets. This could well be because intermediate nodes do not respond to ICMP for security reasons. ICMP has been abused to perform DDoS attacks over the years and many hosts just drop ICMP requests. Try running traceroute with --tcp or --udp instead, but you may need to run the command as root. Have a look at this online service to see what a normal traceroute6 response looks like: http://www.traceroute6.net/ If you get nowhere check from your PC, try the router. Modern routers usually provide network testing apps like traceroute. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
[gentoo-user] Determine what's keeping Python 3.7 around?
I updated one of my systems a day or two ago, and Python 3.7 went away as expected. Today, I'm updating another system and it is rebuilding tons of stuff to target python 3.8 instead of 3.7, but it's keeping 3.7 and even wants to install a _new_ package -- and build it for Python 3.7: [...] [nomerge ] app-portage/gemato-16.2::gentoo USE="gpg -test -tools" PYTHON_TARGETS="python3_8* (-pypy3) -python3_6 -python3_7* -python3_9" [nomerge ] dev-python/requests-2.24.0-r1::gentoo USE="ssl -socks5 -test" PYTHON_TARGETS="python3_8* (-pypy3) -python3_6 -python3_7* -python3_9" [nomerge ] dev-python/cryptography-3.2.1::gentoo [3.2::gentoo] USE="-idna -libressl -test" PYTHON_TARGETS="python3_8* (-pypy3) -python3_6 -python3_7* -python3_9" [ebuild R]dev-python/six-1.15.0-r1::gentoo USE="-doc -test" PYTHON_TARGETS="python3_8* (-pypy3) -python3_6 -python3_7* -python3_9" 0 KiB [ebuild U ] dev-python/setuptools-50.3.0::gentoo [46.4.0-r3::gentoo] USE="-test" PYTHON_TARGETS="python3_8* (-pypy3) -python3_6 -python3_7* -python3_9 (-python2_7%*)" 2,119 KiB [ebuild N ] dev-python/setuptools_scm-4.1.2-r1::gentoo USE="-test" PYTHON_TARGETS="python3_7 python3_8 (-pypy3) -python3_6 -python3_9" 0 KiB [ebuild U ] dev-python/certifi-10001-r1::gentoo [10001::gentoo] USE="-test" PYTHON_TARGETS="python3_8* (-pypy3) -python3_6 -python3_7* -python3_9 (-python2_7%*)" 0 KiB [...] Total: 109 packages (12 upgrades, 1 new, 96 reinstalls), Size of downloads: 924,708 KiB How do I figure out why setuptools_scm is being built with the Python 3.7 target? There are no python targets specified in /etc/portage/* -- Grant
Re: [gentoo-user] update fails, but I don't see why
On Fri, 4 Dec 2020 at 10:34, n952162 wrote: > Forgotten about? I'm flattered! That would imply I understood > something here ... > > Here's my python situation: > > $ sed -n -e '/^\s*#/d' -e '/python/Ip' * | sort -u > */* PYTHON_TARGETS: python3_7 > >=dev-lang/python-2.7.16:2.7 sqlite > >=dev-lang/python-3.6.9 sqlite > >=dev-libs/libxml2-2.9.9-r1 python > >=dev-python/PySocks-1.7.1 python_targets_python3_6 > >=dev-python/certifi-10001-r1 python_targets_python3_7 > >=dev-python/certifi-2019.11.28 python_targets_python3_6 > >=dev-python/cffi-1.14.0 python_targets_python3_6 > >=dev-python/chardet-3.0.4 python_targets_python3_6 > >=dev-python/cryptography-2.8-r1 python_targets_python3_6 > >=dev-python/docutils-0.16 -python_targets_python2_7 > >=dev-python/idna-2.8 python_targets_python3_6 > >=dev-python/isodate-0.6.0-r1 python_targets_python3_6 > >=dev-python/ply-3.11 python_targets_python3_6 > >=dev-python/pycparser-2.20 python_targets_python3_6 > >=dev-python/pycryptodome-3.9.4 python_targets_python3_6 > >=dev-python/pyopenssl-19.1.0 python_targets_python3_6 > >=dev-python/requests-2.23.0 python_targets_python3_6 > >=dev-python/setuptools-46.4.0-r1 python_targets_python3_6 > >=dev-python/setuptools-50.3.0 python_targets_python3_7 > >=dev-python/setuptools_scm-4.1.2-r1 python_targets_python3_6 > >=dev-python/setuptools_scm-4.1.2-r1 python_targets_python3_7 > >=dev-python/six-1.14.0 python_targets_python3_6 > >=dev-python/six-1.15.0-r1 python_targets_python3_7 > >=dev-python/urllib3-1.25.8 python_targets_python3_6 > >=virtual/python-cffi-0 python_targets_python3_6 > dev-lang/python readline > net-print/cups X python I would try simply removing all of those python_targets_python3_x lines, and add back only those that you actually need, with an explicit version (that is '=' instead of '>='). I had a long list of packages on 3_6 for a while, but it's been several weeks/months since I could remove them all. Regards, Arve
