Re: [gentoo-user] How do I turn off ansi (colour) codes in GCC 6.3.0 ?
On 170513-12:53-0500, R0b0t1 wrote: > On Sat, May 13, 2017 at 9:25 AM, Miroslav Rovis > <miro.ro...@croatiafidelis.hr> wrote: > > On 170510-20:03-0400, Walter Dnes wrote: > >> On Wed, May 10, 2017 at 01:35:24PM -0500, R0b0t1 wrote > >> > >> > The option is "-fdiagnostics-color=never" or "-fno-diagnostics-color". > >> > You can also set the environment variable GCC_COLORS to the empty > >> > string. The latter is probably more useful in the context of portage. > >> > >> Thank you. I successfully tried... > >> > >> GCC_COLORS="" emerge icewm > > Another tip to remember. > > > >> I suppose the next step is to add GCC_COLORS="" to make.conf. > >> > > I wonder why sticking " --color=n" in the EMERGE_DEFAULT_OPTS in > > make.conf (e.g. mine is: > > > > EMERGE_DEFAULT_OPTS="--keep-going --with-bdeps=y --autounmask-keep-masks > > --ask --verbose --color=n" > > > > does only partly its job. Erratically, I'd say. You never know if it > > will or not remove color... A bug should be posted for that, but I have > > a partly broken system at this time... > > > > That switch only handles the coloring of portage output. I suggested > using GCC_COLORS precisely because "--color=n" doesn't seem to > propagate to subcommands which do output coloring. > > Another program you might want to disable output coloring for is > CMake, using CMAKE_COLOR_MAKEFILE=OFF. > Thanks for the tip! But let me see... Like the above (repasting): > >> GCC_COLORS="" emerge icewm pr maybe stick in the /etc/portage/bashrc or in some other way? -- Miroslav Rovis Zagreb, Croatia https://www.CroatiaFidelis.hr signature.asc Description: Digital signature
Re: [gentoo-user] world rebuild with gcc-6.3.0 - not completely there yet
On 170513-17:25+0200, Helmut Jarausch wrote: > On 05/13/2017 04:07:52 PM, Miroslav Rovis wrote: > > On 170513-10:21+0200, Helmut Jarausch wrote: > > > On 05/13/2017 05:56:16 AM, Walter Dnes wrote: > > > > On Wed, May 10, 2017 at 08:38:56PM -0400, Walter Dnes wrote > > > > > "Walter's Excellent Adventure Continues"... Now that I've got > > ICEWM > > > > > built, I'm trying to start X. I copied over my ~/.icewm > > cirectory, > > ... > > > > > cursor... for half a second or so. Then X exits immediately. I > > ... > > > > This message is coming to you from an almost entirely GCC 6.3.0 > > > > machine. I had to build ICEWM with GCC 5.4.0 to stop it > > segfaulting. > > > > The rest of Gentoo, including ICEWM's dependancies, is built with > > GCC > > > > 6.3.0. > > > > > > > > > > I have switched to gcc-6.3.0 at the end of last year. > > > I have (re-)compiled all my packages including icewm-1.3.12-r1. > > > Everything works just fine. > > > > > > I did have some segfaults (with gimp) until I recompiled each > > package > > > with gcc-6.3.0 > > > > > > I have > > > CFLAGS="-mtune=native -O2 -msse3 -pipe -fPIC" > > > > > > in /etc/portage/make.conf > > > > > > and quite a e few > > > CFLAGS="-O3 -mtune=native -pipe -msse -msse2 -msse3 -msse4a -m3dnow" > > > (for my aged AMD64 Phenom II machine) > > > > > > in /etc/portage/env/... > > > > > > Helmut > > > > > I have a Phenom II machine as well. And I'd be interested what you > > needed to stick in the /etc/portage/env/, if you could tell me, pls. > > > > Here an example: if you want to set some environment variables for > sci-libs/atlas : > > First, create the directory > > /etc/portage/env/sci-libs > > Second, create the file 'atlas', e.g. by > > echo 'CFLAGS="-O3 -mtune=native -pipe -msse -msse2 -msse3 -msse4a > -m3dnow"' > atlas > I see. Thx. -- Miroslav Rovis Zagreb, Croatia https://www.CroatiaFidelis.hr signature.asc Description: Digital signature
Re: [gentoo-user] Re: How do I turn off text console screen in software?
On 170511-19:57-0400, Walter Dnes wrote: > On Thu, May 11, 2017 at 04:19:28PM -0700, Daniel Campbell wrote > > On 05/10/2017 04:08 PM, Walter Dnes wrote: > > > On Wed, May 10, 2017 at 03:36:05PM -0400, Jonathan Callen wrote > > > > > >> Additionally, "setterm --blank force" turns the console off immediately. > > > > > > Thank you; that's exactly what I was looking for. My script > > > ~/bin/dark now reads... > > > > > > #!/bin/bash > > > sleep 1 && xset -display :0.0 dpms force off > > > setterm --blank force > > > > > > ...so I can execute "dark" in either X or a true text console, and it > > > works in both cases. > > > > > > > If I may suggest an enhancement, you might want to probe the > > environment the script is running in so that only the relevant command > > gets run; unless of course you really do want everything off at once > > regardless of whether X is running.. > > Isn't that the whole point of excercise? If I want to turn off the > display, I want to turn off the display. BTW, I've discovered a problem. > > sleep 1 && xset -display :0.0 dpms force off > > ...allows to bring back the display by tapping any key. I prefer > {SHIFT} because it doesn't do anything by itself. But the command... > > setterm --blank force > > ...can't be awoken from in a text console. However, if X is running in > tty7, I can {CTRL}{ALT}{F7} and X comes up. Then I can {CTRL}{ALT}{F1} > to get back to a text console in tty1... weird. Same here. > -- > Walter Dnes <waltd...@waltdnes.org> > I don't run "desktop environments"; I run useful applications > Good tips in this thread! Regards! -- Miroslav Rovis Zagreb, Croatia https://www.CroatiaFidelis.hr signature.asc Description: Digital signature
Re: [gentoo-user] world rebuild with gcc-6.3.0 - not completely there yet
On 170513-10:21+0200, Helmut Jarausch wrote: > On 05/13/2017 05:56:16 AM, Walter Dnes wrote: > > On Wed, May 10, 2017 at 08:38:56PM -0400, Walter Dnes wrote > > > "Walter's Excellent Adventure Continues"... Now that I've got ICEWM > > > built, I'm trying to start X. I copied over my ~/.icewm cirectory, ... > > > cursor... for half a second or so. Then X exits immediately. I ... > > This message is coming to you from an almost entirely GCC 6.3.0 > > machine. I had to build ICEWM with GCC 5.4.0 to stop it segfaulting. > > The rest of Gentoo, including ICEWM's dependancies, is built with GCC > > 6.3.0. > > > > I have switched to gcc-6.3.0 at the end of last year. > I have (re-)compiled all my packages including icewm-1.3.12-r1. > Everything works just fine. > > I did have some segfaults (with gimp) until I recompiled each package > with gcc-6.3.0 > > I have > CFLAGS="-mtune=native -O2 -msse3 -pipe -fPIC" > > in /etc/portage/make.conf > > and quite a e few > CFLAGS="-O3 -mtune=native -pipe -msse -msse2 -msse3 -msse4a -m3dnow" > (for my aged AMD64 Phenom II machine) > > in /etc/portage/env/... > > Helmut > I have a Phenom II machine as well. And I'd be interested what you needed to stick in the /etc/portage/env/, if you could tell me, pls. -- Miroslav Rovis Zagreb, Croatia https://www.CroatiaFidelis.hr signature.asc Description: Digital signature
Re: [gentoo-user] How do I turn off ansi (colour) codes in GCC 6.3.0 ?
On 170510-20:03-0400, Walter Dnes wrote: > On Wed, May 10, 2017 at 01:35:24PM -0500, R0b0t1 wrote > > > The option is "-fdiagnostics-color=never" or "-fno-diagnostics-color". > > You can also set the environment variable GCC_COLORS to the empty > > string. The latter is probably more useful in the context of portage. > > Thank you. I successfully tried... > > GCC_COLORS="" emerge icewm Another tip to remember. > I suppose the next step is to add GCC_COLORS="" to make.conf. > I wonder why sticking " --color=n" in the EMERGE_DEFAULT_OPTS in make.conf (e.g. mine is: EMERGE_DEFAULT_OPTS="--keep-going --with-bdeps=y --autounmask-keep-masks --ask --verbose --color=n" does only partly its job. Erratically, I'd say. You never know if it will or not remove color... A bug should be posted for that, but I have a partly broken system at this time... Regards! -- Miroslav Rovis Zagreb, Croatia https://www.CroatiaFidelis.hr signature.asc Description: Digital signature
Re: [gentoo-user] Re: How to set size to windows in Openbox in local config [SOLVED]
On 170423-13:31+0200, Miroslav Rovis wrote: > Hi Floyd! > > This is just an interim notice-reply. I need a few days to find a couple > of hours time to study the links you gave. I only wish to express my > appreciation, as the links look interesting and to the point, as well as > the rest of your reply. I always try to keep my word, but I am not likely to be able to. My Gentoo system is currently somewhat (probably mildly) broken, as can be figured out from: Strange script planted with Bash https://www.croatiafidelis.hr/foss/cap/cap-170504-strange-bash/ and Same Issue with Editcap https://www.croatiafidelis.hr/foss/cap/cap-170313-git-devuan-mail/git-devuan-mail-4.php and nice and useful, but cosmetic, issues fade away in importance confronted with security issues. (only my sig at end, no more new text) > > On 170422-04:35+0200, Floyd Anderson wrote: > > On Fr, 21 Apr 00:12:28 +0200 > > Miroslav Rovis <miro.ro...@croatiafidelis.hr> wrote: > > >On 170420-05:57+0200, Floyd Anderson wrote: > > >> On Do, 13 Apr 21:55:29 +0200 > > >> Miroslav Rovis <miro.ro...@croatiafidelis.hr> wrote: > ... > > >> back from some computer-free holidays, > > >I hope you had good and restful time! > ... > > >[2] openbox window positions > > > https://lists.gt.net/gentoo/user/325342 > > > (and my reply to it contains digressions, but also simple > > > questions...) > > > > > Your plan with the Apache cgit repo seems to be a nice challenge to > > learn something but as I noted above, creating and maintaining an > > overlay for so tiny things is a little bit overkill in my opinion. > > Fetching the related Git repository from time to time and you are done > > while an overlay needs probably more significant work. > > > > As an example, I am currently just imagine I have to create overlays for > > my favourite Vim plugins instead of using well known manager like > > Vundle, NeoBundle, Dein or what else. That were a lot of work for the > > overlay solution or did I miss the point? > > > > > > References: > > [1] > > <https://blogs.gentoo.org/mgorny/2016/02/08/a-quick-note-on-portable-shebangs/> > > > > -- > > Regards, > > floyd -- Miroslav Rovis Zagreb, Croatia https://www.CroatiaFidelis.hr signature.asc Description: Digital signature
Re: [gentoo-user] Inconsistent behavior in my Gentoo OS instance
replies there: ( Tab (no exec) triggers script on Bash on grsec admin https://forums.grsecurity.net/viewtopic.php?f=3=4700 ) ... And I don't know if I will be able to... First dhcpcd would crash on any attempt to run a bridge which I have run without any issues for months now, witness all the pages and screencasts and PCAPs at https://www.croatiafidelis.hr/foss/cap/ ( select by the timestamp, the later the better; I even got a really nice note of appreciation from Devuan devs when my analysis helped them to fix a trivial but urgent network issue on 2017-04-23 which timestamp I shorten to 170423 and so the link is: BAD sig on Devuan ISO https://www.croatiafidelis.hr/foss/cap/cap-170423-devuan-iso-sig/ )... And since this morning even plain one only ether device connection failed without any segfaults to anything or any " denied " errors... (the bridge would always get segfaults for dhcpcd). Back to the script seen in its action only. I spent hours trying to figure out what the lines of the script that does that should look like, but more hours I would need to be able to reconstruct any. I saw those entries in awk and I know sed that well, but it's more skills needed to reconstruct that script... and to hopefully locate it in the system partition dump. Thanks if anybody is able to better analyze those (and maybe help locate it). So that it be quicker at hand, I attach a gzip'ed archive of https://www.croatiafidelis.hr/foss/cap/cap-170504-strange-bash/messages_170504_2155_g0n messages_170504_2155_g0n.gz to this email as well (it's just over 1K). But I strongly believed it was a potential risk to keep running that system, and what I did is, while completely offline, I thoroughly checked the frozen clone and also the Air-Gapped (which only has the Wireshark inconsistency, and never had this Tab-triggers-Bash-script in (grsecurity RBAC) role admin). And then I updated my Air-Gapped and cloned my for-online system from it. In this system, [stop...] Haha! actually *only* in the software of this system, there are no traces that would indicate any Tab-triggers-a-script behavior, but I certainly don't know if anything was planted in my hardware... It's not Open Hardware,[5] so even if I knew how to check firware and stuff, I couldn't check much of it, let alone all of it... > -Original Message- > From: Miroslav Rovis [mailto:miro.ro...@croatiafidelis.hr] > Sent: Friday, May 05, 2017 01:02 > To: gentoo-user@lists.gentoo.org > Subject: Re: [gentoo-user] Inconsistent behavior in my Gentoo OS instance > > Hi Bobby! > > Pls. see also: > > Tab (no exec) triggers script on Bash on grsec admin > https://forums.grsecurity.net/viewtopic.php?f=3=4700 > > as well as the other email that I sent some 7 or so hours ago. > > NOTE: if I'm away, it's because I'm a little worried... I'm afraid my system > may be vulnerable because of these issues. Patience pls. > > (no more but only my sig in bottom) > > On 170504-21:15-0400, Bobby Kent wrote: > > Hi Miroslav, > > > > Attempting to reproduce third issue: > > > > # mkdir wibble1_1 > > # mkdir wibble2_1 > > # mkdir wibble3_1 > > # mkdir wibble4_1 > > # mkdir wibble5_1 > > # for d in wibble*_1 ; do mkdir $d/wobble ; done # ls -1d wibble*_1 > > wibble1_1 > > wibble2_1 > > wibble3_1 > > wibble4_1 > > wibble5_1 > > > > Then hit tab after positioning cursor after the / below: > > # for i in $(ls -1d wibble*_1/) ; do echo $i ; done > > > > And the results are an attempt to autocomplete: > > wibble1_1// wibble2_1// wibble3_1// wibble4_1// wibble5_1// > > > > Perhaps the test oversimplified the issue, though maybe you could > > provide the simplest way to reproduce what you see. > > > > Thanks. I do get this normal behavior that you explain above in my Air-Gapped. And generally in my cloned system. The erratic behavior that I caught a revealing glimse of was only ever happening in my clone that goes online. > > -Original Message- > > From: Miroslav Rovis [mailto:miro.ro...@croatiafidelis.hr] > > Sent: Tuesday, May 02, 2017 10:13 > > To: gentoo-user@lists.gentoo.org > > Subject: Re: [gentoo-user] Inconsistent behavior in my Gentoo OS > > instance ... > > > > Third issue > > == ... > > > [[ > > > NOTE (before delayed sending): In fact, it is only this clone that > > > exibits the above Bash malfunctioning. I just checked the same for > > > loop command (some six paragraphs above) in my Air-Gapped master [1] > > > (never any internet it sees, > > The [1] is important for understanding, especially this Bash issue in > > my Gentoo instance. > > Because in my Air-Gapped Gentoo instance that issue does not s
Re: [gentoo-user] eix bug (was: Inconsistent behavior in my Gentoo OS instance)
On 170507-10:20+, Martin Vaeth wrote: > Miroslav Rovis <miro.ro...@croatiafidelis.hr> wrote: > > Received SIGSEGV - you probably found a bug in eix. > > If you are using eix-0.32.7* or eix-0.32.8.alpha* then this is > perhaps this bug: > https://github.com/vaeth/eix/issues/39 > It was that issue. In eix installed here: # eix eix [I] app-portage/eix Available versions: 0.32.4 (~)0.32.5 (~)0.32.5-r1 **0.32.8_alpha4^m[1] (~)0.32.8[1] ***l^m[1] {debug +dep doc nls optimization +required-use security sqlite strong-optimization strong-security swap-remote tools LINGUAS="de ru"} Installed versions: 0.32.8[1](14:12:56 06/05/17)(dep nls required-use sqlite -debug -doc -optimization -security -strong-optimization -strong-security -swap-remote -tools LINGUAS="-de -ru") Homepage:https://github.com/vaeth/eix/ Description: Search and query ebuilds [1] "mv" /var/lib/layman/mv # that issue has been fixed. So it's gone here too. Thanks! -- Miroslav Rovis Zagreb, Croatia https://www.CroatiaFidelis.hr signature.asc Description: Digital signature
Re: [gentoo-user] Inconsistent behavior in my Gentoo OS instance
