Re: [arch-general] End of official PaX and grsecurity support in Arch Linux

On Mon, 2017-05-01 at 12:34 +, Alexander Harrigan wrote: > It looks Gentoo's Hardened Kernel Project oficially started. > > https://wiki.gentoo.org/wiki/Hardened/Hardened_Kernel_Project Gentoo wiki page != Gentoo project. signature.asc Description: This is a digitally signed message part

Re: [arch-general] End of official PaX and grsecurity support in Arch Linux

It isn't a contradiction. If the focus is on an LTS, then it's a dead end and there will be nothing to show for it in the future. The easiest time to start deciding what to drop and porting forward is now while it's only one kernel version behind. signature.asc Description: This is a digitally

Re: [arch-general] End of official PaX and grsecurity support in Arch Linux

On Sat, 2017-04-29 at 17:03 +, Alexander Harrigan wrote: > I found someone from opensuse started to maintain grsec patches for > 4.9 kernel > series [1]. Maybe it will be possible to add linux-lts-grsec package > to AUR > based on Daniel's PKGBUILD and config with RANDSTRUCT enabled linked >

Re: [arch-general] End of official PaX and grsecurity support in Arch Linux

On Thu, 2017-04-27 at 20:45 +, Alexander Harrigan wrote: > It would be great if you can provide linux-hardened kernel with > everything > what KSPP has enabled by default. Even in AUR so you won't have to > rebuild it > constantly and random stack option would have more sense. > > Two

Re: [arch-general] End of official PaX and grsecurity support in Arch Linux

On Thu, 2017-04-27 at 19:12 +, Carsten Mattner wrote: > Is CopperheadOS using grsec or something derived from it? It starts from the baseline provided by Google and ports features from PaX and grsecurity as needed to the kernels. It used to use a full PaX port on ARM devices but that hasn't

Re: [arch-general] End of official PaX and grsecurity support in Arch Linux

On Thu, 2017-04-27 at 19:11 +, Carsten Mattner wrote: > This is an undesirable situation for users, but I want to offer a > positive outlook on this. Ever since KSPP started, some of the > dynamics started to shift and I wager that closing off grsec will > motivate more users and developers to

[arch-general] End of official PaX and grsecurity support in Arch Linux

The PaX and grsecurity patches are no longer going to be public, so official support in Arch Linux has ended: https://grsecurity.net/passing_the_baton.php https://grsecurity.net/passing_the_baton_faq.php I'll be clearing out the AUR packages for PaX and grsecurity soon since the current 4.10

Re: [arch-general] Revisiting the SELinux/audit question: Disabling audit on the kernel command line

On Mon, 2017-02-13 at 16:18 +0100, Tobias Markus wrote: > On Sun, 2017-02-12 at 23:13 +0100, Nicolas Iooss wrote: > > On Sun, Feb 12, 2017 at 6:43 PM, Tobias Markus > > wrote: > > > > > Hi, > > > > > > As some of you might know, the question of enabling SELinux > > > support

Re: [arch-general] sandboxing

On Fri, 2017-02-03 at 17:49 +0100, Bart De Roy via arch-general wrote: > Error verifying signature: parse error > --pyi53mwzyx2s2ll6 > Content-Type: text/plain; charset=us-ascii > Content-Disposition: inline > > hello > > I've been postponing looking into browser isolation > since I

Re: [arch-general] user namespaces

On Thu, 2017-02-02 at 19:32 +0200, Francisco Barbee wrote: > > So your advice for now would be to use grsecurity > kernel and forget all those jails and namespaces > until someone figure out proper security solution? I never said that... It simply doesn't make sense to base application

Re: [arch-general] user namespaces

On Thu, 2017-02-02 at 17:39 +0100, Ralf Mardorf wrote: > On Thu, 02 Feb 2017 11:22:28 -0500, Daniel Micay via arch-general > wrote: > > The reason for SELinux and AppArmor not being enabled for linux or > > linux-grsec has to do with audit. If people were willing to do a bi

Re: [arch-general] user namespaces

On Thu, 2017-02-02 at 16:29 +0100, sivmu wrote: > > Am 02.02.2017 um 11:28 schrieb Daniel Micay via arch-general: > > On Thu, 2017-02-02 at 02:40 +0100, sivmu wrote: > > > > > > Am 01.02.2017 um 21:21 schrieb Daniel Micay via arch-general: > > &