Re: [gentoo-user] update fails, but I don't see why
On 12/13/20 9:18 AM, Neil Bothwick wrote: There's a lot to trawl through here, it looks like you haven't updated for quite some time. The (compressed) log of a system and world update from 20. October (2020!) is attached. Nearly 2 months, quite a long time in Gentoo update terms. !!! After 2 months the system can no longer be update-able? ... What do grep -r python3_6 /etc/portage That showed that the only references are in package.use But what does it show. We need the output of commands, not some vague reference to them. I suspected there was something in package.use, but we need to know what. Those references should probably be removed but no one can say for sure without seeing them. Oh sorry. You mentioned PYTHON_TARGETS="python3_6" and I didn't connect that with USE variables. Here there are (with comments removed) $ sed -n -e '/^\s*#/d' -e '/python3_6/p' /etc/portage/package.use/* =dev-python/certifi-10001-r1 python_targets_python3_6 =dev-python/setuptools_scm-4.1.2-r1 python_targets_python3_6 =dev-python/requests-2.24.0-r1 python_targets_python3_6 =dev-python/chardet-3.0.4-r1 python_targets_python3_6 =dev-python/idna-2.10-r1 python_targets_python3_6 =dev-python/urllib3-1.25.11 python_targets_python3_6 =dev-python/cryptography-3.2.1 python_targets_python3_6 =dev-python/cffi-1.14.0-r3 python_targets_python3_6 =dev-python/pycparser-2.20-r1 python_targets_python3_6 =dev-python/ply-3.11-r1 python_targets_python3_6 =dev-python/PySocks-1.7.1-r1 python_targets_python3_6 =dev-python/pyopenssl-19.1.0-r1 python_targets_python3_6 =dev-python/setuptools-50.3.0 python_targets_python3_6 =dev-python/six-1.15.0-r1 python_targets_python3_6
Re: [gentoo-user] Apache 2.4 can not access server subdirectory
On 10/30/2020 04:31 AM, Michael wrote: [snip] >> >> This is from apache.conf >> >> >> Options FollowSymLinks >> AllowOverride None >> Require all denied >> >> >> >> AllowOverride None >> Require all granted >> >> >> >> Options FollowSymLinks >> AllowOverride All >> Require all granted >> >> >> I just search all server .htaccess files for "AllowOverride" but none is >> active in these files. >> grep -Rnw '/var/www/html/catalog/' -e 'AllowOverride' > > You wouldn't find "AllowOverride" within an .htaccess file. This is a > directive placed in the main /etc/apache2 configuration files to determine if > directives contained in local filesystem .htaccess files will be processed or > not. An 'AllowOverride None' will ignore .htaccess directives and make the > server speedier in responding to requests. TBH .htaccess are typically used > locally, when you are not allowed to make changes to the main apache > configuration files. Note, if you changed the name of ".htaccess" with the > 'AccessFileName' directive, you may end up missing it. > > Another thing to check is any changes to the default 'DirectoryIndex' types, > for the particular subdirectory. If you have removed index.html or > index.html.var in this directive then apache won't serve index files when a > directory like admin/ is requested. > > Finally, you could increase the log verbosity to debug level and see if more > information is revealed as to the cause of this problem. I have a bigger problem. The apache 2.4 doesn't read configuration files. In apache2.conf I have: # Include the virtual host configurations: IncludeOptional sites-enabled/*.conf So it should read read every *config file in sites-enabled/ In that directory I have: ll sites-enabled/ lrwxrwxrwx 1 root root 35 Oct 27 21:15 000-default.conf -> ../sites-available/000-default.conf -rw-r--r-- 1 root root 3420 Oct 29 18:03 vhosts.conf vhosts.conf - define my web-site, but I commented everything out in that file (it is empty) and restarted apache: /etc/init.d/apache2 restart And I can still display my web page. How is it possible???
