Re: [gentoo-user] Its ground hog day... how to escape the syndrome?

[Walter Dnes]

On Wed, Mar 01, 2017 at 11:33:56PM -0500, Harry Putnam wrote
> Setup: VBox vm running gentoo(amd64) guest on a win-10 (64bit) host
>  Hardware: HP xw8600 - 2x Xeon  CPU X5450 @ 3.00GHz - 32 GB ram
> 
> I've seen a few other mentions of the phenomena I'm about to describe.
> It is not clear to me why something like this would happen. Or what is
> to be done to prevent it.
> 
> After going thru install and bulding of X based lxde desktop gentoo
> OS, I'm at the stage where I would do another emerge world followed by
> --depclean  or something similar.
> 
> Decided to take the @world in the two available bites; @system then
> @world
> 
> My cmdline was `emerge -vaDt @system'
> 
> Showed 44 pkgs only 2 were updates and 42 were reinstalls.

  If you want to rebuild everything, including dependancies, try

emerge -e @world

  You'll find out how many packages you have installed and how fast your
system is. 

-- 
Walter Dnes 
I don't run "desktop environments"; I run useful applications

[gentoo-user] Re: lxde no Desktop Preferences can be set

[Harry Putnam]

Neil Bothwick  writes:

>> Also ran into a wall trying to use the regular tools like qlist to
>> determine what is in there.  I found the list after search a while on
>> google but I'm curious why `qlist' doesn't list off
>> what is in there, like it does in all other cases.
>
> Meta packages don't install files, they just have a list of dependencies.
> Your previous post implied you hadn't installed lxde-meta, just the lxde
> packages it depends on, which may exclude other requirements.
>
> A simple "emerge -a lxde-meta" should ensure that all deps are installed

OK thanks.  But then that leaves the issue that brought this up
without a resolution:

>From OP
>> LXDE on the menu item Preferences ===> Desktop Preferences
>> Nothing can be set there and it does not even show a dialog
>> box... just an error messages that says:

>> Desktop manager is not active

Any other ideas what might be going on there?

Re: [gentoo-user] Re: lxde no Desktop Preferences can be set

[Neil Bothwick]

On Thu, 02 Mar 2017 18:54:20 -0500, Harry Putnam wrote:

> Neil Bothwick  writes:

> >> All the lxde-base pkgs contained in lxde-meta are installed.
> >> 
> >> Openbox wm is installed.
> >> 
> >> Anyone know what that error message means or how to get around or fix
> >> it?  
> >
> > You're missing an essential package. Install lxde-meta to make sure
> > you get it. Once working, you can remove unnecessary packages later.  
> 
> That sounded like a plan until I actually tried to re-install
> lxde-meta.
> 
> I found no way to make emerge do that.  I thought by adding such
> things as --deep --newuse --changed-use it would cause a reinstall
> 
> But emerge just closes and tells me nothing is outated in lxde-meta
> 
> Example:
># emerge --deep --newuse --changed-use -v lxde-meta
> 
>These are the packages that would be merged, in order:
> 
>Calculating dependencies... done!
> 
>Total: 0 packages, Size of downloads: 0 KiB
> 
> And that is also with bdeps=y from my make.conf
> 
>   EMERGE_DEFAULT_OPTS="--with-bdeps=y"
> 
> After browsing thru `man emerge' a couple of times It appears there is
> not some kind of `force' flag.
> 
> Is there some combination of switches that will cause emerge to
> re-install lxde-meta? Or baring that I thought I'd try emerging
> individual pkgs... but there not exactly easy to find ebuilds of.. I
> still haven't
> 
> Also ran into a wall trying to use the regular tools like qlist to
> determine what is in there.  I found the list after search a while on
> google but I'm curious why `qlist' doesn't list off
> what is in there, like it does in all other cases.

Meta packages don't install files, they just have a list of dependencies.
Your previous post implied you hadn't installed lxde-meta, just the lxde
packages it depends on, which may exclude other requirements.

A simple "emerge -a lxde-meta" should ensure that all deps are installed


-- 
Neil Bothwick

I can't walk on water, but I can stagger on alcohol.


pgpI0D8X5o92_.pgp
Description: OpenPGP digital signature

Re: [gentoo-user] SHA-1 has just been broken

[Rich Freeman]

On Thu, Mar 2, 2017 at 6:26 PM, Andrew Savchenko  wrote:
> On Thu, 2 Mar 2017 03:42:24 -0500 taii...@gmx.com wrote:
>>
>> The IOMMU (theoretically) protects the CPU and memory from rogue
>> devices, such as the hard drive.
>
> No. Any DMA capable device can bypass IOMMU. IOMMU was not
> designed to protect OS from device.
>

Huh?  I thought protection against DMA attacks was half the reason for
an IOMMU in the first place.

https://en.wikipedia.org/wiki/Input%E2%80%93output_memory_management_unit

-- 
Rich

[gentoo-user] Re: lxde no Desktop Preferences can be set

[Harry Putnam]

Neil Bothwick  writes:

> On Thu, 02 Mar 2017 00:27:47 -0500, Harry Putnam wrote:
>
>> LXDE on the menu item Preferences ===> Desktop Preferences
>> Nothing can be set there and it does not even show a dialog
>> box... just an error messages that says:
>> 
>> Desktop manager is not active
>> 
>> All the lxde-base pkgs contained in lxde-meta are installed.
>> 
>> Openbox wm is installed.
>> 
>> Anyone know what that error message means or how to get around or fix
>> it?
>
> You're missing an essential package. Install lxde-meta to make sure you
> get it. Once working, you can remove unnecessary packages later.