Re: [arch-general] user namespaces

On Thu, 2017-02-02 at 17:06 +0200, Francisco Barbee via arch-general wrote: > So what's your alternatives/setup usable on Arch > (not android, not ChromeOS)? We heave disabled > SElinux, disabled Apparmor, disabled user > namespaces, PIE not enabled by default and only > partial relro. What's left

Re: [arch-general] user namespaces

On Thu, 2017-02-02 at 02:40 +0100, sivmu wrote: > > Am 01.02.2017 um 21:21 schrieb Daniel Micay via arch-general: > > > > it's a nearly useless feature.  > > > > > > That's a baseless claim, that was already proved wrong in my first > > > post > &g

Re: [arch-general] user namespaces

On Wed, 2017-02-01 at 19:51 +0100, sivmu wrote: > > Am 01.02.2017 um 07:20 schrieb Daniel Micay via arch-general: > > On Wed, 2017-02-01 at 00:18 +0100, sivmu wrote: > > > Summary: > > > > > > Arch Linux is one of the few, if not the only distribution that

Re: [arch-general] user namespaces

On Wed, 2017-02-01 at 00:21 -0700, Leonid Isaev wrote: > On Wed, Feb 01, 2017 at 01:20:41AM -0500, Daniel Micay via arch- > general wrote: > > On Wed, 2017-02-01 at 00:18 +0100, sivmu wrote: > > > Summary: > > > > > > Arch Linux is one of the few, if not

Re: [arch-general] user namespaces

Also worth noting that one of the first thing any sandbox based on user namespaces will do is *disabling* user namespaces. The programs using them acknowledge them to be a huge security problem. It doesn't work out well when only a subset of processes are running in that container env. The only

Re: [arch-general] user namespaces

On Wed, 2017-02-01 at 00:18 +0100, sivmu wrote: > Summary: > > Arch Linux is one of the few, if not the only distribution that still > disables or restricts the use of unprivileged user namespaces, a > feature > that is used by many applications and containers to provide secure > sandboxing. >

Re: [arch-general] Can't install AppArmor on linux-grsec kernel

> I installed linux-grsec kernel on my Arch system a few days back for  > improved security. My next step is to sandbox internet-facing  > applications such as firefox, thunderbird, torrent client, etc. > However,  >  it seems like grsecurity patchset doesn't have application > sandboxing  >

Re: [arch-general] ssd trim using fstrim.service and fstrim.timer

> > > Note: I could just add "discard" to /etc/fstab, but wouldn't that > > wear out > > the SSD faster than periodic trimming? > > I don't know precise numbers, but IME none of those made a difference > performace-wise. I'd say if SSD wear is a problem (i.e. if you > estimate it > within

Re: [arch-general] Signing kernel modules

On 25/07/15 03:58 PM, Damjan Georgievski wrote: Since some time ago, the Linux kernel has had support for cryptographically signed modules, i.e. the kernel can be configured to only load properly signed modules. https://www.kernel.org/doc/Documentation/module-signing.txt I wouldn't go

Re: [arch-general] current flash vulnerabilities - what to do?

On 16/07/15 11:30 PM, Natu wrote: On 07/16/2015 05:50 PM, Daniel Micay wrote: I don't know that I even trust openssl anymore. I used to run chromium, but got tired of it passing so much information back to google, so I went back to firefox. What I run is not an ideal solution. I'm open

Re: [arch-general] current flash vulnerabilities - what to do?

On 17/07/15 01:14 PM, Jagannathan Tiruvallur Eachambadi wrote: We don't have it in the AUR though. Well, I don't really think it's useful. It was just a suggestion for people who can't tolerate Chromium downloading things like dictionaries from Google. signature.asc Description: OpenPGP

Re: [arch-general] current flash vulnerabilities - what to do?

On 17/07/15 12:35 PM, Ralf Mardorf wrote: On Fri, 17 Jul 2015 11:30:05 -0400, Daniel Micay wrote: The Tor browser is quite insecure. It's nearly the same thing as Firefox, so it falls near the bottom of the list when it comes to browser security, i.e. below even Internet Explorer, which has

Re: [arch-general] current flash vulnerabilities - what to do?

On 16/07/15 12:06 PM, Ralf Mardorf wrote: On Thu, 16 Jul 2015 13:10:33 +0100, Ben Oliver wrote: I have to agree with Ralf, you will be fine. I have been flash-free for 18 months now and it's going absolutely fine. Unless you have a penchant for flash games, there's very little reason to have

Re: [arch-general] current flash vulnerabilities - what to do?

