Re: [gentoo-user] Portage + checksums
On Tuesday 06 April 2010 23:16:13 Alan McKinnon wrote: > On Tuesday 06 April 2010 23:46:48 Mark Knecht wrote: > > On Tue, Apr 6, 2010 at 2:26 PM, Alan McKinnon > > wrote: > > > > > FEATURES=sign > > > > > > "man 5 make.conf" implies that the dev signs the Manifest by checking > > > something into the tree using repoman. Presumably, the user either has > > > to fetch the public key or portage includes it in the tree. But > > > documentation in the man pages is sparse, I can't find an explanation > > > of how it should work. > > > > > > > > > -- > > > alan dot mckinnon at gmail dot com > > > > Do you use it? > > Without logging into the mirror host and checking, I really couldn't say. I > mirror what I get from gentoo.org with no alterations. > > I don't use the feature locally on any of my own boxes. This was an argument against Gentoo more than six or seven years ago with regards to the security of whole portage system. A number of suggestions were made in those early days, one of them being to sync with two mirrors and diff the ebuilds/Manifests/Distfiles affected by these two most recent syncs. As far as I know people didn't go for this because it was perceived that the system as implemented was secure enough and anyway the proposed solution would put too much pressure on the mirrors. BTW, there was some compromise of a mirror in those early days and a lot (well may be a few back then) people had to reinstall because their boxen were compromised, or thought that they might have been! If you google you may find something lurking around from the long arguments that took place and what the D.Robbins said. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
[gentoo-user] Re: can't get accelerated opengl renderer ati radeon xpress 200M
On 04/06/2010 01:12 PM, Tony Miller wrote: I've been trying for awhile now to get the accelerated opengl renderer working on my radeon xpress 200M card(which is supposedly an rv370 or rs4000 according to this wiki page: http://dri.freedesktop.org/wiki/ATIRadeon). I've been following this guide alot: http://dri.freedesktop.org/wiki/ATIRadeon I know it is important to change this string from glxinfo: OpenGL renderer string: Software Rasterizer to this: OpenGL renderer string: Mesa DRI R200 (RV280 5C61) 20090101 x86/MMX+/3DNow!+/SSE TCL DRI2 But I'm not sure how. It can't hurt to try putting it the "Device" section of xorg.conf, maybe something like this: Option "OpenGL renderer" "Mesa DRI R200." Xorg may spit in your eye, but it can't hurt to try. This error in my xorg.log seems to be the key: drmOpenDevice: node name is /dev/dri/card0 drmOpenDevice: open result is -1, (No such device) By amazing coincidence, I just posted a similar problem to the xorg mail list and got no replies. Maybe try some ATI lists instead? Anyway, I finally got /dev/dri/card0 created at boot time by fiddling with my kernel config a zillion times or two, and AFAICT there are two types of changes that may (possibly) account for my success. I'm still not sure. I finally got console framebuffer working by compiling support into the kernel instead of as a module. In retrospect, the module obviously was not being loaded at boot time when the card0 device should be created. However, I also changed other kernel video/drm/fb support to compiled-in instead of modules, so the console framebuffer thing may just be a red herring. Try compiling all the video/dri/drm stuff into your kernel instead of making them modules. BTW, I added no udev support files for dri/card0, so that device is not created by udev, apparently, but by the kernel directly.
Re: [gentoo-user] Portage + checksums
On Tuesday 06 April 2010 23:46:48 Mark Knecht wrote: > On Tue, Apr 6, 2010 at 2:26 PM, Alan McKinnon > wrote: > > > FEATURES=sign > > > > "man 5 make.conf" implies that the dev signs the Manifest by checking > > something into the tree using repoman. Presumably, the user either has to > > fetch the public key or portage includes it in the tree. But > > documentation in the man pages is sparse, I can't find an explanation of > > how it should work. > > > > > > -- > > alan dot mckinnon at gmail dot com > > Do you use it? Without logging into the mirror host and checking, I really couldn't say. I mirror what I get from gentoo.org with no alterations. I don't use the feature locally on any of my own boxes. -- alan dot mckinnon at gmail dot com
Re: [gentoo-user] Re: Anyone ever emerged dev-libs/boost with FEATURES="test" and finished?
On Wed, 07 Apr 2010 05:51:03 +1000, Lie Ryan wrote: > > FEATURES=test is not meant to be used by users, it is a developer > > setting, and they would only enable it for packages they maintain and > > then only when they ant to run the tests. > > But most developers do not have the resources to test on all > combinations of platforms. That's why Gentoo has arch-testers. -- Neil Bothwick If you give a man a fish, he's fed for a day. If you teach a man to fish, he'll buy a silly hat. If you talk about fish to a starving man, you're a consultant. signature.asc Description: PGP signature
Re: [gentoo-user] Re: Anyone ever emerged dev-libs/boost with FEATURES="test" and finished?