That sounded like a plan until I actually tried to re-install
lxde-meta.

I found no way to make emerge do that.  I thought by adding such
things as --deep --newuse --changed-use it would cause a reinstall

But emerge just closes and tells me nothing is outated in lxde-meta

Example:
   # emerge --deep --newuse --changed-use -v lxde-meta

   These are the packages that would be merged, in order:

   Calculating dependencies... done!

   Total: 0 packages, Size of downloads: 0 KiB

And that is also with bdeps=y from my make.conf

  EMERGE_DEFAULT_OPTS="--with-bdeps=y"

After browsing thru `man emerge' a couple of times It appears there is
not some kind of `force' flag.

Is there some combination of switches that will cause emerge to
re-install lxde-meta? Or baring that I thought I'd try emerging
individual pkgs... but there not exactly easy to find ebuilds of.. I
still haven't

Also ran into a wall trying to use the regular tools like qlist to
determine what is in there.  I found the list after search a while on
google but I'm curious why `qlist' doesn't list off
what is in there, like it does in all other cases.

Re: [gentoo-user] SHA-1 has just been broken

[Andrew Savchenko]

On Tue, 28 Feb 2017 18:05:29 +0100 Miroslav Rovis wrote:
[...]
> Gentoo Keys
> ---
> 
> ### About 
> 
>  Gentoo Keys is a Python based project that aims to manage the GPG keys used
>  for validation on users and Gentoo's infrastracutre servers. Gentoo Keys 
> will be able
>  to verify GPG keys used for Gentoo's release media, such as installation 
> CD's,
>  Live DVD's, packages and other GPG signed documents. It will also be used by
>  Gentoo infrastructure to achieve GPG signed git commits in the forthcoming 
> git
>  migration of the main CVS tree.
> 
> ### License
> 
> Gentoo Keys is under GPL-2 License
> #
> 
> But do I read this correctly?:
> 
>  ...Gentoo Keys will be able
>  to verify GPG keys used for Gentoo's release media, such as installation 
> CD's,
>  Live DVD's, packages and other GPG signed documents.
> 
> Again, about this (syntactical) object (in the sentence), with other
> objects removed:
> 
>  ...Gentoo Keys will be able
>  to verify GPG keys used for ...
>  ... packages...
> 
> Does that mean what I read? That with gkeys any user will be able to get
> packages via git, and somehow automatically gpg -verify the signature of
> each package that (s)he got when (s)he, say:

Yes and no. AFAIK gkeys is not yet fully implemented. Right now it
can be used to verify dev keys, but I'm not aware about a way to
verity git tree using gkeys. Probably this should be done at the
end of emaint sync process.

Best regards,
Andrew Savchenko


pgpprJPSHYH3u.pgp
Description: PGP signature

Re: [gentoo-user] SHA-1 has just been broken

[Andrew Savchenko]

On Thu, 2 Mar 2017 03:42:24 -0500 taii...@gmx.com wrote:
> It is possible to have a reasonably secure system where the hard drive 
> firmware (or any other devices) can't fuck around with the stuff on 
> disk, although I highly doubt that the gentoo infrastructure (and 
> kernel.org, and all the source repos for all the other software) does this

Hard drive's firmware is a drive's micro OS, it can manipulate data
on the disk as it pleases. The only way to protect privacy of the
data is to write it already encrypted, so it still can be mangled
and become unusable, but privacy will be kept. But see below about
DMA.

> One way is to use a blob-free coreboot IOMMU supporting board and 
> bootstrap the crypto/kernel off of the board firmware EEPROM chip to 
> load the initial kernel thus no plaintext touches the disk and thus 
> nothing can mess with it.
> 
> The IOMMU (theoretically) protects the CPU and memory from rogue 
> devices, such as the hard drive.

No. Any DMA capable device can bypass IOMMU. IOMMU was not
designed to protect OS from device.

> In terms of ethics IBM *for now* is a way better company than Intel/AMD, 
> their POWER servers are owner controlled as there isn't any boot 
> guard/secure boot/management engine/platform "security" processor (amd's 
> ME) to stop you from re-writing the firmware as you please. They also 
> have an getting-there-almost-reasonable open source effort (OpenPOWER)

Indeed they are. But that boxes are quite expensive and hard to get.

Best regards,
Andrew Savchenko


pgpwYnzvVK92P.pgp
Description: PGP signature

Re: [gentoo-user] ifconfig - display/list hostname with IP address

[Alan McKinnon]

On 02/03/2017 23:31, the...@sys-concept.com wrote:
> On 03/02/2017 02:11 PM, Alan McKinnon wrote:
>> On 02/03/2017 22:57, the...@sys-concept.com wrote:
>>> running "ifconfig" is it possible to display hostname, especially with
>>> "tun" interfaces.
>>
>> No.
>>
>> ifconfig operates at layer 2.
>> Hostnames is a dns/resolver concept operating at a much higher level.
>>
>> DNs relies on layer 2 so using rDNS to display hostnames (or worse, that
>> abomination called /etc/hosts) is logically circular and nonsensical
>>
>> Hostnames are there to abstract addresses when addresses don't matter.
>> Addresses very much do matter at the ifconfig level so if you need them
>> then, you probably shouldn't be looking at ifconfig at all (don't you
>> know your own addresses?)
>>
>> And finally the relationship between address and names is many<->many,
>> so which one you gonna use?
> 
> Thanks for the input Alan,
> Yes, I do remember them when I'm setting it UP; but after a while I have
> to think if I get the correct IP or tun address.
> 
> I think "yellow" note sticker on the side of the monitor will do the
> trick :-)


Come work for me (you will have to leave Canada and move to Africa),
managing a bucket load of /16s will teach you real quick to think in
addresses.