On 16/07/15 03:48 PM, Natu wrote: On 07/16/2015 05:10 AM, Ben Oliver wrote: I have to agree with Ralf, you will be fine. I have been flash-free for 18 months now and it's going absolutely fine. Unless you have a penchant for flash games, there's very little reason to have it installed any

Re: [arch-general] current flash vulnerabilities - what to do?

On 15/07/15 07:38 PM, Jens Adam wrote: freshplayerplugin Just to nitpick: even if it's more current (feature-wise) than standard Adobe Linux 11.2 flashplugin, it's still Adobe Flash and thus just as problematic regarding its security. --byte PPAPI Flash runs in a strong sandbox in

Re: [arch-general] systemd new dependencies impede using OpenRC

While technical debate can be productive when it's not simply rehasing the same things over and over again, simply voicing opinions is not. I don't think it would be a good idea to develop any distribution based upon the opinions of whoever shouts the loudest. Decisions are made based on

Re: [arch-general] systemd new dependencies impede using OpenRC

you were following it. Now it seems to belong to a forgotten past. On Wed, Jul 01, 2015 at 10:34:01AM -0400, Daniel Micay wrote: Arch is as much a systemd-based distribution as it is a Pacman-based distribution at this point. (...) Is it now? https://wiki.archlinux.org/index.php/The_Arch_Way

Re: [arch-general] systemd new dependencies impede using OpenRC

On 01/07/15 07:14 PM, Jens Adam wrote: Thu, 2 Jul 2015 00:43:13 +0200 Guus Snijders gsnijd...@gmail.com: Why in the world should util-linux require systemd!? Why do all these packages need it when they were fine without it before? The first question is a relatively simple, technical

Re: [arch-general] systemd new dependencies impede using OpenRC

On 02/07/15 02:34 PM, Neven Sajko wrote: Daniel Micay dixit: The package isn't going to be split so it doesn't make much sense to refer to libsystemd. It is split: https://www.archlinux.org/packages/core/x86_64/libsystemd/ I know it's split into systemd, libsystemd and systemd-sysvcompat

Re: [arch-general] systemd new dependencies impede using OpenRC

Now, it would be technically possible to replace *systemd* in base with a generic init-system which could be provided by both *systemd* and *openrc*, but that would make things much more complicated and *much* more effort to maintain. Packages don't have a dependency on systemd because they

Re: [arch-general] systemd new dependencies impede using OpenRC

WHAT? The opinion of users has no weight here ?!?!?! Popular opinion has no weight. Zero. Technical arguments have weight but most of them have already been debated for ages. There's a strong consensus among the developers (and trusted users / other people who contribute, but that's less

Re: [arch-general] systemd new dependencies impede using OpenRC

On 01/07/15 09:52 AM, jmcf...@openmailbox.org wrote: Why in the world should util-linux require systemd!? Why do all these packages need it when they were fine without it before? I wouldn't like to install systemd, but will if necessary. Nonetheless, I don't want it to replace OpenRC. What

Re: [arch-general] Subpixel antialiasing

On 28/05/15 10:22 AM, Robbie Smith wrote: Doesn't Chromium use its own font rendering system? Not really. It has to do a lot of font-related work to implement the web standards but they're using freetype2/harfbuzz like everyone else. I've noticed that on other OSes it has its own

Re: [arch-general] Subpixel antialiasing

Using the hinting information from fonts rather than auto-hinting is important, which means using high quality fonts. Source Code Pro / Source Sans Pro / Source Serif Pro are likely the only really well hinted fonts in the repositories. Oh, actually ttf-liberation is pretty decent now that

Re: [arch-general] Subpixel antialiasing

Doesn't Chromium use its own font rendering system? Not really. It has to do a lot of font-related work to implement the web standards but they're using freetype2/harfbuzz like everyone else. I've noticed that on other OSes it has its own rendering style that doesn't use subpixel rendering

Re: [arch-general] Why irrelevant updates?

On 13/05/15 01:12 AM, Vitor Eiji Justus Sakaguti wrote: On Wed, May 13, 2015 at 12:51 AM, Eli Schwartz eschwart...@gmail.com wrote: It is what it is. FWIW -- I don't think they are expected, base is a guideline and other packages should not be making assumptions (and usually don't). I think

Re: [arch-general] Why irrelevant updates?