On Tue, 06 Apr 2010 15:17:27 -0500, Harry Putnam wrote: > Just put the variable assignment in the file, it is sourced by bash > when > > the ebuild is parsed, so most things that can go in an ebuild can go > > here. Usually it is used to override settings or set EXTRA_ECONF but > > you can use it to redefine the ebuild functions. Some people put a > > custom src_unpack() in here when they want to apply a patch, rather > > than putting a modified ebuild in an overlay. > > Ahh very helpful, thank you. Especially about putting custom > src_unpack stuff. Fussing with creating a new ebuild is a pain to us > non devel types. I find copying the existing ebuild to an overlay and adding one epatch line a lot easier than writing a custom src_unpack() function. > But one thing is unclear. You say: > `Just put the variable assignment in the file' > > You don't mean without reference to a specific package do you. > Like: > cat /etc/portage/env/category/package > EXTRA_ECONF="--enable-rootcommit" Yes I do. > So is it: > cat /etc/portage/env/category/package > dev-util/cvs EXTRA_ECONF="--enable-rootcommit" No, it is $ cat /etc/portage/env/dev-util/cvs EXTRA_ECONF="--enable-rootcommit" -- Neil Bothwick "We demand rigidly defined areas of doubt and uncertainty!" signature.asc Description: PGP signature
Re: [gentoo-user] Portage + checksums
On Tue, Apr 6, 2010 at 2:26 PM, Alan McKinnon wrote: > > FEATURES=sign > > "man 5 make.conf" implies that the dev signs the Manifest by checking > something into the tree using repoman. Presumably, the user either has to > fetch the public key or portage includes it in the tree. But documentation in > the man pages is sparse, I can't find an explanation of how it should work. > > > -- > alan dot mckinnon at gmail dot com > > Do you use it? - Mark
Re: [gentoo-user] Portage + checksums
On Tuesday 06 April 2010 23:13:47 Paul Hartman wrote: > On Tue, Apr 6, 2010 at 3:41 PM, Alan McKinnon wrote: > > On Tuesday 06 April 2010 20:56:30 Butterworth, John W. wrote: > >> Thanks. > >> > >> Do you know if someone makes a change to a copy of apache hosted on a > >> public mirror, will the sync between the servers determine that it's > >> corrupted (via 'bad' checksum) on the public side and replace it? > > > > I can answer this, I run a public Gentoo mirror (not an official one) > > > > If I, or some clown, loads a trojaned copy of Apache source code into > > my distfiles mirror, portage will complain bitterly because the hash in > > the manifest will fail. Then you will know something is wrong. > > > > If I trojan the ebuild and the portage tree to match my trojaned sources, > > you will probably not pick it up. This would be very risky indeed for me > > to do as I can't be sure you will sync the tree and get your distfiles > > from me. > > Isn't there something like FEATURES="gpg" to enable checking gpg > signatures on ebuilds? (I haven't tried it so I don't know if this is > actually used) FEATURES=sign "man 5 make.conf" implies that the dev signs the Manifest by checking something into the tree using repoman. Presumably, the user either has to fetch the public key or portage includes it in the tree. But documentation in the man pages is sparse, I can't find an explanation of how it should work. -- alan dot mckinnon at gmail dot com
Re: [gentoo-user] Portage + checksums
On Tue, Apr 6, 2010 at 3:41 PM, Alan McKinnon wrote: > On Tuesday 06 April 2010 20:56:30 Butterworth, John W. wrote: >> Thanks. >> >> Do you know if someone makes a change to a copy of apache hosted on a >> public mirror, will the sync between the servers determine that it's >> corrupted (via 'bad' checksum) on the public side and replace it? > > I can answer this, I run a public Gentoo mirror (not an official one) > > If I, or some clown, loads a trojaned copy of Apache source code into > my distfiles mirror, portage will complain bitterly because the hash in the > manifest will fail. Then you will know something is wrong. > > If I trojan the ebuild and the portage tree to match my trojaned sources, you > will probably not pick it up. This would be very risky indeed for me to do as > I can't be sure you will sync the tree and get your distfiles from me. Isn't there something like FEATURES="gpg" to enable checking gpg signatures on ebuilds? (I haven't tried it so I don't know if this is actually used)
Re: [gentoo-user] Portage + checksums
On Tuesday 06 April 2010 20:56:30 Butterworth, John W. wrote: > Thanks. > > Do you know if someone makes a change to a copy of apache hosted on a > public mirror, will the sync between the servers determine that it's > corrupted (via 'bad' checksum) on the public side and replace it? I can answer this, I run a public Gentoo mirror (not an official one) If I, or some clown, loads a trojaned copy of Apache source code into my distfiles mirror, portage will complain bitterly because the hash in the manifest will fail. Then you will know something is wrong. If I trojan the ebuild and the portage tree to match my trojaned sources, you will probably not pick it up. This would be very risky indeed for me to do as I can't be sure you will sync the tree and get your distfiles from me. You can check if my portage tree is up to date and how often I sync it by comparing timestamps between me and upstream master at gentoo.org. In my case, any trojans I host will get overwritten by gentoo.org masters every 12 hours. Except if I have a sneaky --exclude in my rsync command, or my cron syncs and then puts the trojan back. It's not quite as simple as that, but the above will suffice what someone already said: You cannot completely 100% trust a public mirror, or even gentoo.org for that matter. I know I don't pull sneaky stunts with my mirror but I can't prove that to you. I trust upstream to always do the right thing and I hope you feel you can trust me likewise. But if you don't, I have no choice but to accept your wishes and leave you to run whatever checksum comparisons you feel are appropriate for your needs. > > -john > > -Original Message- > From: Albert W. Hopkins [mailto:mar...@letterboxes.org] > Sent: Tuesday, April 06, 2010 2:24 PM > To: gentoo-user@lists.gentoo.org > Subject: Re: [gentoo-user] Portage + checksums > > On Tue, 2010-04-06 at 14:15 -0400, Butterworth, John W. wrote: > > How can I verify that the installed packages on a Gentoo system came > > from the same source that was on a main rotation mirror and/or > > “blessed” by the Gentoo development team? > > > > > > > > By verifying the checksum located in /var/db/pkg/$APPNAME/CONTENTS am > > I only confirming that the source was the same as that which was > > downloaded from the mirror? > > > > > > > > I guess what I’m getting at is how can I be sure I can trust a > > mirror? > > > > > > > > Thank you very much in advance for any insight provided, > > It really depends on your level of paranoia. Ultimately it can't be > trusted at all. > > If you really want to be sure then just the source/manifest from your > "trusted" mirror and compare. -- alan dot mckinnon at gmail dot com
[gentoo-user] Re: Anyone ever emerged dev-libs/boost with FEATURES="test" and finished?
