[lfs-support] LFS 7.5 - Ch. 6.37 - Inetutils check.
Happy EASTER ! Just a small note that the check will fail on the ping localhost test if IPv6 is not configured on the base system. This shouldn't actually be a FAIL but a WARNING. But I guess that's for the maintainer to change :) Regards, D. -- http://linuxfromscratch.org/mailman/listinfo/lfs-support FAQ: http://www.linuxfromscratch.org/lfs/faq.html Unsubscribe: See the above information page
[lfs-support] LFS 7.5 - Chapter 6 - glibc patch
Heya, the patch for glibc in Chapter 6 is missing in the tar package as well as in the download links. Had to download it through the book, Chapter 3. Regards, Daniel -- http://linuxfromscratch.org/mailman/listinfo/lfs-support FAQ: http://www.linuxfromscratch.org/lfs/faq.html Unsubscribe: See the above information page
Re: [lfs-support] LFS 7.5 - Chapter 6 - glibc patch
On Sat, 2014-04-19 at 15:41 -0500, Bruce Dubbs wrote: loki wrote: the patch for glibc in Chapter 6 is missing in the tar package as well as in the download links. I see that it is missing in the tarball, but which download link are you referring to? It does appear to be missing from the 7.5 md5sums and wget-list files also. I'll fix that later today. -- Bruce http://www.linuxfromscratch.org/lfs/download.html And then for instance: http://ftp.lfs-matrix.net/pub/lfs/lfs-packages/7.5/ http://ftp.osuosl.org/pub/lfs/lfs-packages/7.5/ Those are the 2 I tried.. Regards, D. -- http://linuxfromscratch.org/mailman/listinfo/lfs-support FAQ: http://www.linuxfromscratch.org/lfs/faq.html Unsubscribe: See the above information page
[lfs-support] OpenSSL Heartbleed-bug
Hey all, unfortunatly you can't find much heartbleed bug info on the net for administrators. So I will try my luck here. I have some https websites and a openvpn server. My questions are: 1.) Is it enough for me to recompile only OpenSSL or do I have to recompile OpenSSH, apache, OpenVPN? 2.) Do I have to recreate the selfsigned certs for WWW even if I don't use any passwords for the private key? (After I update OpenSSL) 3.) Do I have to recreate the keys used for the users of OpenVPN? (After I update OpenSSL) Thanks in advance, L -- http://linuxfromscratch.org/mailman/listinfo/lfs-support FAQ: http://www.linuxfromscratch.org/lfs/faq.html Unsubscribe: See the above information page
Re: [lfs-support] What are the SERVICES of ifconfig.eth0 but ip4-static for ppp?
On Fri, 2014-03-21 at 16:28 -0700, Golam Md. Shibly wrote: cd /etc/sysconfig/ cat ifconfig.eth0 EOF ONBOOT=yes IFACE=eth0 #SERVICE=ipv4-static #IP=192.168.1.1 #GATEWAY=192.168.1.2 #PREFIX=24 #BROADCAST=192.168.1.255 EOF What are the SERVICES of ifconfig.eth0 but ip4-static for ppp? I tried: SERVICE=ipv4-dynamicSERVICE=ipv4-dhcpSERVICE=dhcpSERVICE=dynamic Got error with these options. Thanks shibly Maybe these links can help you: http://www.linuxfromscratch.org/blfs/view/6.3/basicnet/ppp.html http://cblfs.cross-lfs.org/index.php/PPP -- http://linuxfromscratch.org/mailman/listinfo/lfs-support FAQ: http://www.linuxfromscratch.org/lfs/faq.html Unsubscribe: See the above information page
Re: [lfs-support] Exotic lfs compiling question
On Thu, 2014-02-20 at 23:18 +, Ken Moffat wrote: On Thu, Feb 20, 2014 at 04:49:29PM +0100, loki wrote: Kernel is 2.6.35.3. For the future, you _might_ want to think about using a long-term-supported stable kernel (at the moment, 3.10), or even updating your kernel once or twice a year. ĸen -- das eine Mal als Tragödie, dieses Mal als Farce But the Kernel is not the problem here. The server is functioning properly. I could've update the Kernel and I did, but after this Kernel they introduced the latency problem which the Kernel developer didn't resolve until today. And I wouldn't change the Kernel if I didn't have found the bfq patch for the Kernel 3. The only mistake that I made with this server was not to implement LVM. Which I'm going to rectify now. And with this I can also update the complete system, not because I have to but because I can. Thanks for your reply... -- http://linuxfromscratch.org/mailman/listinfo/lfs-support FAQ: http://www.linuxfromscratch.org/lfs/faq.html Unsubscribe: See the above information page
Re: [lfs-support] Exotic lfs compiling question