Can you considered giving your tun interfaces descriptive names?


-- 
Alan McKinnon
alan.mckin...@gmail.com

Re: [gentoo-user] ifconfig - display/list hostname with IP address

[thelma]

On 03/02/2017 02:11 PM, Alan McKinnon wrote:
> On 02/03/2017 22:57, the...@sys-concept.com wrote:
>> running "ifconfig" is it possible to display hostname, especially with
>> "tun" interfaces.
> 
> No.
> 
> ifconfig operates at layer 2.
> Hostnames is a dns/resolver concept operating at a much higher level.
> 
> DNs relies on layer 2 so using rDNS to display hostnames (or worse, that
> abomination called /etc/hosts) is logically circular and nonsensical
> 
> Hostnames are there to abstract addresses when addresses don't matter.
> Addresses very much do matter at the ifconfig level so if you need them
> then, you probably shouldn't be looking at ifconfig at all (don't you
> know your own addresses?)
> 
> And finally the relationship between address and names is many<->many,
> so which one you gonna use?

Thanks for the input Alan,
Yes, I do remember them when I'm setting it UP; but after a while I have
to think if I get the correct IP or tun address.

I think "yellow" note sticker on the side of the monitor will do the
trick :-)

--
Thelma

Re: [gentoo-user] ifconfig - display/list hostname with IP address

[Michael Orlitzky]

On 03/02/2017 03:57 PM, the...@sys-concept.com wrote:
> running "ifconfig" is it possible to display hostname, especially with
> "tun" interfaces.
> 
> It would be easier to recognize which network is Up or Down.
> 

The closest thing I was able to manage is

  # ip -r addr show

Re: [gentoo-user] ifconfig - display/list hostname with IP address

[Alan McKinnon]

On 02/03/2017 22:57, the...@sys-concept.com wrote:
> running "ifconfig" is it possible to display hostname, especially with
> "tun" interfaces.

No.

ifconfig operates at layer 2.
Hostnames is a dns/resolver concept operating at a much higher level.

DNs relies on layer 2 so using rDNS to display hostnames (or worse, that
abomination called /etc/hosts) is logically circular and nonsensical

Hostnames are there to abstract addresses when addresses don't matter.
Addresses very much do matter at the ifconfig level so if you need them
then, you probably shouldn't be looking at ifconfig at all (don't you
know your own addresses?)

And finally the relationship between address and names is many<->many,
so which one you gonna use?

-- 
Alan McKinnon
alan.mckin...@gmail.com

[gentoo-user] ifconfig - display/list hostname with IP address

[thelma]

running "ifconfig" is it possible to display hostname, especially with
"tun" interfaces.

It would be easier to recognize which network is Up or Down.

-- 
Thelma

Re: [gentoo-user] SHA-1 has just been broken

[Miroslav Rovis]

On 170302-03:42-0500, taii...@gmx.com wrote:
> On 02/28/2017 12:05 PM, Miroslav Rovis wrote:
> 
> > On 170227-21:59-0500, Rich Freeman wrote:
> >> On Mon, Feb 27, 2017 at 8:10 PM, Miroslav Rovis
> >>  wrote:
...
> > And finally Andrew Shavchenko pointed me to gkeys !
> >
> > Here's the answer to my query (ah, just the beginning of, my
> > implementation of it will take time):
> >
> > emerge -tuDN app-crypt/gkeys app-crypt/gkeys-gen
> >
> > # equery f gkeys-gen
> > ...
> > /usr/share/doc/gkeys-gen-0.2/README.md.bz2
> > ...
> >
> > (
> > NOTE: The:
> > /usr/share/doc/gkeys-0.2/README.md.bz2
> > of the gkeys package is identical.
> > )
> >
> > # bzcat /usr/share/doc/gkeys-gen-0.2/README.md.bz2
> >
> > Gentoo Keys
> > ---
> >
> > ### About
> >
> >   Gentoo Keys is a Python based project that aims to manage the GPG keys 
> > used
> >   for validation on users and Gentoo's infrastracutre servers. Gentoo Keys 
> > will be able
> >   to verify GPG keys used for Gentoo's release media, such as installation 
> > CD's,
> >   Live DVD's, packages and other GPG signed documents. It will also be used 
> > by
> >   Gentoo infrastructure to achieve GPG signed git commits in the 
> > forthcoming git
> >   migration of the main CVS tree.
> >
> > ### License
> >
> > Gentoo Keys is under GPL-2 License
> > #
> >
> > But do I read this correctly?:
> >
> >   ...Gentoo Keys will be able
> >   to verify GPG keys used for Gentoo's release media, such as installation 
> > CD's,
> >   Live DVD's, packages and other GPG signed documents.
> >
> > Again, about this (syntactical) object (in the sentence), with other
> > objects removed:
> >
> >   ...Gentoo Keys will be able
> >   to verify GPG keys used for ...
> >   ... packages...
> >
> > Does that mean what I read? That with gkeys any user will be able to get
> > packages via git, and somehow automatically gpg -verify the signature of
> > each package that (s)he got when (s)he, say:
> >
> > emerge -tuDN world
> >
> > ?
> >
> > Does that mean that?
> >
...
> It is possible to have a reasonably secure system where the hard drive 
> firmware (or any other devices) can't fuck around with the stuff on 
> disk, although I highly doubt that the gentoo infrastructure (and 
> kernel.org, and all the source repos for all the other software) does this
Rogue elements everywhere (even the most known Person in the world,
throughout the history (which counts from His birth), had His traitors),
but you are correct, it is still little likely.