Neil Bothwick writes: > On Tue, 06 Apr 2010 11:17:14 -0500, Harry Putnam wrote: > >> > You can set features on a per-package basis by putting FEATURES="blah" >> > into /etc/portage/env/category/package. >> >> If that would also work for something like always using a specific >> EXTRA_ECONF for a certain package: >> >> EXTRA_ECONF="--enable-rootcommit" > > It would. > >> Can you show an example of the necessary syntax? > > Just put the variable assignment in the file, it is sourced by bash when > the ebuild is parsed, so most things that can go in an ebuild can go > here. Usually it is used to override settings or set EXTRA_ECONF but you > can use it to redefine the ebuild functions. Some people put a custom > src_unpack() in here when they want to apply a patch, rather than > putting a modified ebuild in an overlay. Ahh very helpful, thank you. Especially about putting custom src_unpack stuff. Fussing with creating a new ebuild is a pain to us non devel types. But one thing is unclear. You say: `Just put the variable assignment in the file' You don't mean without reference to a specific package do you. Like: cat /etc/portage/env/category/package EXTRA_ECONF="--enable-rootcommit" So is it: cat /etc/portage/env/category/package dev-util/cvs EXTRA_ECONF="--enable-rootcommit" Or something else?
Re: [gentoo-user] Portage + checksums
Hi! >Do you know if someone makes a change to a copy of apache hosted on a >public mirror, will the sync between the servers determine that it's >corrupted (via 'bad' checksum) on the public side and replace it? I'm not sure how gentoo mirrors do the syncing but in a lot of cases an error like this would show up on the downloading (client-/mirror-) side which wont help you at all if you don't trust the mirror. The way I undestand this a problem is that any mirror may simply regenerate hash values like RMD160 or SHA1 for modified sourcefiles. If you don't compare them to those from a trusted server you will never know. So a general aproach to this may be that some gentoo core team would sign everything with one (or a set of) private key(s) of some kind and publish the corresponding public key(s) on their website and with the install images. The signature could easily be copied to mirrors but not regenerated for changed sourcefiles. However that would be a lot more work for the gentoo developers since *few* (else it's pointless) trusted people with access to the private key would have to approve every single update for every arch and compare every source tarball to a trusted one. Maybe you could run your own mirror and sync it to a trusted one? Bye, jdb
[gentoo-user] can't get accelerated opengl renderer ati radeon xpress 200M
I've been trying for awhile now to get the accelerated opengl renderer working on my radeon xpress 200M card(which is supposedly an rv370 or rs4000 according to this wiki page: http://dri.freedesktop.org/wiki/ATIRadeon). I've been following this guide alot: http://dri.freedesktop.org/wiki/ATIRadeon I know it is important to change this string from glxinfo: OpenGL renderer string: Software Rasterizer to this: OpenGL renderer string: Mesa DRI R200 (RV280 5C61) 20090101 x86/MMX+/3DNow!+/SSE TCL DRI2 But I'm not sure how. This error in my xorg.log seems to be the key: drmOpenDevice: node name is /dev/dri/card0 drmOpenDevice: open result is -1, (No such device) drmOpenDevice: open result is -1, (No such device) drmOpenDevice: Open failed drmOpenByBusid: Searching for BusID pci::01:05.0 drmOpenDevice: node name is /dev/dri/card0 drmOpenDevice: open result is -1, (No such device) drmOpenDevice: open result is -1, (No such device) drmOpenDevice: Open failed drmOpenByBusid: drmOpenMinor returns -19 drmOpenDevice: node name is /dev/dri/card1 drmOpenDevice: open result is -1, (No such device) drmOpenDevice: open result is -1, (No such device) drmOpenDevice: Open failed drmOpenByBusid: drmOpenMinor returns -19 drmOpenDevice: node name is /dev/dri/card2 drmOpenDevice: open result is -1, (No such device) drmOpenDevice: open result is -1, (No such device) drmOpenDevice: Open failed drmOpenByBusid: drmOpenMinor returns -19 (etc, etc, etc, etc, etc, etc, etc) (EE) RADEON(0): [dri] RADEONDRIGetVersion failed to open the DRM [dri] Disabling DRI. Well the directory /dev/dri/ is empty, so there you go. I have these package versions: xorg-server 1.7.6 mesa 7.8 libdrm 2.4.19 xf86-video-ati 6.12.192 xorg-drivers 1.7 I have drm set in my kernel too: t...