[gentoo-user] creating ssh account without directory browsing

[Tamer Higazi]

 Hi people!
For a project I need to create ssh accounts (based on shared keys) who
would be loged in a specific directory. They should only be able to
login in the desired directory, but not be able for outside browsing.


for example:

/work/

but not / or any other scope.

How would you guys accomplish that?!

Re: [gentoo-user] creating ssh account without directory browsing

[Alex Schuster]

Tamer Higazi writes:

> For a project I need to create ssh accounts (based on shared keys) who
> would be loged in a specific directory. They should only be able to
> login in the desired directory, but not be able for outside browsing.

If you need this only for things like scp, net-misc/scponly might do what 
you want.
http://sublimation.org/scponly/wiki/index.php/Main_Page

Wonko

[gentoo-user] Re: autodepclean script (was "how to remove HAL")

[Francesco Talamona]

On Sunday 22 August 2010, Walter Dnes wrote:
> On Sat, Aug 21, 2010 at 12:07:40PM +0200, Francesco Talamona wrote
> 
> > I'm unclear about the aim of your script, what does different from
> > "emerge -a --depclean" followed by "revdep-rebuild -- -a"?
> 
>   The autodepclean script automatically generates a list of of target
> ebuuilds to clean out (i.e. "cleanscript").  This gives you the
> opportunity to review it and delete items from the list before going
> ahead.  Does "emerge -a --depclean" allow you to skip individual
> items?

Ah ok, now i see the point. Usually I prefer to stop depclean (answering 
no) and specify the exceptions with emerge --noreplace.

This is because the exclusion of some packages from depclean can affect 
the following result of it.

If you install a package having many dependencies, with emerge --oneshot 
and then run emerge --depclean you'll see that is easier to run two 
times depclean than edit the generated list :)

Cheers
Francesco
-- 
Linux Version 2.6.35-gentoo-r1, Compiled #1 SMP PREEMPT Wed Aug 11 
07:11:30 CEST 2010
Two 2.9GHz AMD Athlon 64 Processors, 4GB RAM, 11657 Bogomips Total
aemaeth

[gentoo-user] chrony logrotate script EOF error

[Mick]

Hi All,

The chrony installed logrotate script keeps erroring out:

logrotate_script: line 5: warning: here-document at line 2 delimited by end-
of-file (wanted `EOF')
Unrecognized command


This is the script:

/var/log/chrony/*.log {
sharedscripts
postrotate
PASSWORD=`awk '$1 ~ /^1$/ {print $2; exit}' 
/etc/chrony/chrony.keys`
cat << EOF | /usr/bin/chronyc | sed '/^200 OK$/d'
password $PASSWORD
cyclelogs
EOF
endscript
}


I do not understand the error.  Is it telling me to add backticks?  Where?
-- 
Regards,
Mick


signature.asc
Description: This is a digitally signed message part.

Re: [gentoo-user] chrony logrotate script EOF error

[Alex Schuster]

Mick writes:

> The chrony installed logrotate script keeps erroring out:
> 
> logrotate_script: line 5: warning: here-document at line 2 delimited by
> end- of-file (wanted `EOF')
> Unrecognized command
> 
> 
> This is the script:
> 
> /var/log/chrony/*.log {
>   sharedscripts
>   postrotate
> PASSWORD=`awk '$1 ~ /^1$/ {print $2; exit}'
> /etc/chrony/chrony.keys`
> cat << EOF | /usr/bin/chronyc | sed '/^200 OK$/d'
> password $PASSWORD
> cyclelogs
> EOF
> endscript
> }
> 
> 
> I do not understand the error.  Is it telling me to add backticks? 
> Where?

I don't know the logrotate syntax, but in bash this would not work if the 
ending EOF has leading whitespace. Try replacing the '<<' by '<<-', then 
whitespace is allowed.

Wonko

Re: [gentoo-user] Disable fcron logging

[Alex Schuster]

Stroller writes:

> On 21 Aug 2010, at 14:25, Alex Schuster wrote:
> > ...
> > I want to monitor the power status of my hard drives, so I wrote a
> > little
> > script that gives me this output:
> > 
> > sda: standby
> > sdb: standby
> > sdc: active/idle 32°C
> > sdd: active/idle 37°C
> > 
> > This script is called every minute via an fcron entry, output goes
> > into a log file, and I use the file monitor plasmoid to watch this log
> > file in KDE.
> > 
> > It's working fine, but  also monitor my syslog in another file
> > monitor plamoid, and now I get lots of these entries:
> > 
> > Aug 21 14:21:06 [fcron] pam_unix(fcron:session): session opened for
> > user root by (uid=0)
> > Aug 21 14:21:06 [fcron] Job /usr/local/sbin/hdstate >> /var/log/
> > hdstate started for user root (pid 24483)
> > Aug 21 14:21:08 [fcron] Job /usr/local/sbin/hdstate >> /var/log/
> > hdstate completed
> > Aug 21 14:21:08 [fcron] pam_unix(fcron:session): session closed for
> > user root
> 
> #!/bin/bash
> while true
> do
>for drive in a b c d
>do
>   /usr/sbin/smartctl /dev/sd$drive --whatever >> /var/log/hdstate
>done
> sleep 60
> done

I use hdparm and hddtemp:

for hd in sda sdb sdc sdd
do
str=$( /sbin/hdparm -C /dev/$hd )
state=${str##*is:  }
if [[ $state == active/idle ]] && [[ $hd =~ sd[c] ]]
then
temp=$( /usr/sbin/hddtemp -q /dev/$hd )
temp=${temp% or *}
temp=${temp##* }
else
temp=
fi
echo "$hd: $state $temp"
done

Unfortunately, reading the temperature makes a drive in standby spin up, 
and prevents automatic spindown after a while of idle time. So now I ask 
for the temperature only on my system drive, the others should sleep most 
of the time anyway.


> I would personally update more often than this, and my concern would
> be that if the process fails then your plasmoid isn't showing the
> correct data.
> 
> I presume this is the same with your current setup: if cron dies then
> the current temperature will not be read to file, and the plasmoid
> will continue reading the last lines in /var/log/hdstate - the drive
> can overheat without you knowing about it.

Nah, it's really not that important for me. I show the temperature just 
for the fun of it, and for extreme temperatures I have smartd running, see 
below.
I'm more interested in the active/standby state. I just added two old 
additonal IDE drives for additional backups, and I want them to be silent 
most of the time. So I wrote a little script to show the status so I see 
when they spin up again (and they do this sometimes), and used fcron to 
get the data into a log file that the plasmoids shows.

The problem with cron is that I get those cron logs I do not like, and 
that the update time of 60 seconds is a little long. Running the script in 
a loop, started in .kde4/Autostart, would be better, but as a user I have 
no permission to call hdparm or hdtemp. I do not want to be part of the 
disk group, and when using sudo I would get the logs by sudo I wanted to 
avoid. So now I SUID'ed hdparm and hddtemp, changed the group to wheel and 
disabled execution for others. cron problem not solved, but workarounded.