On 13/05/15 02:52 AM, Doug Newgard wrote: On Wed, 13 May 2015 02:27:14 -0400 Daniel Micay danielmi...@gmail.com wrote: The base and base-devel groups are installed in the containers used for building, so it's quite sane to assume they're present as build deps. That hasn't been true

Re: [arch-general] Why irrelevant updates?

On 13/05/15 03:15 AM, Daniel Micay wrote: On 13/05/15 02:52 AM, Doug Newgard wrote: On Wed, 13 May 2015 02:27:14 -0400 Daniel Micay danielmi...@gmail.com wrote: The base and base-devel groups are installed in the containers used for building, so it's quite sane to assume they're present

Re: [arch-general] gcc bug ?

On 30/03/15 10:54 PM, 施不二 wrote: I' ve tried downgrade gcc, gcc-libs to version 4.9.2, but a new error occurred: /usr/include/boost/python/proxy.hpp:94:36: internal compiler error: Segmentation fault inline void proxyPolicies::del() const Is this another bug of boost? An ICE (internal

Re: [arch-general] Can't reboot or shutdown my computer (cgroup: option or name mismatch)

On 17/03/15 09:13 AM, Janilson Andrade wrote: Hi all. After months trying many things and after posting in arch forum[1] I am here asking if anyone could help me.Everytime I try to reboot or shutdown my computer, after turning everything off, my system hangs and display one of these

Re: [arch-general] Severity of Failed checksum for PKGBUILD

On 19/02/15 11:39 PM, Mark Lee wrote: On 02/19/2015 05:46 PM, Mark Lee wrote: On 02/19/2015 05:24 PM, Lukas Jirkovsky wrote: On 19 February 2015 at 21:42, Doug Newgard scim...@archlinux.info wrote: You can't. If upstream provides a checksum, that gives you some verification, but since

Re: [arch-general] Severity of Failed checksum for PKGBUILD

On 20/02/15 09:03 AM, Mark Lee wrote: The checksums are there for integrity. The GPG signatures only confirm the packager built the package. My question is if a packager's PKGBUILD fails a checksum and the license is GPL, how does the packager fullfill their requirement to provide the source

Re: [arch-general] Severity of Failed checksum for PKGBUILD

On 20/02/15 09:03 AM, Mark Lee wrote: No... the integrity check not matching is not because an out-of-tree source tree was used. The checksums are certainly not there to improve security, that's what GPG signatures are for. The checksums are there for integrity. The GPG signatures only

Re: [arch-general] Severity of Failed checksum for PKGBUILD

On 20/02/15 09:41 AM, Florian Pelz wrote: Hi, On 02/20/2015 03:22 PM, Daniel Micay wrote: On 20/02/15 09:03 AM, Mark Lee wrote: I understand that the metadata changed which changed the checksum, but that doesn't really change the question of what to do with source code versioning systems

Re: [arch-general] Severity of Failed checksum for PKGBUILD

On 20/02/15 10:04 AM, Martti Kühne wrote: On Fri, Feb 20, 2015 at 3:53 PM, Mark Lee m...@markelee.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Checksums aren't sources, they are a method of verifying the integrity of sources. In other words, while different files can have the

Re: [arch-general] Severity of Failed checksum for PKGBUILD

On 20/02/15 10:22 AM, Florian Pelz wrote: On 02/20/2015 03:59 PM, Daniel Micay wrote: The vast majority of users make use of the binary packages and the checksums do absolutely nothing to secure the main attack vector which is a compromise of the sources downloaded by the packager

Re: [arch-general] Severity of Failed checksum for PKGBUILD

On 20/02/15 09:53 AM, Mark Lee wrote: On 02/20/2015 09:22 AM, Daniel Micay wrote: On 20/02/15 09:03 AM, Mark Lee wrote: The checksums are there for integrity. The GPG signatures only confirm the packager built the package. My question is if a packager's PKGBUILD fails a checksum

Re: [arch-general] Severity of Failed checksum for PKGBUILD

On 20/02/15 10:26 AM, Mark Lee wrote: However, the issue still stands regarding checksums. Perhaps packages with metadata changes should just not include checksums? Or, they could just link to the sources.archlinux.org in those cases with checksums. Ideally, devtools would generate a source

Re: [arch-general] Severity of Failed checksum for PKGBUILD

On 20/02/15 12:54 PM, Florian Pelz wrote: On 02/20/2015 04:51 PM, Daniel Micay wrote: PKGBUILD checksums provide *zero*, yes *zero* security for the case that matters most, which is the build done by the packager. It does provide the ability for other people to verify that a MITM attack

Re: [arch-general] pacman security when importing new keys?