@o_0 ~ $ zgrep DRM /proc/config.gz CONFIG_DRM=m CONFIG_DRM_KMS_HELPER=m CONFIG_DRM_TTM=m # CONFIG_DRM_TDFX is not set # CONFIG_DRM_R128 is not set CONFIG_DRM_RADEON=m CONFIG_DRM_RADEON_KMS=y # CONFIG_DRM_I810 is not set # CONFIG_DRM_I830 is not set # CONFIG_DRM_I915 is not set # CONFIG_DRM_MGA is not set # CONFIG_DRM_SIS is not set # CONFIG_DRM_VIA is not set # CONFIG_DRM_SAVAGE is not set # CONFIG_DRM_VMWGFX is not set # CONFIG_DRM_NOUVEAU is not set # CONFIG_DRM_I2C_CH7006 is not set and this dmesg output appears to indicate that its working ok: [ 53.428828] [drm] Initialized drm 1.1.0 20060810 [ 53.642115] [drm] radeon defaulting to kernel modesetting. [ 53.642122] [drm] radeon kernel modesetting enabled. But glxgears only gets about 19 fps. Here is what glxinfo | grep OpenGL reports: OpenGL vendor string: Mesa Project OpenGL renderer string: Software Rasterizer OpenGL version string: 2.1 Mesa 7.8 OpenGL shading language version string: 1.20 OpenGL extensions: And might as well post my xorg.conf as well: Section "ServerLayout" Identifier "X.org Configured" Screen 0 "Screen0" 0 0 InputDevice"Mouse0" "CorePointer" InputDevice"Keyboard0" "CoreKeyboard" EndSection Section "Files" ModulePath "/usr/lib/xorg/modules" FontPath "/usr/share/fonts/misc/" FontPath "/usr/share/fonts/TTF/" FontPath "/usr/share/fonts/OTF" FontPath "/usr/share/fonts/Type1/" FontPath "/usr/share/fonts/100dpi/" FontPath "/usr/share/fonts/75dpi/" EndSection Section "Module" Load "record" Load "extmod" Load "dri" Load "glx" Load "GLcore" Load "dri2" Load "dbe" EndSection Section "InputDevice" Identifier "Keyboard0" Driver "kbd" EndSection Section "InputDevice" Identifier "Mouse0" Driver "mouse" Option "Protocol" "auto" Option "Device" "/dev/input/mice" Option "ZAxisMapping" "4 5 6 7" EndSection Section "Monitor" Identifier "Monitor0" VendorName "Monitor Vendor" ModelName"Monitor Model" EndSection Section "Device" ### Available Driver options are:- ### Values: : integer, : float, : "True"/"False", ### : "String", : " Hz/kHz/MHz" ### [arg]: arg optional #Option "ShadowFB" # [] #Option "DefaultRefresh"# [] #Option "ModeSetClearScreen"# [] Identifier "Card0" Driver "radeon" VendorName "ATI Technologies Inc" BoardName "RC410 [Radeon Xpress 200M]" BusID "PCI:1:5:0" Option "MergedFB" "true" Option "CRT2Position" "LeftOf" Option "ColorTiling" "true" Option "EnablePageFlip""true" #Option "AccelMethod" "EXA" #Option "AccelDFS" "true" EndSection Section "Screen" Identifier "Screen0" Device "Card0" Monitor"Monitor0" DefaultDepth24 SubSection "Display"
RE: [gentoo-user] Portage + checksums
Thanks. Do you know if someone makes a change to a copy of apache hosted on a public mirror, will the sync between the servers determine that it's corrupted (via 'bad' checksum) on the public side and replace it? -john -Original Message- From: Albert W. Hopkins [mailto:mar...@letterboxes.org] Sent: Tuesday, April 06, 2010 2:24 PM To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Portage + checksums On Tue, 2010-04-06 at 14:15 -0400, Butterworth, John W. wrote: > How can I verify that the installed packages on a Gentoo system came > from the same source that was on a main rotation mirror and/or > “blessed” by the Gentoo development team? > > > > By verifying the checksum located in /var/db/pkg/$APPNAME/CONTENTS am > I only confirming that the source was the same as that which was > downloaded from the mirror? > > > > I guess what I’m getting at is how can I be sure I can trust a > mirror? > > > > Thank you very much in advance for any insight provided, It really depends on your level of paranoia. Ultimately it can't be trusted at all. If you really want to be sure then just the source/manifest from your "trusted" mirror and compare. smime.p7s Description: S/MIME cryptographic signature
Re: [gentoo-user] Re: Anyone ever emerged dev-libs/boost with FEATURES="test" and finished?
On Tue, 06 Apr 2010 11:17:14 -0500, Harry Putnam wrote: > > You can set features on a per-package basis by putting FEATURES="blah" > > into /etc/portage/env/category/package. > > If that would also work for something like always using a specific > EXTRA_ECONF for a certain package: > > EXTRA_ECONF="--enable-rootcommit" It would. > Can you show an example of the necessary syntax? Just put the variable assignment in the file, it is sourced by bash when the ebuild is parsed, so most things that can go in an ebuild can go here. Usually it is used to override settings or set EXTRA_ECONF but you can use it to redefine the ebuild functions. Some people put a custom src_unpack() in here when they want to apply a patch, rather than putting a modified ebuild in an overlay. -- Neil Bothwick Picard: 'What do the sensors say Mr Data?' Data: 'They tell us that we can't say "F*ck" Sir." signature.asc Description: PGP signature
[gentoo-user] Re: Anyone ever emerged dev-libs/boost with FEATURES="test" and finished?
