Re: [gentoo-user] Installing on nvme - not all beer and skittles....
On Fri, Jun 29, 2018 at 11:38 AM, Andrew Lowe wrote: > Hi all, > I have an existing Gentoo install that I've "customised" a bit too > much > and things are getting flaky. I've in turn taken the opportunity to > purchase an nvme, a Samsung 960 Pro, and do a fresh install. Instead of > using the install media I've just booted the existing install, mounted > the nvme and then treated the install as though it's coming from a boot > disk. > > I've followed, I think, correctly the install process but when I > reboot, I get the following: > > "Reboot and Select proper Boot device > or Insert Boot Media in selected Boot device and press a key" > > Overlooking the freaky capitalisation, the machine fires up and then > leaves me with the above on the screen and that's it. I need to hit the > power button to kill the machine and reboot, using the boot order, F12, > option to now boot the existing installation. > > This is a new machine with a x470 Gigabyte motherboard, 64GB of memory > and a nearly top end Ryzen CPU. Does anyone know of any little "tips and > tricks" to ensure that the nvme will be seen and boot? As it is, Grub > isn't even being seen > > Andrew > > p.s. I'll also wait until the github situation has been resolved. > How did you install the bootloader? Is your board switched to legacy mode if that is what you are using? If using UEFI do you have both BIOS and UEFI boot flags set? The error you gave is what the motherboard firmware would display if it can't find any bootable drives. Some firmware (like Apple's) will only boot a UEFI partition if the enclosing protective MBR also has the partition marked as bootable. Cheers, R0b0t1
[gentoo-user] Installing on nvme - not all beer and skittles....
Hi all, I have an existing Gentoo install that I've "customised" a bit too much and things are getting flaky. I've in turn taken the opportunity to purchase an nvme, a Samsung 960 Pro, and do a fresh install. Instead of using the install media I've just booted the existing install, mounted the nvme and then treated the install as though it's coming from a boot disk. I've followed, I think, correctly the install process but when I reboot, I get the following: "Reboot and Select proper Boot device or Insert Boot Media in selected Boot device and press a key" Overlooking the freaky capitalisation, the machine fires up and then leaves me with the above on the screen and that's it. I need to hit the power button to kill the machine and reboot, using the boot order, F12, option to now boot the existing installation. This is a new machine with a x470 Gigabyte motherboard, 64GB of memory and a nearly top end Ryzen CPU. Does anyone know of any little "tips and tricks" to ensure that the nvme will be seen and boot? As it is, Grub isn't even being seen Andrew p.s. I'll also wait until the github situation has been resolved.
Re: [gentoo-user] Hostile takeover of our github mirror. Don't use ebuild from there until new warning!
On Thursday, 28 June 2018 22:15:36 BST Francisco Blas Izquierdo Riera (klondike) wrote: > Hi! > > I just want to notify that an attacker has taken control of the Gentoo > organization in Github and has among other things replaced the portage > and musl-dev trees with malicious versions of the ebuilds intended to > try removing all of your files. > > Whilst the malicious code shouldn't work as is and GitHub has now > removed the organization, please don't use any ebuild from the GitHub > mirror ontained before 28/06/2018, 18:00 GMT until new warning. Does this mean that we're safe to use anything from after your warning? -- Regards, Peter.
Re: [gentoo-user] Hostile takeover of our github mirror. Don't use ebuild from there until new warning!