Hi Bobby! Pls. see also: Tab (no exec) triggers script on Bash on grsec admin https://forums.grsecurity.net/viewtopic.php?f=3=4700 as well as the other email that I sent some 7 or so hours ago. NOTE: if I'm away, it's because I'm a little worried... I'm afraid my system may be vulnerable because of these issues. Patience pls. (no more but only my sig in bottom) On 170504-21:15-0400, Bobby Kent wrote: > Hi Miroslav, > > Attempting to reproduce third issue: > > # mkdir wibble1_1 > # mkdir wibble2_1 > # mkdir wibble3_1 > # mkdir wibble4_1 > # mkdir wibble5_1 > # for d in wibble*_1 ; do mkdir $d/wobble ; done > # ls -1d wibble*_1 > wibble1_1 > wibble2_1 > wibble3_1 > wibble4_1 > wibble5_1 > > Then hit tab after positioning cursor after the / below: > # for i in $(ls -1d wibble*_1/) ; do echo $i ; done > > And the results are an attempt to autocomplete: > wibble1_1// wibble2_1// wibble3_1// wibble4_1// wibble5_1// > > Perhaps the test oversimplified the issue, though maybe you could provide > the simplest way to reproduce what you see. > > Thanks. > > > -Original Message- > From: Miroslav Rovis [mailto:miro.ro...@croatiafidelis.hr] > Sent: Tuesday, May 02, 2017 10:13 > To: gentoo-user@lists.gentoo.org > Subject: Re: [gentoo-user] Inconsistent behavior in my Gentoo OS instance > > I've received one reply, and thanks again, but I had better remove the > gzip-"inconsistency" related bloat from my own previous email... I need the > previous text to make the remaining three important > parts/issues/inconsistencies clearer and easier to check, and reply to, any > of the three. > > I will also reorder my quotes to get them easier to skip or skip to, since > they are separate issues/inconsistencies. > > On 170501-18:17+0200, Miroslav Rovis wrote: > ... > First issue > === > (All first issue-related text have been removed here from all quotes from my > previous message) ... > > Second issue > > > Another part is actually on Wireshark mailing list. Pls. see: > > > > Filtering on (negated) frame.time_relative filters out wrong > > frame.number > > https://www.wireshark.org/lists/wireshark-users/201704/msg00037.html > > as well as my study at: > > https://www.croatiafidelis.hr/foss/cap/cap-170313-git-devuan-mail/git- > > devuan-mail-4.php > That page has just been updated with clearer instructions. > > > (and the previous ones there, but I gave the last as it is > > simplest/fastest to check) > > > > There is information that any advanced reader can easily provide by > > retracing some of my steps there, and which would clear some uncertainties > here. > ... > > ... That's a serious bug or a > > serious malfunction in my Gentoo, the latter being most likely... > > > > And if it is the latter, it can only be one or the other way. One: the > > cause is in some Gentoo packge. Two: it is an attack by some unknown > means. > > > > ( > > If Air-Gapped is some info, I did try and editcap (and the whole > > Wireshark) behave in the same wrong way in my Air-Gapped too. > > ... > > ) > > > > > Third issue > == > > The text it too much because the command line in which bash throw strange > error is a long for loop. The main point is marked with short new text > below. > > This is one of a series of commands that I used to check one of the > > backups, in three different instances of tar-gzip'd archive I checked > > (such as the /root directory tar-gzip'd today), and which showed > > faultless upon decompression in all the three instances, despite the > > three instances of tar-gzip'd archives not being identical (as their > SHA256 sums show): > > > > # for i in $(ls -1d root_170430_g0n*.d/); do sum=$(echo $i|sed > > 's/\.d\//\.sum/'); echo $sum ; read FAKE ; j=$(echo $i | sed > > 's/\.d\//\.tar.gz/'); ls -l $j $i ; cd $i; pwd ; read FAKE ; for file > > in $(find ./ -name '*'); do if [ -f "$file" ]; then sha256sum $file >> > > ../$sum ; fi; done ; cd - ; done ; > > > > Now if I just place the cursor, by moving with Alt-F (skipping "words") > and Ctrl-F (skipping 1 char) to just after: > > > > "for i in $(ls -1d root_170430_g0n*.d/" in that command, > > > > and if I then hit Tab for completion on the experssion there, I get > > (and I'm sorry for the mess, but that's what I get): > > > > g0n ~ # for i in $(ls -1d root_170430_g0n*.dbash: unexpected EOF while > > looking for matching `)'bash: syntax error: unexpected end of > >
Re: [gentoo-user] Inconsistent behavior in my Gentoo OS instance
On 170503-07:03+0200, Miroslav Rovis wrote: > On 170502-22:19-0400, Bobby Kent wrote: > > Regarding the fourth issue: > > > g0n ~ # eix memtest86+ > > > * sys-apps/memtest86 > > > Available versions: 4.3.7 (~)4.3.7-r1 {serial} > > > Homepage:http://www.memtest86.com/ > > > Description: A stand alone memory test for x86 computers > > ... > > > > > > Found 2 matches > > > Received SIGSEGV - you probably found a bug in eix. > > ... ... > Two issues left to go of the ones I presented (and there are more, in > slow time). The Wireshark and the Bash. > I would believe that what can be seen and read here: Strange script planted with Bash https://www.croatiafidelis.hr/foss/cap/cap-170504-strange-bash/ should make for some thinking... It's in the logs ( https://www.croatiafidelis.hr/foss/cap/cap-170504-strange-bash/messages_170504_2155_g0n [link is at bottom of page, under "messages_170504_2155_g0n"] ). I've studied similar logs, but previous, for hours, but decided to post this as quickly as I can. It's much more easily credible if not much later I post it publicly. I'll think more about it and try and ask questions, but there are some questions there that are obvious, I would believe... And the issue I would think is undeniable now... And also not too hard to see (just a quick careful glance at it, you are bound to see some trouble there). Regards! -- Miroslav Rovis Zagreb, Croatia https://www.CroatiaFidelis.hr signature.asc Description: Digital signature
Re: [gentoo-user] Inconsistent behavior in my Gentoo OS instance
On 170502-22:19-0400, Bobby Kent wrote: > Regarding the fourth issue: > > g0n ~ # eix memtest86+ > > * sys-apps/memtest86 > > Available versions: 4.3.7 (~)4.3.7-r1 {serial} > > Homepage:http://www.memtest86.com/ > > Description: A stand alone memory test for x86 computers > ... > > > > Found 2 matches > > Received SIGSEGV - you probably found a bug in eix. > ... > > Anyone else gets this too? This below is a nice catch: > Not here (note the results of your "eix memtest86+" appears to be a match > for " eix memtest86" on my system): > > # eix memtest86+ > [I] sys-apps/memtest86+ > Available versions: 2.01^t 4.00^t 4.20-r1 ~4.20-r3 5.01-r2 ~5.01-r3 > {floppy iso serial} > Installed versions: 5.01-r2(11:23:03 AM 03/18/2017)(-floppy -iso > -serial) > Homepage:http://www.memtest.org/ > Description: Memory tester based on memtest86 > > # eix memtest86 > * sys-apps/memtest86 > Available versions: 4.3.7 ~4.3.7-r1 {serial} > Homepage:http://www.memtest86.com/ > Description: A stand alone memory test for x86 computers > > [I] sys-apps/memtest86+ > Available versions: 2.01^t 4.00^t 4.20-r1 ~4.20-r3 5.01-r2 ~5.01-r3 > {floppy iso serial} > Installed versions: 5.01-r2(11:23:03 AM 03/18/2017)(-floppy -iso > -serial) > Homepage:http://www.memtest.org/ > Description: Memory tester based on memtest86 > > Found 2 matches > # If you look up my first email, I do have both memtest86+ and memtest86 like you, and I do have the same versions available as you so I just wrongly abrdidged that second email. Sorry. But you don't have my issue with eix. Thanks for reporting. Two issues left to go of the ones I presented (and there are more, in slow time). The Wireshark and the Bash. Regards! -- Miroslav Rovis Zagreb, Croatia https://www.CroatiaFidelis.hr signature.asc Description: Digital signature
Re: [gentoo-user] Inconsistent behavior in my Gentoo OS instance
On 170502-17:51+0200, Raffaele Belardi wrote: > Miroslav Rovis wrote: > > On 170502-10:33+0200, Raffaele Belardi wrote: > >> Miroslav Rovis wrote: > >>> gzip apparently inconsistent behavior occupies the most part of the > >>> report on > >>> inconsistencies here (esp. the script make_gzip_archives_consistent.sh). > >> > >> Checked on my system, same behaviour, looking inside the gzip file you see > >> why. I used > >> shed but strings is easier: > >> > >> $ strings eix-installed-after_1.gz > >> eix-installed-after_1 > >> ... > >> > >> $ strings eix-installed-after_2.gz > >> eix-installed-after_2 > >> ... > >> > >> gzip stores the filename in the compressed file so the files differ. > > > > No, it doesn't, on my system. Did you really check the files: > > https://lists.gt.net/engine?do=post_attachment;postatt_id=51651;list=gentoo > > https://lists.gt.net/engine?do=post_attachment;postatt_id=51652;list=gentoo > > (these should download as eix-installed-after_1.gz former and > > eix-installed-after_2.gz the latter)? > > > > And they have these SHA256: > > > > fff6f3f0f07c863fee6962379f063f742578569fd13fcee3df9161b4a6d99aa7 > > eix-installed-after_1.tar.gz > > b88cd07885fbdc2235c9c64be7d02aa9ace7661cc2fce07909355e369366b408 > > eix-installed-after_2.tar.gz > > > > If you did check those files, and there are the strings you say, at what > > byte, the start, and the end... Really don't know how you got that... > > I did not use your files, I re-generated them on my system based on the > /usr/bin/eix-installed-after installed on my system, as you suggested. The > command I used > was plain gzip, not tar, since the difference in the files appears to come > from the gzip > execution. which then is not dealing with the same issue. > I just checked your files: > > $ cmp -bl gzip_buggy.txt_1.tar.gz gzip_buggy.txt_2.tar.gz >5 7 ^G12 ^J Didn't know about cmp. Thanks for a fine example! But cmp found the same which I found upon visual inspecting with hexdump, and which differences (but it was a futile non-necessary exercize) I removed with the script I gave in the first email. > They differ in byte 5 which, according to the link I posted, is inside the > MTIME field. > Looks to me that this gzip issue is a non-issue. Yes, and thanks for the confirmation. > Regarding the other issues, maybe someone else will have the time to go > through the > complete email, even the abridged one you re-sent is too much for me. Or > maybe if you > could concentrate on one issue at a time only... > > raffaele It is now (likely) only two (2) issues left to go of the four (4) there from the abridged email, because I got a reply for another issue in the meantime. But sadly more trouble looming with my system (looks actually from a bigger subject, the first onw on the way and it's shadow)... Regards! -- Miroslav Rovis Zagreb, Croatia https://www.CroatiaFidelis.hr signature.asc Description: Digital signature
Re: [gentoo-user] Inconsistent behavior in my Gentoo OS instance
I've received one reply, and thanks again, but I had better remove the gzip-"inconsistency" related bloat from my own previous email... I need the previous text to make the remaining three important parts/issues/inconsistencies clearer and easier to check, and reply to, any of the three. I will also reorder my quotes to get them easier to skip or skip to, since they are separate issues/inconsistencies. On 170501-18:17+0200, Miroslav Rovis wrote: ... First issue === (All first issue-related text have been removed here from all quotes from my previous message) ... Second issue > Another part is actually on Wireshark mailing list. Pls. see: > > Filtering on (negated) frame.time_relative filters out wrong frame.number > https://www.wireshark.org/lists/wireshark-users/201704/msg00037.html > as well as my study at: > https://www.croatiafidelis.hr/foss/cap/cap-170313-git-devuan-mail/git-devuan-mail-4.php That page has just been updated with clearer instructions. > (and the previous ones there, but I gave the last as it is simplest/fastest > to check) > > There is information that any advanced reader can easily provide by retracing > some of my steps there, and which would clear some uncertainties here. ... > ... That's a serious bug or a > serious malfunction in my Gentoo, the latter being most likely... > > And if it is the latter, it can only be one or the other way. One: the cause > is in some Gentoo packge. Two: it is an attack by some unknown means. > > ( > If Air-Gapped is some info, I did try and editcap (and the whole > Wireshark) behave in the same wrong way in my Air-Gapped too. > ... > ) > Third issue == The text it too much because the command line in which bash throw strange error is a long for loop. The main point is marked with short new text below. > This is one of a series of commands that I used to check one of the backups, > in three different instances of tar-gzip'd archive I checked (such as the > /root directory tar-gzip'd today), and which showed faultless upon > decompression in all the three instances, despite the three instances of > tar-gzip'd archives not being identical (as their SHA256 sums show): > > # for i in $(ls -1d root_170430_g0n*.d/); do sum=$(echo $i|sed > 's/\.d\//\.sum/'); echo $sum ; read FAKE ; j=$(echo $i | sed > 's/\.d\//\.tar.gz/'); ls -l $j $i ; cd $i; pwd ; read FAKE ; for file in > $(find ./ -name '*'); do if [ -f "$file" ]; then sha256sum $file >> ../$sum ; > fi; done ; cd - ; done ; > > Now if I just place the cursor, by moving with Alt-F (skipping "words") and > Ctrl-F (skipping 1 char) to just after: > > "for i in $(ls -1d root_170430_g0n*.d/" in that command, > > and if I then hit Tab for completion on the experssion there, I get (and I'm > sorry for the mess, but that's what I get): > > g0n ~ # for i in $(ls -1d root_170430_g0n*.dbash: unexpected EOF while > looking for matching `)'bash: syntax error: unexpected end of > file//\.tar.gz/'); ls -l $j $i ; cd $i; pwd ; read FAKE ; for file in $(find > ./ -name '*'); do if [ -f "$file" ]; then sha256sum $file >> ../$sum ; fi; > done ; cd - ; done ; > > NOTE (at proofreading time): rechecked, I do get that same behavior the day > after (wrote most of this yesterday, still to send this morning). > > [[ > NOTE (before delayed sending): In fact, it is only this clone that exibits the > above Bash malfunctioning. I just checked the same for loop command (some six > paragraphs above) in my Air-Gapped master [1] (never any internet it sees, The [1] is important for understanding, especially this Bash issue in my Gentoo instance. Because in my Air-Gapped Gentoo instance that issue does not show at all. > longer workaround/detailed checking before updating it with stuff from > internet, sneakernet or optical media), and it is just fine. That line, simply > gave what it should: > > # for i in $(ls -1d root_170430_g0n*.d/); do sum=$(echo $i|sed > 's/\.d\//\.sum/'); echo $sum ; read FAKE ; j=$(echo $i | sed > 's/\.d\//\.tar.gz/'); ls -l $j $i ; cd $i; pwd ; read FAKE ; for file in > $(find ./ -name '*'); do if [ -f "$file" ]; then sha256sum $file >> ../$sum ; > fi; done ; cd - ; done > root_170430_g0n_1.d// root_170430_g0n_2.d// root_170430_g0n.d// > # [[and the same command line was back here]] > > under exact same conditions/circumstances as the clone of my Air-Gapped. And > it's similar with some other completion issues: they seem non-existent in my > Air-Gapped. > ]] This is the main point (in my clone that I use for online): > IOW, first, Bash sullied the entire line, which is not very considerate of > Her, and second that's not some usual error. Just fo
Re: [gentoo-user] Inconsistent behavior in my Gentoo OS instance
On 170502-10:33+0200, Raffaele Belardi wrote: > Miroslav Rovis wrote: > > gzip apparently inconsistent behavior occupies the most part of the report > > on > > inconsistencies here (esp. the script make_gzip_archives_consistent.sh). > > Checked on my system, same behaviour, looking inside the gzip file you see > why. I used > shed but strings is easier: > > $ strings eix-installed-after_1.gz > eix-installed-after_1 > ... > > $ strings eix-installed-after_2.gz > eix-installed-after_2 > ... > > gzip stores the filename in the compressed file so the files differ. No, it doesn't, on my system. Did you really check the files: https://lists.gt.net/engine?do=post_attachment;postatt_id=51651;list=gentoo https://lists.gt.net/engine?do=post_attachment;postatt_id=51652;list=gentoo (these should download as eix-installed-after_1.gz former and eix-installed-after_2.gz the latter)? And they have these SHA256: fff6f3f0f07c863fee6962379f063f742578569fd13fcee3df9161b4a6d99aa7 eix-installed-after_1.tar.gz b88cd07885fbdc2235c9c64be7d02aa9ace7661cc2fce07909355e369366b408 eix-installed-after_2.tar.gz If you did check those files, and there are the strings you say, at what byte, the start, and the end... Really don't know how you got that... > But you get different results even if you use the same file name, so digging > into the file > format (e.g. http://www.zlib.org/rfc-gzip.html#file-format) you find that > gzip stores the > MTIME (Modification TIME) in the file header, so even equally-named files > will also differ. > > HTH, I did not have the time to go through your long email completely. > > raffaele And for easier insight into this plight of mine with these inconsistencies/issues, I am about to send another, I hope much clearer email --but no gzip issue in the new email, if gzip to discuss, pls, this sub-thread should better be used-- I resend a different email because I need the old quotes, removed in your reply... Thanks for caring! -- Miroslav Rovis Zagreb, Croatia https://www.CroatiaFidelis.hr signature.asc Description: Digital signature
[gentoo-user] Inconsistent behavior in my Gentoo OS instance
read FAKE ; j=$(echo $i | sed 's/\.d\//\.tar.gz/'); ls -l $j $i ; cd $i; pwd ; read FAKE ; for file in $(find ./ -name '*'); do if [ -f "$file" ]; then sha256sum $file >> ../$sum ; fi; done ; cd - ; done ; Now if I just place the cursor, by moving with Alt-F (skipping "words") and Ctrl-F (skipping 1 char) to just after: "for i in $(ls -1d root_170430_g0n*.d/" in that command, and if I then hit Tab for completion on the experssion there, I get (and I'm sorry for the mess, but that's what I get): g0n ~ # for i in $(ls -1d root_170430_g0n*.dbash: unexpected EOF while looking for matching `)'bash: syntax error: unexpected end of file//\.tar.gz/'); ls -l $j $i ; cd $i; pwd ; read FAKE ; for file in $(find ./ -name '*'); do if [ -f "$file" ]; then sha256sum $file >> ../$sum ; fi; done ; cd - ; done ; NOTE (at proofreading time): rechecked, I do get that same behavior the day after (wrote most of this yesterday, still to send this morning). [[ NOTE (before delayed sending): In fact, it is only this clone that exibits the above Bash malfunctioning. I just checked the same for loop command (some six paragraphs above) in my Air-Gapped master [1] (never any internet it sees, longer workaround/detailed checking before updating it with stuff from internet, sneakernet or optical media), and it is just fine. That line, simply gave what it should: # for i in $(ls -1d root_170430_g0n*.d/); do sum=$(echo $i|sed 's/\.d\//\.sum/'); echo $sum ; read FAKE ; j=$(echo $i | sed 's/\.d\//\.tar.gz/'); ls -l $j $i ; cd $i; pwd ; read FAKE ; for file in $(find ./ -name '*'); do if [ -f "$file" ]; then sha256sum $file >> ../$sum ; fi; done ; cd - ; done root_170430_g0n_1.d// root_170430_g0n_2.d// root_170430_g0n.d// # [[and the same command line was back here]] under exact same conditions/circumstances as the clone of my Air-Gapped. And it's similar with some other completion issues: they seem non-existent in my Air-Gapped. ]] IOW, first, Bash sullied the entire line, which is not very considerate of Her, and second that's not some usual error. Just for clarity, it wrote this: bash: unexpected EOF while looking for matching `)'bash: syntax error: unexpected end of file (and it wrote it by overwriting, which I never used to see in Bash) What's going on there?... Ah... Importantly: do any of you other users get some erratic unusual behavior like this with Bash? Of course, I can move to the start of the line with Ctrl-A and then issue Ctrl-K to clear and capture to the entire line and then issue Ctrl-Y to paste it back, and no disorderly message remains, but Bash isn't behaving... I'll try and send this soon, but I first need to finish my backup... Backup is done. Just, I guess if the reader has this bash version installed: $ bash --version GNU bash, version 4.4.12(1)-release (x86_64-pc-linux-gnu) Copyright (C) 2016 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software; you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. $ they might be able to reproduce such kind of misbehavior. And finally, and this is what eix throws on any package that I would check: g0n ~ # eix memtest86+ * sys-apps/memtest86 Available versions: 4.3.7 (~)4.3.7-r1 {serial} Homepage:http://www.memtest86.com/ Description: A stand alone memory test for x86 computers * sys-apps/memtest86+ Available versions: 2.01^t 4.00^t 4.20-r1 (~)4.20-r3 5.01-r2 (~)5.01-r3 {floppy iso serial} Homepage:http://www.memtest.org/ Description: Memory tester based on memtest86 Found 2 matches Received SIGSEGV - you probably found a bug in eix. Please proceed with the following few instructions and help us find the bug: * install gdb (sys-devel/gdb) * reemerge eix with FEATURES="nostrip" CXXFLAGS="-g -ggdb3" LDFLAGS="" * enter gdb with "gdb --args eix your_arguments_for_eix" * type "run" and wait for the segfault to happen * type "bt" to get a backtrace (this helps us a lot) * post a bugreport and be sure to include the output from gdb. Sorry for the inconvenience and thanks in advance! g0n ~ # Too many inconsistencies. Where do I start searching for the causes? (As far as the fourth "inconsistency", I was thinking about trying memtest as per: Message-ID: <lo1p123mb067395fd4e9010b549743c9280...@lo1p123mb0673.gbrp123.prod.outlook.com> How to get memtest onto a USB drive https://lists.gt.net/gentoo/user/325837#325837 , but that's just for lack of other ideas, these issues don't look like bad memory. I might still try it, but when I go to sleep, not sooner. ) Regards! --- [1] My methods are still these: Air-Gapped Gentoo Install, Tentative https://forums.gentoo.org/viewtopic-t-987268.html