On 04/06/10 17:23, Neil Bothwick wrote: > On Tue, 06 Apr 2010 10:11:02 +1000, Lie Ryan wrote: > >> Anyway, I've been thinking about this for some time that turning on >> FEATURES="test" globally seems quite impractical for many users > > FEATURES=test is not meant to be used by users, it is a developer > setting, and they would only enable it for packages they maintain and > then only when they ant to run the tests. But most developers do not have the resources to test on all combinations of platforms. If the barrier for FEATURES="test" can be lowered, then everyone that wants to be a global tester can do it without sacrificing too muchs (plus they can control how much time they want to contribute) and this benefits all open-source software as a whole. Lowering barrier for testing also encourages developers to write unittest who would otherwise hand-waving it since they now know their unittest will really be testing the program's true correctness instead of an platform dependent correctness. Probably enabling "test" by default is too much to ask though. >> Due to this problem, I think portage could have a test policy feature so >> people can have finer control to filter out test suites that they don't >> want to run. This way globally FEATURES="test" can be more feasible for >> most users (and probably can sometime be turned on by default). > > You can set features on a per-package basis by putting FEATURES="blah" > into /etc/portage/env/category/package.
Re: [gentoo-user] Can't get a DVD to burn.
Joerg Schilling wrote: Dale wrote: All I know is that I downgraded cdrtools and it worked. I didn't even eject the media. Since it works now , I don't guess there is any way to test it. Next time I do a backup, I'll upgrade and see if it fails. If it does, maybe then we can figure it out. I'll go back to my current version and see if it works then. May be a bit before I do backups again tho. Hi, is there any news on whether this was more than an "after I downgraded"? Jörg Not quite yet. I sort of got really busy. Went on a egg hunt then had to go out of town for a whole day. It was fun but this old dog is tired. I'm hoping to test this soon tho. I hadn't forgot. Dale :-) :-)
Re: [gentoo-user] Portage + checksums
On Tue, 2010-04-06 at 14:15 -0400, Butterworth, John W. wrote: > How can I verify that the installed packages on a Gentoo system came > from the same source that was on a main rotation mirror and/or > “blessed” by the Gentoo development team? > > > > By verifying the checksum located in /var/db/pkg/$APPNAME/CONTENTS am > I only confirming that the source was the same as that which was > downloaded from the mirror? > > > > I guess what I’m getting at is how can I be sure I can trust a > mirror? > > > > Thank you very much in advance for any insight provided, It really depends on your level of paranoia. Ultimately it can't be trusted at all. If you really want to be sure then just the source/manifest from your "trusted" mirror and compare.
[gentoo-user] Portage + checksums
How can I verify that the installed packages on a Gentoo system came from the same source that was on a main rotation mirror and/or "blessed" by the Gentoo development team? By verifying the checksum located in /var/db/pkg/$APPNAME/CONTENTS am I only confirming that the source was the same as that which was downloaded from the mirror? I guess what I'm getting at is how can I be sure I can trust a mirror? Thank you very much in advance for any insight provided, -john smime.p7s Description: S/MIME cryptographic signature
Re: [gentoo-user] Can't get a DVD to burn.
On Tue, Apr 6, 2010 at 10:54 AM, Joerg Schilling wrote: > Paul Hartman wrote: > >> >> Would a HAL preprobe FDI like this prevent it from interfering with >> >> burning? >> > >> > Could you explain what this means? >> >> I was just thinking if HAL is instructed to ignore the device maybe it >> won't bother it any more (if that's even the cause of Dale's problem). >> Not a fix but a workaround. Maybe not even a workaround. :) > > I have been told that this could work but I have no idea on how to do this. Create a file in /etc/hal/fdi/preprobe/ containing these contents: true Then reboot (or maybe restart HAL is enough). It should hopefully make HAL completely ignore the cdrom device. (maybe edit to match your specific device)
[gentoo-user] Re: Anyone ever emerged dev-libs/boost with FEATURES="test" and finished?
Neil Bothwick writes: [...] > You can set features on a per-package basis by putting FEATURES="blah" > into /etc/portage/env/category/package. If that would also work for something like always using a specific EXTRA_ECONF for a certain package: EXTRA_ECONF="--enable-rootcommit" Can you show an example of the necessary syntax?
[gentoo-user] Re: emerge update gcc downgrade
On 06/04/2010 15:41, Mike Edenfield wrote: On 4/6/2010 6:40 AM, Kraus Philipp wrote: Hi, I run in a virtual machine a gentoo (~x86) system. I synced the portage tree at the weekend an run emerge --update The update runs without errors, but emerge installed the gcc 4.3.4, but on the system is the 4.4.3 installed [ebuild NS ] sys-devel/gcc-4.3.4 [4.4.3] USE="hardened mudflap nls nptl openmp (-altivec) -bootstrap -build -doc (-fixed-point) -fortran -gcj -gtk (-libffi) (-multilib) -multislot (-n32) (-n64) -nocxx -nopie -objc -objc++ -objc-gc -test -vanilla" You have the +hardened USE flag set. Did you just recently switch to the hardened profile? If so, make sure you followed the upgrade guide for hardened profiles, which should have warned you what was going to happen here. Good catch, Mike! In my haste, I overlooked that detail entirely. --Kerin
Re: [gentoo-user] Can't get a DVD to burn.
Paul Hartman wrote: > >> Would a HAL preprobe FDI like this prevent it from interfering with > >> burning? > > > > Could you explain what this means? > > I was just thinking if HAL is instructed to ignore the device maybe it > won't bother it any more (if that's even the cause of Dale's problem). > Not a fix but a workaround. Maybe not even a workaround. :) I have been told that this could work but I have no idea on how to do this. Jörg -- EMail:jo...@schily.isdn.cs.tu-berlin.de (home) Jörg Schilling D-13353 Berlin j...@cs.tu-berlin.de(uni) joerg.schill...@fokus.fraunhofer.de (work) Blog: http://schily.blogspot.com/ URL: http://cdrecord.berlios.de/private/ ftp://ftp.berlios.de/pub/schily
Re: [gentoo-user] Can't get a DVD to burn.