On Fri, Jun 29, 2018 at 11:46 AM gevisz wrote: > > 2018-06-29 0:15 GMT+03:00 Francisco Blas Izquierdo Riera (klondike) > : > > > > I just want to notify that an attacker has taken control of the Gentoo > > organization in Github and has among other things replaced the portage > > and musl-dev trees with malicious versions of the ebuilds intended to > > try removing all of your files. > > > > Whilst the malicious code shouldn't work as is and GitHub has now > > removed the organization, please don't use any ebuild from the GitHub > > mirror ontained before 28/06/2018, 18:00 GMT until new warning. > > I have heard that Github was bought by MS. So, why not to move to GitLab? > This has been the subject of a fair bit of discussion actually. However, that alone wouldn't have prevented an attack like this as far as I can tell. That is, the compromise didn't involve anything in Github's control, but just a compromised password. There are plenty of reasons to consider moving to GitLab. Right now the general sentiment seems to be wait-and-see, as gitlab.com is still proprietary and isn't as popular (which was one of the original drivers for having support on Github). What I think would have the bigger impact is if somebody actually came up with a FOSS distributed solution for bug/issue/PR tracking that was decent. Then just as we can have multiple mirrors of the code we could have muliple mirrors of everything else and all of this would be less of an issue. -- Rich
Re: [gentoo-user] Hostile takeover of our github mirror. Don't use ebuild from there until new warning!
2018-06-29 0:15 GMT+03:00 Francisco Blas Izquierdo Riera (klondike) : > > I just want to notify that an attacker has taken control of the Gentoo > organization in Github and has among other things replaced the portage > and musl-dev trees with malicious versions of the ebuilds intended to > try removing all of your files. > > Whilst the malicious code shouldn't work as is and GitHub has now > removed the organization, please don't use any ebuild from the GitHub > mirror ontained before 28/06/2018, 18:00 GMT until new warning. I have heard that Github was bought by MS. So, why not to move to GitLab?
Re: [gentoo-user] Re: Hostile takeover of our github mirror. Don't use ebuild from there until new warning!
R0b0t1 wrote: > > I can't help but notice this was moved to gentoo-user. Are posts to > gentoo-dev being moderated properly, or should I not bother submitting > anything? > > I suspect it was done to let users know about the breach. Otherwise, anyone who syncs using the git thingy wouldn't know it is hacked and shouldn't be trusted. I could be wrong but that's my guess. Dale :-) :-)
Re: [gentoo-user] Re: Hostile takeover of our github mirror. Don't use ebuild from there until new warning!
On Fri, Jun 29, 2018 at 7:19 AM, Francisco Blas Izquierdo Riera (klondike) wrote: > El 29/06/18 a las 03:55, Duane Robertson escribió: >> On Thu, 28 Jun 2018 23:15:36 +0200 >> "Francisco Blas Izquierdo Riera (klondike)" wrote: >> >>> Hi! >>> >>> I just want to notify that an attacker has taken control of the Gentoo >>> organization in Github and has among other things replaced the portage >>> and musl-dev trees with malicious versions of the ebuilds intended to >>> try removing all of your files. >>> >>> Whilst the malicious code shouldn't work as is and GitHub has now >>> removed the organization, please don't use any ebuild from the GitHub >>> mirror ontained before 28/06/2018, 18:00 GMT until new warning. >>> >>> Sincerely, >>> Francisco Blas Izquierdo Riera (klondike) >>> Gentoo developer. >>> >>> >> Is it at all likely that any signing keys have been compromised? I >> can't think of how that would happen, but I don't know much about the >> situation. >> > If you mean the release signing key the answer is a clear no according > to infra's forensics. If you mean specific developers' keys it is > unlikely but not fully impossible as we still don't know how the > attackers got hold of the compromised accounts. > I can't help but notice this was moved to gentoo-user. Are posts to gentoo-dev being moderated properly, or should I not bother submitting anything?
Re: [gentoo-user] Re: Hostile takeover of our github mirror. Don't use ebuild from there until new warning!
El 29/06/18 a las 03:55, Duane Robertson escribió: > On Thu, 28 Jun 2018 23:15:36 +0200 > "Francisco Blas Izquierdo Riera (klondike)" wrote: > >> Hi! >> >> I just want to notify that an attacker has taken control of the Gentoo >> organization in Github and has among other things replaced the portage >> and musl-dev trees with malicious versions of the ebuilds intended to >> try removing all of your files. >> >> Whilst the malicious code shouldn't work as is and GitHub has now >> removed the organization, please don't use any ebuild from the GitHub >> mirror ontained before 28/06/2018, 18:00 GMT until new warning. >> >> Sincerely, >> Francisco Blas Izquierdo Riera (klondike) >> Gentoo developer. >> >> > Is it at all likely that any signing keys have been compromised? I > can't think of how that would happen, but I don't know much about the > situation. > If you mean the release signing key the answer is a clear no according to infra's forensics. If you mean specific developers' keys it is unlikely but not fully impossible as we still don't know how the attackers got hold of the compromised accounts. signature.asc Description: OpenPGP digital signature
Re: [gentoo-user] Re: Hostile takeover of our github mirror. Don't use ebuild from there until new warning!