On Thu, 2014-02-20 at 10:56 -0600, Bruce Dubbs wrote: This may help: http://www.linuxfromscratch.org/~bdubbs/files/updating-lfs.html -- Bruce Yup. It did. Thanks. That is a procedure that I was thinking about. I will try to combine your procedure and the hints from William and will see how far I get with that. As long as the server runs I have all the time of the world so if something goes wrong in the chroot, delete and start again. The only point where I have to be 100% certain is the transition between the old and the new system. Fortunatly there is Clonezilla :) Thank you all. All this info helped me a lot and I already started updating the server :) Daniel attachment: face-smile.png-- http://linuxfromscratch.org/mailman/listinfo/lfs-support FAQ: http://www.linuxfromscratch.org/lfs/faq.html Unsubscribe: See the above information page
[lfs-support] Exotic lfs compiling question
Heya all. Need some help. I have an old lfs installation which is in production use, for the past 5-6 years. I guess it's version 6.3 or something since it has kernel 2.6 on it. It is time to install a new version on it. But there are the following problems: 1.) Since it is in production it can't be offline longer than 3 hrs. So the new lfs has to be compiled while the old dist is still running and then when everything is finished just copied to root. 2.) The compilation has to be done on this machine. 3.) There can't be installed any other distribution (Ubuntu, RedHat,...) or any virtual machine. 4.) Obviously I can't compile lfs 7.4 with 6.3. So here is what I need. Which lfs version can I use as a jump pad. For instance can I compile 7.0 with 6.3 and then compile 7.4 with 7.0? I can use chroot on this machine. And it isn't a problem even if I have to do a three step compile (i.e. 6.3 - 7.0 - 7.1 - 7.4) So the question is can I compile some version of lfs which can be compiled on 6.3 and can compile 7.4 and can I do both or more compilations in chroot? THX in advance... Daniel -- http://linuxfromscratch.org/mailman/listinfo/lfs-support FAQ: http://www.linuxfromscratch.org/lfs/faq.html Unsubscribe: See the above information page
Re: [lfs-support] Exotic lfs compiling question
On Thu, 2014-02-20 at 09:06 -0600, William Harrington wrote: If your running kernel is up to at least 2.6.32 then default glibc configure options will work. If it is less than 2.6.32, then you'll need to adjust the glibc configure commands otherwise you will get FATAL: Kernel too old once you start using the new glibc in tools. Kernel is 2.6.35.3. Other than upgrading tar if not already so it'll us xz, and add xz to your system. This shouldn't be a problem. 6.3 still meets the host system requirements outside of the running kernel update, tar update, and addition of xz. Gawk 4.1 upgrade isn't necessary as 3.15 even still works when building tools. However, you may want to anyway. Without upgrading the kernel headers you won't be able to upgrade your host's e2fsprogs to 1.42 and upgrade udev. You'll also need to upgrade make. Ok, there I don't know if I have a problem. A small info on the server that I wan't to update. It's a Database server with MySQL 5.1.45, PostgreSQL 9.1.8, and the most problematic one is ArcSDE 10.1 DB connector which has some dependant X11 libraries. I don't know how it will react with upgraded kernel headers, Gawk, e2fs and especially udev. And for udev I also dread if the bonding of 4 network cards and the Adaptec RAID adapter will have problems. As I said I can turn off the machine only for 3 hrs and that is the complete fallout that it can have for this year. So I would go with less if I can. The DB backup will take me 20mins, the filesystem adaptation another 15min, and then I have 2:25hrs for problems. I would like to have no problems. :) This machine has been offline for 2hrs in summary for the past 4yrs. I even thought to put another machine in its place until I finish the compilation but unfortunatly I don't have another machine which could cope with the load. I updated the lfs livecd a while back to build 7.x versions. you can look at my notes to see what I upgraded. If I didn't upgrade something to the newest version and it is stuck at an old version, namely udev and e2fsprogs, it is cause of the old kernel headers installed. http://clfs.org/~kb0iic/livecdupd/ Thanks, will check it. And thank you for your answer. Daniel attachment: face-smile.png-- http://linuxfromscratch.org/mailman/listinfo/lfs-support FAQ: http://www.linuxfromscratch.org/lfs/faq.html Unsubscribe: See the above information page
[lfs-support] CLFS
Heya, just wanted to ask what happened to CLFS? On the address http://www.cross-lfs.org/ I'm getting a Domain for Sale. Regards, Daniel -- http://linuxfromscratch.org/mailman/listinfo/lfs-support FAQ: http://www.linuxfromscratch.org/lfs/faq.html Unsubscribe: See the above information page