> So I would expect there to be a better "plasmid" for this task. I'm
> completely unfamiliar with plasmids, but what you really want is a
> plasmid that itself runs a script and displays the stdout on your
> screen. That way if there's no data, or an error, then _you see that
> in the plasmid_, instead of silently ignoring it (as you may be at
> present).
> 
> The easiest (but dumb) way to handle this is to add the date to your
> plasmid's display so that at least you can see that something's wrong
> if it doesn't match the clock. A better way is not to have to watch a
> status monitor at all, and just have a script running that emails you
> if the temperature is above a specified range.

I have smartd running, which should send me mails about such things. For 
each drive, I have a line like this in /etc/smartd.conf:

/dev/sdc -a -n standby -o on -S on -W 5,40,45 \
 -s (S/../.././12|L/../../06/06) -m r...@wonkology.org

This does some regular health checks on the drive, when it is not in 
standby mode. Temperature changes of more than 5 degrees and temperatures 
of 40 degrees or more are logged. I will receive an email when the 
temperature reaches 45 degrees, or when it reaches a new maximum. The 
maximum values are preserved across boot cycles (option -S). Every day at 
12:00, a short self test is scheduled, and a long self test each sunday on 
06:00.

Wonko

[gentoo-user] OT: External sound card

[Florian Philipp]

Hi list!

I'm looking for an external sound card with USB, Firewire or ExpressCard
connector. It must not be professional equipment - just something with a
working SPDIF output (optical preferred). If the card can be hot-plugged
and unplugged without ALSA choking on it - even better.

Any recommendations?

Thanks in advance!
Florian Philipp



signature.asc
Description: OpenPGP digital signature

Re: [gentoo-user] creating ssh account without directory browsing

[Giampiero Gabbiani]

In data domenica 22 agosto 2010 10:36:36, Tamer Higazi ha scritto:
: >  Hi people!
> For a project I need to create ssh accounts (based on shared keys) who
> would be loged in a specific directory. They should only be able to
> login in the desired directory, but not be able for outside browsing.
> 
> 
> for example:
> 
> /work/
> 
> but not / or any other scope.
> 
> How would you guys accomplish that?!
Hi Tamer,
simply set the default shell of the desired account to: /bin/bash -r.
In this mode the bash will start in restricted mode. You can get further 
information about that in the man page of bash (section: RESTRICTED SHELL).

Bye
Giampiero

[gentoo-user] glibc 2.12.1-r1 seems to not be working correctly

[covici]

Hi.  I am running the unstable gentoo 32-bit and today I emerged --
amoung other packages in a system update -- glibc-2.12.1-r1, however
after doing this at least one package had an undefined reference to
S_ISCHR.   I tried to downgrade glibc, but apparently this is not
supported and I am a bit stumped as to how to fix this problem.

Any ideas on this would be appreciated.

-- 
Your life is like a penny.  You're going to lose it.  The question is:
How do
you spend it?

 John Covici
 cov...@ccs.covici.com

[gentoo-user] emerge strategy gamew 0ad fail

[sam new]

hi all,
0ad game is a strategy game like empire Age ,is an alpha version,so
it is not contained in portage tree*. *I find some ebuild in overlay ,also
find in http://bugs.gentoo.org/show_bug.cgi?id=278541 but they all do not
work ,I try to build it use source ,also failed. any one who play this game
can give me an ebuild? or any suggestions about the error ?  here is my
emerg ebuild log sounds like wxGTK problem




**

[gentoo-user] Re: emerge strategy gamew 0ad fail

[sam new]

On 22 August 2010 21:00, sam new  wrote:

> hi all,
> 0ad game is a strategy game like empire Age ,is an alpha version,so
> it is not contained in portage tree*. *I find some ebuild in overlay ,also
> find in http://bugs.gentoo.org/show_bug.cgi?id=278541 but they all do not
> work ,I try to build it use source ,also failed. any one who play this game
> can give me an ebuild? or any suggestions about the error ?  here is my
> emerg ebuild log sounds like wxGTK problem
>
>
>
>
> **
>

Re: [gentoo-user] glibc 2.12.1-r1 seems to not be working correctly

[Alex Schuster]

cov...@ccs.covici.com writes:

> Hi.  I am running the unstable gentoo 32-bit and today I emerged --
> amoung other packages in a system update -- glibc-2.12.1-r1, however
> after doing this at least one package had an undefined reference to
> S_ISCHR.   I tried to downgrade glibc, but apparently this is not
> supported and I am a bit stumped as to how to fix this problem.

Looks like a real bad problem, I'm glad I did not update yet. 

http://blog.flameeyes.eu/2010/08/18/compounded-issues-in-glibc-2-12 has 
some explanation on this. I wonder how this glibx version did make it into 
~arch.

> Any ideas on this would be appreciated.

Don't know. Maybe wait a little and see if another new glibc fixes this, 
or the packages having issues with the new glibc might get updated.

Wonko

Re: [gentoo-user] open-iscsi-2.0.871.3 compile fail on 2.6.32-openvz-budarin.1 kernel

[Alex Schuster]

Xi Shen writes:

> i got this error while trying to emerge the open-iscis-2.0.871.3:
> 
> be2iscsi.o transport.o iscsid.o
> iscsi_sysfs.o: In function `iscsi_sysfs_get_blockdev_from_lun':
> iscsi_sysfs.c:(.text+0xe71): undefined reference to `S_ISLNK'
> iscsi_sysfs.c:(.text+0xed3): undefined reference to `S_ISDIR'
> iscsi_sysfs.o: In function `iscsi_sysfs_get_sid_from_path':
> iscsi_sysfs.c:(.text+0x16ed): undefined reference to `S_ISDIR'
> iscsi_sysfs.c:(.text+0x17bd): undefined reference to `S_ISLNK'

Same problem as John Covici just posted about in the 'glibc 2.12.1-r1 
seems to not be working correctly' thread. Look there for possible 
solutions that might come up.

Wonko

Re: [gentoo-user] glibc 2.12.1-r1 seems to not be working correctly

[Arttu V.]

On 8/22/10, cov...@ccs.covici.com  wrote:
> Hi.  I am running the unstable gentoo 32-bit and today I emerged --
> amoung other packages in a system update -- glibc-2.12.1-r1, however
> after doing this at least one package had an undefined reference to
> S_ISCHR.   I tried to downgrade glibc, but apparently this is not
> supported and I am a bit stumped as to how to fix this problem.
>
> Any ideas on this would be appreciated.

Which package is failing? Please check if it is already reported, and
if not then please report a new bug, and if possible make it block
this tracker bug:

http://bugs.gentoo.org/show_bug.cgi?id=331665

A wild guess out of the blue would be that the error could be simply a
missing include of stat.h in the package's sources. But there might be
other omissions as well, so please provide more info.

I think that unless API/ABIs were changed then the older, already
installed version should still work just fine, as then the missing
includes would only affect compile-time situation.