I'll keep you thought below for reference, when I some day, find more
time to learn about these things:
> One way is to use a blob-free coreboot IOMMU supporting board and 
> bootstrap the crypto/kernel off of the board firmware EEPROM chip to 
> load the initial kernel thus no plaintext touches the disk and thus 
> nothing can mess with it.
> 
> The IOMMU (theoretically) protects the CPU and memory from rogue 
> devices, such as the hard drive.
> 
> In terms of ethics IBM *for now* is a way better company than Intel/AMD, 
> their POWER servers are owner controlled as there isn't any boot 
> guard/secure boot/management engine/platform "security" processor (amd's 
> ME) to stop you from re-writing the firmware as you please. They also 
> have an getting-there-almost-reasonable open source effort (OpenPOWER)
> 
> You can buy a TYAN OpenPOWER8 "Palmetto" (100% FOSS out of the box, 
> although not that powerful) or an IBM POWER8 S822 "Firestone" (very 
> powerful) which needs only a small amount of final work to be open sourced.
> 
> IBM's POWER8 has a supervisor processor, although it is owner controlled 
> (the key difference) unlike ME/PSP.
> 
> It is a shame that TALOS (POWER workstation board) never went anywhere, 
> it seems the linux community won't care about real freedom - right up 
> until microsoft finally locks us out for good and it is too late to do 
> anything about it.
> 
> https://www.coreboot.org/Board_freedom_levels

Yes, I looked up that page, and searched a little about Power8
pocessors... I wish I was aware how important Board freedom is back four
and a half years ago. Not so ugly what I have, but neither is open hardware
(
Asrock
Extreme4, a few of them (so I can clone the systems):
Use old amd64 gentoo image on new amd64 hardware, possible?
https://forums.gentoo.org/viewtopic-t-940916.html#7172822

I can't believe they're still selling them! If I'm not mistaken:
http://www.asrock.com/mb/AMD/970%20Extreme4/
I have to say, they are really not bad, but are not openhardware either.
)

I can't follow all the info that you gave, it's too advanced for me (at
least at this time).

And I couldn't reply sooner... I had to finish, finally successfully,
some steep learning of mine about how to use virtualization.

Voilà:

Devuan's precursor's, as Tails, image in Qemu (10)
https://www.croatiafidelis.hr/foss/cap/cap-161015-qemu-devuan/qemu-devuan-10.php

Finally using Tails from my grsecurity-hardened Gentoo, in a

Re: [gentoo-user] Its ground hog day... how to escape the syndrome?

[thelma]

On 03/02/2017 05:07 AM, Andrew Savchenko wrote:
> On Thu, 2 Mar 2017 09:44:20 +0200 Alan McKinnon wrote:
>> On 02/03/2017 06:33, Harry Putnam wrote:
>>> Setup: VBox vm running gentoo(amd64) guest on a win-10 (64bit) host
>>>  Hardware: HP xw8600 - 2x Xeon  CPU X5450 @ 3.00GHz - 32 GB ram
>>>
>>> I've seen a few other mentions of the phenomena I'm about to describe.
>>> It is not clear to me why something like this would happen. Or what is
>>> to be done to prevent it.
>>>
>>> After going thru install and bulding of X based lxde desktop gentoo
>>> OS, I'm at the stage where I would do another emerge world followed by
>>> --depclean  or something similar.
>>>
>>> Decided to take the @world in the two available bites; @system then
>>> @world
>>>
>>> My cmdline was `emerge -vaDt @system'
>>
>> Add -u to the options, it activates update behaviour
>>
>> Without it, emerge takes you literally at your word and emerges
>> everything in the system set.
> 
> Also add -N, otherwise USE flags changes will be ignored if no
> update or rebuild, and add --with-bdeps y if you don't want to
> miss updates for packages pulled an build-only deps, so use
> `-DNuavt --with-bdeps y'. "vt" here is optional and affects only
> on-screen output.
> 
> 
> Best regards,
> Andrew Savchenko

Adding -q option is nice (you don't need to watch the code scrolling by
on the screen).
-uDNavq

--
Thelma

Re: [gentoo-user] sg_map etc

[Stefan G. Weichinger]

Am 2017-03-02 um 13:41 schrieb Bill Kenworthy:

> try lshw to get that info:


we had that already in the other leg of the thread

doesn't work for me:

# lshw -c disk
  *-disk:0
   description: SCSI Disk
   physical id: 0.0.0
   bus info: scsi@1:0.0.0
   logical name: /dev/sda
   size: 68GiB (73GB)
   capabilities: partitioned partitioned:dos
   configuration: sectorsize=512 signature=00047c2f
  *-disk:1
   description: SCSI Disk
   physical id: 0.1.0
   bus info: scsi@1:0.1.0
   logical name: /dev/sdb
   size: 68GiB (73GB)
   capabilities: partitioned partitioned:dos
   configuration: sectorsize=512 signature=f31b
  *-disk:2
   description: SCSI Disk
   physical id: 0.2.0
   bus info: scsi@1:0.2.0
   logical name: /dev/sdc
   size: 697GiB (749GB)
   capabilities: partitioned partitioned:dos
   configuration: sectorsize=512
  *-disk:3
   description: SCSI Disk
   physical id: 0.3.0
   bus info: scsi@1:0.3.0
   logical name: /dev/sdd
   size: 697GiB (749GB)
   capabilities: partitioned partitioned:dos
   configuration: sectorsize=512
  *-disk:4
   description: SCSI Disk
   physical id: 0.4.0
   bus info: scsi@1:0.4.0
   logical name: /dev/sde
   size: 697GiB (749GB)
   capabilities: partitioned partitioned:dos
   configuration: sectorsize=512
  *-disk:5
   description: SCSI Disk
   physical id: 0.5.0
   bus info: scsi@1:0.5.0
   logical name: /dev/sdf
   size: 697GiB (749GB)
   capabilities: partitioned partitioned:dos
   configuration: sectorsize=512
  *-disk:6
   description: SCSI Disk
   physical id: 0.6.0
   bus info: scsi@1:0.6.0
   logical name: /dev/sdg
   size: 697GiB (749GB)
   capabilities: partitioned partitioned:dos
   configuration: sectorsize=512
  *-disk:7
   description: SCSI Disk
   physical id: 0.8.0
   bus info: scsi@1:0.8.0
   logical name: /dev/sdh
   size: 697GiB (749GB)
   capabilities: partitioned partitioned:dos
   configuration: sectorsize=512
  *-disk:8
   description: SCSI Disk
   physical id: 0.c.0
   bus info: scsi@1:0.12.0
   logical name: /dev/sdi
   size: 697GiB (749GB)
   capabilities: partitioned partitioned:dos
   configuration: sectorsize=512
  *-disk:9 UNCLAIMED
   description: SCSI Disk
   physical id: 1.0.0
   bus info: scsi@1:1.0.0
  *-disk:10 UNCLAIMED
   description: SCSI Disk
   physical id: 1.1.0
   bus info: scsi@1:1.1.0
  *-disk:11 UNCLAIMED
   description: SCSI Disk
   physical id: 1.3.0
   bus info: scsi@1:1.3.0
  *-disk:12 UNCLAIMED
   description: SCSI Disk
   physical id: 1.4.0
   bus info: scsi@1:1.4.0
  *-disk:13 UNCLAIMED
   description: SCSI Disk
   physical id: 1.5.0
   bus info: scsi@1:1.5.0
  *-disk:14 UNCLAIMED
   description: SCSI Disk
   physical id: 1.6.0
   bus info: scsi@1:1.6.0
  *-disk:15 UNCLAIMED
   description: SCSI Disk
   physical id: 1.7.0
   bus info: scsi@1:1.7.0
  *-disk:16 UNCLAIMED
   description: SCSI Disk
   physical id: 1.9.0
   bus info: scsi@1:1.9.0
  *-disk:17 UNCLAIMED
   description: SCSI Disk
   physical id: 1.a.0
   bus info: scsi@1:1.10.0
  *-disk:18 UNCLAIMED
   description: SCSI Disk
   physical id: 1.b.0
   bus info: scsi@1:1.11.0
  *-disk:19 UNCLAIMED
   description: SCSI Disk
   physical id: 1.f.0
   bus info: scsi@1:1.15.0

Re: [gentoo-user] sg_map etc

[Bill Kenworthy]

On 02/03/17 18:03, Stefan G. Weichinger wrote:
> Am 2017-03-01 um 23:21 schrieb Bill Kenworthy:
> 
>> Is there actually a disk on that interface? - I have a system where one
>> sdx allocated to an unused sata port with nothing attached - it returns
>> similar information to yours above - check the other entries.
> 
> I checked them, sure.
> to me it seems that there are 2 sg-devices created per port or so.
> 
> One as ICP-device: does not tell me serials or so, but has an sd-device
> mapped to it according to sg_map
> 
> # smartctl -d auto -i /dev/sg2
> smartctl 6.4 2015-06-04 r4109 [x86_64-linux-3.18.11-gentoo-smp] (local
> build)
> Copyright (C) 2002-15, Bruce Allen, Christian Franke, www.smartmontools.org
> 
> === START OF INFORMATION SECTION ===
> Vendor:   ICP
> Product:  SAS1
> Revision: V1.0
> User Capacity:73,284,976,640 bytes [73.2 GB]
> Logical block size:   512 bytes
> scsiModePageOffset: response length too short, resp_len=4 offset=4 bd_len=0
> scsiModePageOffset: response length too short, resp_len=4 offset=4 bd_len=0
>>> Terminate command early due to bad response to IEC mode page
> A mandatory SMART command failed: exiting. To continue, add one or more
> '-T permissive' options.
> 
> ---
> 
> and the higher ones tell me stuff via smartctl, but I don't know exactly
> which sd-device they are mapped to:
> 
> 
> # smartctl -d auto -i /dev/sg11
> smartctl 6.4 2015-06-04 r4109 [x86_64-linux-3.18.11-gentoo-smp] (local
> build)
> Copyright (C) 2002-15, Bruce Allen, Christian Franke, www.smartmontools.org
> 
> === START OF INFORMATION SECTION ===
> Vendor:   SEAGATE
> Product:  ST373455SS
> Revision: 0002
> User Capacity:73,407,868,928 bytes [73.4 GB]
> Logical block size:   512 bytes
> Rotation Rate:15015 rpm
> Logical Unit id:  0x5000c50002448407
> Serial number:3LQ11JWH9748U10J
> Device type:  disk
> Transport protocol:   SAS (SPL-3)
> Local Time is:Thu Mar  2 11:06:33 2017 CET
> SMART support is: Available - device has SMART capability.
> SMART support is: Enabled
> Temperature Warning:  Enabled
> 
> ---
> 
> 
> btw: the serial in this query is a valid one.
> This is what I am looking for.
> 
> 

try lshw to get that info:

*-scsi:0
  physical id: 1
  logical name: scsi0
  capabilities: emulated
*-disk
 description: ATA Disk
 product: INTEL SSDSC2CW12
 physical id: 0.0.0
 bus info: scsi@0:0.0.0
 logical name: /dev/sda
 version: 400i
 serial: CVCV247001A3120BGN
 size: 111GiB (120GB)
 capabilities: partitioned partitioned:dos
 configuration: ansiversion=5 sectorsize=512 signature=11afac57
   *-volume:0
description: Linux filesystem partition
vendor: Linux
physical id: 1
bus info: scsi@0:0.0.0,1
logical name: /dev/sda1
version: 1.0
serial: 8ad3b35a-8ecf-4b8b-8098-c3c9518a3307
size: 128MiB
capacity: 128MiB
capabilities: primary extended_attributes ext2 initialized
configuration: filesystem=ext2 modified=2017-03-02
19:49:54 state=clean
   *-volume:1
description: Linux swap volume
physical id: 2
bus info: scsi@0:0.0.0,2
logical name: /dev/sda2
version: 1
serial: 9d440711-04e3-46f4-9ec5-0495daed6896
size: 23GiB
capacity: 23GiB
capabilities: primary nofs swap initialized
configuration: filesystem=swap pagesize=4096
   *-volume:2
description: EXT4 volume
vendor: Linux
physical id: 3
bus info: scsi@0:0.0.0,3
logical name: /dev/sda3
logical name: /
version: 1.0
serial: bc719d32-cecc-47f1-9826-a8b12827ee3b
size: 87GiB
capacity: 87GiB
capabilities: primary journaled extended_attributes
large_files huge_files dir_nlink recover extents ext4 ext2 initialized
configuration: created=2013-07-02 06:41:32
filesystem=ext4 lastmountpoint=/ modified=2016-12-09 21:09:25
mount.fstype=ext4 mount.options=rw,noatime,discard,data=ordered
mounted=2017-02-11 11:17:20 state=mounted

Re: [gentoo-user] Its ground hog day... how to escape the syndrome?

[Andrew Savchenko]

On Thu, 2 Mar 2017 09:44:20 +0200 Alan McKinnon wrote:
> On 02/03/2017 06:33, Harry Putnam wrote:
> > Setup: VBox vm running gentoo(amd64) guest on a win-10 (64bit) host
> >  Hardware: HP xw8600 - 2x Xeon  CPU X5450 @ 3.00GHz - 32 GB ram
> > 
> > I've seen a few other mentions of the phenomena I'm about to describe.
> > It is not clear to me why something like this would happen. Or what is
> > to be done to prevent it.
> > 
> > After going thru install and bulding of X based lxde desktop gentoo
> > OS, I'm at the stage where I would do another emerge world followed by
> > --depclean  or something similar.
> > 
> > Decided to take the @world in the two available bites; @system then
> > @world
> > 
> > My cmdline was `emerge -vaDt @system'
> 
> Add -u to the options, it activates update behaviour
> 
> Without it, emerge takes you literally at your word and emerges
> everything in the system set.

Also add -N, otherwise USE flags changes will be ignored if no
update or rebuild, and add --with-bdeps y if you don't want to
miss updates for packages pulled an build-only deps, so use
`-DNuavt --with-bdeps y'. "vt" here is optional and affects only
on-screen output.


Best regards,
Andrew Savchenko


pgpyvddSFDcaV.pgp
Description: PGP signature

Re: [gentoo-user] sg_map etc

[Stefan G. Weichinger]

Am 2017-03-01 um 22:42 schrieb Daniel Frey:

> I'm not sure how the sg? -> sd? mapping is supposed to work. I find it
> odd that there seems to be two nodes reported for each sd? entry.
> However, this could be the way the controller driver reports it to the
> kernel...
> 
>> 07:01.0 SCSI storage controller: LSI Logic / Symbios Logic 53c1030
>> PCI-X Fusion-MPT Dual Ultra320 SCSI (rev 08)
>> 0a:0e.0 RAID bus controller: Adaptec AAC-RAID
>>
> 
> Well, if you are using a hw raid card in jbod mode the controller will
> generally not report that info. You'd have to install the controller's
> cli management tools and use that. You'd have to figure out which
> controller your drives are attached to.
> 
> Adaptec uses sys-block/arcconf
> LSI uses sys-block/megacli
> 3ware uses sys-block/tw_cli

yes, thanks.
arcconf doesn't do much here ... tried some commands, but the controller
doesn't return info.

Maybe not the disks itself die but the controller gets flaky ... quite
old already and I had issues at warm boot lately that were only solved
by removing power completely.

