Re: [gentoo-user] Re:MD5SUM
On 15/03/14 03:29, Guido Budack wrote: > Good proposition but why? > It works... > > Never change a running system :-/ > ahh ... its running, but its NOT running correctly! (if you are referring to what I think you are) check if you have caching/buffering between you and the file (i.e., is it over NFS, cephfs etc) - e.g., this used to happen sometimes when trying to md5sum cdrom's whilst in a cd drive. Also, have you checked multiple mirrors and multiple digests? (I don't think I've seen that you have) BillK
Re: [gentoo-user] Root password, keys, and authentication
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Fri, 14 Mar 2014 18:31:32 +0100 Thomas Sigurdsen wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Hi list. > > I have for some time now been trying to avoid using passwords as much > as possible, preferring encryption keys instead (e.g. public private > key encryption like gpg and such). I have also started using longer > randomised passwords I shouldn't remember; storing them instead in a > safe place (e.g. encrypted memory card or flashdisk). > > So when setting up a new Gentoo machine today and being about to > enter a new root password I found myself wanting a way of doing > authentication through some other means than remembering a password, > like gpg or certificates. Does this exist; and if anyone has had > experience with it, is it worth the hassle? And if this is a bad way > of doing root authentication, why/how? You can use ssh keys (PK crypto) with ssh daemon if the access is over network. If you need to login physicaly at the machine, you could hack together something that reads an inserted usb stick or memory card with a symmetric key and then make the login. In order to use the stick with PK crypto you would need to also hack together a usb stick that act's as an USB gadget or USART and responds to the challenge. In any case, if someone can get physical access to the token, you are screwed. To fix this, you would also need a way for the user to enter a password on the token that's active for a short period of time. But what problem did we want to solve in the first place? Anyway, might be helpful when the token can be used with many/multiple systems. > Also the machine in question will have more than one user and a subset > of the users shall have access to the root account. The requirement of shared root makes the strong authentication requirement kinda dubious as that's (typically) insecure by default. Also you might want to rather use sudo than granting root access. > - -- > Thomas Sigurdsen > browniehive.net > -BEGIN PGP SIGNATURE- > Version: GnuPG v2.0.22 (GNU/Linux) > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iQEcBAEBAgAGBQJTIzzwAAoJEMUjE08Xv1s5uoAH/3v9b2LjOu2HFsCgjcThFFrn > 00bnxQRTsxLrtnltF6UKF0GBS3cs6vNRTevVCX9t8xOBRD8/ATp83U/tzx0EgYVP > 6LItUcbwdv41IcmVcPYqu8AzNRDyaUQswh8KV7Cpq3IPbhYkn5CkOlVorWEZxDrn > veuBJ7FEGHDppJDkdSAfNGlhtOL1UphuVy4M024NliGbNVqGgeo/42mmg21mLayG > js/5fG2NkT+Zgi59UY6+NHk08r6qk5qjhWXlsPjMrbGKaX483nNwLFHFxA8bNB6H > cZqB7GOxDlXi7dtcbBA3YRn1yKUtCDDiT8Gk/mKvTaiZtsORToAoinaxrT0y/Zo= > =iGQn > -END PGP SIGNATURE- > - --- Jan Matějka| Developer https://gentoo.org | Gentoo Linux GPG: A33E F5BC A9F6 DAFD 2021 6FB6 3EBF D45B EEB6 CA8B -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (GNU/Linux) iQEcBAEBCgAGBQJTI4iFAAoJEIN+7RD5ejahE/gH+wYfUaRKEqqkvg6nCTv4nwZa YMDNF3Bg8Cn5xakSz762jjpaoTwsVEgIncoBv9jQtugtmv1KpfPhTP9EV8pZFTs+ Gynpz9hcaJWuN+ss0hmqeYukS9crvGYTkT1vnHgNOcM+pqgvm7wRwNvSjTSzovwc 5xGBbt4e4bt3XKp1rp2aysEXkC8FUjvZCm5E33VOd5KkXGX+WS3Q7SM0Ec7oMFi1 oz0wCAi4O3kAdAGsEZk5Z1tYIQzCmcc/vwOYkfGYTW4H00kbVmtmEJ7YjREA+q5X jZFZEGZgEDIwtDHsexPfgX8U9r94p0IFBtiMyd8MP2RZNaVnIbuVoodZ3818X7I= =i0Lq -END PGP SIGNATURE-
Re:[gentoo-user] Re:MD5SUM
Good proposition but why? It works... Never change a running system :-/
[gentoo-user] Root password, keys, and authentication