Re: [gentoo-user] [OT] Differences between wget and browser file retrieval?
210114 David Haller wrote: > On Thu, 14 Jan 2021, Walter Dnes wrote: >> I download daily a PDF. Today, the command ... >> wget https://files.ontario.ca/moh-covid-19-report-en-2021-01-14.pdf >> returns a zero-byte file. *BUT*, sticking the URL into the URL bar > >of Pale Moon and Google Chrome brings up the PDF file just fine. >> Is "wget" being blocked ? > I could download that file just fine just now[1]. > Try running 'wget' with the '-S' option. > Oh and : >> WARNING: cannot verify files.ontario.ca's certificate, issued by > So, try: > wget -S --no-check-certificate -U 'Mozilla/5.0 ...' \ >https://files.ontario.ca/moh-covid-19-report-en-2021-01-14.pdf > BTW: you know that you can let date format that URL? e.g.: > wget -S --no-check-certificate -U 'Mozilla/5.0 ...' \ >"$(date '+https://files.ontario.ca/moh-covid-19-report-en-%Y-%m-%d.pdf')" Here in Toronto, I get the same result as Walter via his URL & similar results from the 2 longer versions above, except that the escaped version give "ERROR 403: Forbidden". When I drop Walter's URL into the address bar of Firefox, no problem : a 1,75 MB PDF which appears to have all the info. It looks as if the site is refusing 'wget' requests from Ontario, but allowing them from eg Germany (!). What Walter is doing is well worthwhile. Press reports are very shallow & the Ontario government doesn't appear to have any clear idea just where & how the virus is being spread between humans. HTH. -- ,, SUPPORT ___//___, Philip Webb ELECTRIC /] [] [] [] [] []| Cities Centre, University of Toronto TRANSIT`-O--O---' purslowatcadotinterdotnet
Re: [gentoo-user] portage has 0 debugging support for binary emerges
On 9/6/21 3:48 PM, n952162 wrote: On 4/3/21 10:03 PM, n952162 wrote: I find no clue why the binary packages on my server aren't being picked up. The --debug option (and --verbose, naturally) has no additional information. Running the --getbinpkgonly stops immediately, saying 0 packages are selected. I found one problem: on my server, my apache log file had a 302 fetch error for /var/cache/binpkgs/Packages. I touched it a few hours into the future and started getting a 200 for it. But still no emerge would fetch a binary (even though there ARE good candidates). On a guess, I touched all the files in binpkgs an hour into the future, but that didn't help. Binary updates are VERY useful for virtual machines. Unfortunately, there hasn't really been a resolution on this issue. I think it's reasonable that if portage accesses a package on a binary server and decides it's not eligible, it should report the reason for rejecting it. Is it possible to make requests for improvements in gentoo? In the current case, llvm-common came across as binary, thunderbird and firefox are also listed as a *binary* update, but llvm is an *ebuild*. Neither host (binary server) nor the client (updating system) have any USE flags defined for llvm. I know of no way to figure out what went wrong.