On 10/02/15 08:15 AM, Mike Cloaked wrote: On Tue, Feb 10, 2015 at 12:59 PM, Dennis Lange den...@lumalab.net wrote: Hi Manuel, thanks for posting this thread. I also wondered about the key from eworm. Sure he is a trusted user but accepting keys made me a little bit nervous. Is there a way

Re: [arch-general] pacman security when importing new keys?

On 10/02/15 07:59 AM, Dennis Lange wrote: Hi Manuel, thanks for posting this thread. I also wondered about the key from eworm. Sure he is a trusted user but accepting keys made me a little bit nervous. Is there a way to verify my pacman keys? Dennis It already verifies the keys by

Re: [arch-general] Hello!

Is it really necessary to fill our inboxes with this spam? signature.asc Description: OpenPGP digital signature

Re: [arch-general] gpg source validation for kernel.org style signatures

On 04/01/15 05:03 PM, Doug Newgard wrote: On Sun, 4 Jan 2015 22:05:21 +0100 Christian Hesse l...@eworm.de wrote: Hello everybody, pacman 4.2.0 gained support for verifying source tarballs with kernel.org style signature. Some (even essential) packages could benefit from that, linux and

Re: [arch-general] gpg source validation for kernel.org style signatures

On 04/01/15 04:05 PM, Christian Hesse wrote: Hello everybody, pacman 4.2.0 gained support for verifying source tarballs with kernel.org style signature. Some (even essential) packages could benefit from that, linux and git come to mind. How to handle this? Report a bug for every package?

Re: [arch-general] gpg source validation for kernel.org style signatures

I do not think we need HTTPS, though it does not hurt. If anybody tries to fool us with man-in-the-middle via HTTP we should detect that just fine with broken signatures (given signatures are provided...). Well, I mean when no signatures are available. It's not really that common for upstream

Re: [arch-general] gpg source validation for kernel.org style signatures

On 05/01/15 12:28 PM, Leonid Isaev wrote: On Mon, Jan 05, 2015 at 10:16:10AM +0100, Christian Hesse wrote: I do not think we need HTTPS, though it does not hurt. If anybody tries to fool us with man-in-the-middle via HTTP we should detect that just fine with broken signatures (given signatures

Re: [arch-general] Standard group for hardware user?

On 05/01/15 02:24 PM, Neale Pickett wrote: I apologize for mentioning systemd. What non-deprecated group would be best for a hardware user? Who is telling you that the groups in base are deprecated? signature.asc Description: OpenPGP digital signature

Re: [arch-general] Standard group for hardware user?

On 05/01/15 02:30 PM, Neale Pickett wrote: https://wiki.archlinux.org/index.php/users_and_groups#Deprecated_or_unused_groups The groups have been replaced / deprecated as a way of giving hardware access to users with local sessions. That doesn't mean that they're deprecated as a whole or that

Re: [arch-general] depends vs. optdepends

Arch currently uses optional dependencies even when it means that executables provided by the package aren't going to work with the minimal set of dependencies. The packages could be split up more to avoid this without pulling in more stuff, but it's not what packagers usually choose to it. It's a

Re: [arch-general] [arch-gen] does using tmp-rng enables tpm at all?

On 24/12/14 02:45 PM, Javier Vasquez wrote: Hi, Seems like on i5 and i7 chips the way to get random numbers through HW is to use tpm-rng (intel-rng is no longer available for them). An by reading [1] seems like a pretty good idea. However I have no intention to use tpm at all, neither I

Re: [arch-general] Official releases from upstream

On 23/11/14 04:35 AM, Ralf Mardorf wrote: Hi, while for virtualbox Arch Linux does follow upstream, even while there is a critical known USB issue, for Claws Mail, where AFAIK isn't a critical issue, it doesn't follow upstream. On Sun, 23 Nov 2014 09:07:22 +

Re: [arch-general] Netflix in Arch?