Re: [lfs-support] LFS 7.4 - Chapter 8.4 - GRUB
On Wed, 2013-12-18 at 16:16 +0100, loki wrote: ... This gets me to the point that it starts the kernel, finds sda, sdb,. states that it Failed to execute /init, sh: cannot set terminal process group (-1): Inappropiate ioctl for device sh: no job control in this shell and there it stops after some more lines from the kernel regarding usb. It is not in a kernel panic because I can scroll the kernel output ... Small update: Solved the init problem as well. It was a kernel config mistake. BINFMT_SCRIPT. Forgot to turn it on for initramfs and scripted init. Thanks all and have a Merry Christmas and a Happy New Year... 0[]:-) -- http://linuxfromscratch.org/mailman/listinfo/lfs-support FAQ: http://www.linuxfromscratch.org/lfs/faq.html Unsubscribe: See the above information page
Re: [lfs-support] LFS 7.4 - Chapter 8.4 - GRUB
On Wed, 2013-12-18 at 14:31 -0600, William Harrington wrote: Don't optimize the bootloader. Grub doesn't need optimizations. No bootloader needs optimization from gcc. You are dealing, also, with assmebly that the authors write for the target platform. Segfaults commonly come from grub when using optimizations. Also, may as well install strace and gdb and debug. I write this because grub, in the past has, segfaulted when using -O3 or -march set, even from before Grub 1. Even when using -O3 you can get a loading grub... message that hangs. Rebuild grub without optimizations and return with results. SIncerely, William Harrington Yup. Don't use optimizations with GRUB :) Turned them off and grub now works from chroot. Still have the init problem from initramfs but that's another story. Thanks... attachment: face-smile.png-- http://linuxfromscratch.org/mailman/listinfo/lfs-support FAQ: http://www.linuxfromscratch.org/lfs/faq.html Unsubscribe: See the above information page
Re: [lfs-support] LFS 7.4 - Chapter 8.4 - GRUB
On Wed, 2013-12-18 at 09:24 -0600, Dan McGhee wrote: Are you trying to do this on a UEFI system? Dan Nope. I'm not even sure that this old rig is EFI capable :) And secondly I'm too lazy to learn it since for the servers that I use 4 primary partitions is the most I'm going to use and the other gizmos and gadgets that EFI has are also overkill. :) And I'm somewhat old school, I don't believe that the computer itself should have a full fledged operating system embedded on it. I'm from the Kickstart Disk generation. Basic Input Output System, just get it to the state where the operating system can take the computer over and then vanish. But at the end I'm very reluctant to use something that is embedded on the machine and has the touch of MICROSOFT on it. :p On Wed, 2013-12-18 at 10:08 -0600, William Harrington wrote: Did you use optimizations while building grub? Sincerely, William Harrington Yup. -O3 -march=native. And that said, something comes into my mind that I've read somewhere that grub does not play well with -O3. Thanks. Will try that on Friday. On Wed, 2013-12-18 at 10:32 -0600, Bruce Dubbs wrote: I've always thought that not having a separate /boot partition that is separate from any raid device makes things unnecessarily complicated. The typical size of 100-200 Mb is trivial on today's drives and the fact that it is read mostly means that backups should be easy. -- Bruce Agree 100% with you on that but my 20+ machines showed me that grub2, at least since LFS 7.2, plays very well with software raid1. And I have this obsessive compulsive 'optimization' behavior and not using raid on the boot here would leave me a partition of 200MB barren on one of the HDs and that would bother me a lot :). It would rob me of my sleep at night. But I have to admit that this is the first time that I'm using metadata version 1.2 on the boot partition. Until now I've always used v1.0. But I didn't prepare this machine, my young apprentice did, and I was just to lazy to rectify it. And I wanted to see what happens. :) Thanks all. Will keep you informed after I try compiling grub without optimizations on. Regards... attachment: face-smile.png-- http://linuxfromscratch.org/mailman/listinfo/lfs-support FAQ: http://www.linuxfromscratch.org/lfs/faq.html Unsubscribe: See the above information page
Re: [lfs-support] Chapter 9 device is busy