Re: [gentoo-user] Re: How to set size to windows in Openbox in local config [SOLVED]
Hi Floyd! This is just an interim notice-reply. I need a few days to find a couple of hours time to study the links you gave. I only wish to express my appreciation, as the links look interesting and to the point, as well as the rest of your reply. On 170422-04:35+0200, Floyd Anderson wrote: > On Fr, 21 Apr 00:12:28 +0200 > Miroslav Rovis <miro.ro...@croatiafidelis.hr> wrote: > >On 170420-05:57+0200, Floyd Anderson wrote: > >> On Do, 13 Apr 21:55:29 +0200 > >> Miroslav Rovis <miro.ro...@croatiafidelis.hr> wrote: ... > >> back from some computer-free holidays, > >I hope you had good and restful time! ... > >[2] openbox window positions > > https://lists.gt.net/gentoo/user/325342 > > (and my reply to it contains digressions, but also simple > > questions...) > > > Your plan with the Apache cgit repo seems to be a nice challenge to > learn something but as I noted above, creating and maintaining an > overlay for so tiny things is a little bit overkill in my opinion. > Fetching the related Git repository from time to time and you are done > while an overlay needs probably more significant work. > > As an example, I am currently just imagine I have to create overlays for > my favourite Vim plugins instead of using well known manager like > Vundle, NeoBundle, Dein or what else. That were a lot of work for the > overlay solution or did I miss the point? > > > References: > [1] > <https://blogs.gentoo.org/mgorny/2016/02/08/a-quick-note-on-portable-shebangs/> > > -- > Regards, > floyd -- Miroslav Rovis Zagreb, Croatia https://www.CroatiaFidelis.hr signature.asc Description: Digital signature
Re: [gentoo-user] Palemoon again - again
On 170421-07:04+0100, Peter Humphrey wrote: > On Thursday 20 Apr 2017 17:59:13 Walter Dnes wrote: > > On Tue, Apr 18, 2017 at 10:06:12AM +0100, Peter Humphrey wrote > > > > > On Monday 17 Apr 2017 13:05:59 Walter Dnes wrote: > > > > 2) USE="-system-libs" is recommended. Yes, this does make the binary > > > > slightly larger. But it avoids problems where changing API/ABI in the > > > > system lib causes subtle problems for the program. It may also reduce > > > > dependancies pulled in, depending on what your other programs have > > > > pulled in. > > > > > > I don't see any of those USE flags. This is from the octopus overlay: https://github.com/Bfgeshka/octopus where it sticks out (very much, for me, because I actively decrypt rather often): palemoon with system-nss support which could be a good thing. But I'm not sure it would really be necessary. palemoon-overlay with stock palemoon: https://github.com/deuiore/palemoon-overlay , which packages its own nss, not system's nss, and it hasn't shown to be deficient, in my experience (but I'm not very advanced). I'll gladly read more reviews if anyone is willing to share, about octopus vs palemoon-overlay (which differently compile Pale Moon). > > > > > > [ebuild R ~] www-client/palemoon-27.2.1::octopus USE="alsa dbus > > > ffmpeg gtk2 official-branding optimize printing speech spell wave webm > > > -devtools -gtk3 -jemalloc -necko-wifi -pulseaudio -shared-js > > > -strip-binaries -system-cairo -system-compress -system-images > > > -system-libevent -system-pixman -system-spell -system-sqlite -system-vpx > > > -valgrind -webrtc" 0 KiB > > > > That ebuild does things differently. The other palemoon ebuild was > > all-or-nothing for a bunch of system libs. The octopus ebuild is > > granular, allowing separate choices for system-cairo system-compress > > system-images system-libevent system-pixman system-spell system-sqlite > > and system-vpx. > > As I'm now on sys-devel/gcc-5.4.0-r3 I'll have to assess what to do next. > That will be after I've finished sorting out another problem I have. That's just fine. Take your time. I'll also be interested to know. Maybe I get an answer to my questions (such as the one above) without much (more) investigating myself about it (I myself often get lost in the amount of learning to get the right things done). Just in case, you can have more then one gcc, i.e. you can have both 4.x and 5.x gcc, like: # equery l gcc * Searching for gcc ... [I-O] [ ] cross-arm-unknown-linux-gnueabi/gcc-5.4.0-r3:5.4.0 [IP-] [ ] sys-devel/gcc-4.9.4:4.9.4 [IP-] [ ] sys-devel/gcc-5.4.0-r3:5.4.0 # if you set: # grep multislot /etc/portage/package.use/package.use.file sys-devel/gcc multislot fortran # [if you set] the "multislot" use flag. I previously followed the recommandation to build with gcc 4-x. I changed later. Regards! -- Miroslav Rovis Zagreb, Croatia https://www.CroatiaFidelis.hr signature.asc Description: Digital signature
Re: [gentoo-user] Re: How to set size to windows in Openbox in local config [SOLVED]
On 170420-05:57+0200, Floyd Anderson wrote: > On Do, 13 Apr 21:55:29 +0200 > Miroslav Rovis <miro.ro...@croatiafidelis.hr> wrote: ... > > > >But I forgot floyd has got a "patch to keep the window position while > >resizing the font" and offered it: > > > >https://marc.info/?l=gentoo-user=149205691530349=2 ... > > Hi Miroslav, > > back from some computer-free holidays, I hope you had good and restful time! > I haven’t forgotten that I owe > you a patch. Study my attached approach and if you like, apply the patch > at your own risk (it should be clean applicable to the currently latest > upstream commit [1]). which I just git clone'd, for that purpose. > If you have any questions or ideas, get back to me. Don't worry, I will! With my usual excuse for my slowness and relative inaptitude... > But keep in mind, > I’m neither a developer nor a GUI programmer guru. > > It has some limits and/or doesn’t resolve certain issues: > - the patch assumes ‘NorthWest’ as the reference point for the window > gravity. NW is just fine, I would expect that, it's the usual default. > - if terminal background is colourised via escape sequences (as Andrew > mentioned in [2]), Yeah, I had marked important that email previously already, but only now found some time to study the links (and only *some* time)... And some of these notes of yours below I'll only more fully understand when I, hopefully, try and apply the patch (more about my plan on that further below): > you may notice that a borderless window colourise > only full cells (of rows/columns), not the gap between a terminal > cell end and the window edge. Framed windows seems not to be > affected by this behaviour. > - window edges flutters/flickers while resizing fonts (independently > from step-size and also when using escape sequences for resizing) > - toggling a window between normal -> fullscreen/maximised state -> > and back, you may notice that the window size has changed. I don’t > know the reason for this issue (which occurs independently from the > urxvt-font-size extension and my patch). > - different window manager (WM) probably produces different > behaviours. Think about a WM that try to imitate a tiling window > manager by automatic resizing/positioning within a snapping area > near the desktop edges. > - patch is tested to my moderate needs but not fully with all kinds of > fonts, WMs, multi monitor environment, etc. > - ... > > The patch is too unimportant to solve some/all of the above issues > and/or bloating up the urxvt extension script. And additionally, > rxvt-unicode won’t and doesn’t expose all Xlib functions (such as > XGetWindowAttributes) in urxvtperl, the embedded perl interpreter. So it $ man urxvtperl # but how cryptic!, how long study that will be... I don't have all those hours right now... I hope I'll find a solution with less time to invest, else... > will be tricky sometimes, to solve a specific behaviour. > > My used and tested urxvt-font-size related Xresource settings: > URxvt.font-size.keepwin:true > URxvt.font-size.step: 4 > URxvt.keysym.C-0xffad: font-size:decrease > URxvt.keysym.C-0xffab: font-size:increase > URxvt.keysym.C-0xffb0: font-size:reset > > Since I use the default keysyms for font-size:{decrease,increase,reset} > in Vim, I changed those defaults to C-KP_Substract (C-0xffad), C-KP_Add > (C-0xffab), C-KP_0 (C-0xffb0) like in Firefox and others. I don't get what these are. Not at this time. And this is my second reading of your email... NOTE (at proofreading): Is that 'C-KP_Substract' should read 'C-KP_Subtract'?, the "-" on the keypad? So 'C-KP_Subtract' means Ctrl-?, and C-KP_0 means Ctrl-0? I also compared what I have currently installed: # eix urxvt-font-size [I] x11-misc/urxvt-font-size Available versions: 1.1 ** Installed versions: 1.1(13:07:28 22/02/15) Homepage:https://github.com/majutsushi/urxvt-font-size/ Description: Perl extension for rxvt-unicode to change the font size on the fly # # qlist urxvt-font-size /usr/lib64/urxvt/perl/font-size /usr/share/doc/urxvt-font-size-1.1/README.markdown.bz2 # [I compared what I have currently installed] with the version, which is the version that, IIUC, I plan to hopefully try and patch with your patch... > > References: > [1] > <https://github.com/majutsushi/urxvt-font-size/commit/0cc2624489fb60fcebf85d5c4dd62f425196c5b0> That's the the two colons that Jan Larres, the current maintainer left out, and you reminded him they were missing. Nice of
Re: [gentoo-user] Palemoon with gcc-5 without issues WAS: Palemoon again - again
On 170419-00:51+0100, Peter Humphrey wrote: > On Tuesday 18 Apr 2017 17:04:16 Miroslav Rovis wrote: > > On 170418-09:17+, J. Roeleveld wrote: > > > If you are certain you don't have gcc in slot 5.x installed. You can > > > add palemoon to /etc/portage/package.unmask > > > > "If" is what I would start with. Because it's hard to believe. Possible, > > but I'd be more believing if I saw 'emerge --info' and 'gcc-config -l' > > of that machine in that time. > > peak ~ # gcc-config -l > [1] x86_64-pc-linux-gnu-4.9.4 * > peak ~ # > > I say again: I have just the one version of GCC installed. And it isn't 5.x > either. Why is that hard to accept? > > -- > Regards > Peter If you don't want to read the analysis below, here's the summary: I received your message, with the info missing in your earlier messages, only later, because I replied to the same message to which your message containing the missing info, just 8 minutes after you replied... Sorry anyway! --- WARNING: below is probably superfluous, it's mail timestamps and such... Reader freely skip all! --- I'm sorry for the confusion. But see below if it was my fault. If I had gotten your message: Message-ID: <2085829.vpf8hVLQL8@peak> https://lists.gt.net/gentoo/user/325462#325462 which was actually in reply to the same email: Message-ID: <d90e68bf-08f6-4e71-9b55-e2cb68a9f...@antarean.org> https://lists.gt.net/gentoo/user/325446#325446 ( I checked marc.info archives as well, and changing the subject really splits the thread... Not good! Lurker would have done better service here... (Lurker not even available in Gentoo. I think Lurker available only in Debian/Devuan and their family...) ) [which was actually in reply to the same email] to which my message (which you partly quote above) was in reply to, but... ...But which message of mine appears later in the thread (in my Mutt, or likely in whatever UAs other subscribers use) as well as in the web (I changed the subject, but the number is incremented by 6, pretty obviously some consecutive serial increment, by arrival [1]): https://lists.gt.net/gentoo/user/325468#325468 If I had gotten that message of yours with an equivalent of the info that I wished to see when I mentioned 'gcc-config': I would not have doubted your claims in the very least. However: Date: Tue, 18 Apr 2017 15:56:12 +0100 From: Peter Humphrey <pe...@prh.myzen.co.uk> To: gentoo-user@lists.gentoo.org and: Date: Tue, 18 Apr 2017 17:04:16 +0200 From: Miroslav Rovis <miro.ro...@croatiafidelis.hr> To: gentoo-user@lists.gentoo.org and that's only 8 minutes later, that I sent my message, unaware of your reply. How could I have known that you had already replied in regard... Sorry, anyway. --- [1] And it also shows, in the message headers, that my message was delivered by my provider, not the hoster of croatiafidelis.hr, they do a good job, and they use Exim server... Not them, they sent fine, but by the provider, they're on some Microsoft server, erhm, erhm... [my message was delivered on by my provider] some 40 minutes later only... Else it would have had the serial just incremented by 1 and not 6 in respect to your message, if it wasn't stalled for who knows what reason at my provider's. -- Miroslav Rovis Zagreb, Croatia https://www.CroatiaFidelis.hr signature.asc Description: Digital signature
[gentoo-user] Palemoon with gcc-5 without issues WAS: Palemoon again - again
On 170418-09:17+, J. Roeleveld wrote: > On April 18, 2017 11:06:12 AM GMT+02:00, Peter Humphrey > <pe...@prh.myzen.co.uk> wrote: > >On Monday 17 Apr 2017 13:05:59 Walter Dnes wrote: > >> A couple of things to note, which also apply to building Firefox ... > >I don't see any of those USE flags. This is from the octopus overlay: ... > >This is in spite of having "www-client/palemoon" (no qualifiers) in > >package.keywords, and having only version 4.9.4 p1.0 of GCC installed. > > > >Really, sometimes I doubt the evidence of my own eyes. :-( > > If you are certain you don't have gcc in slot 5.x installed. You can > add palemoon to /etc/portage/package.unmask "If" is what I would start with. Because it's hard to believe. Possible, but I'd be more believing if I saw 'emerge --info' and 'gcc-config -l' of that machine in that time. But I'll depart on a tangent. Actually on this gcc-tangent, so to speak. Namely I keep updating my Palemoon, remaining on gcc-5, and have no issues. Here is my gcc-config listing: [1] arm-unknown-linux-gnueabi-5.4.0 [2] arm-unknown-linux-gnueabi-5.4.0-hardenednopie [3] arm-unknown-linux-gnueabi-5.4.0-hardenednopiessp [4] arm-unknown-linux-gnueabi-5.4.0-hardenednossp [5] arm-unknown-linux-gnueabi-5.4.0-vanilla * [6] x86_64-pc-linux-gnu-4.9.4 [7] x86_64-pc-linux-gnu-4.9.4-hardenednopie [8] x86_64-pc-linux-gnu-4.9.4-hardenednopiessp [9] x86_64-pc-linux-gnu-4.9.4-hardenednossp [10] x86_64-pc-linux-gnu-4.9.4-vanilla [11] x86_64-pc-linux-gnu-5.4.0 * [12] x86_64-pc-linux-gnu-5.4.0-hardenednopie [13] x86_64-pc-linux-gnu-5.4.0-hardenednopiessp [14] x86_64-pc-linux-gnu-5.4.0-hardenednossp [15] x86_64-pc-linux-gnu-5.4.0-vanilla > That will override the package.mask from the overlay. > I wouldn't even bet that would solve the issue (but that's just my bet, I'm not very advanced to offer actual analysis, it's just my feeling... However, I've spent many hours compiling Palemoon over the last three or four months...). I'd like to know if anybody runs Palemoon built with gcc-5, like I build it? Because it's strange that I just don't have issues with it, and normally Palemoon from: https://github.com/deuiore/palemoon-overlay won't even build with gcc-5... I changed a few things, and generally, not much has changed from the time I made this fork/branch: https://github.com/miroR/palemoon-overlay/tree/develop which constitutes the pull request in the main overlay: https://github.com/deuiore/palemoon-overlay/pull/34 I have posted about it at: Pale Moon Air-Gapped portage EAPI 6 Install WAS: [Logging] SSL with PM https://lists.gt.net/gentoo/user/323422 and if there is any interest, I can try and find time to update that pretty unprofessionally made fork of mine there... The ebuild would need to be updated, e.g. my current version is: Version: 27.3.0a1 (64-bit) (2017-04-18) And it installs the same way in Air-Gapped in the fashion described in that "Pale Moon Air-Gapped portage EAPI 6 Install" topic on this mailing list, as it would from online git, except the Air-Gapped way is much much safer, and... And, for that installation of mine, this installation actually: # emerge -pv palemoon These are the packages that would be merged, in order: Calculating dependencies ... done! [ebuild R] www-client/palemoon-27.3.0-r3::miro USE="alsa gtk2 official-branding optimize -dbus -gtk3 -jemalloc -necko-wifi -pulseaudio -shared-js -system-libs -valgrind -webrtc" LINGUAS="-cs -de -es_AR -es_ES -es_MX -fr -hu -it -ja -ko -pl -ru -zh_CN" 0 KiB Total: 1 package (1 reinstall), Size of downloads: 0 KiB # [for that installation], here's the ebuild, I'm attaching it: palemoon-27.3.0-r3.ebuild I can't remember with certainty, but I think that the "palemoon-1-r1" eclass that's necessary to build with gcc-5 (that is, aside from the naming changes that are necessary to do in the ebuild, which ebuild is otherwise a copy of deuoire's ebuild --e.g. ffmpeg is now used for HTML5, not gstreamer, and other likely good changes--... [aside from the naming changes], that eclass is what is also necessary, to build with gcc-5. It's just some commenting out in that eclass that's needed to get the gcc-5 compilation. And that palemoon-1-r1 eclass I think hasn't change, but I'd need to look it up more closely (time... much time needed in these affairs...)... Of course, all that done in your custom overlay (earlier name was local overlay). But if anybody is interested, pls. have patience, I'm most usually a slow worker... -- Miroslav Rovis Zagreb, Croatia https://www.CroatiaFidelis.hr # Copyright 1999-2017 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 # $Id$ EAPI=6 REQUIRED_BUILDSPACE='7G' # For mozlinguas: MOZ_LANGS=( cs de es-AR es-ES es-MX fr hu it ja ko pl ru zh-CN ) MOZ_LANGPA