El 29/06/18 a las 09:47, Ivan J. escribió: > On Fri, Jun 29, 2018 at 03:12:15AM +0200, Francisco Blas Izquierdo Riera > (klondike) wrote: >> El 29/06/18 a las 00:27, Mick escribió: >>> On Thursday, 28 June 2018 22:54:45 BST Francisco Blas Izquierdo Riera >>> (klondike) wrote: El 28/06/18 a las 23:15, Francisco Blas Izquierdo Riera (klondike) escribió: > Hi! > > I just want to notify that an attacker has taken control of the Gentoo > organization in Github and has among other things replaced the portage > and musl-dev trees with malicious versions of the ebuilds intended to > try removing all of your files. > > Whilst the malicious code shouldn't work as is and GitHub has now > removed the organization, please don't use any ebuild from the GitHub > mirror ontained before 28/06/2018, 18:00 GMT until new warning. > > Sincerely, > Francisco Blas Izquierdo Riera (klondike) > Gentoo developer. Just to keep up with it. There is a more complete article published at https://www.gentoo.org/news/2018/06/28/Github-gentoo-org-hacked.html >>> Thanks for letting us know, but how did this happen? >> I don't think there is an official timeline yet. We suspect the github >> account of an administrator was compromissed. >> >> I just brought up the heads up when I noticed that the protage tree had >> been modified to contain harmful code. > Do you have this code somewhere now? Any chance of seeing what happened? > Sadly no, I tried to obtain it from my browser cache with no luck. I have two of the malicious commit ids though: 49464b7316dbd7bbfe878cb3da4817c39a6cf11c and e6db0eb4f76cb920e49a6afc3af067c3d5e4b82b What I noticed was a clear rm -rf /* as the first line on all ebuilds but there may have been a more subtle attack too. signature.asc Description: OpenPGP digital signature
Re: [gentoo-user] Re: Hostile takeover of our github mirror. Don't use ebuild from there until new warning!
On Fri, Jun 29, 2018 at 03:12:15AM +0200, Francisco Blas Izquierdo Riera (klondike) wrote: > El 29/06/18 a las 00:27, Mick escribió: > > On Thursday, 28 June 2018 22:54:45 BST Francisco Blas Izquierdo Riera > > (klondike) wrote: > >> El 28/06/18 a las 23:15, Francisco Blas Izquierdo Riera (klondike) > >> escribió: > >>> Hi! > >>> > >>> I just want to notify that an attacker has taken control of the Gentoo > >>> organization in Github and has among other things replaced the portage > >>> and musl-dev trees with malicious versions of the ebuilds intended to > >>> try removing all of your files. > >>> > >>> Whilst the malicious code shouldn't work as is and GitHub has now > >>> removed the organization, please don't use any ebuild from the GitHub > >>> mirror ontained before 28/06/2018, 18:00 GMT until new warning. > >>> > >>> Sincerely, > >>> Francisco Blas Izquierdo Riera (klondike) > >>> Gentoo developer. > >> Just to keep up with it. There is a more complete article published at > >> https://www.gentoo.org/news/2018/06/28/Github-gentoo-org-hacked.html > > Thanks for letting us know, but how did this happen? > I don't think there is an official timeline yet. We suspect the github > account of an administrator was compromissed. > > I just brought up the heads up when I noticed that the protage tree had > been modified to contain harmful code. Do you have this code somewhere now? Any chance of seeing what happened? -- ~ parazyd GnuPG: 03337671FDE75BB6A85EC91FB876CB44FA1B0274 GnuPG: https://parazyd.org/fa1b0274.asc