My first guess would be that you didn't get out of chroot with the command logout. Now that we have said that, lets move on to booting our shiny new LFS installation for the first time! First exit from the chroot environment: logout My second guess would be that your using multiple terminals and you didn't declare the LFS variable. On Mon, 2013-09-09 at 20:46 +0800, Rob Chua wrote: can you help me with this? root@rob:/home/rob# umount -v $LFS/dev/pts umount: /dev/pts: device is busy. (In some cases useful info about processes that use the device is found by lsof(8) or fuser(1)) root@rob:/home/rob# if [ -h $LFS/dev/shm ]; then link=$(readlink $LFS/dev/shm) umount -v $LFS/$link unset link else umount -v $LFS/dev/shm fi shm has been unmounted root@rob:/home/rob# umount -v $LFS/dev umount: /dev: device is busy. (In some cases useful info about processes that use the device is found by lsof(8) or fuser(1)) root@rob:/home/rob# umount -v $LFS/proc umount: /proc: device is busy. (In some cases useful info about processes that use the device is found by lsof(8) or fuser(1)) root@rob:/home/rob# umount -v $LFS/sys umount: /sys: device is busy. (In some cases useful info about processes that use the device is found by lsof(8) or fuser(1)) -- http://linuxfromscratch.org/mailman/listinfo/lfs-support FAQ: http://www.linuxfromscratch.org/lfs/faq.html Unsubscribe: See the above information page
Re: [lfs-support] Network boot script - LFS 7.3
Took me some month :) It's working. Here's the setup: ifconfig.address.lan0: ONBOOT=yes IFACE=lan0 SERVICE=ipv4-static IP=10.0.66.66 PREFIX=16 ifconfig.address.wan0 ONBOOT=yes IFACE=wan0 SERVICE=ipv4-static IP=121.211.212.123 PREFIX=28 GATEWAY=121.211.212.113 ifconfig.statroute.lan0 ONBOOT=yes IFACE=lan0 SERVICE=ipv4-static-route IP=192.168.0.0 PREFIX=16 STATIC_GATEWAY=10.0.0.254 ifconfig.statroute.wan0 ONBOOT=yes IFACE=wan0 SERVICE=ipv4-static-route TYPE=host IP=36.121.79.0 STATIC_GATEWAY=wan0 PREFIX=25 ip a: 2: wan0: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000 link/ether xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff inet 121.211.212.123/28 scope global wan0 valid_lft forever preferred_lft forever 3: lan0: BROADCAST,MULTICAST,UP,LOWER_UP mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff inet 10.0.66.66/16 scope global lan0 valid_lft forever preferred_lft forever ip r: default via 121.211.212.113 dev wan0 10.0.0.0/16 dev lan0 proto kernel scope link src 10.0.66.66 36.121.79.0/25 dev wan0 scope link 192.168.0.0/16 via 10.0.0.254 dev lan0 121.211.212.112/28 dev wan0 proto kernel scope link src 121.211.212.123 Thx... On Sat, 2013-06-08 at 19:34 -0500, Bruce Dubbs wrote: loki wrote: On Fri, 2013-06-07 at 15:53 -0500, Bruce Dubbs wrote: I think I see what you mean. What happens if we add a new variable to the ifconfig script: STATIC_GATEWAY=10.0.5.5 and change GATEWAY to STATIC_GATEWAY in the ipv4-static-route script? Sounds good. Will try that as soon as I finish the new server, that is as soon as I solve the binutils problem. We could also add a small check to ensure both GATEWAY and STATIC_GATEWAY are not both defined. That would cause problems when using the ipv4-static-route script. Lost you there. Do you mean if someone puts GATEWAY and STATIC_GATEWAY vars in the same file? Yes. If we use STATIC_GATEWAY in ipv4-static-route, we want to skip the GATEWAY code in ifup. -- Bruce attachment: face-smile.png-- http://linuxfromscratch.org/mailman/listinfo/lfs-support FAQ: http://www.linuxfromscratch.org/lfs/faq.html Unsubscribe: See the above information page
[lfs-support] Migrate bc to lfs?
Heya, following error came up when I compiled the kernel: LD arch/x86/built-in.o CC kernel/fork.o CC kernel/exec_domain.o CC kernel/panic.o CC kernel/printk.o CC kernel/cpu.o CC kernel/exit.o CC kernel/itimer.o HZFILE kernel/hz.bc BC kernel/timeconst.h /bin/sh: bc: command not found make[1]: *** [kernel/timeconst.h] Error 127 make: *** [kernel] Error 2 root:/usr/src/linux-3.9.5# LFS is 7.3. Kernel is 3.9.5. I took the easy road and compiled bc since I'm going to need it anyway for SSH. I was too lazy to find which configuration parameter in the kernel source should be disabled. :) But this brings the question, should bc be migrated from BLFS to LFS since sometimes it is needed for the kernel compilation in Chapter 8.3. Regards, Daniel -- attachment: face-smile.png-- http://linuxfromscratch.org/mailman/listinfo/lfs-support FAQ: http://www.linuxfromscratch.org/lfs/faq.html Unsubscribe: See the above information page
Re: [lfs-support] Migrate bc to lfs?