-- 
Arttu V. -- Running Gentoo is like running with scissors

Re: [gentoo-user] glibc 2.12.1-r1 seems to not be working correctly

[covici]

Arttu V.  wrote:

> On 8/22/10, cov...@ccs.covici.com  wrote:
> > Hi.  I am running the unstable gentoo 32-bit and today I emerged --
> > amoung other packages in a system update -- glibc-2.12.1-r1, however
> > after doing this at least one package had an undefined reference to
> > S_ISCHR.   I tried to downgrade glibc, but apparently this is not
> > supported and I am a bit stumped as to how to fix this problem.
> >
> > Any ideas on this would be appreciated.
> 
> Which package is failing? Please check if it is already reported, and
> if not then please report a new bug, and if possible make it block
> this tracker bug:
> 
> http://bugs.gentoo.org/show_bug.cgi?id=331665
> 
> A wild guess out of the blue would be that the error could be simply a
> missing include of stat.h in the package's sources. But there might be
> other omissions as well, so please provide more info.
> 
> I think that unless API/ABIs were changed then the older, already
> installed version should still work just fine, as then the missing
> includes would only affect compile-time situation.
> 
OK, I will check on that -- I am thinking that for that package a
missing include will fix this, but I could shoot whoever broke this
without thinking at all.  I wonder if the failure of php to compile
because my_compiler.h is missing has something to do with this also?


-- 
Your life is like a penny.  You're going to lose it.  The question is:
How do
you spend it?

 John Covici
 cov...@ccs.covici.com

[gentoo-user] SOLVED: Re: nss_updatedb && pam_ccreds

[Giampiero Gabbiani]

In data giovedì 29 luglio 2010 18:50:13, Giampiero Gabbiani ha scritto:
: > Hi all,
> I configured nss & pam in order to make LDAP authentication. In order to
> have a proper authentication and attributes retrieving I added also ccreds
> and nss_updatedb modifying /etc/pam.d/system-auth for the first and
> /etc/nsswithch for both:
> 
> /etc/pam.d/system-auth:
> 
> auth[success=done default=ignore]   pam_unix.so
> nullok_secure try_first_pass debug
> auth[authinfo_unavail=ignore success=1 default=2]   pam_ldap.so
> use_first_pass
> auth[default=done]
> pam_ccreds.so action=validate use_first_pass
> auth[default=done]
> pam_ccreds.so action=store
> auth[default=bad]
> pam_ccreds.so action=update
> 
> account [user_unknown=ignore authinfo_unavail=ignore default=done]
> pam_unix.so debug
> account [user_unknown=ignore authinfo_unavail=ignore default=done]
> pam_ldap.so debug
> account required
> pam_permit.so
> 
> passwordrequiredpam_cracklib.so difok=2 minlen=8 dcredit=2
> ocredit=2 try_first_pass retry=3
> passwordsufficient  pam_unix.so try_first_pass use_authtok
> nullok md5 shadow
> passwordsufficient  pam_ldap.so use_authtok use_first_pass
> passwordrequiredpam_deny.so
> 
> session optionalpam_mkhomedir.so skel=/etc/skel/ umask=0022
> session requiredpam_limits.so
> session requiredpam_env.so
> session requiredpam_unix.so
> session optionalpam_permit.so
> session optionalpam_ldap.so
> 
> # /etc/nsswitch.conf:
> # $Header:
> /var/cvsroot/gentoo/src/patchsets/glibc/extra/etc/nsswitch.conf,v 1.1
> 2006/09/29 23:52:23 vapier Exp $
> 
> passwd: files ldap [NOTFOUND=return] db
> shadow: files ldap
> group:  files ldap [NOTFOUND=return] db
> 
> #passwd:  files ldap
> #shadow:  files ldap
> #group:   files ldap
> 
> # passwd:db files nis
> # shadow:db files nis
> # group: db files nis
> 
> hosts:   files dns
> networks:files dns
> 
> services:db files
> protocols:   db files
> rpc: db files
> ethers:  db files
> netmasks:files
> netgroup:files ldap
> bootparams:  files
> 
> automount:   files ldap
> aliases: files
> 
> sudoers:ldap files
> 
> the problem is that, when the connection to the ldap server is down, I
> can't login:
> 
> Jul 18 19:22:59 athena login[10600]: pam_unix(login:auth): check pass; user
> unknown
> Jul 18 19:22:59 athena login[10600]: pam_unix(login:auth): authentication
> failure; logname=LOGIN uid=0 euid=0 tty=tty2 ruser= rhost=
> Jul 18 19:22:59 athena login[10600]: pam_ldap: ldap_simple_bind Can't
> contact LDAP server
> Jul 18 19:23:02 athena login[10600]: nss_ldap: failed to bind to LDAP
> server ldap://vesta.homenet.telecomitalia.it: Can't contact LDAP server
> Jul 18 19:23:02 athena login[10600]: nss_ldap: could not search LDAP server
> - Server is unavailable
> Jul 18 19:23:02 athena login[10600]: FAILED LOGIN (1) on 'tty2' FOR
> `UNKNOWN', User not known to the underlying authentication module
> 
> from the last line above it seems like the credentials were not cached or
> the nss switch doesn't use the db service for the passwd and shadow
> database.
> 
> Is there someone that has a working configuration in order to have the
> cached credentials systems working properly ?
> 
> Regards
> Giampiero
The problem was due to a missing sys-libs/nss-db ebuild.
This one provide the needed NSS module for using Berkeley Databases as a 
naming service by glibc (actually the same used by nss-updatedb).

Now everything works well.

Bye all
Giampiero

P.S. - IMHO, this should be set as a dependecy in ebuild the for the nss-
updatedb ebuild...

Re: [gentoo-user] creating ssh account without directory browsing

[Mick]

On Sunday 22 August 2010 13:31:20 Giampiero Gabbiani wrote:
> In data domenica 22 agosto 2010 10:36:36, Tamer Higazi ha scritto:
> : >  Hi people!
> > 
> > For a project I need to create ssh accounts (based on shared keys) who
> > would be loged in a specific directory. They should only be able to
> > login in the desired directory, but not be able for outside browsing.
> > 
> > 
> > for example:
> > 
> > /work/
> > 
> > but not / or any other scope.
> > 
> > How would you guys accomplish that?!
> 
> Hi Tamer,
> simply set the default shell of the desired account to: /bin/bash -r.
> In this mode the bash will start in restricted mode. You can get further
> information about that in the man page of bash (section: RESTRICTED SHELL).

If you find that rbash is too restrictive, you can also restrict the access 
rights of said users, so that they can only read/write their /home and the 
/work directories.  Use some sensible umasks to achieve this.  SUID and SGID 
files & binaries may be more difficult to restrict though. 
-- 
Regards,
Mick


signature.asc
Description: This is a digitally signed message part.