On Tue, Apr 6, 2010 at 7:24 AM, Joerg Schilling wrote: > Paul Hartman wrote: > >> On Thu, Apr 1, 2010 at 10:02 AM, Joerg Schilling >> wrote: >> > Your media was either accepted after several tries by the drive for unknown >> > reasons and is now usable in general again or you are observing a problem >> > caused by "hald". Note that hald does not care about the CD/DVD/BD Writing >> > process and interrupts it. This is why hald may cause any strange result. >> >> Would a HAL preprobe FDI like this prevent it from interfering with burning? > > Could you explain what this means? I was just thinking if HAL is instructed to ignore the device maybe it won't bother it any more (if that's even the cause of Dale's problem). Not a fix but a workaround. Maybe not even a workaround. :)
Re: [gentoo-user] emerge update gcc downgrade
On 4/6/2010 6:40 AM, Kraus Philipp wrote: > Hi, > > I run in a virtual machine a gentoo (~x86) system. I synced the portage > tree at the weekend an run emerge --update > > The update runs without errors, but emerge installed the gcc 4.3.4, > but on the system is the 4.4.3 installed > > [ebuild NS ] sys-devel/gcc-4.3.4 [4.4.3] USE="hardened mudflap nls > nptl openmp (-altivec) -bootstrap -build -doc (-fixed-point) -fortran > -gcj -gtk (-libffi) (-multilib) -multislot (-n32) (-n64) -nocxx -nopie > -objc -objc++ -objc-gc -test -vanilla" You have the +hardened USE flag set. Did you just recently switch to the hardened profile? If so, make sure you followed the upgrade guide for hardened profiles, which should have warned you what was going to happen here. In the base system, gcc-4.4 is still masked off for hardened users because it's not quite ready for production use. If you want to use gcc 4.4 and all it's hardened features, you need to do two things: 1. Add the hardened-development overlay, for example using layman: basement ~ # layman -a hardened-development 2. Unmask gcc-4.4: basement ~ # mkdir /etc/portage/package.unmask basement ~ # echo '=sys-devel/gcc-4.4*' >> /etc/portage/package.unmask/hardened After that, you should get gcc 4.4.3 back.
Re: [gentoo-user] Can't get a DVD to burn.
Dale wrote: > All I know is that I downgraded cdrtools and it worked. I didn't even > eject the media. Since it works now , I don't guess there is any way to > test it. Next time I do a backup, I'll upgrade and see if it fails. If > it does, maybe then we can figure it out. I'll go back to my current > version and see if it works then. May be a bit before I do backups > again tho. Hi, is there any news on whether this was more than an "after I downgraded"? Jörg -- EMail:jo...@schily.isdn.cs.tu-berlin.de (home) Jörg Schilling D-13353 Berlin j...@cs.tu-berlin.de(uni) joerg.schill...@fokus.fraunhofer.de (work) Blog: http://schily.blogspot.com/ URL: http://cdrecord.berlios.de/private/ ftp://ftp.berlios.de/pub/schily
Re: [gentoo-user] OT:Choosing a filesystem, OT: Blender
Am Donnerstag, 1. April 2010 schrieb meino.cra...@gmx.de:
> thanks for all the input to all who have answered ! :)
>
> I will try to characterize ("characterise" ?) what I plan to do with
> my TByte disk.
Characterise if you’re in British domains, characterize if you are in the US.
> Last thing: I have a lot iof copies of code from svn repositories because
> I like to have the "bleeding edge" of some projects (do you know the
> new Blender 2.50??? :O)
I’ve tried 2.50 yesterday, but something’s not right here. Does yours run
normally? When I didn’t get it to compile by hand (mkdir build; cd build;
cmake ../; make), I tried an ebuild (also to make sure I have all
dependencies). That compiled through, but the GUI is incomplete and buggy. I
get lots of "missing module bpy_types" on startup, but the file is there. Do
you have some hints?
--
Gruß | Greetings | Qapla'
I haven’t lost my mind; it's backed up on tape somewhere!
signature.asc
Description: This is a digitally signed message part.
Re: [gentoo-user] Can't get a DVD to burn.
Dale wrote: > He was talking about you mentioning hal. I think hal is running on this > thing but just not for xorg. It seems to work fine everywhere except > xorg. Then again, when I put a CD/DVD in, it doesn't mount it > automatically anymore. I think that is a KDE4 thing. I may not have > turned something on. I just haven't looked into it yet. The problem is of course also that some features will not work anymore when you diusable hald. The problem with hald is that it interfares programs like cdrecord that exist much longer than hald and that it's creators did not yet start a discussion with me on how such a service could be implemented without affecting or harming cdrecord. Jörg -- EMail:jo...@schily.isdn.cs.tu-berlin.de (home) Jörg Schilling D-13353 Berlin j...@cs.tu-berlin.de(uni) joerg.schill...@fokus.fraunhofer.de (work) Blog: http://schily.blogspot.com/ URL: http://cdrecord.berlios.de/private/ ftp://ftp.berlios.de/pub/schily
Re: [gentoo-user] Can't get a DVD to burn.