On Wed, 2013-07-17 at 10:01 +0200, Pierre Labastie wrote: Le 17/07/2013 09:51, loki a écrit : [...] But this brings the question, should bc be migrated from BLFS to LFS since sometimes it is needed for the kernel compilation in Chapter 8.3. Regards, Daniel It has been already migrated, see SVN revision 10258. Pierre Sorry, am a little bit behind :) attachment: face-smile.png-- http://linuxfromscratch.org/mailman/listinfo/lfs-support FAQ: http://www.linuxfromscratch.org/lfs/faq.html Unsubscribe: See the above information page
Re: [lfs-support] binutils check problem (Chapter 6.13)
On Fri, 2013-06-07 at 22:05 +0200, loki wrote: Heya, am having binutils test problems. I thought that it was the same as the problem I had in April with memory and the swap size. But this time it is something different. The setup is simillar Pentium 4 and 512MB. Any ideas? Heya, tried a new build. The same error. The host system is ubuntu 12.04. The compile itself was without errors. Can I install binutils even with this make check error? Here are some more details: excerpt from gas.log: ../as-new -o dump.o /sources/binutils-2.23.1/gas/testsuite/gas/i386/rept.s Executing on host: sh -c {../as-new -o dump.o /sources/binutils-2.23.1/gas/testsuite/gas/i386/rept.s 21} /dev/null gas.out (timeou t = 300) spawn [open ...] sh: line 1: 10493 Killed ../as-new -o dump.o /sources/binutils-2.23.1/gas/testsuite/gas/i386/rept.s 21 sh: line 1: 10493 Killed ../as-new -o dump.o /sources/binutils-2.23.1/gas/testsuite/gas/i386/rept.s 21 /sources/binutils-build/gas/testsuite/../../binutils/nm-new --extern-only dump.o Executing on host: sh -c {/sources/binutils-build/gas/testsuite/../../binutils/nm-new --extern-only dump.o dump.out 2gas.stderr} /d ev/null (timeout = 300) spawn [open ...] extra regexps in /sources/binutils-2.23.1/gas/testsuite/gas/i386/rept.d starting with ^0+0 D _pad_data$ EOF from dump.out FAIL: gas/i386/rept make check: Running /sources/binutils-2.23.1/gas/testsuite/gas/z8k/z8k.exp ... === gas Summary === # of expected passes 370 # of unexpected failures 1 ../as-new 2.23.1 make[4]: *** [check-DEJAGNU] Error 1 make[4]: Leaving directory `/sources/binutils-build/gas' make[3]: *** [check-am] Error 2 make[3]: Leaving directory `/sources/binutils-build/gas' make[2]: *** [check-recursive] Error 1 make[2]: Leaving directory `/sources/binutils-build/gas' make[1]: *** [check-gas] Error 2 make[1]: Leaving directory `/sources/binutils-build' make: *** [do-check] Error 2 free: root@ubuntu:/mnt/lfs/srv# free total used free sharedbuffers cached Mem:507328 282724 224604 0 6624 191652 -/+ buffers/cache: 84448 422880 Swap: 2097148 80362089112 df -h: root@ubuntu:/mnt/lfs/srv# df -h Filesystem Size Used Avail Use% Mounted on /cow248M 160M 89M 65% / udev240M 4.0K 240M 1% /dev tmpfs 100M 756K 99M 1% /run /dev/sdc1 1.9G 693M 1.2G 37% /cdrom /dev/loop0 663M 663M 0 100% /rofs tmpfs 248M 0 248M 0% /tmp none5.0M 0 5.0M 0% /run/lock none248M 0 248M 0% /run/shm /dev/md3 15G 1.5G 13G 11% /mnt/lfs /dev/md1194M 5.6M 179M 4% /mnt/lfs/boot /dev/md4 58G 2.2G 53G 4% /mnt/lfs/srv shm 248M 0 248M 0% /mnt/lfs/run/shm cat /proc/cpuinfo processor : 0 vendor_id : GenuineIntel cpu family: 15 model : 2 model name: Intel(R) Pentium(R) 4 CPU 2.60GHz stepping : 9 microcode : 0x17 cpu MHz : 2605.942 cache size: 512 KB physical id : 0 siblings : 1 core id : 0 cpu cores : 1 apicid: 0 initial apicid: 0 fdiv_bug : no hlt_bug : no f00f_bug : no coma_bug : no fpu : yes fpu_exception : yes cpuid level : 2 wp: yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe pebs bts cid xtpr bogomips : 5211.88 clflush size : 64 cache_alignment : 128 address sizes : 36 bits physical, 32 bits virtual power management: processor : 1 vendor_id : GenuineIntel cpu family: 15 model : 2 model name: Intel(R) Pentium(R) 4 CPU 2.60GHz stepping : 9 microcode : 0x17 cpu MHz : 2605.942 cache size: 512 KB physical id : 0 siblings : 1 core id : 0 cpu cores : 0 apicid: 1 initial apicid: 1 fdiv_bug : no hlt_bug : no f00f_bug : no coma_bug : no fpu : yes fpu_exception : yes cpuid level : 2 wp: yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe pebs bts cid xtpr bogomips : 5212.09 clflush size : 64 cache_alignment : 128 address sizes : 36 bits physical, 32 bits virtual power management: If you need anything else I will provide. Thanks in advance. -- http://linuxfromscratch.org/mailman/listinfo/lfs-support FAQ: http://www.linuxfromscratch.org/lfs/faq.html Unsubscribe: See the above information page