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi list. I have for some time now been trying to avoid using passwords as much as possible, preferring encryption keys instead (e.g. public private key encryption like gpg and such). I have also started using longer randomised passwords I shouldn't remember; storing them instead in a safe place (e.g. encrypted memory card or flashdisk). So when setting up a new Gentoo machine today and being about to enter a new root password I found myself wanting a way of doing authentication through some other means than remembering a password, like gpg or certificates. Does this exist; and if anyone has had experience with it, is it worth the hassle? And if this is a bad way of doing root authentication, why/how? Also the machine in question will have more than one user and a subset of the users shall have access to the root account. - -- Thomas Sigurdsen browniehive.net -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJTIzzwAAoJEMUjE08Xv1s5uoAH/3v9b2LjOu2HFsCgjcThFFrn 00bnxQRTsxLrtnltF6UKF0GBS3cs6vNRTevVCX9t8xOBRD8/ATp83U/tzx0EgYVP 6LItUcbwdv41IcmVcPYqu8AzNRDyaUQswh8KV7Cpq3IPbhYkn5CkOlVorWEZxDrn veuBJ7FEGHDppJDkdSAfNGlhtOL1UphuVy4M024NliGbNVqGgeo/42mmg21mLayG js/5fG2NkT+Zgi59UY6+NHk08r6qk5qjhWXlsPjMrbGKaX483nNwLFHFxA8bNB6H cZqB7GOxDlXi7dtcbBA3YRn1yKUtCDDiT8Gk/mKvTaiZtsORToAoinaxrT0y/Zo= =iGQn -END PGP SIGNATURE-
Re: [gentoo-user] Re:MD5SUM
On Fri, 14 Mar 2014 22:01:09 +0800, Guido Budack wrote: > >dev/null... grmpf... :-/ It was 2>/dev/null, to get rid of all the irrelevant complaints about missing files. Have you actually tried running md5sum -c on the DIGESTS file instead of the ISO? > I just can say that the filesize is the same and as reported already > before and that my hashing wasn't successful in contrast to on other > files. I was just curious if probably someone has similar problems AND > I saw it as some sort of a duty to report it to the community. It seems to be only you that is affected. I wonder if it could be to do with your use of --continue? Even a single bit changed at the point of a restart would cause what you are seeing. Have you tried another mirror? -- Neil Bothwick WINDOWS: Will Install Needless Data On Whole System signature.asc Description: PGP signature
Re: [gentoo-user] Re:MD5SUM
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 03/14/14 18:01, Guido Budack wrote: >> dev/null... grmpf... :-/ > > No, the filesize is and was the same... I'm really astonished... > Listen, to keep it brief... I guess there are more urgend topics to > discuss. I'll repeat the whole procedure when I'm back in Europe > at the end of the month and report to the community It doesn't > make much sense to hold an endless discussion now. I just can say > that the filesize is the same and as reported already before and > that my hashing wasn't successful in contrast to on other files. I > was just curious if probably someone has similar problems AND I saw > it as some sort of a duty to report it to the community. However, > if someone feels annoyed or bothered or however you call it in > english... wasn't intentionally... How about using another md5sum executable/building it/using openssl? -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJTIw5pAAoJEK64IL1uI2haCZAH/0DyiBuoY+wl1ZKbe0CYgUxQ 8Z0GGHwYrpSZrYm1Pr22z7lBWeTGNCD64H/Pgvw0NhQx86mekYnooDLnsoiA4H8r mj0DeRwoqGtQdXBZqBNzLDQ/xmtKZXlb6cXqR/3Ugdstx8UeymmahcoVhN+Oy74c MG/SM45i93Y0ZD15If1Afq34OxRwYPDGxpRKIxS7u+SjDFhsi86o/oMsVahBpcRr PffiQXOqfvfB1IpOBgb3xznBEtVPGsTSXckoMykkruwOzGe3Z2UuoUETzSxJFyxG 0Gqk3pn8jm2BgfgB5F3rrBVgRgvkhY2WpBsa9dvtNpiDassTflnmX+h7PxvVm3g= =fJC5 -END PGP SIGNATURE-
Re:[gentoo-user] Re:MD5SUM
>dev/null... grmpf... :-/ No, the filesize is and was the same... I'm really astonished... Listen, to keep it brief... I guess there are more urgend topics to discuss. I'll repeat the whole procedure when I'm back in Europe at the end of the month and report to the community It doesn't make much sense to hold an endless discussion now. I just can say that the filesize is the same and as reported already before and that my hashing wasn't successful in contrast to on other files. I was just curious if probably someone has similar problems AND I saw it as some sort of a duty to report it to the community. However, if someone feels annoyed or bothered or however you call it in english... wasn't intentionally... I come back to you soon. Thanks for your consideration. Gee