Re: [gentoo-user] chrony logrotate script EOF error

[Mick]

On Sunday 22 August 2010 11:25:05 Alex Schuster wrote:
> Mick writes:
> > The chrony installed logrotate script keeps erroring out:
> > 
> > logrotate_script: line 5: warning: here-document at line 2 delimited by
> > end- of-file (wanted `EOF')
> > Unrecognized command
> > 
> > 
> > This is the script:
> > 
> > /var/log/chrony/*.log {
> > 
> > sharedscripts
> > postrotate
> > 
> > PASSWORD=`awk '$1 ~ /^1$/ {print $2; exit}'
> > 
> > /etc/chrony/chrony.keys`
> > 
> > cat << EOF | /usr/bin/chronyc | sed '/^200 OK$/d'
> > password $PASSWORD
> > cyclelogs
> > EOF
> > 
> > endscript
> > 
> > }
> > 
> > 
> > I do not understand the error.  Is it telling me to add backticks?
> > Where?
> 
> I don't know the logrotate syntax, but in bash this would not work if the
> ending EOF has leading whitespace. Try replacing the '<<' by '<<-', then
> whitespace is allowed.

Thanks!  I've used your suggestion and will see if the error goes away.
-- 
Regards,
Mick


signature.asc
Description: This is a digitally signed message part.

Re: [gentoo-user] glibc 2.12.1-r1 seems to not be working correctly

[Alan McKinnon]

Apparently, though unproven, at 15:29 on Sunday 22 August 2010, Arttu V. did 
opine thusly:

> On 8/22/10, cov...@ccs.covici.com  wrote:
> > Hi.  I am running the unstable gentoo 32-bit and today I emerged --
> > amoung other packages in a system update -- glibc-2.12.1-r1, however
> > after doing this at least one package had an undefined reference to
> > S_ISCHR.   I tried to downgrade glibc, but apparently this is not
> > supported and I am a bit stumped as to how to fix this problem.
> > 
> > Any ideas on this would be appreciated.
> 
> Which package is failing? Please check if it is already reported, and
> if not then please report a new bug, and if possible make it block
> this tracker bug:
> 
> http://bugs.gentoo.org/show_bug.cgi?id=331665
> 
> A wild guess out of the blue would be that the error could be simply a
> missing include of stat.h in the package's sources. But there might be
> other omissions as well, so please provide more info.
> 
> I think that unless API/ABIs were changed then the older, already
> installed version should still work just fine, as then the missing
> includes would only affect compile-time situation.


There is a way to downgrade for the brave.

quickpkg glibc
move the 2.11.? version ebuild you want to your local overlay.
Edit it and find the check that disallows downgrades. Comment it out.
Mask glibc2.12
update glibc

At this point it's probably very wise to rebuild at least system, then revdep-
rebuild. Note that rebuilding system might fail in which case you are really 
up the creek.

Feel free to rip to pieces the dev that committed this version. It could not 
possibly have undergone decent testing

-- 
alan dot mckinnon at gmail dot com

Re: [gentoo-user] chrony logrotate script EOF error

[Alan McKinnon]

Apparently, though unproven, at 12:11 on Sunday 22 August 2010, Mick did opine 
thusly:

> Hi All,
> 
> The chrony installed logrotate script keeps erroring out:
> 
> logrotate_script: line 5: warning: here-document at line 2 delimited by
> end- of-file (wanted `EOF')
> Unrecognized command
> 
> 
> This is the script:
> 
> /var/log/chrony/*.log {
>   sharedscripts
>   postrotate
> PASSWORD=`awk '$1 ~ /^1$/ {print $2; exit}'
> /etc/chrony/chrony.keys`
> cat << EOF | /usr/bin/chronyc | sed '/^200 OK$/d'
> password $PASSWORD
> cyclelogs
> EOF
> endscript
> }
> 
> 
> I do not understand the error.  Is it telling me to add backticks?  Where?


No, it's saying it wants EOF on a line all by itself with no leading 
whitespace. That thing that looks like a backtick is an open quote.


-- 
alan dot mckinnon at gmail dot com

Re: [gentoo-user] creating ssh account without directory browsing

[Alan McKinnon]

Apparently, though unproven, at 10:36 on Sunday 22 August 2010, Tamer Higazi 
did opine thusly:

>  Hi people!
> For a project I need to create ssh accounts (based on shared keys) who
> would be loged in a specific directory. They should only be able to
> login in the desired directory, but not be able for outside browsing.
> 
> 
> for example:
> 
> /work/
> 
> but not / or any other scope.
> 
> How would you guys accomplish that?!


Make that user's shell rbash.

In rbash the user cannot cd. There's a bunch of other stuff they also cannot 
do. Check man bash near the end to make sure it satisfies your needs.

-- 
alan dot mckinnon at gmail dot com

Re: [gentoo-user] chrony logrotate script EOF error

[Mick]

On Sunday 22 August 2010 17:25:02 Alan McKinnon wrote:
> Apparently, though unproven, at 12:11 on Sunday 22 August 2010, Mick did
> opine
> 
> thusly:
> > Hi All,
> > 
> > The chrony installed logrotate script keeps erroring out:
> > 
> > logrotate_script: line 5: warning: here-document at line 2 delimited by
> > end- of-file (wanted `EOF')
> > Unrecognized command
> > 
> > 
> > This is the script:
> > 
> > /var/log/chrony/*.log {
> > 
> > sharedscripts
> > postrotate
> > 
> > PASSWORD=`awk '$1 ~ /^1$/ {print $2; exit}'
> > 
> > /etc/chrony/chrony.keys`
> > 
> > cat << EOF | /usr/bin/chronyc | sed '/^200 OK$/d'
> > password $PASSWORD
> > cyclelogs
> > EOF
> > 
> > endscript
> > 
> > }
> > 
> > 
> > I do not understand the error.  Is it telling me to add backticks? 
> > Where?
> 
> No, it's saying it wants EOF on a line all by itself with no leading
> whitespace. That thing that looks like a backtick is an open quote.

Hmm ... so what should the corrected logrotate script look like then?

   cat << 
EOF
   | /usr/bin/chronyc | sed '/^200 OK$/d'
   password $PASSWORD
   cyclelogs
   EOF
endscript
}
-- 
Regards,
Mick


signature.asc
Description: This is a digitally signed message part.

Re: [gentoo-user] chrony logrotate script EOF error

[Alan McKinnon]

Apparently, though unproven, at 18:44 on Sunday 22 August 2010, Mick did opine 
thusly:

> > No, it's saying it wants EOF on a line all by itself with no leading
> > whitespace. That thing that looks like a backtick is an open quote.
> 
> Hmm ... so what should the corrected logrotate script look like then?
> 
>cat << 
> EOF
>| /usr/bin/chronyc | sed '/^200 OK$/d'
>password $PASSWORD
>cyclelogs
>EOF
> endscript
> }


Change the other EOF instead.