Re: [gentoo-user] New AMD hardware. [Was: Nvidia Drivers. =(]
On 170417-11:19+0200, Miroslav Rovis wrote: > On 170415-13:50+, Alan Mackenzie wrote: ... > It's --zero, I don't remember well at all. Use mdadm to zero > the mdadm-related stuff. It's --zero-superblock or very similar to that... Happy Easter to all believers! -- Miroslav Rovis Zagreb, Croatia https://www.CroatiaFidelis.hr signature.asc Description: Digital signature
Re: [gentoo-user] New AMD hardware. [Was: Nvidia Drivers. =(]
On 170415-13:50+, Alan Mackenzie wrote: > Hello, Alan. > > On Mon, Apr 10, 2017 at 21:12:44 -0400, Alan Grimes wrote: ... > I've got 90% through a Gentoo installation on it, and I'm just > considering how best to un-mdadm my boot partition (which I mistakenly > turned into a RAID partition with its partner on the other drive). I > can't erase the mdadm metadata stuff with mkfs.ext4 (even with the > "force" parameter), and I don't think mdadm provides a method for > undoing RAID. I can see myself having to use dd from /dev/zero to be > able to get my partitions back again. > ... I haven't used mdadm, and don't have it installed at this time, but, as best I can recollect, it's in the mdadm manual page. It's --zero, I don't remember well at all. Use mdadm to zero the mdadm-related stuff. Sorry, can't remember any more details. Haven't used rad in quite some time. -- Miroslav Rovis Zagreb, Croatia https://www.CroatiaFidelis.hr signature.asc Description: Digital signature
Re: [gentoo-user] Re: How to set size to windows in Openbox in local config [SOLVED]
ERRATA: I wrote... On 170413-21:19+0200, Miroslav Rovis wrote: ... [... I wrote]: > Only ERRATA may follow in the topic, as far as I am concerned. But I forgot floyd has got a "patch to keep the window position while resizing the font" and offered it: https://marc.info/?l=gentoo-user=149205691530349=2 And I, in my reply, accepted to try and apply it. So, it depends on him if this topic is over or not. It's very related, so probably best not to do any new subject for it. -- Miroslav Rovis Zagreb, Croatia https://www.CroatiaFidelis.hr signature.asc Description: Digital signature
Re: [gentoo-user] gkrellm [Was: Something eats my memory - please help]
On 170411-19:08+0100, Neil Bothwick wrote: > On Tue, 11 Apr 2017 17:45:04 +0200, Miroslav Rovis wrote: > > > Not sure I understand. I don't have anything in > > /usr/share/gkrellm2/ > > let alone a file by the name > > /usr/share/gkrellm2/themes/invisible/gkrellmrc > > % qfile /usr/share/gkrellm2/themes/invisible/gkrellmrc > x11-themes/gkrellm-themes (/usr/share/gkrellm2/themes/invisible/gkrellmrc) > > It's part of gkrellm-themes. > Ah!... But... Spartan austerity here. Default themes are just fine for me. -- Miroslav Rovis Zagreb, Croatia https://www.CroatiaFidelis.hr signature.asc Description: Digital signature
Re: [gentoo-user] gkrellm [Was: Something eats my memory - please help]
On 170411-15:16+0100, Peter Humphrey wrote: > On Tuesday 11 Apr 2017 03:50:38 Dale wrote: > > > Another thing, at least this used to work, adjusting fonts and their > > size. That generally affects the height some too. > > > > I'm not aware of a way to do that as a whole with a single setting. If > > someone knows of one, I'd be interested in it too. > > Note this in the rc file of the theme I use: > > $ grep _font /usr/share/gkrellm2/themes/invisible/gkrellmrc > large_font = "-adobe-helvetica-medium-r-normal-*-*-100-*-*-p-*-*-*" > normal_font = "-adobe-helvetica-medium-r-normal-*-*-100-*-*-p-*-*-*" > small_font = "-adobe-helvetica-medium-r-normal-*-*-80-*-*-p-*-*-*" > StyleChart *.font = normal_font > StyleChart *.alt_font = small_font > StylePanel *.font = normal_font > StylePanel *.alt_font = normal_font > StyleMeter *.font = normal_font > StyleMeter *.alt_font = small_font > StyleMeter cal.font = med_font > StyleMeter cal.alt_font = large_font > StyleMeter clock.font = large_font > StyleMeter fs.alt_font = normal_font > > I once tried playing about with the fonts specified in there, but I didn't > manage to make any worthwhile improvement so I put it back as before. > > -- > Regards > Peter > Not sure I understand. I don't have anything in /usr/share/gkrellm2/ let alone a file by the name /usr/share/gkrellm2/themes/invisible/gkrellmrc Have a look at what: # equery f gkrellm told me, pls. open attachment: equery_f_gkrellm.txt Regards -- Miroslav Rovis Zagreb, Croatia https://www.CroatiaFidelis.hr /etc /etc/conf.d /etc/conf.d/gkrellmd /etc/gkrellmd.conf /etc/init.d /etc/init.d/gkrellmd /usr /usr/bin /usr/bin/gkrellm /usr/bin/gkrellmd /usr/include /usr/include/gkrellm2 /usr/include/gkrellm2/gkrellm-public-proto.h /usr/include/gkrellm2/gkrellm.h /usr/include/gkrellm2/gkrellmd.h /usr/include/gkrellm2/log.h /usr/lib /usr/lib64 /usr/lib64/pkgconfig /usr/lib64/pkgconfig/gkrellm.pc /usr/share /usr/share/applications /usr/share/applications/gkrellm-gkrellm-2.desktop /usr/share/doc /usr/share/doc/gkrellm-2.3.10 /usr/share/doc/gkrellm-2.3.10/CREDITS.bz2 /usr/share/doc/gkrellm-2.3.10/Changelog.bz2 /usr/share/doc/gkrellm-2.3.10/README.bz2 /usr/share/doc/gkrellm-2.3.10/html /usr/share/doc/gkrellm-2.3.10/html/Changelog-plugins.html /usr/share/doc/gkrellm-2.3.10/html/Changelog-themes.html /usr/share/doc/gkrellm-2.3.10/html/Themes.html /usr/share/locale /usr/share/locale/bg /usr/share/locale/bg/LC_MESSAGES /usr/share/locale/bg/LC_MESSAGES/gkrellm.mo /usr/share/locale/cs /usr/share/locale/cs/LC_MESSAGES /usr/share/locale/cs/LC_MESSAGES/gkrellm.mo /usr/share/locale/da /usr/share/locale/da/LC_MESSAGES /usr/share/locale/da/LC_MESSAGES/gkrellm.mo /usr/share/locale/de /usr/share/locale/de/LC_MESSAGES /usr/share/locale/de/LC_MESSAGES/gkrellm.mo /usr/share/locale/es /usr/share/locale/es/LC_MESSAGES /usr/share/locale/es/LC_MESSAGES/gkrellm.mo /usr/share/locale/fr /usr/share/locale/fr/LC_MESSAGES /usr/share/locale/fr/LC_MESSAGES/gkrellm.mo /usr/share/locale/it /usr/share/locale/it/LC_MESSAGES /usr/share/locale/it/LC_MESSAGES/gkrellm.mo /usr/share/locale/ja /usr/share/locale/ja/LC_MESSAGES /usr/share/locale/ja/LC_MESSAGES/gkrellm.mo /usr/share/locale/nl /usr/share/locale/nl/LC_MESSAGES /usr/share/locale/nl/LC_MESSAGES/gkrellm.mo /usr/share/locale/pl /usr/share/locale/pl/LC_MESSAGES /usr/share/locale/pl/LC_MESSAGES/gkrellm.mo /usr/share/locale/pt /usr/share/locale/pt/LC_MESSAGES /usr/share/locale/pt/LC_MESSAGES/gkrellm.mo /usr/share/locale/pt_BR /usr/share/locale/pt_BR/LC_MESSAGES /usr/share/locale/pt_BR/LC_MESSAGES/gkrellm.mo /usr/share/locale/ru /usr/share/locale/ru/LC_MESSAGES /usr/share/locale/ru/LC_MESSAGES/gkrellm.mo /usr/share/locale/sl /usr/share/locale/sl/LC_MESSAGES /usr/share/locale/sl/LC_MESSAGES/gkrellm.mo /usr/share/locale/sv /usr/share/locale/sv/LC_MESSAGES /usr/share/locale/sv/LC_MESSAGES/gkrellm.mo /usr/share/locale/uk /usr/share/locale/uk/LC_MESSAGES /usr/share/locale/uk/LC_MESSAGES/gkrellm.mo /usr/share/man /usr/share/man/man1 /usr/share/man/man1/gkrellm.1.bz2 /usr/share/man/man1/gkrellmd.1.bz2 /usr/share/pixmaps /usr/share/pixmaps/gkrellm.xpm signature.asc Description: Digital signature
Re: [gentoo-user] gpg: selftest for CTR failed - see syslog for details
On 170406-18:29+0200, Miroslav Rovis wrote: > On 170406-16:43+0100, Mick wrote: > > On Thursday 06 Apr 2017 11:10:56 Fernando Rodriguez wrote: > > > On 04/05/2017 10:22 PM, Miroslav Rovis wrote: ... > > If the error is "missing key" have you used 'gpg -K ' to see if the > > key is in your keyring and also if it is trusted/revoked/expired? > > -- > > Regards, > > Mick > > What I would do if I were in your place, Fernando, I would make certain > the GnuPG install is fine, by starting from scratch, even making a new > key. And if that worked fine, it could be the old keys of yours. > > (BTW, I do use ecryption sometimes and signing very much, but I'm not an > expert. ;-) E.g., I've never used debugging yet.) > > -- How could I have forgotten. Try the above, and if the issue persists, ask here: http://lists.gnupg.org/mailman/listinfo/gnupg-users -- Miroslav Rovis Zagreb, Croatia https://www.CroatiaFidelis.hr signature.asc Description: Digital signature
Re: [gentoo-user] gpg: selftest for CTR failed - see syslog for details
On 170406-16:43+0100, Mick wrote: > On Thursday 06 Apr 2017 11:10:56 Fernando Rodriguez wrote: > > On 04/05/2017 10:22 PM, Miroslav Rovis wrote: > > > On 170405-18:01-0400, Fernando Rodriguez wrote: > > >> Hello, > > >> > > >> After a recent update I'm getting this error whenever I try to encrypt > > >> > > >> or decrypt using gnupg. Here's error: > > >>> gpg: selftest for CTR failed - see syslog for details > > >>> gpg: O j: ... this is a bug (seskey.c:61:make_session_key) > > >>> Aborted > > >> > > >> And the syslog: > > >>> gpg[8945]: Libgcrypt warning: AES-CTR-128 test failed (plaintext > > >>> mismatch) > > >> > > >> It started after a recent update that included gnupg and libgcrypt. The > > >> versions before the update where libgcrypt-1.7.3 and gnupg-2.1.15. After > > >> the update 1.7.6 and 2.1.18 respectively. I tried downgrading both > > >> packages but it didn't help. > > >> > > >> I tried to delete the whole ~/.gnupg directory and re-import the keys > > >> but it fails with the same error. > > >> > > >> I have another keyring on the same machine that I use with the --homedir > > >> option and I have not problems with it. > > >> > > >> When I try to generate a new key I get the following error: > > >>> Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o > > >>> We need to generate a lot of random bytes. It is a good idea to perform > > >>> some other action (type on the keyboard, move the mouse, utilize the > > >>> disks) during the prime generation; this gives the random number > > >>> generator a better chance to gain enough entropy. > > >>> gpg: agent_genkey failed: Missing key > > >>> Key generation failed: Missing key > > >> > > >> Any ideas? > > > > > > I tried some decryption. No issues here: > > > > > > $ gpg --version > > > gpg (GnuPG) 2.1.20 > > > libgcrypt 1.7.6 > > > Copyright (C) 2017 Free Software Foundation, Inc. > > > License GPLv3+: GNU GPL version 3 or later > > > <https://gnu.org/licenses/gpl.html> This is free software: you are free > > > to change and redistribute it. There is NO WARRANTY, to the extent > > > permitted by law. > > > > > > Home: /home/miro/.gnupg > > > Supported algorithms: > > > Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA > > > Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, > > > > > > CAMELLIA128, CAMELLIA192, CAMELLIA256 > > > > > > Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 > > > Compression: Uncompressed, ZIP, ZLIB, BZIP2 > > > $ > > > > > > It could be something else, or your Gnupg installation is somehow > > > broken... > > > > I took the entire .gnupg from the same machine I exported the key from > > and copied it over to this machine. Now I can at least sign messages but > > encryption/decryption still fails with the same error. > > If the error is "missing key" have you used 'gpg -K ' to see if the > key is in your keyring and also if it is trusted/revoked/expired? > -- > Regards, > Mick What I would do if I were in your place, Fernando, I would make certain the GnuPG install is fine, by starting from scratch, even making a new key. And if that worked fine, it could be the old keys of yours. (BTW, I do use ecryption sometimes and signing very much, but I'm not an expert. ;-) E.g., I've never used debugging yet.) -- Miroslav Rovis Zagreb, Croatia https://www.CroatiaFidelis.hr signature.asc Description: Digital signature
Re: [gentoo-user] gpg: selftest for CTR failed - see syslog for details
On 170405-18:01-0400, Fernando Rodriguez wrote: > Hello, > > After a recent update I'm getting this error whenever I try to encrypt > or decrypt using gnupg. Here's error: > > > gpg: selftest for CTR failed - see syslog for details > > gpg: O j: ... this is a bug (seskey.c:61:make_session_key) > > Aborted > > And the syslog: > > > gpg[8945]: Libgcrypt warning: AES-CTR-128 test failed (plaintext mismatch) > > > > It started after a recent update that included gnupg and libgcrypt. The > versions before the update where libgcrypt-1.7.3 and gnupg-2.1.15. After > the update 1.7.6 and 2.1.18 respectively. I tried downgrading both > packages but it didn't help. > > I tried to delete the whole ~/.gnupg directory and re-import the keys > but it fails with the same error. > > I have another keyring on the same machine that I use with the --homedir > option and I have not problems with it. > > When I try to generate a new key I get the following error: > > > Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o > > We need to generate a lot of random bytes. It is a good idea to perform > > some other action (type on the keyboard, move the mouse, utilize the > > disks) during the prime generation; this gives the random number > > generator a better chance to gain enough entropy. > > gpg: agent_genkey failed: Missing key > > Key generation failed: Missing key > > > > > > Any ideas? I tried some decryption. No issues here: $ gpg --version gpg (GnuPG) 2.1.20 libgcrypt 1.7.6 Copyright (C) 2017 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: /home/miro/.gnupg Supported algorithms: Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2 $ It could be something else, or your Gnupg installation is somehow broken... -- Miroslav Rovis Zagreb, Croatia https://www.CroatiaFidelis.hr signature.asc Description: Digital signature
[gentoo-user] RSA-key finally WAS: Heads up: A reason *NOT* to have xorg.conf file
(top posting, because it is a change of subject) This is the first mail on gentoo-user by fellow sexagenarian Neil with RSA PGP-key. So, you're finally dumping your old DSA key? ;-) I noticed the message wouldn't verify, looked it up, and saw the reason! Also, I was thinking, with good mailing agents, could your email be in some obscure manner (obviously not so easily) verified when quoted like in my email? (Probably not, but I was only thinking...) Regards! On 170404-22:33+0100, Neil Bothwick wrote: > On Tue, 4 Apr 2017 22:27:57 +0200 (CEST), k...@aspodata.se wrote: > > > > I have an /etc/X11/xorg.conf.d/mouse.conf file. I use it to set the > > > default acceleration profile. In your case, you should be able to > > > delete your xorg.conf and instead just use this in mouse.conf: > > > > > >Section "InputDevice" > > >Identifier "Mouse0" > > >Driver "mouse" > > >Option "Device" "/dev/whatever_you_use_currently" > > >Option "Protocol" "MouseMan" > > >EndSection > > > > Thanks for the idea, will check how xorg.conf and xorg.conf.d relate to > > each other. > > They are the same thing. One approach puts everything in one file, one > puts it in separate files that are easier to maintain. The system doesn't > care, it's there for your convenience. However using both is not > documented and probably not a good idea for that reason. > > > -- > Neil Bothwick > > Nothing is illegal if one hundred businessmen decide to do it. -- Miroslav Rovis Zagreb, Croatia https://www.CroatiaFidelis.hr signature.asc Description: Digital signature
Re: [gentoo-user] Re: Heads up: A reason *NOT* to have xorg.conf file
On 170402-20:52+0300, Nikos Chantziaras wrote: ... > xorg.conf. Instead, I have an xorg.conf.d/nvidia.conf file: > >https://pastebin.com/raw/0GsxaFRj > Why not add those 30-something lines in an attachment, or straight into the body of the message? The paste don't last really, and then when people read on the web, how do they understand? It was already pointed out by others on this mailing list. And esp. this one is just 28 lines ... =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Section "Device" Identifier "Device0" Driver "nvidia" VendorName "NVIDIA Corporation" Option "TripleBuffer" "True" Option "NoLogo" "True" Option "DynamicTwinView" "False" EndSection Section "Screen" Identifier "Screen0" Device "Device0" Monitor"XG2703-GS" DefaultDepth 24 Option "UseEdidFreqs" "TRUE" Option "TwinView" "0" SubSection "Display" Depth 24 EndSubSection EndSection Section "ServerFlags" Option "BlankTime" "0" Option "StandbyTime" "0" Option "SuspendTime" "0" Option "OffTime" "0" EndSection =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Regards! -- Miroslav Rovis Zagreb, Croatia https://www.CroatiaFidelis.hr signature.asc Description: Digital signature
Re: [gentoo-user] LXDE startup error
On 170316-21:35+, Peter Humphrey wrote: > Hello list, > > I've just finished (well, you know) installing Gentoo on a new box and given > it an LXDE desktop. Every time I start the desktop, whether by startx or via > lxdm, I immediately get an error box saying "Could not connect: No such file > or directory." Does anyone here recognise this? Google hasn't helped me. Look up what you get in /var/log/messages at the time of the error. -- Miroslav Rovis Zagreb, Croatia https://www.CroatiaFidelis.hr signature.asc Description: Digital signature
Re: [gentoo-user] Recommended CDR-Burning-frontend without QT and without KDE?