Re: [lfs-support] Network boot script - LFS 7.3
On Fri, 2013-06-07 at 15:53 -0500, Bruce Dubbs wrote: I think I see what you mean. What happens if we add a new variable to the ifconfig script: STATIC_GATEWAY=10.0.5.5 and change GATEWAY to STATIC_GATEWAY in the ipv4-static-route script? Sounds good. Will try that as soon as I finish the new server, that is as soon as I solve the binutils problem. We could also add a small check to ensure both GATEWAY and STATIC_GATEWAY are not both defined. That would cause problems when using the ipv4-static-route script. Lost you there. Do you mean if someone puts GATEWAY and STATIC_GATEWAY vars in the same file? -- Bruce Regards... -- http://linuxfromscratch.org/mailman/listinfo/lfs-support FAQ: http://www.linuxfromscratch.org/lfs/faq.html Unsubscribe: See the above information page
Re: [lfs-support] Network boot script - LFS 7.3
On Thu, 2013-06-06 at 10:54 -0500, Bruce Dubbs wrote: I can't look at this for a few days, but I'll try to get to it over the week end. -- Bruce OK. I'm in the process of preparing a new server with LFS 7.3. Also a complicated network scenario. Should be finished on Sunday so if you want I can test any new scripts. Regards... -- http://linuxfromscratch.org/mailman/listinfo/lfs-support FAQ: http://www.linuxfromscratch.org/lfs/faq.html Unsubscribe: See the above information page
[lfs-support] binutils check problem (Chapter 6.13)
Heya, am having binutils test problems. I thought that it was the same as the problem I had in April with memory and the swap size. But this time it is something different. The setup is simillar Pentium 4 and 512MB. Any ideas? ../as-new -o dump.o /sources/binutils-2.23.1/gas/testsuite/gas/i386/rept.s Executing on host: sh -c {../as-new -o dump.o /sources/binutils-2.23.1/gas/testsuite/gas/i386/rept.s 21} /dev/null gas.out (timeou t = 300) spawn [open ...] sh: line 1: 28527 Killed ../as-new -o dump.o /sources/binutils-2.23.1/gas/testsuite/gas/i386/rept.s 21 sh: line 1: 28527 Killed ../as-new -o dump.o /sources/binutils-2.23.1/gas/testsuite/gas/i386/rept.s 21 /sources/binutils-build/gas/testsuite/../../binutils/nm-new --extern-only dump.o Executing on host: sh -c {/sources/binutils-build/gas/testsuite/../../binutils/nm-new --extern-only dump.o dump.out 2gas.stderr} /d ev/null (timeout = 300) spawn [open ...] extra regexps in /sources/binutils-2.23.1/gas/testsuite/gas/i386/rept.d starting with ^0+0 D _pad_data$ EOF from dump.out FAIL: gas/i386/rept -- http://linuxfromscratch.org/mailman/listinfo/lfs-support FAQ: http://www.linuxfromscratch.org/lfs/faq.html Unsubscribe: See the above information page
Re: [lfs-support] Network boot script - LFS 7.3
On Wed, 2013-06-05 at 12:03 -0500, Bruce Dubbs wrote: Thx for the reply. The changes were made to support bridging in April 2012. If you just comment out the GATEWAY entry in /etc/sysconfig/ifconfig.dev, wouldn't that do what you want? Nope. Then it wouldn't set up a route. For instance I'm setting up ifconfig.1.eth0 (SERVICE ipv4-static, ADDRESS 10.0.44.33/16) without a default gateway. Not needed. Then in the next ifconfig.2.eth0 I want to setup a static route towards 192.168.0.0/16 through a router which is on 10.0.5.5/16 I have to put 10.0.5.5 as the gateway for this route with SERVICE ipv4-static-route and TYPE network and ADDRESS 192.168.0.0/16. Because of the /sbin/ifup script it won't be ip r add 192.168.0.0/16 via 10.0.5.5 dev eth0 but it will be ip r add default via 10.0.5.5 dev eth0. But 10.0.5.5 is not my default gateway it's just a gateway for 192.168.0.0/16. I could circumvent that by renaming the ifconfig file that has the default gateway in it to be in the first place in the directory. The script as it is now with default gateway in /sbin/ifup will always put the very first GATEWAY that it comes accross as the default gateway. In my opinion the part for default gateway should go back to ipv4-static. Note that you can set SERVICE to do more than ont thing. For example: SERVICE=bridge ipv4-static # Space separated Yep. Know that. But in my setup this wouldn't help either. -- Bruce -- http://linuxfromscratch.org/mailman/listinfo/lfs-support FAQ: http://www.linuxfromscratch.org/lfs/faq.html Unsubscribe: See the above information page
[lfs-support] Network boot script - LFS 7.3