[gentoo-user] Re: mailing list problem: changing subscription type
(Replying as listowner, but I'm also on the nomail version of gentoo-user, please CC to gentoo-user+ow...@lists.gentoo.org or to me directly for most mail) On Mon, May 30, 2022 at 07:35:20AM +0530, Madhu wrote: > I had subscribed to gentoo-user on 2022-05-25, and posted a message on > that date. > > I then wished to change my subscription to no-mail delivery. The > instructions I received after sending a message to > gentoo-user+h...@lists.gentoo.org indicated I could do this by sending > a message to gentoo-user+subscribe-nom...@lists.gentoo.org, which I > did. and I got a response saying > > "Thank you for confirming your subscription. You have now been added to the > no-mail version of the list." > > However the email address is still receiving messages from the > list. Apparently my email is subscribed on two lists - the mail > version and the non-mail version, and there doesn't seem to be any way > to unsubscribe only from the mail-version while remaining on the > latter. ... > Could I request the list owner to make sure I remain subscribed to the > the list while not receiving copies in the mail? I don't see any requests to unsubscribe from the regular version of the list. The regular/digest/nomail subscriptions are entirely independent. Just subscribing to the nomail version of the list does not impact your other subscriptions at all. Did some part of the documentation make you think it would impact the subscription? Regardless, how do you feel the documentation could improve to make it clear that they are separate. -- Robin Hugh Johnson Gentoo Linux: Dev, Infra Lead, Foundation Treasurer E-Mail : robb...@gentoo.org GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85 GnuPG FP : 7D0B3CEB E9B85B1F 825BCECF EE05E6F6 A48F6136 signature.asc Description: PGP signature
[gentoo-user] Re: mailing list problem: changing subscription type
* "Robin H. Johnson" : Wrote on Mon, 30 May 2022 05:08:48 +: >> Could I request the list owner to make sure I remain subscribed to the >> the list while not receiving copies in the mail? > I don't see any requests to unsubscribe from the regular version of the > list. > > The regular/digest/nomail subscriptions are entirely independent. Thanks. I was missing this piece of information. The confirmation message I received after subscribing to gentoo-user+subscribe-nomail had the following text: #+begin_quote If you ever wish to unsubscribe, send a message to using this email address. The subject and the body of the message can be anything. You will then receive confirmation or further instructions. #+end_quote Since only one unsubscribe address - presumably for the regular subscription - was indicated, I assumed there was only one account per email (ala mailman) with options set on the account. So I assumed if I unsubscribed at this address I would remove myself from the list and the ability to post to it. > Just subscribing to the nomail version of the list does not impact your > other subscriptions at all. > > Did some part of the documentation make you think it would impact the > subscription? > > Regardless, how do you feel the documentation could improve to make it > clear that they are separate. Perhaps the unsubscribe instructions on joining the digest and nomail lists should indicate addresses like If that is how it is to be done. (I haven't tried sending mail to gentoo-user+help-nomail@. I believe I'm off the regular list now, Thanks!) ---Madhu
Re: [gentoo-user] NAS and replacing with larger drives
On Fri, Dec 9, 2022 at 8:13 AM Michael wrote: > > Actually this had me thinking what is the need to back up the ... Internet? I'm sure the NSA knows the answer to this. Based on discussions I've had with people who are into such things they basically have their own Wayback machine, except it obviously doesn't respect robots.txt or takedown requests. I kind of wish the NSA sold IT services to the general public. I just assume they probably have root on all my devices and their own backups of everything on them. It would be nice if I had a disaster if I could just pay them to buy back a copy of my data, instead of having to have my own completely redundant backups. I'm personally using duplicity for encrypted cloud backups of the stuff that is most critical (documents, recent photos, etc), AWS Glacier for stuff I want long-term backups of (older photos mostly), and then bacula to store local copies of everything I have any interest in because that is easier than trying to restore it all off of Amazon if I lose an array or whatever. AWS Glacier is actually pretty cheap for backup, but be prepared to pay a fair bit for restoration. I'd only need to go to them in a serious disaster like a house fire, so having to pay $100 or whatever to get them to mail me a hard drive with my data isn't really that big of a deal. My backups are generally one-way affairs. -- Rich
[gentoo-user] http-replicator: error: invalid directory '/var/cache/http-replicator' [ ok ]
I'm trying to get the http replicator working.