It's a "here document", search for that phrase in man bash to find out more. 
It tells bash what will cause input redirection from stdin to end. The first 
EOF is the string to look for, the second one is the trigger that ends input

-- 
alan dot mckinnon at gmail dot com

Re: [gentoo-user] chrony logrotate script EOF error

[Mick]

On Sunday 22 August 2010 17:50:02 Alan McKinnon wrote:
> Apparently, though unproven, at 18:44 on Sunday 22 August 2010, Mick did
> opine
> 
> thusly:
> > > No, it's saying it wants EOF on a line all by itself with no leading
> > > whitespace. That thing that looks like a backtick is an open quote.
> > 
> > Hmm ... so what should the corrected logrotate script look like then?
> > 
> >cat <<
> > 
> > EOF
> > 
> >| /usr/bin/chronyc | sed '/^200 OK$/d'
> >
> >password $PASSWORD
> >cyclelogs
> >EOF
> > 
> > endscript
> > }
> 
> Change the other EOF instead.
> 
> It's a "here document", search for that phrase in man bash to find out
> more. It tells bash what will cause input redirection from stdin to end.
> The first EOF is the string to look for, the second one is the trigger
> that ends input

Thanks Alan, I think I got it now.  :-)
-- 
Regards,
Mick


signature.asc
Description: This is a digitally signed message part.

[gentoo-user] Re: Some corruption after gnome 2.30

[Mathieu Bonnet]

Adam Carter  gmail.com> writes:
> Any more suggestions?

I suppose this is the same problem as
, in which case the easiest
workaround is to downgrade ati-drivers from 10.7 to 10.5 for now. It is not a
Gnome/GTK problem (or at least not directly, I don't know precisely).

Re: [gentoo-user] Disable fcron logging

[Stroller]

On 22 Aug 2010, at 11:26, Alex Schuster wrote:

Stroller writes:



#!/bin/bash
while true
do
  for drive in a b c d
  do
 /usr/sbin/smartctl /dev/sd$drive --whatever >> /var/log/hdstate
  done
sleep 60
done


I use hdparm and hddtemp:

for hd in sda sdb sdc sdd
do
...
echo "$hd: $state $temp"
done


The script with which you reply is missing the sleep 60 loop.


...
The problem with cron is that I get those cron logs I do not like, and
that the update time of 60 seconds is a little long. Running the  
script in
a loop, started in .kde4/Autostart, would be better, but as a user I  
have
no permission to call hdparm or hdtemp. I do not want to be part of  
the
disk group, and when using sudo I would get the logs by sudo I  
wanted to
avoid. So now I SUID'ed hdparm and hddtemp, changed the group to  
wheel and
disabled execution for others. cron problem not solved, but  
workarounded.


Running a script which contains `while true ... sleep 60` will cause  
only a single logging action. You can run it as root at startup using / 
etc/conf.d/local.start and have the file world readable.


Stroller.

[gentoo-user] system lag with gentoo-sources-2.6.35-r2

[Alan Warren]

Hello,

I am having some system performance issues with this kernel release. I have
a SMP machine (dual xeon nehalem 8 core / 16 threads) with 24gb non-ecc
memory.

On occasion (seems random so far) my system feels like a Pentium II trying
to cope with Vista. For example, I was in the middle of tar'ing a semi-large
file and noticed all of my apps came to a crawl. Scrolling in firefox,
typing in the terminal, or trying to navigate in my file manager resulted in
breif "pauses" that came in waves. On one occasion my system froze
completely and I had to manually reset the machine. (that was with
2.6.35-r1)

I didn't activate anything "new" in this kernel release that I don't
normally activate. ie, no cpuidle driver

Is there a proper venu for debugging such matters, or should I just wait for
this kernel to go prime-time?

Thanks for your time,
Alan

[gentoo-user] php 5.3.3 will not emerge

[covici]

Hi.  I am having problems emerging php-5.3.3-r1 -- I am not sure if its
related to the glibc problems, however its strange -- the heart of the
matter is that /usr/include/mysql/my_global.h is looking for
my_compiler.h which does not exist -- google search reveals nothing --
so any ideas would be appreciated.

-- 
Your life is like a penny.  You're going to lose it.  The question is:
How do
you spend it?

 John Covici
 cov...@ccs.covici.com

Re: [gentoo-user] glibc 2.12.1-r1 seems to not be working correctly

[covici]

Alan McKinnon  wrote:

> Apparently, though unproven, at 15:29 on Sunday 22 August 2010, Arttu V. did 
> opine thusly:
> 
> > On 8/22/10, cov...@ccs.covici.com  wrote:
> > > Hi.  I am running the unstable gentoo 32-bit and today I emerged --
> > > amoung other packages in a system update -- glibc-2.12.1-r1, however
> > > after doing this at least one package had an undefined reference to
> > > S_ISCHR.   I tried to downgrade glibc, but apparently this is not
> > > supported and I am a bit stumped as to how to fix this problem.
> > > 
> > > Any ideas on this would be appreciated.
> > 
> > Which package is failing? Please check if it is already reported, and
> > if not then please report a new bug, and if possible make it block
> > this tracker bug:
> > 
> > http://bugs.gentoo.org/show_bug.cgi?id=331665
> > 
> > A wild guess out of the blue would be that the error could be simply a
> > missing include of stat.h in the package's sources. But there might be
> > other omissions as well, so please provide more info.
> > 
> > I think that unless API/ABIs were changed then the older, already
> > installed version should still work just fine, as then the missing
> > includes would only affect compile-time situation.
> 
> 
> There is a way to downgrade for the brave.
> 
> quickpkg glibc
> move the 2.11.? version ebuild you want to your local overlay.
> Edit it and find the check that disallows downgrades. Comment it out.
> Mask glibc2.12
> update glibc
> 
> At this point it's probably very wise to rebuild at least system, then revdep-
> rebuild. Note that rebuilding system might fail in which case you are really 
> up the creek.
> 
> Feel free to rip to pieces the dev that committed this version. It could not 
> possibly have undergone decent testing

I have another idea -- what would I have to restore from backup to
completely cancel the entire update process I have done since yesterday
-- and then I could mask off the bad glibc and be back to something at
least somewhat consistent?


-- 
Your life is like a penny.  You're going to lose it.  The question is:
How do
you spend it?

 John Covici
 cov...@ccs.covici.com

Re: [gentoo-user] system lag with gentoo-sources-2.6.35-r2

[Robert Bridge]

On Sun, Aug 22, 2010 at 8:01 PM, Alan Warren  wrote:
> Is there a proper venu for debugging such matters, or should I just wait for
> this kernel to go prime-time?

Can you reliably reproduce the problem? If so, and you have a kernel
that works git-bisect should allow you to pinpoint the offending
commit.

By the sounds of it though, this could be related to the problems
Linux has when under heavy I/O, in which case you best bet would be to
look to the upstream git as there are supposed to be fixes in it.

Cheers,
RobbieAB.