Re: [gentoo-user] MD5SUM
On Friday 14 Mar 2014 13:15:38 Guido Budack wrote: > Hello Mick, > > Yes, I know that, I am aware of it... > you don't deal here with some script-kid but with somebody who is observing > the IT-development of the past 25 years with highest attention... However, > the hashes of about 5 other files I downloaded (and as I said some bigger > ones too) are correct. Right, but that could be incidental. Dodgy PSUs can appear to be random in their behaviour, or depend on the overall load of the machine. > What I not understand at all is that the file-size is absolutely correct- > that means to the last byte... OK, if the size is correct in kibibits (and not rounded up) then the discrepancy points to a miscalculation of the md5 hash. What does 'md5sum -c ' return exactly? If you try 'md5sum ' more than once, but each time clear the memory cache first, do you get the same number? > Probably I'll not get any explanation by the community (or even worse > someone could 'attest me to try to attrack attention...') Just wanted to > let you know... I'm sure if you share more info some good Samaritan will drop by trying to help. :-) -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] Re:MD5SUM
On Fri, 14 Mar 2014 20:43:37 +0800, Guido Budack wrote: > By the way and like I mentioned, the file-sizes are correct! Where did you get the file sizes? The mirror only shows approximate sizes and the only reported size I recall seeing in this thread was from du, which is not file size. FYI % ls -l livedvd-amd64-multilib-20121221.iso -rw-r--r-- 1 nelz users 4198498304 Jan 16 2013 livedvd-amd64-multilib-20121221.iso % md5sum -c livedvd-amd64-multilib-20121221.iso.DIGESTS 2>/dev/null livedvd-amd64-multilib-20121221.iso: OK livedvd-amd64-multilib-20121221.iso.CONTENTS: FAILED open or read livedvd-amd64-multilib-20121221.iso.CONTENTS-squashfs.gz: FAILED open or read livedvd-amd64-multilib-20121221.iso.CREDITS: FAILED open or read livedvd-amd64-multilib-20121221.iso.PACKAGES: FAILED open or read % head -n 2 livedvd-amd64-multilib-20121221.iso.DIGESTS # MD5 HASH e86da868be423283ec167725390faefc livedvd-amd64-multilib-20121221.iso -- Neil Bothwick Top Oxymorons Number 46: Found missing signature.asc Description: PGP signature
Re: [gentoo-user] MD5SUM
On Fri, 14 Mar 2014 21:15:38 +0800, Guido Budack wrote: > you don't deal here with some script-kid but with somebody who is > observing the IT-development of the past 25 years with highest > attention... How is anyone supposed to know your level of experience when you don't let on? You haven't posted the results of running md5sum -c on the correct file. > Probably I'll not get any explanation by the community (or even worse > someone could 'attest me to try to attrack attention...') Just wanted > to let you know... A strange attitude from someone asking for help... -- Neil Bothwick And on the seventh day God said :wq and then make signature.asc Description: PGP signature
Re:[gentoo-user] MD5SUM
Hello Mick, Yes, I know that, I am aware of it... you don't deal here with some script-kid but with somebody who is observing the IT-development of the past 25 years with highest attention... However, the hashes of about 5 other files I downloaded (and as I said some bigger ones too) are correct. What I not understand at all is that the file-size is absolutely correct- that means to the last byte... Probably I'll not get any explanation by the community (or even worse someone could 'attest me to try to attrack attention...') Just wanted to let you know... EOT
Re: [gentoo-user] MD5SUM
On Friday 14 Mar 2014 12:41:22 Guido Budack wrote: > So far are the mentioned 'hardware-faults' totally abstruse and further not > topic related comments unwanted. If your memory is faulty, or your PSU is playing up you could find that the hash calculated is wrong. It only takes on bit to flip the wrong side and your hash could be thrown out. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
[gentoo-user] Re:MD5SUM
By the way and like I mentioned, the file-sizes are correct!