I'm not sure what I'm doing wrong. Below are the steps I did to prep
the machine. I know that the user portage has write/read access as
specified in /etc/conf.d/http-replicator. I also went over step by step
with a user that has been using this before this package was put into
portage. ANY HELP WOULD BE GREATLY Appreciated.
echo net-proxy/http-replicator /etc/portage/packcage.keywords
emerge http-replicator
Below is what my make.conf looks like on the server
# These settings were set by the catalyst build script that automatically built this stage
# Please consult /etc/make.conf.example for a more detailed example
CFLAGS=-O2 -march=pentium4
CHOST=i686-pc-linux-gnu
CXXFLAGS=${CFLAGS}
SYNC=rsync://rsync.namerica.gentoo.org/gentoo-portage
GENTOO_MIRRORS=http://gentoo.osuosl.org/
http_proxy=http://10.1.10.37.com:8080
RESUMECOMMAND= /usr/bin/wget -t 5 --passive-ftp \${URI} -O \${DISTDIR}/\${FILE}
Below is what my client make.conf
# These settings were set by the catalyst build script that automatically built this stage
# Please consult /etc/make.conf.example for a more detailed example
CFLAGS=-O2 -march=pentium3
CHOST=i686-pc-linux-gnu
CXXFLAGS=${CFLAGS}
USE=mdadm
SYNC=rsync://10.1.10.37/gentoo-portage
http_proxy=http://10.1.10.37.com:8080
RESUMECOMMAND= /usr/bin/wget -t 5 --passive-ftp \${URI} -O \${DISTDIR}/\${FILE}
Here is the proof that the rights are correct
localhost ~ # ls -ld /var/cache/http-replicator/
drwxrwxrwx 2 portage portage 8192 Jan 25 21:53 /var/cache/http-replicator/
localhost ~ #
I run the command repcacheman and it works fine with the below output
Found 22746 ebuilds.
Extracting the checksums
Done!
SUMMARY:
Found 0 duplicate file(s).
Deleted 0 dupe(s).
Found 19 new file(s).
Added 0 of those file(s) to the cache.
Rejected 0 corrupt or incomplete file(s).
19 Unknown file(s) that are not listed in portage
You may want to delete them yourself
Done!
When I go to start the server it says. And this is where I believe it fails.
I have also tried repcacheman --user portage --dir /var/cache/http-replicator
localhost / # /etc/init.d/http-replicator restart
* Stopping Http-Replicator ...
No http-replicator found running; none killed. [ ok ]
* Starting Http-Replicator ...
usage: http-replicator [options]
http-replicator: error: invalid directory '/var/cache/http-replicator' [ ok ]