I'm trying to not make a confused email, and I'm not sure I'll succeed... My question is about grsecurity-hardened, but see below the emails that I reference to some extent. Has anyone deployed RBAC policy/-ies in their /etc/grse/policy that make for using cdrecord and other binaries of cdrtools as normal user. I remember having tried, but not having had much time to investigate and learn what was required to get it done, I had to go with running cdrecord as root user, which certainly is not a good thing... I didn't have such problems with growisofs. Just to make sure I didn't miss something, in the other email: On 170315-09:28+0100, Raffaele Belardi wrote: > tu...@posteo.de wrote: > > > > is it possible to run xcdroast without root ( i.e. user root or suid > > )? > > > > The first time you need to run it as root to enable non-root mode, it > sets suid on some files (or asks you to, I don't remember), afterwards > you can run as regular user. So the answer to your question is yes and > no. That, I guess regards only xcdroast, not cdrtools which it uses, right? I'm not certain about it, because, as I said above, I did end up running cdrecord as root, becaue I couldn't get the permissions right... And of course this is likely the most relevant: On 170315-10:43+0100, Joerg Schilling wrote: > <tu...@posteo.de> wrote: > > > is it possible to run xcdroast without root ( i.e. user root or suid > > )? > > Unfortunately xcdroast did miss that Linux finally implemented working > support > for fine grained privileges 4 years ago. > > In theory, you should be able to convert the suid wrapper it installs into a > no-op > wrapper to make it happy and use cdrtools-binaries that are installed via > "setcap". > > Jörg > > -- > EMail:jo...@schily.net(home) Jörg Schilling D-13353 > Berlin > joerg.schill...@fokus.fraunhofer.de (work) Blog: > http://schily.blogspot.com/ > URL: http://cdrecord.org/private/ http://sf.net/projects/schilytools/files/' > But that too appears to be about xcdroast... ( I know I could also ask about the following on gentoo-hardened ML, and I probably will, but I'd like to use the opportunity now that this thread is here and Joerg is reading. ) I'm actually looking for a shortcut solution, because I'm not left with much time to tinker and try to get it done: IOW, has anyone of the grsecurity-hardened users got the cdrecord and friends ( probably some of these, output of equery f cdrtools /usr/bin/btcflash /usr/bin/cdda2mp3 /usr/bin/cdda2ogg /usr/bin/cdda2wav /usr/bin/cdrecord /usr/bin/devdump /usr/bin/isodebug /usr/bin/isodump /usr/bin/isoinfo /usr/bin/isovfy /usr/bin/mkhybrid -> mkisofs /usr/bin/mkisofs /usr/bin/readcd /usr/bin/scgcheck /usr/bin/scgskeleton ) RBAC policies right to get normal user run them? Joerg, I used cdrecord a lot, and of course I never liked the site of the stolen cdrecord versions that some Debian folks made. I remember I was using SuSE (which back then was maintained so greatly by mostly German developers, it's sad what became of SuSE...). Also, in the discussion on scsi, you were right, not the opposite side. But I didn't participate much. I'm not an expert now, and I wasn't even an advanced user back then. Sincere ragards! -- Miroslav Rovis Zagreb, Croatia https://www.CroatiaFidelis.hr signature.asc Description: Digital signature
Re: [gentoo-user] Re: OpenGL problem after upgrading mesa and xorg-server
On 170314-06:18+, J. Roeleveld wrote: > On March 14, 2017 6:57:59 AM GMT+01:00, Miroslav Rovis > <miro.ro...@croatiafidelis.hr> wrote: ... > >/etc/portage/package.mask/package.mask.file:>=media-libs/mesa-13.0.0 > > > >( Btw. how does one search for only recent bugs, anybody? ) > > To see most recent bugs, sort on ID. > To see most recently modified bug, sort on changed. > > (Click on the column headers) Yes, it was right there for my understanding... Thanks! Can an address this long be sent, and received, in an email correctly? : "https://bugs.gentoo.org/buglist.cgi?bug_status=UNCONFIRMED_status=CONFIRMED_status=IN_PROGRESS=alias=short_desc=changeddate DESC%2Cbug_id DESC_format=advanced=substring=substring=mesa=mesa" Anyway, it's, currently, 15 bugs that have the status changed with the latest timestamp somewhere in 2017. What's happening in that development? Maybe what happens will be something like what happened with syslog-ng, where we kind of have this mid-2014 created ebuild (only be looking in Changelog which I wasn't able to find on the gitweb, but in portage: # cat /usr/portage/app-admin/syslog-ng/ChangeLog-2015 ... *syslog-ng-3.4.8 (06 Jun 2014) 06 Jun 2014; Michael Sterrett <mr_bon...@gentoo.org> +syslog-ng-3.4.8.ebuild: version bump for 3.4 branch 17 May 2014; Michael Sterrett <mr_bon...@gentoo.org> -syslog-ng-3.4.2.ebuild, -syslog-ng-3.5.4.ebuild: clean old ... ): https://gitweb.gentoo.org/repo/gentoo.git/tree/app-admin/syslog-ng/syslog-ng-3.4.8.ebuild for almost forever... ( I still have: # grep -r syslog-ng /etc/portage/p* /etc/portage/package.keywords/package.keywords.file:=app-admin/syslog-ng-3.4.8 /etc/portage/package.mask/package.mask.file:>=app-admin/syslog-ng-3.5.6 # because there really were issues: app-admin/syslog-ng-3.6.2: scary time stamp jumps https://bugs.gentoo.org/show_bug.cgi?id=533328 and: Kernel log message time drift #121 https://github.com/balabit/syslog-ng/issues/121 which I described in: Syslog-ng from Delay Logging to BrokenPipe/no Logging http://forums.gentoo.org/viewtopic-t-1001994.html ) No time to investigate mesa... Anybody can give us a summary of what's really going on upstream with mesa? -- Miroslav Rovis Zagreb, Croatia https://www.CroatiaFidelis.hr signature.asc Description: Digital signature
Re: [gentoo-user] Re: OpenGL problem after upgrading mesa and xorg-server
On 170314-05:32+0100, wabe wrote: > wabe <waben...@gmail.com> wrote: > > > Since I've upgraded mesa (12.0.1 to 13.0.5) and xorg-server > > (1.18.4 to 1.19.2), OpenGL programs don't work any longer for > > non-root users, even when these users are members of the group > > "video". ... > > > > I searched the web and also read the gentoo xserver wiki but > > couldn't find a solution. > > P.S.: After downgrading mesa to 12.0.1 everything works fine again. > So the problem has nothing to do with xorg-server. Lots of bugs with mesa, esp. recently: https://bugs.gentoo.org/buglist.cgi?quicksearch=mesa I masked it for now (if I had time, I'd contribute reports...): /etc/portage/package.mask/package.mask.file:>=media-libs/mesa-13.0.0 ( Btw. how does one search for only recent bugs, anybody? ) -- Miroslav Rovis Zagreb, Croatia https://www.CroatiaFidelis.hr signature.asc Description: Digital signature
Re: [gentoo-user] Recommended CDR-Burning-frontend without QT and without KDE?
On 170313-20:08+0100, tu...@posteo.de wrote: > Hi, > > what software under app-cdr (and may be others) is a recommended > application for burning all sorts of CD/DVD/DVDR/CDR...? growisofs, cdrecord, and friends ...mkisofs for cdrecord, IIRC ...I use it rarely nowadays... but none (assisting other programs) actually if it's data to burn on DVD or BD, growisofs is fine solo there... However, it's no GUI there... > As far it is not overcomplicated I am not scared by ncurses/slang > and the commandline :) There! You should be fine with the above. > As long as it is neat and handy...no problem. Those are neat, yes! > Definatly I dont want KDE-software nor QT-stuff anymore. > > Same background, different task: > What is similiar and recommended as replacement for > qtjackctrl? > > Thanks a lot for any help in advance! > > Cheers > Meino > > > > -- Miroslav Rovis Zagreb, Croatia https://www.CroatiaFidelis.hr signature.asc Description: Digital signature
[gentoo-user] emerge option "--color=n" not working WAS: Need coaching with emerge failure logs
On 170228-20:07-0500, Harry Putnam wrote: > Miroslav Rovis <miro.ro...@croatiafidelis.hr> writes: > > > On 170226-09:42-0500, Harry Putnam wrote: > >> Stroller <strol...@stellar.eclipse.co.uk> writes: > > ... > >> > >> > Example at the beginning: [32;01m * > >> > Example from the end: * > >> > > >> > Output to the terminal these would show the text in different colours, > >> > but the output was redirected to a textfile or mishandled in a > >> > copy-paste operation (not sure if screen or tmux does this?). I just checked out again on --color=n (I expect it is the same as --color n), mentioned below: > >> > Running emerge with `--color n` would have made this log much more > >> > readable. Its size already makes it hard to search. ... > >> > >> Just so you know... I did try that. [--color n] The resulting log > >> looked exactly the same. ... > > > > This is hard to believe. I just tried, and either: > > > > --color n > > > > or: > > > > --color=n > > > > added to the emerge line, worked. > > > > Are you looking at the Terminal output? If so that is not what I > posted. > > I did mention that yes `--color n' kills the color in terminal output. At first it worked in the terminal, and in the logs, this time around, here. > Read the whole paragraph you quote 1 sentence from above. > > This is the end of that para: > > ". . . . . . . . . . . . . . . . . . . . . . . . I don't expect > anyone would have noticed the comment... but it does seem a bit off > that I see no differernce here. That is, no difference in the actual > log emerge creates. I do see the difference in the terminal output." This time around, and it was a lot of emerge'ing, after a couple of dozen emerge'ing of various packages, while that '--color=n' option had, at start of using it, removed color from the terminal and from the logs... after a couple of dozen emerge'ing of various packages it stopped removing color, completely stopped, in the terminal and in the logs. This is a bug, and if this is how others have it too, than this needs to be reported to bugzilla. I would do it, but I'm a little unwell at this time, can't do it, don't know if I'll be able to do it later. Regards! -- Miroslav Rovis Zagreb, Croatia https://www.CroatiaFidelis.hr signature.asc Description: Digital signature
[gentoo-user] Re: GUI-less (non-dbus) virt-manager (to run Tails in Gentoo)
This email will be about some good results that I have obtained in this non-dbus virt-manager matter, and at least one snag left to solve... I have made a lot of progress in using non-dbus virt-manager recently. I hope some readers might be interested in these not very usual, except in Gentoo, feats. Let me remind you: On 170114-12:48+0100, Miroslav Rovis wrote: > Hi! > > This is my installation of the package virt-manager: > > # equery l virt-manager > * Searching for virt-manager ... > [IP-] [ ] app-emulation/virt-manager-1.4.0-r2:0 > # The above is still the case. And so is the below. > # emerge -pv virt-manager > ... > > /usr/bin/virt-clone > /usr/bin/virt-convert > /usr/bin/virt-install > /usr/bin/virt-xml > > While at the list of files, pls. notice that there is no executable named > 'virt-manager' in my system's virt-manager install: ... This is what I thought that I needed to do at the onset: > > So I guess, to get Tails installed, the way I will need to follow: > > https://tails.boum.org/doc/advanced_topics/virtualization/virt-manager/index.en.html But there is now the better debian than the systemDestructed Debian, which is Devuan, and there is now Heads (based on Devuan) instead of Tails (based on Debian): https://heads.dyne.org/about.html or http://fz474h2o46o2u7xj.onion/about.html And, as far as Tails, I can use it, although as of this time still only in pure Qemu (just a little is still missing for full Libvirt deployment under sound control of grsecurity RBAC policies... more below about that): https://www.croatiafidelis.hr/foss/cap/cap-161015-qemu-devuan/qemu-devuan-10.php (and the successive page) This was wrong, that's for developers > So, the mailing list: > > https://www.redhat.com/mailman/listinfo/virt-tools-list > there's users list instead: https://www.redhat.com/mailman/listinfo/libvirt-users But I first need to complete setting up the grsecurity RBAC policies for Libvirt: Libvirt virtualization policies https://forums.grsecurity.net/viewtopic.php?f=5=4675 which I might be at an end of (that took time! but it feels rewarding)... All of that I have successfully managed to do without dbus... Or d-bus, like in the comparison table of init systems: https://wiki.gentoo.org/wiki/Comparison_of_init_systems Which I hope is slowly spreading from Gentoo into other true-unix FOSS, the sans-dbus OpenRC... But I would need time to see, say, how far Devuan has reached in implementing OpenRC, as they planned... (I'm not a dev, I'm only yet struggling to become a good tester for projects that I believe in...) I have also hit a snag... see the last post at: Whonix on Gentoo issues https://forums.whonix.org/t/whonix-on-gentoo-issues/3188/17 where find (pasting: (virt-viewer:9916): GSpice-CRITICAL **: egl init failed: cannot create EGL context and more. That's basically, my virt-manager, virt-viewer and spice, and spice-gtk and xf86-video-qxl have some issues, and when virt-viewer starts, the spice client can't get the egl context, which I have come to understand is the... keyboard and the mouse... In slow time, if anybody has any advice about this matter, I'll be greatful! -- Miroslav Rovis Zagreb, Croatia https://www.CroatiaFidelis.hr signature.asc Description: Digital signature
Re: [gentoo-user] No room left on /boot
On 170305-16:56-0700, the...@sys-concept.com wrote: > On 03/05/2017 03:57 PM, Dale wrote: > > the...@sys-concept.com wrote: > >> On 03/05/2017 02:33 PM, the...@sys-concept.com wrote: ... > >>> "GRUB" and blank screen, not even a kernel selection. > >>> I scramble, boot strap the system and copied two file in /boot/ > >>> kernel-old --> kernel-current > >>> System.map-old --> System.map-current > >>> > >>> I was under impression that something is wrong with the current (newest > >>> kernel). But it seems to me I run out of room on the /boot partition. > >>> > >> [snip] > >>> -rw-r--r-- 1 root root 2.9M Mar 5 11:03 System.map-current > >>> -rw-r--r-- 1 root root 2.9M Mar 5 10:12 System.map-old > >> [snip] > [snip] > > > > > > I'm pretty sure grub uses that file. I've never tested the theory. If it didn't use it, why would I have one for each kernel: # ls -ltr /boot/ total 50387 -rw-r--r-- 1 root root 1550815 2016-09-15 11:16 initramfs.cpio.gz -rw-r--r-- 1 root root 6908928 2017-01-23 17:14 vmlinuz-4.8.17-hardened-r2-1701123_16 -rw-r--r-- 1 root root 5507056 2017-01-23 17:14 System.map-4.8.17-hardened-r2-1701123_16 -rw-r--r-- 1 root root 120993 2017-01-23 17:14 config-4.8.17-hardened-r2-1701123_16 -rw-r--r-- 1 root root 6767216 2017-02-03 11:55 vmlinuz-4.7.10-hardened-170203_10 -rw-r--r-- 1 root root 5450387 2017-02-03 11:55 System.map-4.7.10-hardened-170203_10 -rw-r--r-- 1 root root 120096 2017-02-03 11:55 config-4.7.10-hardened-170203_10 -rw-r--r-- 1 root root 6193104 2017-02-21 22:56 vmlinuz-4.10.0-170221_23 -rw-r--r-- 1 root root 4003287 2017-02-21 22:56 System.map-4.10.0-170221_23 -rw-r--r-- 1 root root 119499 2017-02-21 22:56 config-4.10.0-170221_23 -rw-r--r-- 1 root root 7561200 2017-02-21 23:25 vmlinuz-4.9.11-hardened-170221_23 -rw-r--r-- 1 root root 6950390 2017-02-21 23:25 System.map-4.9.11-hardened-170221_23 -rw-r--r-- 1 root root 121971 2017-02-21 23:25 config-4.9.11-hardened-170221_23 drwxr-xr-x 6 root root1024 2017-02-22 14:05 grub # grub2 here. most of the commands are now (testing ~amd64) named same as grub old. > > Why such a small /boot? My OS is installed on a fairly small 160GB hard Way too small! > > The System.map is needed, especially by VirtualBox so getting rid of > this file is not a good idea. > Yes, now it the /boot partition is 128MB but back few years ago was 30MB > > If I'll be redoing it I'll make it 1GB > > -- > Thelma > Regards! -- Miroslav Rovis Zagreb, Croatia https://www.CroatiaFidelis.hr signature.asc Description: Digital signature
Re: [gentoo-user] SHA-1 has just been broken