On 10/10/14 11:52 AM, David Rosenstrauch wrote: I noticed the announcement today that Ubuntu now supports Netflix streaming, due to new features recently added to the Chrome browser. https://insights.ubuntu.com/2014/10/10/watch-netflix-in-ubuntu-today/ Does this work on Arch's version of

Re: [arch-general] Zombie Processes

On 26/08/14 07:54 PM, Mark Lee wrote: To all, I was wondering regarding the killing of a zombie process. As far as I know, a zombied process is inherited by root when it's parent is killed. The kernel periodically calls wait() which reaps the zombie process and frees its memory. I was

Re: [arch-general] Vim clipboard option

On 21/08/14 07:59 AM, lolilolicon wrote: On Thu, Aug 21, 2014 at 1:39 PM, Yamakaky yamak...@yamaworld.fr wrote: Hi It's good to have a real vim package, but the `clipboard` option is now disabled (see `vim --version`). Is there any reason ? I use it a lot via the + register. If the use

Re: [arch-general] Vim clipboard option

On 21/08/14 04:43 AM, Manolo Martínez wrote: On 08/21/14 at 07:39am, Yamakaky wrote: It's good to have a real vim package, but the `clipboard` option is now disabled (see `vim --version`). Is there any reason ? I use it a lot via the + register. I too find this disappointing. The only

Re: [arch-general] [arch-dev-public] linux 3.16 in [testing]

On 13/08/14 12:44 PM, Thomas Bächler wrote: Am 13.08.2014 um 17:29 schrieb Damjan Georgievski: On 13 August 2014 17:26, Damjan Georgievski gdam...@gmail.com wrote: yey thanks for CONFIG_USER_NS=y ahh no, I'm stupid. Checked it on another machine and got excited before hand :/ anyway. is

Re: [arch-general] [arch-dev-public] linux 3.16 in [testing]

On 13/08/14 01:40 PM, Damjan Georgievski wrote: anyway. is there a reason this is not enabled now? all the mainstream distros hae it enabled now Fedora, RHEL/CentOS 7, Ubuntu and Debian (at least on the backported kernel) I'd think about it, if the feature wasn't entirely useless. Despite the

Re: [arch-general] [arch-dev-public] linux 3.16 in [testing]

On 13/08/14 01:21 PM, Mihamina Rakotomandimby wrote: On 08/13/2014 08:09 PM, Leonid Isaev wrote: As you know, user_ns is a necesary prerequisite for unpriviileged containers: https://www.stgraber.org/2014/01/17/lxc-1-0-unprivileged-containers/ . AFAIU, currently only Ubuntu 14.04 supports

Re: [arch-general] Ncurses over ssh

On 26/07/14 04:09 PM, luc.li...@mailoo.org wrote: Hello everyone. I am using newsbeuter to handle my rss feeds, and, to be able to use it from all my computers, I set it up on a server with ssh enabled. When I log in this server with ssh, then launch newsbeuter, everything works fine. But

Re: [arch-general] [vte3] Wrong permissions for /etc/profile.d/vte.sh ?

On 22/07/14 09:55 AM, Neitsab wrote: Hi, As I was checking some stuff about environment variables, I noticed that I have one file in /etc/profile.d which doesn't have the same perms as the others: $ ls -la /etc/profile.d/ total 72 drwxr-xr-x 2 root root 4096 19 juil. 20:36 .

Re: [arch-general] yaourt - tmpfs error: No space left on device

On 18/07/14 03:40 PM, Csányi Pál wrote: Hi, I'm trying to install icecat with yaourt but get always error: No space left on device. $ df -H Filesystem Size Used Avail Use% Mounted on /dev/sda366G 38G 26G 60% / tmpfs 3.2G 0 3.2G 0% /dev/shm tmpfs

Re: [arch-general] yaourt - tmpfs error: No space left on device

On 18/07/14 03:49 PM, Csányi Pál wrote: 2014-07-18 21:44 GMT+02:00 Daniel Micay danielmi...@gmail.com: On 18/07/14 03:40 PM, Csányi Pál wrote: I'm trying to install icecat with yaourt but get always error: No space left on device. $ df -H Filesystem Size Used Avail Use% Mounted

Re: [arch-general] yaourt - tmpfs error: No space left on device

On 18/07/14 03:51 PM, Travis Thompson wrote: Set BUILDDIR=/var/tmp instead, /tmp is filling up. Or just use the *default* of not building in a global directory... especially /tmp which is a ramdisk. signature.asc Description: OpenPGP digital signature

Re: [arch-general] gparted cant take root priviliges

On 10/07/14 06:56 PM, Klearchos-Angelos Gkountras wrote: In my new laptop , I install archlinux and works fine but also when I try to use gparted not promont one dialog to have root priviliges .. how to fix that ? I'm a bit unsure about what you're asking for. To avoid the error, you should

Re: [arch-general] Why doesn't the evolution package version follow the stable release version from upstream?