Heya all, wanted just to point to a small bug in the network boot scripts. (/sbin/ifup; /sbin/ifdown; /lib/lsb/ipv4-static; /lib/lsb/ipv4-static-route; /etc/init.d/network ) For simple network setups it isn't a problem but for complex route setups it is. The problem is in /sbin/ifup. The problematic part is: # Set the route default gateway if requested if [ -n ${GATEWAY} ]; then if ip route | grep -q default; then log_warning_msg \nGateway already setup; skipping. else log_info_msg Setting up default gateway... ip route add default via ${GATEWAY} dev ${IFACE} evaluate_retval fi fi It will always set up a default gateway even if you don't want one for instance if you use TYPE=ipv4-static-route So if you have multiple network cards with several static routes it will setup the first one it reads as default gateway and the other it won't setup at all. I.E.: Two network cards. 1. network card eth0 (Address 10.0.0.0/16 and routes for 192.168.0.0/16 via 10.0.0.1 and 172.16.0.0/16 via 10.0.0.1) 2. network card eth1 (Address 5.5.5.5/24 and default gateway through 5.5.5.1) With this setup it will put default gateway through 10.0.0.1 and the rest it won't setup because it states that the default gateway is already setup. I had the problem. I installed the network scripts from LFS 7.0 and they work as expected. Thanks... -- http://linuxfromscratch.org/mailman/listinfo/lfs-support FAQ: http://www.linuxfromscratch.org/lfs/faq.html Unsubscribe: See the above information page
Re: [lfs-support] 6.13 Binutils test suite fails one test
On Tue, 2013-03-19 at 17:38 -0500, Bruce Dubbs wrote: I took a look and the file you want is binutils-build/gas/testsuite/gas.log. I can't reproduce your failure, so you need to look. What I have is: Have the same problem. Here's the relevant part: PASS: i386 space1 ../as-new -o dump.o /sources/binutils-2.23.1/gas/testsuite/gas/i386/rept.s Executing on host: sh -c {../as-new -o dump.o /sources/binutils-2.23.1/gas/testsuite/gas/i386/rept.s 21} /dev/null gas.out (timeout = 300) spawn [open ...] /sources/binutils-build/gas/.libs/lt-as-new: out of memory allocating 550502401 bytes after a total of 135168 bytes /sources/binutils-build/gas/.libs/lt-as-new: out of memory allocating 550502401 bytes after a total of 135168 bytes /sources/binutils-build/gas/testsuite/../../binutils/nm-new --extern-only dump.o Executing on host: sh -c {/sources/binutils-build/gas/testsuite/../../binutils/nm-new --extern-only dump.o dump.out 2gas.stderr} /dev/null (timeout = 300) spawn [open ...] /sources/binutils-build/binutils/.libs/lt-nm-new: 'dump.o': No such file FAIL: gas/i386/rept It's an older machine, Intel III with 512MB. -- Daniel -- http://linuxfromscratch.org/mailman/listinfo/lfs-support FAQ: http://www.linuxfromscratch.org/lfs/faq.html Unsubscribe: See the above information page
Re: [lfs-support] 6.13 Binutils test suite fails one test
On Sun, 2013-04-07 at 14:55 -0500, Bruce Dubbs wrote: gcc uses a lot of space. Allocate about 2G of swap and it should be OK, but slow. -- Bruce Working. THX... -- http://linuxfromscratch.org/mailman/listinfo/lfs-support FAQ: http://www.linuxfromscratch.org/lfs/faq.html Unsubscribe: See the above information page
[lfs-support] Network config (Chapters 7.2 and 7.6 of the LFS book 7.1)
Heya, wanted just to give my two cents regarding the new sysconfig/ifconfig.eth# methodolgy. With the old one (network-devices directory) I had the possibility to put more then one option for one ethernet card (for instance one ip address and two static routes within 3 files). With the new methodology I have to change the init scripts, have to hardcode additional options into scripts and such. The new one is better for simple setups. The old one is better for complex setups. And at the end I installed the old ones :-) L... === Mrvos Daniel Gradska Uprava Grada Panceva Odeljenje Informatika TIS - Projekat Trg Kralja Petra I 2-4 26000 Pancevo +381 - 13 - 344422 - Lok 325 t...@pancevo.rs mrvos.dan...@pancevo.rs === -- http://linuxfromscratch.org/mailman/listinfo/lfs-support FAQ: http://www.linuxfromscratch.org/lfs/faq.html Unsubscribe: See the above information page
Re: [lfs-support] LFS + Rootkits