See these lines in dmesg:

[74403.796012] aacraid: Host adapter abort request (1,0,0,0)
[74403.804011] aacraid: Host adapter abort request (1,0,1,0)
[74403.804033] aacraid: Host adapter reset request. SCSI hang ?
[74403.804040] AAC: Host adapter BLINK LED 0x7
[74403.804056] AAC0: adapter kernel panic'd 7.
[74509.788015] aacraid: Host adapter abort request (1,0,0,0)
[74511.804015] aacraid: Host adapter abort request (1,0,1,0)
[74511.804041] aacraid: Host adapter reset request. SCSI hang ?
[74511.804044] AAC: Host adapter BLINK LED 0x7
[74511.804068] AAC0: adapter kernel panic'd 7.

And sdi throws errors:

[31529.901711] md/raid:md3: read error corrected (8 sectors at 11190152
on sdi1)
[31529.901713] md/raid:md3: read error corrected (8 sectors at 11190160
on sdi1)
[31529.901715] md/raid:md3: read error corrected (8 sectors at 11190168
on sdi1)
[31529.901717] md/raid:md3: read error corrected (8 sectors at 11190176
on sdi1)
[31529.901718] md/raid:md3: read error corrected (8 sectors at 11190184
on sdi1)

I wonder if one or more disks do any kind of electrical "noise" on the
SATA bus and confuse the controller in a way.

This is why I would like to remove sdi ... and the reason why I want to
spot that specific hdd.

Back then I used the trick to stress that specific disk by dd or
something (read everything in for example) and let a person spot the
disk by looking at the LEDs on the drive cages ;-)

Maybe the faster way in this case.

> The management tools for the other cards should provide this sort of
> functionality.
> 
> If you had used the raid card to create an array the management cli
> tools with show that a specific port is dead and you query it for the
> serial number.
> 
> This doesn't help you with the sg mapping. The problem for you now will
> be figuring out why sg_map is reporting the way it is.

The disks were originally configured via StorMan under SLES10 or so,
that server was a SLES server back then and I moved it to gentoo later on.

I could boot into SLES to have StorMan again, but this leads to the
mentioned boot-failure, so I want to avoid that for now.

Something is wrong with this box and I have to spot if it's the disk(s)
or the controller. All this while I am >600km away from the server.

Thanks, Stefan

Re: [gentoo-user] sg_map etc

[Stefan G. Weichinger]

Am 2017-03-01 um 23:21 schrieb Bill Kenworthy:

> Is there actually a disk on that interface? - I have a system where one
> sdx allocated to an unused sata port with nothing attached - it returns
> similar information to yours above - check the other entries.

I checked them, sure.
to me it seems that there are 2 sg-devices created per port or so.

One as ICP-device: does not tell me serials or so, but has an sd-device
mapped to it according to sg_map

# smartctl -d auto -i /dev/sg2
smartctl 6.4 2015-06-04 r4109 [x86_64-linux-3.18.11-gentoo-smp] (local
build)
Copyright (C) 2002-15, Bruce Allen, Christian Franke, www.smartmontools.org

=== START OF INFORMATION SECTION ===
Vendor:   ICP
Product:  SAS1
Revision: V1.0
User Capacity:73,284,976,640 bytes [73.2 GB]
Logical block size:   512 bytes
scsiModePageOffset: response length too short, resp_len=4 offset=4 bd_len=0
scsiModePageOffset: response length too short, resp_len=4 offset=4 bd_len=0
>> Terminate command early due to bad response to IEC mode page
A mandatory SMART command failed: exiting. To continue, add one or more
'-T permissive' options.

---

and the higher ones tell me stuff via smartctl, but I don't know exactly
which sd-device they are mapped to:


# smartctl -d auto -i /dev/sg11
smartctl 6.4 2015-06-04 r4109 [x86_64-linux-3.18.11-gentoo-smp] (local
build)
Copyright (C) 2002-15, Bruce Allen, Christian Franke, www.smartmontools.org

=== START OF INFORMATION SECTION ===
Vendor:   SEAGATE
Product:  ST373455SS
Revision: 0002
User Capacity:73,407,868,928 bytes [73.4 GB]
Logical block size:   512 bytes
Rotation Rate:15015 rpm
Logical Unit id:  0x5000c50002448407
Serial number:3LQ11JWH9748U10J
Device type:  disk
Transport protocol:   SAS (SPL-3)
Local Time is:Thu Mar  2 11:06:33 2017 CET
SMART support is: Available - device has SMART capability.
SMART support is: Enabled
Temperature Warning:  Enabled

---


btw: the serial in this query is a valid one.
This is what I am looking for.

Re: [gentoo-user] lxde no Desktop Preferences can be set

[Neil Bothwick]

On Thu, 02 Mar 2017 00:27:47 -0500, Harry Putnam wrote:

> LXDE on the menu item Preferences ===> Desktop Preferences
> Nothing can be set there and it does not even show a dialog
> box... just an error messages that says:
> 
> Desktop manager is not active
> 
> All the lxde-base pkgs contained in lxde-meta are installed.
> 
> Openbox wm is installed.
> 
> Anyone know what that error message means or how to get around or fix
> it?

You're missing an essential package. Install lxde-meta to make sure you
get it. Once working, you can remove unnecessary packages later.