Re: [gentoo-user] glibc 2.12.1-r1 seems to not be working correctly

[Alan McKinnon]

Apparently, though unproven, at 20:57 on Sunday 22 August 2010, 
cov...@ccs.covici.com did opine thusly:

> > There is a way to downgrade for the brave.
> >
> > 
> >
> > quickpkg glibc
> > move the 2.11.? version ebuild you want to your local overlay.
> > Edit it and find the check that disallows downgrades. Comment it out.
> > Mask glibc2.12
> > update glibc
> >
> > 
> >
> > At this point it's probably very wise to rebuild at least system, then
> > revdep- rebuild. Note that rebuilding system might fail in which case
> > you are really up the creek.
> >
> > 
> >
> > Feel free to rip to pieces the dev that committed this version. It could
> > not  possibly have undergone decent testing
> 
> I have another idea -- what would I have to restore from backup to
> completely cancel the entire update process I have done since yesterday
> -- and then I could mask off the bad glibc and be back to something at
> least somewhat consistent?


I too have another idea - look at emerge.log and tell us what you emerged 
since yesterday. Then restore those packages.


-- 
alan dot mckinnon at gmail dot com

Re: [gentoo-user] Re: gnome 2.6 won't install

[Albert Hopkins]

On Fri, 2010-07-02 at 04:39 +0200, Nicolas Sebrecht wrote:
> On Thu, Jul 01, 2010 at 09:34:25PM -0400, Albert Hopkins wrote:
> 
> > The OP was over 3 months ago.  I think a lack of response speaks volumes
> > compared to responding so late.  It was a thread that was DOA. Why did
> > you decide to dig it up?
> 
> The real reason is that I don't have time to track this list in a per
> day, week or even in a per month basis.  I don't think it's a problem
> that much.
> 
> Is there any reason to not answer, even late?  Some problem are
> blocking, some aren't and can be delayed a long time. Who knows?
> Even if everything seems to show the problem is solved or turned around,
> people usually like to understand what could have happen or have more
> clues. I already had such feedback for problems older than one year.
> 
> Now, what I was saying is more about "how to make my chances bigger to
> have answers in general" than trying to explain "why a lack of
> response".
> 

You are absolutely correct.  Please continue with this thread.  We look
forward to your response in a month or so.

Re: [gentoo-user] system lag with gentoo-sources-2.6.35-r2

[Alan Warren]

Thanks,

I'm not very savvy when it comes to working with the kernel beyond
using the normal stable cut gentoo provides. I'll research git-bisect
and see if I can't figure this out though.

I think you are correct though. It does seem to only happen while the system
is under heavy I/O.

I've never experienced anything like this in previous versions of the linux
kernel,
and resorting back to gentoo-sources-2.6.34 fixes the issue completely.

If there are I/O fixes upstream, then I am assuming you are referring to a
cut
that is more recent then gentoo-sources-2.6.35-r2 that the Gentoo devs have
yet to provide their patches to?  ( I see vanilla sources has 2.6.35 .3)

Thanks again,
Alan


On Sun, Aug 22, 2010 at 2:14 PM, Robert Bridge  wrote:

> On Sun, Aug 22, 2010 at 8:01 PM, Alan Warren 
> wrote:
> > Is there a proper venu for debugging such matters, or should I just wait
> for
> > this kernel to go prime-time?
>
> Can you reliably reproduce the problem? If so, and you have a kernel
> that works git-bisect should allow you to pinpoint the offending
> commit.
>
> By the sounds of it though, this could be related to the problems
> Linux has when under heavy I/O, in which case you best bet would be to
> look to the upstream git as there are supposed to be fixes in it.
>
> Cheers,
> RobbieAB.
>
>

Re: [gentoo-user] glibc 2.12.1-r1 seems to not be working correctly

[covici]

Alan McKinnon  wrote:

> Apparently, though unproven, at 20:57 on Sunday 22 August 2010, 
> cov...@ccs.covici.com did opine thusly:
> 
> > > There is a way to downgrade for the brave.
> > >
> > > 
> > >
> > > quickpkg glibc
> > > move the 2.11.? version ebuild you want to your local overlay.
> > > Edit it and find the check that disallows downgrades. Comment it out.
> > > Mask glibc2.12
> > > update glibc
> > >
> > > 
> > >
> > > At this point it's probably very wise to rebuild at least system, then
> > > revdep- rebuild. Note that rebuilding system might fail in which case
> > > you are really up the creek.
> > >
> > > 
> > >
> > > Feel free to rip to pieces the dev that committed this version. It could
> > > not  possibly have undergone decent testing
> > 
> > I have another idea -- what would I have to restore from backup to
> > completely cancel the entire update process I have done since yesterday
> > -- and then I could mask off the bad glibc and be back to something at
> > least somewhat consistent?
> 
> 
> I too have another idea - look at emerge.log and tell us what you emerged 
> since yesterday. Then restore those packages.
> 
> 
> -- 
> alan dot mckinnon at gmail dot com

If I tried that -- how would I downgrade glibc in the process -- I am
sure I could figure out all the packages, but that downgrade scares me
-- would I do the packages in reverse order, or what?  I also changed my
gcc before this update, I could certainly reverse that as well.

-- 
Your life is like a penny.  You're going to lose it.  The question is:
How do
you spend it?

 John Covici
 cov...@ccs.covici.com

Re: [gentoo-user] Disable fcron logging

[Stroller]

On 22 Aug 2010, at 20:00, Stroller wrote:

On 22 Aug 2010, at 11:26, Alex Schuster wrote:

Stroller writes:



#!/bin/bash
while true
do
 for drive in a b c d
 do
/usr/sbin/smartctl /dev/sd$drive --whatever >> /var/log/hdstate
 done
sleep 60
done


I use hdparm and hddtemp:

for hd in sda sdb sdc sdd
do
...
echo "$hd: $state $temp"
done


The script with which you reply is missing the sleep 60 loop.


...
The problem with cron is that I get those cron logs I do not like,  
and
that the update time of 60 seconds is a little long. Running the  
script in
a loop, started in .kde4/Autostart, would be better, but as a user  
I have
no permission to call hdparm or hdtemp. I do not want to be part of  
the
disk group, and when using sudo I would get the logs by sudo I  
wanted to
avoid. So now I SUID'ed hdparm and hddtemp, changed the group to  
wheel and
disabled execution for others. cron problem not solved, but  
workarounded.


Running a script which contains `while true ... sleep 60` will cause  
only a single logging action. You can run it as root at startup  
using /etc/conf.d/local.start and have the file world readable.


Sorry, this wasn't very clear:

If your script contains `while true ... sleep 60` then you'll only  
need to run it once.


Stroller.