...and a rootkit was installed. A very interesting story. I'm interested how a regular user was able to install a rootkit. I realize that you may not know. Didn't have the time to analyse that but I presume through privilege escalation. Cause this user had direct access to the running service. Another possibility would be through kernel modules. When I logged in and tried to ls I saw that ls gave me a segmentation fault error. After some more minutes I saw that there are some files that I didn't install. Can you say what the file names/locations were? Can't remember anymore. I have it saved somewhere. But one of the tools I never install is netstat. The changed apps where ls, ps, dir. When I analyse it I will get back to you. May I suggest tripwire. It does require a bit of work when files are updated, but will catch this sort of thing. Am using it but for this server there was no time to install it. Wanted to do it later but never had the time. Unfortunatly tripwire can't help with a kernel module hack. For me the only real safeguard is chroot, iptables and no kernel modules. For most servers they aren't needed anyway. L... -- http://linuxfromscratch.org/mailman/listinfo/lfs-support FAQ: http://www.linuxfromscratch.org/lfs/faq.html Unsubscribe: See the above information page
[lfs-support] LFS + Rootkits
Heya, First this is not a support request but a live story from someone using LFS heavily in real life situations and servers and why I would choose LFS before any distribution based server. Let me introduce myself. Im into LFS since version number 3 - 4. Can't remember exactly anymore. A lot of water under the bridge since then. For the past four years I work for a governmental agency where I have installed some servers, all running LFS. From version 6.1 - 6.8 (32 and 64 bit) (DNS, WEB, MAIL and so on). Well after years of using it one of our servers got hacked (because some of the users didn't pay attention to my ramblings about usernames and passwords) and a rootkit was installed. When I logged in and tried to ls I saw that ls gave me a segmentation fault error. After some more minutes I saw that there are some files that I didn't install. Then it hit me. YOU GOT HACKED. But the services still worked fine. So I put up a very restrictive Iptables on the router for this server. Just the service could go through. After checking the log files I figured that the intrusion took place 5 days before when I had to open iptables for ssh for one of our 3rd party maintanance crew. So why is LFS better than distros? I made heavily customizations during the compilations so when the rootkit was applied none of the new installed apps worked. Not even ls. Because they were compiled for normal distros and normal shared libs which you can't use on custom made systems. The baseline is this, the intruder couldn't make any heavy damage, the services still work, the intruder was detected (which is very dificult with rootkits, this one even rkhunter didn't detect), downtime will be only the time when I extract the non-compromised documents to the new server which even will be more hardened. So kids use LFS, it is a great tool and if you are into the business of servers you will learn how they function, something a distro can't teach you. And you don't have to rely on someone who you don't know that he/she did a good job securing the distro or that you missed a config file and your server is wide opened. LFS + BLFS is just the beggining, there is a whole world of tarballs on the Internet out there. GO MAD !!! :-) L... -- http://linuxfromscratch.org/mailman/listinfo/lfs-support FAQ: http://www.linuxfromscratch.org/lfs/faq.html Unsubscribe: See the above information page
LFS 6.7 + BLFS SVN pure 64bit
Hello, has anyone tried lfs 6.7 on a 64bit platform. I had great problems with some packages from BLFS after I installed LFS 6.7. And during the compile of 6.7 I had some problems but somehow I circumvented them. And the system ran. But when I tried to compile Open-Office 3.2.1, mysql 5.1.45, Python 2.6.4 and some others I had great problems, actually I couldn't compile these packagaes and some more. GLIBC always segfaulted on me. After trying for 2 weeks I reverted to LFS 6.6 and everything went smoothly. Am I the only one? Regards, Daniel __ Information from ESET Mail Security, version of virus signature database 5617 (20101113) __ The message was checked by ESET Mail Security. http://www.eset.com -- http://linuxfromscratch.org/mailman/listinfo/lfs-support FAQ: http://www.linuxfromscratch.org/lfs/faq.html Unsubscribe: See the above information page