On 170302-03:42-0500, taii...@gmx.com wrote: > On 02/28/2017 12:05 PM, Miroslav Rovis wrote: > > > On 170227-21:59-0500, Rich Freeman wrote: > >> On Mon, Feb 27, 2017 at 8:10 PM, Miroslav Rovis > >> <miro.ro...@croatiafidelis.hr> wrote: ... > > And finally Andrew Shavchenko pointed me to gkeys ! > > > > Here's the answer to my query (ah, just the beginning of, my > > implementation of it will take time): > > > > emerge -tuDN app-crypt/gkeys app-crypt/gkeys-gen > > > > # equery f gkeys-gen > > ... > > /usr/share/doc/gkeys-gen-0.2/README.md.bz2 > > ... > > > > ( > > NOTE: The: > > /usr/share/doc/gkeys-0.2/README.md.bz2 > > of the gkeys package is identical. > > ) > > > > # bzcat /usr/share/doc/gkeys-gen-0.2/README.md.bz2 > > > > Gentoo Keys > > --- > > > > ### About > > > > Gentoo Keys is a Python based project that aims to manage the GPG keys > > used > > for validation on users and Gentoo's infrastracutre servers. Gentoo Keys > > will be able > > to verify GPG keys used for Gentoo's release media, such as installation > > CD's, > > Live DVD's, packages and other GPG signed documents. It will also be used > > by > > Gentoo infrastructure to achieve GPG signed git commits in the > > forthcoming git > > migration of the main CVS tree. > > > > ### License > > > > Gentoo Keys is under GPL-2 License > > # > > > > But do I read this correctly?: > > > > ...Gentoo Keys will be able > > to verify GPG keys used for Gentoo's release media, such as installation > > CD's, > > Live DVD's, packages and other GPG signed documents. > > > > Again, about this (syntactical) object (in the sentence), with other > > objects removed: > > > > ...Gentoo Keys will be able > > to verify GPG keys used for ... > > ... packages... > > > > Does that mean what I read? That with gkeys any user will be able to get > > packages via git, and somehow automatically gpg -verify the signature of > > each package that (s)he got when (s)he, say: > > > > emerge -tuDN world > > > > ? > > > > Does that mean that? > > ... > It is possible to have a reasonably secure system where the hard drive > firmware (or any other devices) can't fuck around with the stuff on > disk, although I highly doubt that the gentoo infrastructure (and > kernel.org, and all the source repos for all the other software) does this Rogue elements everywhere (even the most known Person in the world, throughout the history (which counts from His birth), had His traitors), but you are correct, it is still little likely. I'll keep you thought below for reference, when I some day, find more time to learn about these things: > One way is to use a blob-free coreboot IOMMU supporting board and > bootstrap the crypto/kernel off of the board firmware EEPROM chip to > load the initial kernel thus no plaintext touches the disk and thus > nothing can mess with it. > > The IOMMU (theoretically) protects the CPU and memory from rogue > devices, such as the hard drive. > > In terms of ethics IBM *for now* is a way better company than Intel/AMD, > their POWER servers are owner controlled as there isn't any boot > guard/secure boot/management engine/platform "security" processor (amd's > ME) to stop you from re-writing the firmware as you please. They also > have an getting-there-almost-reasonable open source effort (OpenPOWER) > > You can buy a TYAN OpenPOWER8 "Palmetto" (100% FOSS out of the box, > although not that powerful) or an IBM POWER8 S822 "Firestone" (very > powerful) which needs only a small amount of final work to be open sourced. > > IBM's POWER8 has a supervisor processor, although it is owner controlled > (the key difference) unlike ME/PSP. > > It is a shame that TALOS (POWER workstation board) never went anywhere, > it seems the linux community won't care about real freedom - right up > until microsoft finally locks us out for good and it is too late to do > anything about it. > > https://www.coreboot.org/Board_freedom_levels Yes, I looked up that page, and searched a little about Power8 pocessors... I wish I was aware how important Board freedom is back four and a half years ago. Not so ugly what I have, but neither is open hardware ( Asrock Extreme4, a few of them (so I can clone the systems): Use old amd64 gentoo image on new amd64 hardware, possible? https://forums.gentoo.org/viewtopic-t-940916.html#7172822 I can't believe they're still selling them! If I'm n
Re: [gentoo-user] Re: Need coaching with emerge failure logs (Understanting the problem)
I must not abbreviate this time... On 170228-20:07-0500, Harry Putnam wrote: > Miroslav Rovis <miro.ro...@croatiafidelis.hr> writes: > > > On 170226-09:42-0500, Harry Putnam wrote: > >> Stroller <strol...@stellar.eclipse.co.uk> writes: > > ... > >> > >> > Example at the beginning: [32;01m * > >> > Example from the end: * > >> > > >> > Output to the terminal these would show the text in different colours, > >> > but the output was redirected to a textfile or mishandled in a > >> > copy-paste operation (not sure if screen or tmux does this?). > >> > > >> > Running emerge with `--color n` would have made this log much more > >> > readable. Its size already makes it hard to search. > >> > >> Yes, and I am sorry about that, its just that I could not discern what > >> parts were important. Still I should have posted only the last > >> 400-500 lines. > >> > >> Just so you know... I did try that. [--color n] The resulting log > >> looked exactly the same. ... > > > > This is hard to believe. I just tried, and either: > > > > --color n > > > > or: > > > > --color=n > > > > added to the emerge line, worked. > > > > Are you looking at the Terminal output? If so that is not what I > posted. > > I did mention that yes `--color n' kills the color in terminal output. > > Read the whole paragraph you quote 1 sentence from above. > > This is the end of that para: > > ". . . . . . . . . . . . . . . . . . . . . . . . I don't expect > anyone would have noticed the comment... but it does seem a bit off > that I see no differernce here. That is, no difference in the actual > log emerge creates. I do see the difference in the terminal output." I see now what you mean (and meant, previously)! > But as I mentioned what I posted was not the terminal output but the > actual log that emerge creates for you.. and points you to when a > failure occurs. > > I just checked it again and I know that is what happens. That is, > setting `--color n' kills the color ouput at the terminal however the > `build.log' still contains all the color sequences. > > I'm already viewed dimly for posting so much junk so rather than post > samples of both ... I'll leave it for you to try yourself. No, you're not. Because you corrected your mistake. (Very busy... got to go.) Regards! -- Miroslav Rovis Zagreb, Croatia https://www.CroatiaFidelis.hr signature.asc Description: Digital signature
Re: [gentoo-user] SHA-1 has just been broken
On 170227-21:59-0500, Rich Freeman wrote: > On Mon, Feb 27, 2017 at 8:10 PM, Miroslav Rovis > <miro.ro...@croatiafidelis.hr> wrote: > > Apologies for my not being able to reply sooner! > > > > On 170227-18:18+0300, Andrew Savchenko wrote: > > > >> > And via a new private big business, the Github. Giving over all users to > >> > big Github brother. > >> > >> ??? > >> Github is entirely optional and is only for those who want to use it > >> (we have both users and devs willing so), but in no way anyone > >> demands its usage. > > Yeah! Still, it would be great if git was used in distributed way, and > > not from a central private business... > > > > Git can pretty-much ONLY be used in a distributed way. Correct, in that sense. But I didn't express clearly what I meant. I really meant in this sense (invented quotations in this paragraph): > Git was intended for everyone to run their own little git server and > pull from each other. Git was NOT invented for centralized commercial > social networking clouds such as github! That was from: https://wiki.gentoo.org/wiki/Overlay:Youbroketheinternet > In the sync > workflow github is basically just a mirror. A lot of our mirrors are > run by private businesses, and nobody knows what OS they're even > hosted on, let alone whether the firmware and CPU microcode are FOSS > along with their hard drive firmware. I understand that. And I support any honess business. What I hate is examples like Google, Oracle, Microsoft, IBM is a little more honest, I think... The few at the control of those ruined so much in computing and the internet. GNU and FOSS, to lesser extent OSi, are good, even beautiful, socially and philosophically. > As far as distribution goes I think github is the wrong thing to worry > about. What you want is traceable signatures from dev to user. Once > you have that you can download from an NSA mirror and there shouldn't > be any risk. All a mirror does is replicate data, and if > modifications are detectable the worst they can do is a DoS. I see. > Most of the concerns that people tend to have with github is that you > can become dependent on them for issue and pull request tracking and > then if they decide to pull the plug you lose all that data. We try > to minimize the use of these features and not make it a core part of > the dev workflow. Good practice! > But, we do use pull requests and in theory we could > lose those someday. The actual code itself gets pushed to the Gentoo > infra Repo from a developer's box using plain old git after they've > inspected/tested/etc it. So, there isn't really any way for Github to > go injecting commits into the repositories we actually use. I guess > they could do it for anybody using our github mirrors on the > distribution side, but that's only because we don't have that all > locked down and the same issue applies with any other mirror (rsync, > etc). Again, you really need end-to-end signature checking to make > any of these things truly safe. Absolutely! I did figure that out since long! > -- > Rich > And what I've spent some time doing today, is figuring out about the info that I finally got from you people! About time! My rattling was all about whether there was or wasn't a way to do what is still in the title of that mail that I linked to, and gave Message-ID of, to do this: Is it safe to switch from webrsync to the git repo now? And finally Andrew Shavchenko pointed me to gkeys ! Here's the answer to my query (ah, just the beginning of, my implementation of it will take time): emerge -tuDN app-crypt/gkeys app-crypt/gkeys-gen # equery f gkeys-gen ... /usr/share/doc/gkeys-gen-0.2/README.md.bz2 ... ( NOTE: The: /usr/share/doc/gkeys-0.2/README.md.bz2 of the gkeys package is identical. ) # bzcat /usr/share/doc/gkeys-gen-0.2/README.md.bz2 Gentoo Keys --- ### About Gentoo Keys is a Python based project that aims to manage the GPG keys used for validation on users and Gentoo's infrastracutre servers. Gentoo Keys will be able to verify GPG keys used for Gentoo's release media, such as installation CD's, Live DVD's, packages and other GPG signed documents. It will also be used by Gentoo infrastructure to achieve GPG signed git commits in the forthcoming git migration of the main CVS tree. ### License Gentoo Keys is under GPL-2 License # But do I read this correctly?: ...Gentoo Keys will be able to verify GPG keys used for Gentoo's release media, such as installation CD's, Live DVD's, packages and other GPG signed documents. Again, about this (syntactical) object (in the sentence), with other objects removed: ...Gentoo Keys will be able to verify GPG keys used for ... ... packages... Does that mean what I read? That with gk
Re: [gentoo-user] SHA-1 has just been broken
Apologies for my not being able to reply sooner! On 170227-18:18+0300, Andrew Savchenko wrote: > On Sun, 26 Feb 2017 12:00:50 +0100 Miroslav Rovis wrote: > > > But, when we talk crypto being broken, > > Git is not in the immediate threat due to SHA1 collision being > practical. See Linux blog about this: > > https://plus.google.com/+LinusTorvalds/posts/7tp2gYWQugL Will read it. (it's 02:00 past midnight CET) > Note that git devs are working on moving to a more secure hash > function. Good to hear! > Also note that git can handle several files in the repo with the > same hash function. While this doesn't protect from the possible > repo forgery, it protects from accidental file collision where > subversion fails badly: > https://www.bleepingcomputer.com/news/security/sha1-collision-attack-makes-its-first-victim-subversion-repositories/ Pretty sad! > I do not want to offence subversion devs, but they haven't even > considered the possibility that hash function may collide. Huge > blunder on their side. > > > I can help thinking of other > > threats to Gentoo and other FOSS GNU Linux that I fear are perfectly > > feasible (for the resourceful subjects) > > > > Gentoo distro is increasingly served the insecure way, IMO, that is: via > > git, without the repositories being, for end users, PGP-verifiable. > > It is verifiable for end users, but not in an easy way. You can > either use web rsync or verify git commits yourself using gpupg and > gkeys. I'll try and do that. I have been trying to figure it out, a few times already, but I would always get lost in the volume of new stuff to digest... Will need more time to do it. However I am already using signed portage snapshots via emerge-webrsync, and I use local mirror. I am pretty safe, but on obsolete technology. > > And via a new private big business, the Github. Giving over all users to > > big Github brother. > > ??? > Github is entirely optional and is only for those who want to use it > (we have both users and devs willing so), but in no way anyone > demands its usage. Yeah! Still, it would be great if git was used in distributed way, and not from a central private business... > If you want to have sync-friendly git repo, Gentoo infra provides > one for you: > https://gitweb.gentoo.org/repo/sync/gentoo.git/ Harder to use than Github. Github is foolproof, extremely easy for newbies, compared to any other git server. The reason for their success... > > And, in the trasition all the history got lost. Git started remembering > > only from 2015. > > No, it isn't. Full historical git repo is available: > https://gitweb.gentoo.org/repo/gentoo/historical.git/ Great to know! Sorry for wrong claims that I made. > One may use git graft to join historical and actual repo together. Which is advanced usage for me at this stage. > > I have asked a question about getting git-served repository verifiable > > for end users, but I didn't get any replies: > > Do not forget that all devs are volunteers. I know that. Always keep that in mind. > User-transparent > GnuPG tree verification is indeed important. You can help! If I get that savvy in git/portage/other I will... That time is still distant yet, I'm afraid. > Join gkeys project, get in touch with infra, discuss what needs to be > done. I'll look gkeys up... > Don't just rattle about how insecure data is provided, You're right. > help to make it secure! (And as I shown above actual state is not that > bad and some options are already available.) I'm busy figuring how to deploy virtualization on my sans-dbus system, and have spent months on things like that... and only lately finally getting there. Also, practical verifiability in Gentoo is something I have been keen on for pretty long now. But you having showed to me (I haven't digested it yet, too late in the night right now) that verifiability is possibly does make it the next big wish of mine to apply for my Gentoo ( and my dream is to help test it, so everybody can use git for verifiable installations! ). > > Best regards, > Andrew Savchenko Your email means a lot to me! Thank you! Good night! (I see other emails, but have to go to sleep now first) -- Miroslav Rovis Zagreb, Croatia https://www.CroatiaFidelis.hr signature.asc Description: Digital signature
Re: [gentoo-user] Re: Need coaching with emerge failure logs (Understanting the problem)