[gentoo-user] MD5SUM
So, after some additional tries I (again) hashed against a couple of recently downloaded files (f.e. Ubunto Studio, some smaller files I need for web-development etc pp) and the hashes are correct. (md5 as is sha...). So far are the mentioned 'hardware-faults' totally abstruse and further not topic related comments unwanted. My intentions are clear- I want to install a minimalistic yet powerful OS (namely Gentoo Linux) where I work 85% of the time at the command-line and configure everything 'by hand'. If that sounds 'masochistic' to some kind people who replied to me in the past well, then i am one :-). I'd probably give Slackware a try too but I am totally away from 'proprietary stuff' and try as far as I can to avoid software what 'isn't GPL' or similar... However is it interesting that I downloaded the files now 2 times and they have all incorrect hashes. Before making any assumptions of the worst-case (like manipulation on the transport-way or similar) I'd like to bother the community once more with my matters and ask for help. Probably I really did something wrong but I can't imagine that and tested all multiple times. I used (like posted before) wget as the download-client and had in the whole time of download 3 retries. Actually I am located deep into Asia (PH) and I am using a more or less slow WLAN_Stick as my line to the web. Any suggestions?
Re: [gentoo-user] Gentoo as Firewall on HP ProLiant DL360 G5
On Mar 14, 2014 2:42 PM, "Edward M" wrote: > > On Thu, 13 Mar 2014 03:26:27 +0700 > Pandu Poluan wrote: > > > Pointers are very welcome! > > May not apply now, but somebody was having kernel panics and > network problems,etc last year. > > http://forums.gentoo.org/viewtopic-t-960140-start-0-postdays-0-postorder-asc-highlight-.html > Aaahhh... thanks! Very helpful information, indeed. The '!' trick and 'emerge firmware' trick would save my hair from being teared out :-) Rgds, --
Re: [gentoo-user] md5sum -c
On Fri, 14 Mar 2014 14:34:25 +0800, Guido Budack wrote: > Here the result with option-c: > md5sum -c livedvd-amd64-multilib-20121221.iso > md5sum: DVD-hybrid-amd64-blue.png: No such file or directory > DVD-hybrid-amd64-blue.png: FAILED open or read [snip] > md5sum: WARNING: 15504459 lines are improperly formatted > md5sum: WARNING: 33 listed files could not be read You run md5sum -c on the MD5SUM file, not the ISO image. -- Neil Bothwick Better to understand a little than to misunderstand a lot. signature.asc Description: PGP signature
Re: [gentoo-user] Re: MD5SUM
On Fri, 14 Mar 2014 13:05:33 +0800, Guido Budack wrote: > nice on but doesn't tell me why the md5sum isn't correct... > Usually I don't check the sums if it isn't 'critical' stuff or an OS. > So after I checked the other sources and files I figured out that ALL > md5sums are incorrect but the file-sizes aren't. In that case either > the media is corrupted or my local os (Ubunto). The latter one I > couldn't explain because its all genuine and updated almost on a daily > basis... Hardware fault? > Don't know, may be I stick to my debian and let it just be... > However, thanks for your efforts. If you're going to give up on something as simple as this, maybe Gentoo isn't for you anyway :( -- Neil Bothwick Top Oxymorons Number 30: Business ethics signature.asc Description: PGP signature
Re: [gentoo-user] Gentoo as Firewall on HP ProLiant DL360 G5
On Thu, 13 Mar 2014 03:26:27 +0700 Pandu Poluan wrote: > Pointers are very welcome! May not apply now, but somebody was having kernel panics and network problems,etc last year. http://forums.gentoo.org/viewtopic-t-960140-start-0-postdays-0-postorder-asc-highlight-.html -- Learing Linux with Gentoo to earn LPIC1.