Re: [gentoo-user] glibc 2.12.1-r1 seems to not be working correctly

[Alan McKinnon]

Apparently, though unproven, at 21:44 on Sunday 22 August 2010, 
cov...@ccs.covici.com did opine thusly:

> Alan McKinnon  wrote:
> > Apparently, though unproven, at 20:57 on Sunday 22 August 2010,
> > 
> > cov...@ccs.covici.com did opine thusly:
> > > > There is a way to downgrade for the brave.
> > > > 
> > > > 
> > > > 
> > > > quickpkg glibc
> > > > move the 2.11.? version ebuild you want to your local overlay.
> > > > Edit it and find the check that disallows downgrades. Comment it out.
> > > > Mask glibc2.12
> > > > update glibc
> > > > 
> > > > 
> > > > 
> > > > At this point it's probably very wise to rebuild at least system,
> > > > then revdep- rebuild. Note that rebuilding system might fail in
> > > > which case you are really up the creek.
> > > > 
> > > > 
> > > > 
> > > > Feel free to rip to pieces the dev that committed this version. It
> > > > could not  possibly have undergone decent testing
> > > 
> > > I have another idea -- what would I have to restore from backup to
> > > completely cancel the entire update process I have done since yesterday
> > > -- and then I could mask off the bad glibc and be back to something at
> > > least somewhat consistent?
> > 
> > I too have another idea - look at emerge.log and tell us what you emerged
> > since yesterday. Then restore those packages.
> 
> If I tried that -- how would I downgrade glibc in the process -- I am
> sure I could figure out all the packages, but that downgrade scares me
> -- would I do the packages in reverse order, or what?  I also changed my
> gcc before this update, I could certainly reverse that as well.


It all depends on what tools you have available and how many packages were 
upgraded between yesterday and today. If you have tarballs for at least system 
in your packages dir, then just merge the old ones back. If not, then 
downgrade glibc and either emerge -e system or run revdep-rebuild.

gcc is not a major issue, it simply builds runnable code and links to other 
stuff. As long as the ABI didn't change, and it didn't, gcc will not cause any 
relevant problems. The real problem is glibc which provides the C library. 
Almost everything links to that and it's interfaces can and do change. So 
packages built since that upgrade may well break with a downgrade.

But like I said the best approach will depend on what packages are involved 
and you still haven't provided that list. I used to have a crystal ball that 
could gaze into your mind and your disk to find these answer, but ironically 
it too is now broken by the very same glibc upgrade you are dealing with. So 
you must look into this yourself. However, it's not all bad news - at least my 
fee to you will not increase.




-- 
alan dot mckinnon at gmail dot com

[gentoo-user] Re: creating ssh account without directory browsing

[Kalkin Sam]

Hi,

Young padawan Tamer Higazi  spoke:
>  Hi people!
> For a project I need to create ssh accounts (based on shared keys) who
> would be loged in a specific directory. They should only be able to
> login in the desired directory, but not be able for outside browsing.

I think you mean chroot. OpenSSH supports this, have a look at it.

kalkin-

-- 
Paranoid sein heisst frei sein
   (Hal Faber)

Re: [gentoo-user] system lag with gentoo-sources-2.6.35-r2

[Robert Bridge]

On Sun, Aug 22, 2010 at 8:35 PM, Alan Warren  wrote:
> I think you are correct though. It does seem to only happen while the system
> is under heavy I/O.
>
> I've never experienced anything like this in previous versions of the linux
> kernel,
> and resorting back to gentoo-sources-2.6.34 fixes the issue completely.
>
> If there are I/O fixes upstream, then I am assuming you are referring to a
> cut
> that is more recent then gentoo-sources-2.6.35-r2 that the Gentoo devs have
> yet to provide their patches to?  ( I see vanilla sources has 2.6.35 .3)

Well, the fix is in the line for 2.6.36 IIRC, so wouldn't be in an
2.6.35 kernel.

That said, the problem supposedly being fixed goes back well before
2.6.34, so if that kernel works, it suggests that it is a different
issue you are hitting. However... If there was a FF update, that could
be triggering the bug, as FF3.5+ are pretty stinky for I/O levels.

Re: [gentoo-user] Disable fcron logging

[Alex Schuster]

Stroller writes:

> The script with which you reply is missing the sleep 60 loop.

No, it's only the script that outputs the drive's state. It's called by 
~/.kde4/Autostart/hdstate:

#!/bin/bash

while :
do
/usr/local/sbin/hdstate >> ~/log/hdstate.log
sleep 10
done

> Running a script which contains `while true ... sleep 60` will cause
> only a single logging action. You can run it as root at startup using /
> etc/conf.d/local.start and have the file world readable.

Yeah, local.start woudl also be a good idea, without the need to setuid 
things. Maybe I'll change this.

BTW, my two additional drives spin up when I log into KDE. Weird, they are 
not even mounted.

Wonko

[gentoo-user] sudo -l strange behavour when used via LDAP

[Giampiero Gabbiani]

Hi all,
I configured sudo in order to use LDAP and set the corrisponding defaults on 
the DIT set to ignore_local_sudoers.
After populating the DIT with the rules, sudo works perfectly but I have a 
problem with the list options of sudo (-l).

It seems like sudo -l for NORMAL users (i.e. not root) doesn't print the 
corresponding matched rule when this comes from LDAP. More exactly it matches 
the rule (and actually the user can perform the commands he is enabled to do) 
BUT they are not shown with the list option.

After setting the sudoers_debug to 2 in /etc/ldap.sonf.sudo I obtain the 
following:

gia...@athena ~ $ sudo -l
LDAP Config Summary
===
host vesta.homenet.telecomitalia.it
port -1
ldap_version 3
sudoers_base ou=sudoers,dc=gabbiani,dc=org
binddn   (anonymous)
bindpw   (anonymous)
ssl  (no)
===
sudo: ldap_create()
sudo: ldap_set_option(LDAP_OPT_HOST_NAME, vesta.homenet.telecomitalia.it)
sudo: ldap_set_option: debug -> 0
sudo: ldap_set_option: ldap_version -> 3
sudo: ldap_sasl_bind_s() ok
sudo: found:cn=defaults,ou=SUDOers,dc=gabbiani,dc=org
sudo: ldap sudoOption: 'ignore_local_sudoers'
sudo: ldap sudoHost 'ALL' ... MATCH!
sudo: ldap sudoOption: '!authenticate'
sudo: user_matches=1
sudo: host_matches=1
sudo: sudo_ldap_lookup(52)=0x02
Runas and Command-specific defaults for giampa:


sudo: ldap search '(|(sudoUser=giampa)(sudoUser=%giampa)(sudoUser=%wheel)
(sudoUser=%floppy)(sudoUser=%audio)(sudoUser=%cdrom)(sudoUser=%video)
(sudoUser=%usb)(sudoUser=%portage)(sudoUser=%plugdev)(sudoUser=%netusers)
(sudoUser=%cvsadmin)(sudoUser=ALL))'
sudo: ldap sudoHost 'ALL' ... MATCH!
sudo: ldap search 'sudoUser=+*'