On 170226-09:42-0500, Harry Putnam wrote: > Stroller <strol...@stellar.eclipse.co.uk> writes: ... > > > Example at the beginning: [32;01m * > > Example from the end: * > > > > Output to the terminal these would show the text in different colours, > > but the output was redirected to a textfile or mishandled in a > > copy-paste operation (not sure if screen or tmux does this?). > > > > Running emerge with `--color n` would have made this log much more > > readable. Its size already makes it hard to search. > > Yes, and I am sorry about that, its just that I could not discern what > parts were important. Still I should have posted only the last > 400-500 lines. > > Just so you know... I did try that. [--color n] The resulting log > looked exactly the same. ... This is hard to believe. I just tried, and either: --color n or: --color=n added to the emerge line, worked. These: --color no # throws help on you --color=no # throws help on you didn't work. -- Miroslav Rovis Zagreb, Croatia https://www.CroatiaFidelis.hr signature.asc Description: Digital signature
Re: [gentoo-user] SHA-1 has just been broken
On 170226-14:32-0600, R0b0t1 wrote: > On Sun, Feb 26, 2017 at 5:00 AM, Miroslav Rovis > <miro.ro...@croatiafidelis.hr> wrote: > > On 170225-21:34-0600, R0b0t1 wrote: > >> On Saturday, February 25, 2017, Miroslav Rovis > >> <miro.ro...@croatiafidelis.hr> > >> wrote: > >> > > >> https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html > > ... > >> ... > >> Aside: > >> http://ecrypt-eu.blogspot.com/2015/11/break-dozen-secret-keys-get-million.html > > > > Too technical for me. Too little learning gain for too much mumbo-jumbo > > noise, at this > > stage of my understanding of crypto, for me. > > My apologies. The useful part of the link is really the title. It > explains how, if you *do* successfully break a given key, you have > necessarily broken millions of them - you are just unsure if they are > currently in use. The wise option is then to record every key > combination you brute force in the hope that someone will start using > it in the future. I did figure that much out. But all of it useful... for true cryptographers. It's so appealing, but so distant yet (or forever, where can one find the time to learn that much?). > > > > But, when we talk crypto being broken, I can help thinking of other I meant: But, when we talk crypto being broken, I can't help thinking of other ( ... can't ... ) > > threats to Gentoo and other FOSS GNU Linux that I fear are perfectly > > feasible (for the resourceful subjects) ( And also, the Message-ID given in my email can only be found by subcribers to the gentoo-dev mailing list, not gentoo-user ML. ) > > Gentoo distro is increasingly served the insecure way, IMO, that is: via > > git, without the repositories being, for end users, PGP-verifiable. > > > > And via a new private big business, the Github. Giving over all users to > > big Github brother. > > > > And, in the trasition all the history got lost. Git started remembering > > only from 2015. > > > > I have asked a question about getting git-served repository verifiable > > for end users, but I didn't get any replies: > > > > This is something I was concerned about myself, especially since the > bare git protocol that most users access the repository from, even if > it is the repository hosted by the Gentoo Foundation, is insecure. Git > access via SSH or HTTPS *is* secure but is not implemented - I'm not > sure why, as they've purchased a "real" certificate and the Git > subdomain may already be covered by it. > And there's even no need purchasing certs any more. LetsEncrypt cetrificates are free in both some GNU/GNU-compatible way, and the free-of-charge way. But a repository can also really be verifiable only if it is PGP-signed (or some other cryptro-verifiable-way signed). So HTTPS alone does not do it. > Well, maybe someone will noticed this message. Or not. > > R0b0t1. > I hope too. Because it's depressing how large swathes of FOSS are getting under control of big business and to some extent, very minor here, but not negligeable, actually covertly privatized... I can't help but remind ( I wrote about it in: GUI-less (non-dbus) virt-manager (to run Tails in Gentoo) https://lists.gt.net/gentoo/user/321797 Message-ID: <20170111205529.GB28353@g0n.xdwgrp> ) how big dirty stingy Schmoogle the Schmoog treats Gentoo which it uses for its CoreOS [[ important thing there to find is the link to: Gentoo Foundation, background and status report Robin Johnson https://youtu.be/S3bmXVbxMgE and if a reader don't get to the same conclusion about the Schmoog that I arrived at, then the reader might be missing something ]] Ah, as far as distribution verifiability, I guess emerge-webrsync and PGP-signed portage trees functionality needs to be kept forever, then... Thanks for replying! ( BTW, about the link, in the first email, to my message to secure-os ML, one of the secure-os folks kindly confirmed, but in a private message, that they were considering my email... ) Sad how this topic, or the other linked in my first mail, to the gentoo-dev ML, didn't attract more discussion... It can't be too late to fix these issues... Regards! -- Miroslav Rovis Zagreb, Croatia https://www.CroatiaFidelis.hr signature.asc Description: Digital signature
Re: [gentoo-user] SHA-1 has just been broken
On 170225-21:34-0600, R0b0t1 wrote: > On Saturday, February 25, 2017, Miroslav Rovis <miro.ro...@croatiafidelis.hr> > wrote: > > > https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html ... > > Very interesting. The first useful SHA-1 collision was, if I remember, done > in 2015, and subverted an HTTPS certificate (though not one which had been > issued). This was some guys with a couple of servers lined with graphics > cards. > > Seeing someone manage to do it in a garage a number of years before it was > cosidered feasible should, hopefully, make you have more conservative > estimates of the strength of modern cryptography. > > Aside: > http://ecrypt-eu.blogspot.com/2015/11/break-dozen-secret-keys-get-million.html Too technical for me. Too little learning gain for too much mumbo-jumbo noise, at this stage of my understanding of crypto, for me. > R0b0t1. But, when we talk crypto being broken, I can help thinking of other threats to Gentoo and other FOSS GNU Linux that I fear are perfectly feasible (for the resourceful subjects) Gentoo distro is increasingly served the insecure way, IMO, that is: via git, without the repositories being, for end users, PGP-verifiable. And via a new private big business, the Github. Giving over all users to big Github brother. And, in the trasition all the history got lost. Git started remembering only from 2015. I have asked a question about getting git-served repository verifiable for end users, but I didn't get any replies: Date: Tue, 20 Dec 2016 00:47:56 +0100 Message-ID: <20161219234756.GA4008@g0n.xdwgrp> Subject: Is it safe to switch from webrsync to the git repo now? if you are subscribed and have three month worth of gentoo-user mail in your inbox or: (same subject as above of course) https://lists.gt.net/gentoo/dev/320922 Long term, this is an issue that will not go away unless it is fixed, i.e. git-served portage packages start being PGP-verifiable for end users. And when we talk security for privacy, and with... pretty much (at least from my perspective) privacy experts of today, how about this: [Secure Desktops] dbus, gnunet (was: unstable dnssec-root) https://secure-os.org/pipermail/desktops/2017-February/000180.html ( where note the dbus creating encrypted session, and the link thereto: How to avoid stealth installation of systemd? http://forums.debian.net/viewtopic.php?f=20=116770=45#p552566 ) Regards! - Miroslav Rovis Zagreb, Croatia https://www.CroatiaFidelis.hr signature.asc Description: Digital signature
Re: [gentoo-user] This time git failed to install
On 170226-11:25+0100, meino.cra...@gmx.de wrote: > Neil Bothwick <n...@digimed.co.uk> [17-02-26 11:16]: > > On Sun, 26 Feb 2017 06:49:55 +0100, meino.cra...@gmx.de wrote: ... > > > This morning emerge presented me a new (at least for me) > > > error while trying to update @world related to git: > > > > > > ./check_bindir "z$bindir" "z$execdir" "$bindir/git-add" > > > * ERROR: dev-vcs/git-2.12.0::gentoo failed (install phase): > > > * !!! > > > newexe: > > > /var/tmp/portage/dev-vcs/git-2.12.0/work/git-2.12.0/contrib/gitview/gitview > > > does not exist * > > > ... > > Looks like a bug to me, gitview is no longer there. You could work around > > it by setting USE="-gtk" or USE="-python"... and it looks like a bug has > > just been filed for this. dev-vcs/git-2.12.0 : * !!! newexe: /var/tmp/portage/dev-vcs/git-2.12.0/work/git-2.12.0/contrib/gitview/gitview does not exist https://bugs.gentoo.org/show_bug.cgi?id=610964 ( I thought it was good to give full url links with full title, I believe that saves other readers' time ) Regards! -- Miroslav Rovis Zagreb, Croatia https://www.CroatiaFidelis.hr signature.asc Description: Digital signature
[gentoo-user] SHA-1 has just been broken
https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html ( you know I hate the Schmoog, and didn't take their cookies, and so they didn't show me their page in my Palemoon --working great here!, an Angel of Honesty in comparison to Firefox --and if anybody else don't want Schmoog prying in his machine, likely: $ wget \ https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html will do just fine as it did for me. ) -- Miroslav Rovis Zagreb, Croatia http://www.CroatiaFidelis.hr signature.asc Description: Digital signature
Re: [gentoo-user] Need coaching with emerge failure logs (Understanting the problem)
On 170225-09:19-0500, Harry Putnam wrote: > Setup: VBox vm running gentoo(amd64) guest on a win-10 (64bit) host > Hardware: HP xw8600 - 2x Xeon CPU X5450 @ 3.00GHz - 32 GB ram > [ some cca. 80k text cut here ] Go for the guides, in which you will find that sending 5.5M log in an email is plain wrong. Read e.g. how to post bugs on Bugzilla. shouldn't be hard to find. Regards! -- Miroslav Rovis Zagreb, Croatia http://www.CroatiaFidelis.hr signature.asc Description: Digital signature
Re: [gentoo-user] How to dump kde gracefully in favor of lxde
On 170219-19:41+, Neil Bothwick wrote: > On Sun, 19 Feb 2017 14:21:58 +0100, Miroslav Rovis wrote: > > ...[ you cut my argument here]... > > ...[ you cut my argument here]... > > ...[ you cut my argument here]... > > > KDE3 had its own IPC protocol, DCOP, that was used as the basis for > > > DBus. Once there was a standard IPC system, there was no need for KDE > > > to maintain its own. GNOME and KDE are integrated suites of software, > > > some form of IPC is necessary for them to function. To ditch DBus, > > > they would have to reinvent the wheel. > > Yeah, right! I wasn't being ironic. > > What's that supposed to mean. This is documented fact, plus, if you had > ever used DCOP, you would immediately spot the similarities in DBus. > > > But I can't go into detailed discussions full time about dbus opaque or > > DBus is a protocol specification, where is the opaqueness. > > > not. (I really don't expect anybody can deny spender's claims in that > > link on Linux security)... > > Allowing programs to communicate with one another will always raise > possibilities for exploitation, but that is not necessarily a reason to > isolate all software from one another. After all, isn't having each > program do one job well and communicate with others part of the "True > Unix Way"? > > > -- > Neil Bothwick > > Teamwork is essential; it gives the enemy other people to shoot at. I installed gnunet. Without dbus. Only had to modify one ebuild because bluez had a dependency for dbus. But won't be able to use gnunet-gtk because all gtk greater than 3.10 (or so) depend on dbus. I hope so much the Gentoo devs keep the -dbus available. Really busy, and obsessively interested in gnunet... Regards! -- Miroslav Rovis Zagreb, Croatia https://www.CroatiaFidelis.hr signature.asc Description: Digital signature
Re: [gentoo-user] svn-server setup (need it for gnunet in Air-Gap install)
It may not be necessary to set up a subversion server, I now believe. See below to what caused confusion here... On 170219-12:56+0100, Miroslav Rovis wrote: ... > https://gnunet.org/node/2634 ... > But I was wondering if anybody knows of a more Gentoo-specific > tutorial/tip/thread/topic/other about setting up a Subversion server? Here's what caused confusion: Go to: https://gnunet.org/git/youbroketheinternet-overlay.git/tree/net-misc/gnunet of the currently available (you can see the equivalent listing there, as in this local git clone'd repo of mine): youbroketheinternet-overlay/net-misc/gnunet $ ls -ABgo total 60 drwxr-xr-x 2 4096 2017-02-17 12:54 files -rw-r--r-- 1 7436 2017-02-17 12:54 gnunet-0.10.1.ebuild -rw-r--r-- 1 7440 2017-02-17 12:54 gnunet-0.10.1_pre01021.ebuild -rw-r--r-- 1 4596 2017-02-17 12:54 gnunet-0.10.2_rc1.ebuild -rw-r--r-- 1 7175 2017-02-17 12:54 gnunet-0.10.2_rc2.ebuild -rw-r--r-- 1 7175 2017-02-17 12:54 gnunet-0.10.2_rc3.ebuild -rw-r--r-- 1 7175 2017-02-17 12:54 gnunet-.ebuild -rw-r--r-- 1 381 2017-02-17 12:54 Manifest -rw-r--r-- 1 1467 2017-02-17 12:54 metadata.xml youbroketheinternet-overlay/net-misc/gnunet $ And of those, only these ones are (and pls. notice it is EAPI=6, so recent): https://gnunet.org/git/youbroketheinternet-overlay.git/tree/net-misc/gnunet/gnunet-0.10.1.ebuild /gnunet-0.10.1_pre01021.ebuild SVN repo ebuilds. But these: gnunet-0.10.2_rc1.ebuild gnunet-0.10.2_rc2.ebuild gnunet-0.10.2_rc3.ebuild gnunet-.ebuild are all git repo ebuilds, so I'll try and see if adding the gnunet- below, will allow me to use the gnunet git (which I cloned to my local space): # cat /etc/portage/package.unmask/package.unmask.file >=net-misc/gnurl- >=net-misc/gnunet- # And surely I will use the suggestion (given to gnunet developers, in the gnunet-.ebuild): # if you're a gnunet developer, you can put a symlink to your local git # here: EGIT_REPO_URI="/usr/local/src/${PN} Be it failure or success, I'll report back how my attempts fared. -- Miroslav Rovis Zagreb, Croatia https://www.CroatiaFidelis.hr signature.asc Description: Digital signature
Re: [gentoo-user] How to keep my system from (nearly) freezing?
On 170219-14:11+0100, Miroslav Rovis wrote: ... > Try Ctrl+Alt+Fx > where x is one of F1 ... F6 > and then issue: > # killa chromium # killall in this case likely (never installed any of Schmoog's browsers): # killall chromium -- Miroslav Rovis Zagreb, Croatia https://www.CroatiaFidelis.hr signature.asc Description: Digital signature
Re: [gentoo-user] How to dump kde gracefully in favor of lxde
On 170219-12:31+, Neil Bothwick wrote: > On Sun, 19 Feb 2017 11:17:34 +0100, Miroslav Rovis wrote: Hi, Neil, a fellow hexagenarian like me! > > But the worse thing in both KDE and Gnome is the dbus, the opaque > > program that is easily misused against the user. And figuring out about > > it, and getting rid of it, that was also hard. > > How can it be opague when it is open source. And so is NSA Linux open source, and is opaque just the same... Oh I meant SELinux, and pls. be the first to deny there were hooks planted in Linux by Linus via the LSM (the Linux Security Module, for the general audience), as per: Developer Raps Linux Security (or whatever the exact title, I'm offline, doing just a quick write) http://www.crmbuyer.com/story/39565.html > > > Are there options for KDE/Gnome without dbus (or d-bus) now? > > KDE3 had its own IPC protocol, DCOP, that was used as the basis for DBus. > Once there was a standard IPC system, there was no need for KDE to > maintain its own. GNOME and KDE are integrated suites of software, some > form of IPC is necessary for them to function. To ditch DBus, they would > have to reinvent the wheel. Yeah, right! But I can't go into detailed discussions full time about dbus opaque or not. (I really don't expect anybody can deny spender's claims in that link on Linux security)... Because I really need to finally solve my (likely) last installation issue with gnunet: svn-server setup (need it for gnunet in Air-Gap install) https://marc.info/?l=gentoo-user=148750543106051=2 Regards! -- Miroslav Rovis Zagreb, Croatia https://www.CroatiaFidelis.hr signature.asc Description: Digital signature
Re: [gentoo-user] How to keep my system from (nearly) freezing?