Paul Hartman wrote: > On Thu, Apr 1, 2010 at 10:02 AM, Joerg Schilling > wrote: > > Your media was either accepted after several tries by the drive for unknown > > reasons and is now usable in general again or you are observing a problem > > caused by "hald". Note that hald does not care about the CD/DVD/BD Writing > > process and interrupts it. This is why hald may cause any strange result. > > Would a HAL preprobe FDI like this prevent it from interfering with burning? Could you explain what this means? As mentioned in my bug report at Novell, hald missinterprets supposed state transitions. Other problems on Linux are a result from the fact that there is more than one driver interface for a given writer. Jörg -- EMail:jo...@schily.isdn.cs.tu-berlin.de (home) Jörg Schilling D-13353 Berlin j...@cs.tu-berlin.de(uni) joerg.schill...@fokus.fraunhofer.de (work) Blog: http://schily.blogspot.com/ URL: http://cdrecord.berlios.de/private/ ftp://ftp.berlios.de/pub/schily
Re: [gentoo-user] emerge update gcc downgrade
On Tue, Apr 06, 2010 at 12:40:02PM +0200, Kraus Philipp wrote: > Hi, > > I run in a virtual machine a gentoo (~x86) system. I synced the portage > tree at the weekend an run emerge --update > > The update runs without errors, but emerge installed the gcc 4.3.4, > but on the system is the 4.4.3 installed > > [ebuild NS ] sys-devel/gcc-4.3.4 [4.4.3] USE="hardened mudflap nls > nptl openmp (-altivec) -bootstrap -build -doc (-fixed-point) -fortran - > gcj -gtk (-libffi) (-multilib) -multislot (-n32) (-n64) -nocxx -nopie - > objc -objc++ -objc-gc -test -vanilla" > > After the update I run "emerge --depclean" and the 4.3.4 is unmerged > and now > I run emerge --update the gcc should installed again > > gcc-config -l shows only i686-pc-linux-gnu-4.4.3 whitch is set > gcc-version: gcc (Gentoo 4.4.3 p1.0) 4.4.3 > > and I mask only 2 packages > >=net-fs/netatalk-2.0.3 > >app-emulation/open-vm-tools-0.0.20090824.187411 > > I run the kernel (kernel.org) 2.6.33.2 and I don't use distcc at the > machine > > Can anybody help me to fix the gcc problem? I only need the 4.4.3 gcc > > Thanks > > Phil > What's the output of 'emerge -pt world'? That should show you what package is pulling gcc-4.3.4 :-) -- Zeerak Waseem pgpH0zZXLSXR7.pgp Description: PGP signature
Re: [gentoo-user] emerge update gcc downgrade
Kraus Philipp writes: > I run in a virtual machine a gentoo (~x86) system. I synced the portage > tree at the weekend an run emerge --update > > The update runs without errors, but emerge installed the gcc 4.3.4, > but on the system is the 4.4.3 installed > > [ebuild NS ] sys-devel/gcc-4.3.4 [4.4.3] USE="hardened mudflap nls > nptl openmp (-altivec) -bootstrap -build -doc (-fixed-point) -fortran - > gcj -gtk (-libffi) (-multilib) -multislot (-n32) (-n64) -nocxx -nopie - > objc -objc++ -objc-gc -test -vanilla" > > After the update I run "emerge --depclean" and the 4.3.4 is unmerged > and now > I run emerge --update the gcc should installed again [...] > Can anybody help me to fix the gcc problem? I only need the 4.4.3 gcc I do not understand this, but anyway: Add the -t / --tree option you your emerge command, I guess then you can see which package pulls in the old gcc. I assume that something needs the old gcc for building, but when it is built, the old gcc is no longer needed, so emerge --depclean will remove it. Do you have "--with-bdeps y" in your EMERGE_DEFAULT_OPTS in make.conf? Otherwise this should not happen. And if it is set like this, depclean should not remove it. Hmm. You could also emerge -n sys-devel/gcc:4.3 in order to add it to your world file. Depclean would not remove it then. No real solution, but it would spare you the emerges. Or you build a binary package with quickpkg, and use the -k option to emerge, so it will emerge the binary instead of building from scratch every time. Wonko
[gentoo-user] Re: emerge update gcc downgrade
On 06/04/2010 11:40, Kraus Philipp wrote: Hi, I run in a virtual machine a gentoo (~x86) system. I synced the portage tree at the weekend an run emerge --update The update runs without errors, but emerge installed the gcc 4.3.4, but on the system is the 4.4.3 installed [ebuild NS ] sys-devel/gcc-4.3.4 [4.4.3] USE="hardened mudflap nls nptl openmp (-altivec) -bootstrap -build -doc (-fixed-point) -fortran -gcj -gtk (-libffi) (-multilib) -multislot (-n32) (-n64) -nocxx -nopie -objc -objc++ -objc-gc -test -vanilla" After the update I run "emerge --depclean" and the 4.3.4 is unmerged and now I run emerge --update the gcc should installed again gcc-config -l shows only i686-pc-linux-gnu-4.4.3 whitch is set gcc-version: gcc (Gentoo 4.4.3 p1.0) 4.4.3 and I mask only 2 packages >=net-fs/netatalk-2.0.3 >app-emulation/open-vm-tools-0.0.20090824.187411 I run the kernel (kernel.org) 2.6.33.2 and I don't use distcc at the machine Can anybody help me to fix the gcc problem? I only need the 4.4.3 gcc Check your /var/lib/portage/world file. You'll probably find that SLOT "4.3" is pinned: sys-devel/gcc:4.3 If so, remove this line. Cheers, --Kerin
[gentoo-user] emerge update gcc downgrade
Hi, I run in a virtual machine a gentoo (~x86) system. I synced the portage tree at the weekend an run emerge --update The update runs without errors, but emerge installed the gcc 4.3.4, but on the system is the 4.4.3 installed [ebuild NS ] sys-devel/gcc-4.3.4 [4.4.3] USE="hardened mudflap nls nptl openmp (-altivec) -bootstrap -build -doc (-fixed-point) -fortran - gcj -gtk (-libffi) (-multilib) -multislot (-n32) (-n64) -nocxx -nopie - objc -objc++ -objc-gc -test -vanilla" After the update I run "emerge --depclean" and the 4.3.4 is unmerged and now I run emerge --update the gcc should installed again gcc-config -l shows only i686-pc-linux-gnu-4.4.3 whitch is set gcc-version: gcc (Gentoo 4.4.3 p1.0) 4.4.3 and I mask only 2 packages >=net-fs/netatalk-2.0.3 >app-emulation/open-vm-tools-0.0.20090824.187411 I run the kernel (kernel.org) 2.6.33.2 and I don't use distcc at the machine Can anybody help me to fix the gcc problem? I only need the 4.4.3 gcc Thanks Phil
Re: [gentoo-user] iptables: how can I include multiple hosts/IPs in "-s" and "-d"?