Below is my /etc/conf.d/http-replicator
## Config file for http-replicator
## sourced by init scripts automatically
## GENERAL_OPTS used by repcacheman
## DAEMON_OPTS used by http-replicator
## Set the cache dir
GENERAL_OPTS=--dir /var/cache/http-replicator
## Change UID/GID to user after opening the log and pid file.
## 'user' must have read/write access to cache dir:
GENERAL_OPTS=$GENERAL_OPTS --user portage
## Don't change or comment this out:
DAEMON_OPTS=$GENERAL_OPTS
## Do you need a proxy to reach the internet?
## This will forward requests to an external proxy server:
## Use one of the following, not both:
#DAEMON_OPTS=$DAEMON_OPTS --external somehost:1234
#DAEMON_OPTS=$DAEMON_OPTS --external username:[EMAIL PROTECTED]:port
## Local dir to serve clients. Great for serving binary packages
## See PKDIR and PORTAGE_BINHOST settings in 'man make.conf'
## --alias /path/to/serve:location will make /path/to/serve
## browsable at http://http-replicator.com:port/location
DAEMON_OPTS=$DAEMON_OPTS --alias /usr/portage/packages/All:All
## Dir to hold the log file:
DAEMON_OPTS=$DAEMON_OPTS --log /var/log/http-replicator.log
## Make the log messages less and less verbose.
## Up to four times to make it extremely quiet.
#DAEMON_OPTS=$DAEMON_OPTS --quiet
#DAEMON_OPTS=$DAEMON_OPTS --quiet
## Make the log messages extra verbose for debugging.
#DAEMON_OPTS=$DAEMON_OPTS --debug
## The ip addresses from which access is allowed. Can be used as many times
## as necessary. Access from localhost is allowed by default.
DAEMON_OPTS=$DAEMON_OPTS --ip 192.168.*.*
DAEMON_OPTS=$DAEMON_OPTS --ip 10.*.*.*
## The proxy port on which the server listens for http requests:
DAEMON_OPTS=$DAEMON_OPTS --port 8080
Re: [gentoo-user] Apache ?!?
Hi Sasha and happy Gentoo people,
I have it running. I believe the lines that follow this one :
Srv PID Acc M CPU SS Req ConnChild Slot
Client VHost Request
are the ones that are going to give me an answer.
The start of the page gives me this information :
Current Time: Tuesday, 28-Feb-2006 20:14:15 CET
Restart Time: Tuesday, 28-Feb-2006 19:54:28 CET
Parent Server Generation: 0
Server uptime: 19 minutes 47 seconds
Total accesses: 219 - Total Traffic: 1.4 MB
CPU Usage: u5.88 s.8 cu0 cs0 - .563% CPU load
.184 requests/sec - 1263 B/second - 6.7 kB/request
31 requests currently being processed, 5 idle servers
This long after my swap space got filled. That only takes about 2 minutes. And
doesn't get filled with Apache not running. The CPU load doesn't rise higher
then 5%.
If I understand the lines at the bottom of the page. And the direction you are
heading at. Then my problem is site related. Only how do I know which one
causes it. Or where do I have to pay the most attention at when looking at the
outcome? Which always changes, I don't see anything looking different, or
sticking out from the rest.
Many thanks,
William.
On Tue, 28 Feb 2006 21:32:31 +0300
Alexander Kirillov [EMAIL PROTECTED] wrote Re: [gentoo-user] Apache ?!? :
If you've enabled server-status handler
this might give you an idea of what apache threads are doing
when it's eating up your resources.
HTH,
Sasha
That's just what buggers me the most. NO. If only I did I would know how to
get back.
It's happening for some time now. Only since yesterday evening it's
persistent. When it first came to my attention I was thinking at a cron job
that triggered something, or a visitor. Even without any cron jobs running
it's happening. And it is not visitor related. At least not as far as I can
figure out true there IP-numbers and so on. I was thinking this because I
had the impression that it happened on a regular basis, every two weeks or
so. When I then stopped Apache for a few seconds and restarted Apache again
everything was back to normal.
I now have been uninstalling everything that I could miss for a while, even
stopped Apache for several hours. No result. The only thing that happens is
a very slow server.
Did you change something in the apache configuration or anything else?
Just a question. Has anyone experienced the fact that Apache is eating up
all the server resources and filling all swap space? Where do I find the
reason why? Or in what log-file do I look for what reason? The server runs
a Drupal based site if that should matter. Only after restarting Apache it
directly goes true the roof. As well as I am at the moment.