On 25/06/14 04:42 PM, Ralf Mardorf wrote: Why is the Evolution package in extra evolution 3.12.3-1, https://www.archlinux.org/packages/extra/x86_64/evolution/ , when the current stable version from upstream still is 3.12.2? On Wed, 2014-06-25 at 20:07 +0100, at evolution-l...@gnome.org

Re: [arch-general] inetutils and the 'base' group

On 16/06/14 07:35 PM, Leonid Isaev wrote: Hi, Is there a reason why core/inetutils is in base group, i.e. which packages implicitly rely on it? It was added to base around Aug. 2011 ago, I think because of hostname(1), but shouldn't this functionality be now provided by hostnamectl?

Re: [arch-general] makepkg.conf CFLAGS

On 02/06/14 06:58 AM, Martti Kühne wrote: On Sun, Jun 1, 2014 at 2:03 PM, Yamakaky yamak...@yamaworld.fr wrote: Hi I just discovered the gcc option march=native. It enables all the local-supported optimizations, without downsides except the non-portability of the binaries. Is there a reason

Re: [arch-general] makepkg.conf CFLAGS

On 02/06/14 07:24 AM, Martti Kühne wrote: On Mon, Jun 2, 2014 at 1:11 PM, Daniel Micay danielmi...@gmail.com wrote: The official packages are built in a clean container with the makepkg configuration files in the devtools package. In the past, portability issue would have been a factor. I do

Re: [arch-general] GNU IceCat should be in the official repos

Firefox and IceCat already implement an API for DRM called NPAPI. It provides DRM via Flash and even Silverlight with Pipelight. Firefox won't be implementing DRM. It will be providing yet another API for a third party blob to latch onto to provide DRM via HTML directly. signature.asc

Re: [arch-general] systemd-journald taking too much memory

On 19/05/14 04:53 AM, Ondřej Kučera wrote: Hello, from time to time, Thunderbird crashes on my computer. It doesn't happen all that often and so far I haven't lost any data, so this actually doesn't bother me that much. But, when it happens, suddenly the process systemd-journald starts

Re: [arch-general] Why is it dangerous to run makepkg as root?

On 17/05/14 03:12 PM, Bardur Arantsson wrote: On 2014-05-17 14:40, Roland Tapken wrote: Hi, I'm using arch for about half a year on a few systems, but every time I install something from aur I'm asking myself one question: Why is it considered dangerous to run makepkg as root? My first

Re: [arch-general] How to disable systemd-tmpfiles-clean.timer

On 09/05/14 02:02 AM, Mark Lee wrote: On 05/09/2014 01:41 AM, Daniel Micay wrote: On 09/05/14 01:29 AM, Mark Lee wrote: To Daniel, I'm pointing out that respect for people shouldn't affect technical skepticism. People can rant against whomever they want as long as it has technical

Re: [arch-general] How to disable systemd-tmpfiles-clean.timer

On 08/05/14 11:44 AM, LANGLOIS Olivier PIS -EXT wrote: -Original Message- From: arch-general [mailto:arch-general-boun...@archlinux.org] On Behalf Of Lukas Jirkovsky Sent: Thursday, May 08, 2014 3:54 AM Please don't start another systemd flamewar. And BTW, automatic /tmp cleaning

Re: [arch-general] How to disable systemd-tmpfiles-clean.timer

On 08/05/14 03:46 AM, Christos Nouskas wrote: On 8 May 2014 09:43, Olivier Langlois oliv...@olivierlanglois.net wrote: Since a recent update (I have first noticed a couple of weeks ago this new systemd enhancement), systemd started to automatically clean /tmp directory daily. This is not

Re: [arch-general] How to disable systemd-tmpfiles-clean.timer

On 08/05/14 05:01 PM, Nowaker wrote: This is not a rant against Arch or its devs and community, but against systemd; the sad facts speak for themselves. This is a rant against the Arch devs and the Arch community. Several of the developers and several people involved with the community are

Re: [arch-general] How to disable systemd-tmpfiles-clean.timer

On 08/05/14 05:10 PM, Christos Nouskas wrote: I guess you'll be upset that Tom (one of the Arch developers) wrote systemd-networkd. You guess wrong. So you're okay with it providing networking, but not timer units? Timer units were a very simple addition on top of the existing event loop,