Jarry writes: > I'd like to ask if there is some way to include multiple discrete > hosts/IP's in --source and --destination options of iptables. > > I'm trying to write firewall rules for my server, but it has > 12 IP's from different segments (and maybe it gets a few more > later), and the script grows up as I have to write nearly > identical rules with difference only in -s/-d IP's. > > What I'm looking for is a way to define some variable at the > beginning of my script, like MY_IP="IP1 IP2 IP3 IP4..." and > later to use is in rules (iptables -A INPUT -s $MY_IP...). > But I do not know how to use it. As far as I understand it, > --source/--destination accepts only single IP's or continuous > IP-segments... Well, as your iptables script is probably written in bash, you can do loops as you like: myIPs="IP1 IP2 IP3 IP4 ..." for ip in $myIPs do # use $myIPs here, not "$myIPs"! iptables -A INPUT -s $ip ... done Wonko
Re: [gentoo-user] Xauthority and su
On Tue, 06 Apr 2010 11:50:42 +0200 (CEST), Helmut Jarausch wrote: > when maintaining a machine from remote I sometimes have to switch to > a non-root user (whose password I don't want to know) to try something > out. > > For that, I log into that machine by ssh -Y r...@ > Now, how can I switch to user USER such that the X credentials > are copied. If you use key based authentication, you can log in directly as the user without needing the password. -- Neil Bothwick Idaho - It's not the end of the world, but you can see it from there. signature.asc Description: PGP signature
[gentoo-user] Xauthority and su
Hi, when maintaining a machine from remote I sometimes have to switch to a non-root user (whose password I don't want to know) to try something out. For that, I log into that machine by ssh -Y r...@ Now, how can I switch to user USER such that the X credentials are copied. Unfortunately, sux (from X11-misc/sux) doesn't work in that case. I always get X11 connection rejected because of wrong authentication. Are there any means to achieve this? Many thanks for a hint, Helmut. -- Helmut Jarausch Lehrstuhl fuer Numerische Mathematik RWTH - Aachen University D 52056 Aachen, Germany
Re: [gentoo-user] Re: Anyone ever emerged dev-libs/boost with FEATURES="test" and finished?
On Tue, 06 Apr 2010 10:11:02 +1000, Lie Ryan wrote: > Anyway, I've been thinking about this for some time that turning on > FEATURES="test" globally seems quite impractical for many users FEATURES=test is not meant to be used by users, it is a developer setting, and they would only enable it for packages they maintain and then only when they ant to run the tests. > Due to this problem, I think portage could have a test policy feature so > people can have finer control to filter out test suites that they don't > want to run. This way globally FEATURES="test" can be more feasible for > most users (and probably can sometime be turned on by default). You can set features on a per-package basis by putting FEATURES="blah" into /etc/portage/env/category/package. -- Neil Bothwick Pepperami. Its a bit of an animal. What animal & what bit? signature.asc Description: PGP signature
Re: [gentoo-user] iptables: how can I include multiple hosts/IPs in "-s" and "-d"?
On Mon, 2010-04-05 at 19:32 +0200, Jarry wrote: > Hi > > I'd like to ask if there is some way to include multiple discrete > hosts/IP's in --source and --destination options of iptables. > > I'm trying to write firewall rules for my server, but it has > 12 IP's from different segments (and maybe it gets a few more > later), and the script grows up as I have to write nearly > identical rules with difference only in -s/-d IP's. > > What I'm looking for is a way to define some variable at the > beginning of my script, like MY_IP="IP1 IP2 IP3 IP4..." and > later to use is in rules (iptables -A INPUT -s $MY_IP...). > But I do not know how to use it. As far as I understand it, > --source/--destination accepts only single IP's or continuous > IP-segments... You can do something like: (100) iptables -N IP_SET_CHECK (110) iptables -A IP_SET_CHECK -s $IP1 -j RETURN (120) iptables -A IP_SET_CHECK -s $IP2 -j RETURN (130) iptables -A IP_SET_CHECK -s $IP3/16 -j RETURN (140) iptables -A IP_SET_CHECK -s $IP4 -j RETURN (150) iptables -A IP_SET_CHECK -j DROP (210) iptables -A INPUT -j IP_SET_CHECK (220) iptables -A INPUT some other rules (230) iptables -A INPUT some other rules So, when it comes to the the line 210, it will start checking newly created chain IP_SET_CHECK. If it won't find appropriate rule it will be dropped at the line (150), but if manages to find one, it will return to the line 220 and will continue looking for "-j ACCEPT" or "-j DROP". The same applies for the OUTPUT chain. > Jarry >