The root user instead correctly prints the list informations:

athena ~ # sudo -l
LDAP Config Summary
===
host vesta.homenet.telecomitalia.it
port -1
ldap_version 3
sudoers_base ou=sudoers,dc=gabbiani,dc=org
binddn   (anonymous)
bindpw   (anonymous)
ssl  (no)
===
sudo: ldap_create()
sudo: ldap_set_option(LDAP_OPT_HOST_NAME, vesta.homenet.telecomitalia.it)
sudo: ldap_set_option: debug -> 0
sudo: ldap_set_option: ldap_version -> 3
sudo: ldap_sasl_bind_s() ok
sudo: found:cn=defaults,ou=SUDOers,dc=gabbiani,dc=org
sudo: ldap sudoOption: 'ignore_local_sudoers'
sudo: ldap sudoHost 'ALL' ... MATCH!
sudo: user_matches=1
sudo: host_matches=1
sudo: sudo_ldap_lookup(52)=0x02
Runas and Command-specific defaults for root:


sudo: ldap search '(|(sudoUser=root)(sudoUser=%root)(sudoUser=%bin)
(sudoUser=%daemon)(sudoUser=%sys)(sudoUser=%adm)(sudoUser=%disk)
(sudoUser=%wheel)(sudoUser=%floppy)(sudoUser=%dialout)(sudoUser=%tape)
(sudoUser=%video)(sudoUser=ALL))'
sudo: ldap sudoHost 'ALL' ... MATCH!
sudo: ldap sudoHost 'ALL' ... MATCH!
sudo: ldap search 'sudoUser=+*'
User root may run the following commands on this host:
(ALL) ALL
(ALL) NOPASSWD: ALL

The expected behavour for NORMAL user is instead (this comes from another 
machines running mandriva 2010.1):

gia...@vesta ~ $ sudo -l
Runas and Command-specific defaults for giampa:
ignore_local_sudoers

User giampa may run the following commands on this host:
(ALL) NOPASSWD: ALL

Is it a bug ? Is there anyone that experimented the same? Is there anything 
that I to set in gentoo in order to let a normal user to display correctly the 
sudoers commands when coming from ldap?

Many thanks in advance
Giampiero

Re: [gentoo-user] glibc 2.12.1-r1 seems to not be working correctly

[Volker Armin Hemmann]

On Sunday 22 August 2010, cov...@ccs.covici.com wrote:
> Alan McKinnon  wrote:
> > Apparently, though unproven, at 20:57 on Sunday 22 August 2010,
> > 
> > cov...@ccs.covici.com did opine thusly:
> > > > There is a way to downgrade for the brave.
> > > > 
> > > > 
> > > > 
> > > > quickpkg glibc
> > > > move the 2.11.? version ebuild you want to your local overlay.
> > > > Edit it and find the check that disallows downgrades. Comment it out.
> > > > Mask glibc2.12
> > > > update glibc
> > > > 
> > > > 
> > > > 
> > > > At this point it's probably very wise to rebuild at least system,
> > > > then revdep- rebuild. Note that rebuilding system might fail in
> > > > which case you are really up the creek.
> > > > 
> > > > 
> > > > 
> > > > Feel free to rip to pieces the dev that committed this version. It
> > > > could not  possibly have undergone decent testing
> > > 
> > > I have another idea -- what would I have to restore from backup to
> > > completely cancel the entire update process I have done since yesterday
> > > -- and then I could mask off the bad glibc and be back to something at
> > > least somewhat consistent?
> > 
> > I too have another idea - look at emerge.log and tell us what you emerged
> > since yesterday. Then restore those packages.
> 
> If I tried that -- how would I downgrade glibc in the process -- I am
> sure I could figure out all the packages, but that downgrade scares me
> -- would I do the packages in reverse order, or what?  I also changed my
> gcc before this update, I could certainly reverse that as well.

you can also leave that glibc version in place. Only a few packages are 
affected, most are fixed already. Just sync and retry the failing package. 
No need to downgrade glibc and recompile a bunch of packages. Besides, between 
2.12.1 and 2.12.0 you should not need to recompile anything.

[gentoo-user] KDE's RSSNow Browser Selection

[sean]

In a recent upgrade, I forget which one, the KDE Plasmoid RSSNow now
only opens a link in Konqueror despite my setting of Firefox as the
default browser.

Is anyone else seeing this, and might now a setting or fix to correct
this RSSNow setting?

Thanks
Sean

Re: [gentoo-user] Disable fcron logging

[Mick]

On Sunday 22 August 2010 22:39:47 Alex Schuster wrote:
> Stroller writes:
> > The script with which you reply is missing the sleep 60 loop.
> 
> No, it's only the script that outputs the drive's state. It's called by
> ~/.kde4/Autostart/hdstate:
> 
> #!/bin/bash
> 
> while :
> do
> /usr/local/sbin/hdstate >> ~/log/hdstate.log
> sleep 10
> done
> 
> > Running a script which contains `while true ... sleep 60` will cause
> > only a single logging action. You can run it as root at startup using /
> > etc/conf.d/local.start and have the file world readable.
> 
> Yeah, local.start woudl also be a good idea, without the need to setuid
> things. Maybe I'll change this.
> 
> BTW, my two additional drives spin up when I log into KDE. Weird, they are
> not even mounted.

From KDE-4.4.4 the start up interferes with the hard drives:

http://thread.gmane.org/gmane.linux.gentoo.user/232044

I don't why but it does, messes up any settings that hdparm may have set up 
and p*sses me off.  o_O

As soon as KDE starts up (even when waking up from suspend to ram) it resets 
the drives.  I haven't found a way of telling it how to behave (i.e. by 
respecting existing settings in hdparm).
-- 
Regards,
Mick


signature.asc
Description: This is a digitally signed message part.

Re: [gentoo-user] php 5.3.3 will not emerge

[Arttu V.]

cov...@ccs.covici.com wrote:

Hi.  I am having problems emerging php-5.3.3-r1 -- I am not sure if its
related to the glibc problems, however its strange -- the heart of the
matter is that /usr/include/mysql/my_global.h is looking for
my_compiler.h which does not exist -- google search reveals nothing --
so any ideas would be appreciated.


http://bugs.gentoo.org/show_bug.cgi?id=333923

Time to locally mask the current latest MySQL version?

--
Arttu V. -- Running Gentoo is like running with scissors

Re: [gentoo-user] php 5.3.3 will not emerge

[covici]

Arttu V.  wrote:

> cov...@ccs.covici.com wrote:
> > Hi.  I am having problems emerging php-5.3.3-r1 -- I am not sure if its
> > related to the glibc problems, however its strange -- the heart of the
> > matter is that /usr/include/mysql/my_global.h is looking for
> > my_compiler.h which does not exist -- google search reveals nothing --
> > so any ideas would be appreciated.
> 
> http://bugs.gentoo.org/show_bug.cgi?id=333923
> 
> Time to locally mask the current latest MySQL version?

I guess so, quality control seems to be declining -- I still like gentoo
very much, and maybe its my imagination, but there seems to be more
screwups last several months.

Thanks much for the bug I appreciate all the help from this list.

-- 
Your life is like a penny.  You're going to lose it.  The question is:
How do
you spend it?

 John Covici
 cov...@ccs.covici.com