-- 
Neil Bothwick

Every morning is the dawn of a new error...


pgpkfKGSjvfFE.pgp
Description: OpenPGP digital signature

Re: [gentoo-user] VIDEO_CARDS= apparently ignored and new pkgs assigned

[Neil Bothwick]

On Thu, 02 Mar 2017 00:07:50 -0500, Harry Putnam wrote:

> Decided to see what `emerge @preserved-rebuild would bring me.
> 
> ran `emerge -va @preserved-rebuild' and I notice that it appears my
> setting in /etc/portage/make.conf for VIDEO_CARDS="virtualbox" is
> being ignored... the output of above command shows:
> 
>   Calculating dependencies... done!
>   
>   [ebuild R ] x11-libs/libdrm-2.4.75::gentoo USE="-libkms -static-libs
>  -valgrind" ABI_X86="(64) -32 (-x32)" VIDEO_CARDS="amdgpu* nouveau*
>radeon* (-exynos) (-freedreno) -intel (-omap) (-tegra) (-vc4)
>  (-vivante) -vmware" 0 KiB

Check for typos in make.conf. For example, if you used VIDEO-CARDS it
will be ignored. You'll also find the output from emerge easier to parse
if you don't use -v all the time, that way you see only more relevant
information.


-- 
Neil Bothwick

In possession of a mind not merely twisted, but actually sprained.


pgp5N47X3fCr0.pgp
Description: OpenPGP digital signature

Re: [gentoo-user] SHA-1 has just been broken

[taii...@gmx.com]

On 02/28/2017 12:05 PM, Miroslav Rovis wrote:


On 170227-21:59-0500, Rich Freeman wrote:

On Mon, Feb 27, 2017 at 8:10 PM, Miroslav Rovis
 wrote:

Apologies for my not being able to reply sooner!

On 170227-18:18+0300, Andrew Savchenko wrote:


And via a new private big business, the Github. Giving over all users to
big Github brother.

???
Github is entirely optional and is only for those who want to use it
(we have both users and devs willing so), but in no way anyone
demands its usage.

Yeah! Still, it would be great if git was used in distributed way, and
not from a central private business...


Git can pretty-much ONLY be used in a distributed way.

Correct, in that sense. But I didn't express clearly what I meant.

I really meant in this sense (invented quotations in this paragraph):

Git was intended for everyone to run their own little git server  and
pull from each other. Git was NOT invented for centralized  commercial
social networking clouds such as github!

That was from:
https://wiki.gentoo.org/wiki/Overlay:Youbroketheinternet


In the sync
workflow github is basically just a mirror.  A lot of our mirrors are
run by private businesses, and nobody knows what OS they're even
hosted on, let alone whether the firmware and CPU microcode are FOSS
along with their hard drive firmware.

I understand that. And I support any honess business. What I hate is
examples like Google, Oracle, Microsoft, IBM is a little more honest, I
think... The few at the control of those ruined so much in computing and
the internet.

GNU and FOSS, to lesser extent OSi, are good, even beautiful, socially
and philosophically.


As far as distribution goes I think github is the wrong thing to worry
about.  What you want is traceable signatures from dev to user.  Once
you have that you can download from an NSA mirror and there shouldn't
be any risk.  All a mirror does is replicate data, and if
modifications are detectable the worst they can do is a DoS.

I see.

Most of the concerns that people tend to have with github is that you
can become dependent on them for issue and pull request tracking and
then if they decide to pull the plug you lose all that data.  We try
to minimize the use of these features and not make it a core part of
the dev workflow.

Good practice!


But, we do use pull requests and in theory we could
lose those someday.  The actual code itself gets pushed to the Gentoo
infra Repo from a developer's box using plain old git after they've
inspected/tested/etc it.  So, there isn't really any way for Github to
go injecting commits into the repositories we actually use.  I guess
they could do it for anybody using our github mirrors on the
distribution side, but that's only because we don't have that all
locked down and the same issue applies with any other mirror (rsync,
etc).  Again, you really need end-to-end signature checking to make
any of these things truly safe.

Absolutely! I did figure that out since long!

--
Rich


And what I've spent some time doing today, is figuring out about the
info that I finally got from you people!

About time! My rattling was all about whether there was or wasn't a way
to do what is still in the title of that mail that I linked to, and gave
Message-ID of, to do this:

Is it safe to switch from webrsync to the git repo now?

And finally Andrew Shavchenko pointed me to gkeys !

Here's the answer to my query (ah, just the beginning of, my
implementation of it will take time):

emerge -tuDN app-crypt/gkeys app-crypt/gkeys-gen

# equery f gkeys-gen
...
/usr/share/doc/gkeys-gen-0.2/README.md.bz2
...

(
NOTE: The:
/usr/share/doc/gkeys-0.2/README.md.bz2
of the gkeys package is identical.
)

# bzcat /usr/share/doc/gkeys-gen-0.2/README.md.bz2

Gentoo Keys
---

### About

  Gentoo Keys is a Python based project that aims to manage the GPG keys used
  for validation on users and Gentoo's infrastracutre servers. Gentoo Keys will 
be able
  to verify GPG keys used for Gentoo's release media, such as installation CD's,
  Live DVD's, packages and other GPG signed documents. It will also be used by
  Gentoo infrastructure to achieve GPG signed git commits in the forthcoming git
  migration of the main CVS tree.

### License

Gentoo Keys is under GPL-2 License
#

But do I read this correctly?:

  ...Gentoo Keys will be able
  to verify GPG keys used for Gentoo's release media, such as installation CD's,
  Live DVD's, packages and other GPG signed documents.

Again, about this (syntactical) object (in the sentence), with other
objects removed:

  ...Gentoo Keys will be able
  to verify GPG keys used for ...
  ... packages...

Does that mean what I read? That with gkeys any user will be able to get
packages via git, and somehow automatically gpg -verify the signature of
each package that (s)he got when (s)he, say:

emerge -tuDN world

?

Does that mean that?

And then, to achieve true verifiability in the open (machine connected
to online, and doing