To be honest, it runs on Debian. I know, I know, if only I had the nerves
to install Gentoo on it from a distance. Then I would be as happy as my
home system running day after day without stopping, thanks to Gentoo. Only
I don't want to surprise the hosting company and tell them to please fix my
ssh connection. At least not for now ;-)
Thanks in advance, why aren't all systems like Gentoo. It could also be
possible that it's me being to stupid :-)
Cheers,
William.
--
\|/ \|/_ _ ` _ '
@~/ ,. \~@ o' \,=./ `o - (_) -
(o -) /_( \__/ )_\ (o o) ' `
+---ooO--(_)--Ooo-\__U_/ooO--(_)--Ooo--+
http://www.meewi.be SMILE
http://www.ladiescycling.net it cost nothing and
http://www.hostinglc.net it's beyond price !
signature.asc
Description: PGP signature
Re: [gentoo-user] Apache ?!?
Hi William, You should also have the list of workers with the DOCUMENTS they are currently serving. If you don't, check if ExtendedStatus is On in httpd.conf. If you're using any scripting engines server-side you probably should check the limits on the resources your scripts may consume. Like max_execution_time, memory_limit, mysql.connect_timeout and so on if it's PHP. HTH, Sasha I have it running. I believe the lines that follow this one : Srv PID Acc M CPU SS Req ConnChild Slot Client VHost Request are the ones that are going to give me an answer. The start of the page gives me this information : Current Time: Tuesday, 28-Feb-2006 20:14:15 CET Restart Time: Tuesday, 28-Feb-2006 19:54:28 CET Parent Server Generation: 0 Server uptime: 19 minutes 47 seconds Total accesses: 219 - Total Traffic: 1.4 MB CPU Usage: u5.88 s.8 cu0 cs0 - .563% CPU load .184 requests/sec - 1263 B/second - 6.7 kB/request 31 requests currently being processed, 5 idle servers This long after my swap space got filled. That only takes about 2 minutes. And doesn't get filled with Apache not running. The CPU load doesn't rise higher then 5%. If I understand the lines at the bottom of the page. And the direction you are heading at. Then my problem is site related. Only how do I know which one causes it. Or where do I have to pay the most attention at when looking at the outcome? Which always changes, I don't see anything looking different, or sticking out from the rest. If you've enabled server-status handler this might give you an idea of what apache threads are doing when it's eating up your resources. HTH, Sasha That's just what buggers me the most. NO. If only I did I would know how to get back. It's happening for some time now. Only since yesterday evening it's persistent. When it first came to my attention I was thinking at a cron job that triggered something, or a visitor. Even without any cron jobs running it's happening. And it is not visitor related. At least not as far as I can figure out true there IP-numbers and so on. I was thinking this because I had the impression that it happened on a regular basis, every two weeks or so. When I then stopped Apache for a few seconds and restarted Apache again everything was back to normal. I now have been uninstalling everything that I could miss for a while, even stopped Apache for several hours. No result. The only thing that happens is a very slow server. Did you change something in the apache configuration or anything else? Just a question. Has anyone experienced the fact that Apache is eating up all the server resources and filling all swap space? Where do I find the reason why? Or in what log-file do I look for what reason? The server runs a Drupal based site if that should matter. Only after restarting Apache it directly goes true the roof. As well as I am at the moment. To be honest, it runs on Debian. I know, I know, if only I had the nerves to install Gentoo on it from a distance. Then I would be as happy as my home system running day after day without stopping, thanks to Gentoo. Only I don't want to surprise the hosting company and tell them to please fix my ssh connection. At least not for now ;-) Thanks in advance, why aren't all systems like Gentoo. It could also be possible that it's me being to stupid :-) Cheers, William. -- gentoo-user@gentoo.org mailing list