Re: [arch-general] How to disable systemd-tmpfiles-clean.timer

On 08/05/14 05:37 PM, Christos Nouskas wrote: Do accept the fact that not everyone is content with everything systemd and just leave it at that. Thank you and bye. That can be expressed without calling the developers chauvanistic and spreading misinformation. It's yet a free software project

Re: [arch-general] How to disable systemd-tmpfiles-clean.timer

On 08/05/14 03:40 PM, Daniel Micay wrote: [0] http://boycottsystemd.org/ There are no facts there. I already responded to this FUD on reddit: http://www.reddit.com/r/archlinux/comments/24zj10/what_are_the_benefits_of_partitioning_disk_space/chcao5u Whoops, wrong link: http

Re: [arch-general] How to disable systemd-tmpfiles-clean.timer

On 09/05/14 01:01 AM, Mark Lee wrote: To all, Don't make any of this personal. In addition, I hope the inclusion of systemd in Arch Linux has more justification than just some Arch developers are also Systemd developers. Arch may not be a democracy, but it's not supposed to be infested

Re: [arch-general] How to disable systemd-tmpfiles-clean.timer

On 09/05/14 01:29 AM, Mark Lee wrote: To Daniel, I'm pointing out that respect for people shouldn't affect technical skepticism. People can rant against whomever they want as long as it has technical criticism (at least on this mailing list). Accusing the developers of bad faith and

Re: [arch-general] Comment on: Use systemd timers instead of /etc/cron.{hourly, daily, weekly, monthly}?

On 06/05/14 04:13 PM, Leonid Isaev wrote: After re-reading the documentation I have to take this back, systemd timers seem to implement all features provided by cronie. AFAIK, the only notable missing feature is the ability for non-root users to run jobs when they're not logged in. This is

Re: [arch-general] Installing Archlinux alongside Ubuntu on aWindows8 UEFI laptop

Can I safely treat this Manjaro as an Arch installation? I did this with Antergos a couple of years ao, and it worked out fine. Will I run into a roadblock down the road? Antergos is Arch Linux, Manjaro isn't. signature.asc Description: OpenPGP digital signature

Re: [arch-general] Comment on: Use systemd timers instead of /etc/cron.{hourly, daily, weekly, monthly}?

On 05/05/14 09:05 AM, Maciej Puzio wrote: I have been testing the issue for a week. Daily timers are fired between 0:00 and 0:01 without exception - all timers at the same time, all machines at the same time, every day at the same time. The largest variation I have seen was 30 seconds. So yes,

Re: [arch-general] Installing Archlinux alongside Ubuntu on a Windows 8 UEFI laptop

On 01/05/14 05:07 PM, Alan E. Davis wrote: This is insanity... The first time I have encountered the much maligned Micro$oft UEFI / Secure Boot adventure. On my new Thinkpad Yoga, with a Wacom active digitizer and pen. Ubuntu was a walk in the park. I installed Ubuntu naively, alongside

Re: [arch-general] Installing Archlinux alongside Ubuntu on a Windows 8 UEFI laptop

On 01/05/14 06:02 PM, Alan E. Davis wrote: This looks interesting, and I am tempted to walk into the deep water. It raises some questions. Will gummiboot or refind also find the Ubuntu partition? You should use the ESP (EFI system partition) to store all of the kernels. The loader

Re: [arch-general] Installing Archlinux alongside Ubuntu on a Windows 8 UEFI laptop

On 01/05/14 06:15 PM, Alan E. Davis wrote: Ubuntu's kernel is on the / partition. Would I move it to the ESP partition, in that case? And I will mount that partition on /mnt/boot ? I have never used gummiboot. Since the Arch system is already to go, but not yet with a boot management

Re: [arch-general] Installing Archlinux alongside Ubuntu on a Windows 8 UEFI laptop

On 01/05/14 06:20 PM, Alan E. Davis wrote: I see another level of complexity here, in a statement on a page about Gummiboot on the wiki: * Warning: *Gummiboot simply provides a boot menu for EFISTUB kernels. In case you have issues booting EFISTUB kernels like in

Re: [arch-general] Installing Archlinux alongside Ubuntu on a Windows 8 UEFI laptop

On 01/05/14 06:31 PM, Alan E. Davis wrote: Do I need to install a special kernel? Thank you for the advice. Alan No, you need to install gummiboot. That's all. signature.asc Description: OpenPGP digital signature

  1   2   >