On 170219-13:53+0100, Helmut Jarausch wrote: > Hi, > > sometime I have some memory hungry ebuilds in the background, when I Ebuilds are just text files, they don't run in the background... > start (e.g.) Chromium which needs very much memory if you have a lot of > open tabs. ( Chromium is the most privacy-invading browser ever. It's a spyware, I could never use it, but forget about that, it's not what this topic is about... ) > In that case my system nearly freezes. I cannot even kill chrome. > What can I do in that case. (Remote login doesn't work either) Try Ctrl+Alt+Fx where x is one of F1 ... F6 and then issue: # killa chromium > > Can I have any additional program (like Chromium) die if there is not > enough memory. > > Many thanks for a hint, > Helmut > This could be a hardware, not a software issue. Also, not sure, but looks like, not a memory issue, but a CPU issue. It's likely the CPU triggers the BIOS to shut down because CPU gets too hot, but because it is not properly implemented, what happens is even worse than doing nothing, and that is: the system freezes, but the CPU keeps running... Bad! How warm does you machine, try to touch it in the back, or under, if it's a laptop, where ther CPU is? It reminds me of what I had. My systems, that had only the original, run-of-the-mill coolers on the CPUs (I bought a few of same model MBO, so i can clone my systems)... The usual 80mm coolers. As soon as I replaced them with 120mm coolers, no issues any more. Regards! -- Miroslav Rovis Zagreb, Croatia https://www.CroatiaFidelis.hr signature.asc Description: Digital signature
[gentoo-user] svn-server setup (need it for gnunet in Air-Gap install)
The support question is at end. But I alsot thought it useful to relate my experience with installing Gnunet. I've successfully deployed installing from my Cgit-on-Apache served cloned git's, whichever that I need, as you can read in: Pale Moon Air-Gapped portage EAPI 6 Install https://marc.info/?l=gentoo-user=148750248005478=2 And I've almost but completed installing Gnunet ( if you're as poorly informed as I was, see: http://youbroketheinternet.org/#overlay https://wiki.gentoo.org/wiki/Overlay:Youbroketheinternet https://gnunet.org/node/2634 <-- not guarrantied to survive... ... Why? See: https://secure-os.org/pipermail/desktops/2017-February/000171.html where ng0, the author, writes in reply: > There is also: GNUnet for Gentoo on gnunet.org (and I'm not sure if the > tip needs to be updated as per: [[1]] That page is outdated and will be removed once we update gnunet.org to the new web framework. ) But here's more of my experience so far with installing gnunet, with this last hurdle to overcome left. Gnunet has a few requirements, it should be here: https://bugs.gentoo.org/show_bug.cgi?id=609740#c0 in the attachment: https://bugs.gentoo.org/attachment.cgi?id=464236 or, by the current packages: automake-1.14.1.tar.xz, gnurl-170218.tar, gnurl-git-170218.tar, gnutls-3.5.9.tar.xz, Kjqmt7v-20100715.csr, libmicrohttpd-0.9.52.tar.gz, Python-3.5.2.tar.xz, python-gentoo-patches-3.5.2-0.tar.xz, root-anchors-20100715.xml, unbound-1.6.0.tar.gz I have overcome the portage checksum fail issue for the dnssec-root, see: youbroketheinternet's gnunet dependency net-dns/dnssec-root-20150403 checksum fail https://bugs.gentoo.org/show_bug.cgi?id=609740 also: dependency net-dns/dnssec-root-20150403 checksum fails https://gnunet.org/bugs/view.php?id=4898 and: gnunet dependency dnssec-root checksum fail for 7 yrs old IANA XML https://lists.gt.net/gentoo/user/323337 and also I git clone'd gnurl to have it available locally for my Air-Gapped... All the above is solved. But gnunet is developed in Subversion, and I have to make a Subversion server now, and somehow pull from gnunet repo into my local, to have gnunet available for my Air-Gapped... I have searched, I have found this useful link (with further references), for setting up a Subversion server: How to set up a Subversion (SVN) server on GNU/Linux - Ubuntu https://stackoverflow.com/questions/60736/how-to-set-up-a-subversion-svn-server-on-gnu-linux-ubuntu But I was wondering if anybody knows of a more Gentoo-specific tutorial/tip/thread/topic/other about setting up a Subversion server? Regards! -- Miroslav Rovis Zagreb, Croatia https://www.CroatiaFidelis.hr signature.asc Description: Digital signature
Re: [gentoo-user] Pale Moon Air-Gapped portage EAPI 6 Install WAS: [Logging] SSL with PM
It still looks awkward directory names like below: On 170111-06:50+0100, Miroslav Rovis wrote: > On 161223-17:58+0100, Miroslav Rovis wrote: > > On 161223-05:38+0100, Miroslav Rovis wrote: ... > ... > > > > The git object pack sources, guess where they are by looking up: > > > > # du -hs /usr/portage/distfiles/git3-src\ > > EGIT_MIRROR_URI\=git\:/localhost/cgi-bin/cgit.cgi/cgi-bin_cgit.cgi_Pale-Moon.git/*/ > > ... And this is fresh, current: ( not a quote, but a paste from a terminal, the second line below ) # ls -ABgo \ > "/usr/portage/distfiles/git3-src > EGIT_MIRROR_URI=http:/localhost/cgi-bin/cgit.cgi/" total 12 drwxr-xr-x 6 4096 2017-02-19 00:17 cgi-bin_cgit.cgi_gnurl.git drwxr-xr-x 6 4096 2017-02-13 23:54 cgi-bin_cgit.cgi_Pale-Moon.git drwxr-xr-x 6 4096 2017-02-18 22:53 gnurl.git # The gnurl.git, the last, is empty. It is empty because I wasn't online, and I wasn't because I don't want to just be online and trust what happens when I install packages while being open... And so it couldn't pull from online git's. But the other two: cgi-bin_cgit.cgi_gnurl.git cgi-bin_cgit.cgi_Pale-Moon.git have done their work. From my Apache-served Cgit. Gnurl I have installed in this awkward-directory-names way just very early this morning (more about what I needed it for further below), and Pale-Moon I have installed back when I made this pull request: https://github.com/deuiore/palemoon-overlay/pull/34 This method works! (If I had time, I'd query with the cgit devs and remove the cgi-bin_cgit.cgi string from my Apache served Cgit (it's actually http:///cgi-bin/cgit.cgi/<...>) , but hey, it works, so it's not urgent.) In other words, some (not all, YMMV) of my pull request is anyway, via Air-Gapped or via total-online install, applicable for anybody who wants to _test_ Pale Moon in Gentoo! Just thought to let you people know. As far as Pale Moon, you get the bleeding edge this way. And, yes, in comparison to its parent which it forked from, the big business Firefox, Pale Moon is an Angel of Honesty! And I don't have many issues with Pale Moon, at all! Esp. not surveillance issues like with Firefox! And about Gnurl and what I needed it for. I needed it for Gnunet. Aaahhh.. What is that, some may ask (that's how this great idea is little known in some circles)? See here: https://wiki.gentoo.org/wiki/Overlay_Talk:Youbroketheinternet http://youbroketheinternet.org/#overlay https://gnunet.org/node/2634 ( but the author is a renegade Gentoo developer, maybe that's why it is not well known, see here for more: https://secure-os.org/pipermail/desktops/2017-February/000171.html ) But I need to make another thread about Subversion server that I need to set up, because gnunet is svn-served... Regards! -- Miroslav Rovis Zagreb, Croatia https://www.CroatiaFidelis.hr signature.asc Description: Digital signature
Re: [gentoo-user] How to dump kde gracefully in favor of lxde
On 170219-08:45+, Mick wrote: > On Saturday 18 Feb 2017 22:05:01 Walter Dnes wrote: > > On Sat, Feb 18, 2017 at 04:57:52PM -0500, Harry Putnam wrote > > > > > Any advice about slick ways of getting fully updated but dumping kde > > > on the way. > > > > *IMPORTANT* KDE is obscene about dependancies. E.g. when a > > lightweight pdf-reader was phased out, I looked at various options > > including okular. It's an "itty-bitty-little-applet"... that seems to > > pull in 90% of KDE as dependancies. If you want to get rid of KDE, you > > must be prepared to dump every last little KDE app/applet. It's an > > all-or-nothing situation. Sorry. > > > > 1) "eselect profile list" and switch to a basic non-KDE profile of your > > choice. > > > > 2) "emerge gentoolkit" if not already present. > > > > 3) "cat /var/lib/portage/world" and see what KDE stuff you have. > > > > 4) Unmerge (i.e. "emerge --unmerge) obvious KDE-related stuff that you > > find in world. > > > > 5) "emerge --depclean" (May not help if you've done "emerge --sync" and > > not fully updated). > > > >The next 3 steps are going to be repeated several times > > > > 6) "emerge -pv --changed-use --deep --update @world" > > > > 7) You'll probably see portage try to pull KDE back in. For each lib > > "fu-bar/foobar" that portage tries to pull in do "equery d fu-bar/foobar" > > and manually unmerge whatever it finds. (Note: gentoolkit provides the > > equery tool). > > > > 8) GOTO 6 (until portage stops trying to pull in KDE stuff). > > As Walter indicates above, the problem is many every day desktop applications > have either KDE or Gnome dependencies. Depending on your needs you may find > it inevitable that one or the other desktop environment with its mega-suite > of > packages will be pulled in. > -- > Regards, > Mick True! KDE is not so bad, but it and Gnome, they invent, they imposition dependencies. Some four years ago now, I wasn't able to easily switch from KDE to what I use now: plain openbox. I even start it with simply "startx"... I wish Harry can do it, but I'm only cautiously optimistic... I don't know if I would be able to do it now if I had KDE installed, lots of things have changed in 4 yrs... Lots of things have changed, but I don't think the impositioning of dependencies by KDE has... But the worse thing in both KDE and Gnome is the dbus, the opaque program that is easily misused against the user. And figuring out about it, and getting rid of it, that was also hard. Getting sans-dbus is now in Gentoo much much easier, almost readily available (there's even a dbus useflag since not long time ago). I was wondering if maybe I was wrong: Are there options for KDE/Gnome without dbus (or d-bus) now? -- Miroslav Rovis Zagreb, Croatia https://www.CroatiaFidelis.hr signature.asc Description: Digital signature
Re: [gentoo-user] To emerge openbox or gparted...that is the question...(William Tuxpeare)
On 170218-13:01+, Neil Bothwick wrote: > I'm in my 60th year too, but only for a few more hours. Tomorrow I hit > 60 and will officially be a grumpy old fart. Everybody is already old, in the future. And dead, in the future. And is in the other world, already, in the future... And we are all kids, in the past. But... But what is time? Just Thought of the Supreme Being... > As for being able to revert system changes, I find a combination of > adding buildpkg to FEATURES and installing demerge helps a lot. > Regular btrfs snapshots of / don't hurt either. > Yeah, lots of people use btrfs. I don't because I like total Air-Gap'ing, and whatever I bring from my online clone of the master Air-Gapped, back into the master Air-Gapped (mail, packages, all kinds of stuff) I try to very thoroughly scrutinize first. Meino, is it two systems, same model hardware? But see below. On 170218-14:14+0100, meino.cra...@gmx.de wrote: > Hi Miroslav, > > I started using computers with 14... > > The root I am installing is in a separate directory, which > I use chrooted. > > Over the years I was locked out several times because I was using > "sophisticated backup software" and the "the most advanced backup > strategy" > ;) > ...in the end, when the system had gone gaga, I neither had the > software anymore nor the informations, what backyp was incremental, > fundamental, global, local or whatever. > > Now I have two identical harddiscs: One is for daily usage and the second > is an 1:1 image copy of the first one. > Getting my system up again after -- for example -- a hard head creash > is done in minutes: Change harddisk, reboot...Voila! > Meino, is it two systems, same model hardware? Same MBO on both? Or not? Or just the HDD are the same model. That's cloning anyway if it's just HDDs. I use that, but it's also same MBO on at least two systems (method is good for even only one system, but it's probably too much work)... But I use Air-Gap'ing before cloning... And I generally can't get in trouble of not being able to revert... See for yourself (warning: before figuring out, I wondered a lot, even asked unclear question...): Air-Gapped Gentoo Install, Tentative https://forums.gentoo.org/viewtopic-t-987268.html Postfix smtp/TLS, Bkp/Cloning Mthd, Censorship/Intrusion https://forums.gentoo.org/viewtopic-t-999436.html#7613044 (that PART 2 is about the backup) > While building the new root I have attached an external 2.5" harddisk > for temporary backups and snapshot of what I am trying to acchieve. Not completely understand the above... But I think Air-Gap'ing is what anybody who cares about security/privacy needs... Backup whithout Air-Gap'ing is not enough. > Cheers > Meino > > > Miroslav Rovis <miro.ro...@croatiafidelis.hr> [17-02-18 14:04]: > > On 170218-12:53+0100, meino.cra...@gmx.de wrote: > > > Johannes Rosenberger <gen...@jorsn.eu> [17-02-18 12:44]: > > > > On 18.02.2017 12:14, meino.cra...@gmx.de wrote: > > ... > > > > > > thanks for all your help! > > > "I am over 30...please help me to gentoo..." > > > ;) > > > Cheers > > > Meino Regards! -- Miroslav Rovis Zagreb, Croatia https://www.CroatiaFidelis.hr signature.asc Description: Digital signature
Re: [gentoo-user] To emerge openbox or gparted...that is the question...(William Tuxpeare)
On 170218-12:53+0100, meino.cra...@gmx.de wrote: > Johannes Rosenberger <gen...@jorsn.eu> [17-02-18 12:44]: > > On 18.02.2017 12:14, meino.cra...@gmx.de wrote: ... > > thanks for all your help! > "I am over 30...please help me to gentoo..." > ;) > Cheers > Meino My God, how old you are!! But there's Metusalahs around here though, for whom you're just a baby. E.g. I'm in my 60th year of life, and I never knew how to use computer (not even Windoze) before I was 40 something! On a more serious note, anybody struggling to use Gentoo should have backups... And I mean system backups. I can tell you my method... The way I back up my system is such that I can revert, but very safely!, to how it all was before I did some experimental installations... It does take me some one to two hours, usually once a week... And in the beginning, when I was learning/discovering how to do it, it used to take longer... Just say if you're interested, as I don't want to push for it unless you are. Regards! -- Miroslav Rovis Zagreb, Croatia https://www.CroatiaFidelis.hr signature.asc Description: Digital signature
Re: [gentoo-user] ffmpeg and libav: a slot conflict
It's not an ffmpeg and libav conflict: # bzcat /usr/share/doc/ffmpeg-3.2.4/libav-merge.txt.bz2 CONTEXT === The FFmpeg project merges all the changes from the Libav project (https://libav.org) since the origin of the fork (around 2011). ... ( and thanks God the feud is over! I know no details of how they reconcilliated or whatever that happened... ) More below. On 170218-13:21+0200, gevisz wrote: ... > I have got the following error message: > > # emerge --update --deep --with-bdeps=y --newuse --backtrack=90 --ask > world --verbose-conflicts --exclude chromium ... This is a conflict btwn two versions of FFmpeg required and scheduled/installed and required by different packages.. ... > (media-video/ffmpeg-2.8.10:0/54.56.56::gentoo, installed) pulled in by ... > (media-video/ffmpeg-3.2.4:0/55.57.57::gentoo, ebuild scheduled for ... See the details now from your own text: > > !!! Multiple package instances within a single package slot have been pulled > !!! into the dependency graph, resulting in a slot conflict: > > media-video/ffmpeg:0 > > (media-video/ffmpeg-2.8.10:0/54.56.56::gentoo, installed) pulled in by > media-video/ffmpeg:0/54.56.56= required by > (media-video/vlc-2.2.4:0/5-8::gentoo, installed) > > >=media-video/ffmpeg-2.7.2:0/54.56.56= required by > (www-client/chromium-55.0.2883.75:0/0::gentoo, installed) > > media-video/ffmpeg:0/54.56.56= required by > (media-plugins/alsa-plugins-1.1.1:0/0::gentoo, installed) > > >=media-video/ffmpeg-2.8:0/54.56.56= required by > (media-video/vlc-2.2.4:0/5-8::gentoo, installed) > > > (media-video/ffmpeg-3.2.4:0/55.57.57::gentoo, ebuild scheduled for > merge) pulled in by > > >=media-video/ffmpeg-3.2:0=[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] > required by (media-plugins/gst-plugins-libav-1.10.3:1.0/1.0::gentoo, > ebuild scheduled for merge) > ^^ ^^ ... This is unrelated: > !!! The following installed packages are masked: > - www-client/opera-12.16_p1860-r1::gentoo (masked by: OPERA-12 license(s)) > A copy of the 'OPERA-12' license is located at > '/usr/portage/licenses/OPERA-12'. ... I don't have a solution for you. Takes someone more experienced yet than me. Just wanted to point to you the above. -- Miroslav Rovis Zagreb, Croatia https://www.CroatiaFidelis.hr signature.asc Description: Digital signature
Re: [gentoo-user] gnunet dependency dnssec-root checksum fail for 7 yrs old IANA XML
On 170217-16:10+0100, Miroslav Rovis wrote: > I just posted in the wiki ... > https://wiki.gentoo.org/wiki/Overlay_Talk:Youbroketheinternet ... > So, fetching packages for the overlay: > http://youbroketheinternet.org/#overlay ... > all went fine, except for one exact file, as witnessed by the log in my > Overlay_Talk:Youbroketheinternet post of today: > ... > >>> Downloading 'http://data.iana.org/root-anchors/root-anchors.xml' > ... > and later: > ... > > /usr/portage/distfiles/root-anchors-20100715.xml._checksum_failure_.wxcel31j > ... ... > Or is it really still that the IANA changed that nearly 7 yrs old file? > > Can anybody: > > 1) alert the gnunet developers about this > > 2) suggest a solution for fixing this issue (w/o which can't emerge > gnunet) There's another file with failed checksum for gnunet: # cat /var/log/emerge-fetch.log >>> Downloading >>> 'http://192.168.2.4/gentoom//distfiles/root-anchors-20100715.xml' >>> Downloading 'http://192.168.2.4/gentoom/distfiles/root-anchors-20100715.xml' >>> Downloading 'http://data.iana.org/root-anchors/root-anchors.xml' !!! Couldn't download 'root-anchors-20100715.xml'. Aborting. >>> Downloading 'http://192.168.2.4/gentoom//distfiles/Kjqmt7v-20100715.csr' >>> Downloading 'http://192.168.2.4/gentoom/distfiles/Kjqmt7v-20100715.csr' >>> Downloading 'http://data.iana.org/root-anchors/Kjqmt7v.csr' !!! Couldn't download 'Kjqmt7v-20100715.csr'. Aborting. * unbound-1.6.0.tar.gz size ;-) ... [ ok ] * Python-3.5.2.tar.xz size ;-) ... [ ok ] * python-gentoo-patches-3.5.2-0.tar.xz size ;-) ... [ ok ] * gnutls-3.5.9.tar.xz size ;-) ... [ ok ] * libmicrohttpd-0.9.52.tar.gz size ;-) ... [ ok ] * automake-1.14.1.tar.xz size ;-) ... [ ok ] # # ls -l /var/log/emerge-fetch.log -rw-rw 1 portage portage 1046 2017-02-17 14:43 /var/log/emerge-fetch.log # ( but I checked and I fetched the packages before 14:35 --it's CET here, and I'm also sure that the emerge-fetch that I posted in the Wiki page was there when I posted it, and which was after 14:35 CET ... ) -- Miroslav Rovis Zagreb, Croatia http://www.CroatiaFidelis.hr signature.asc Description: Digital signature
[gentoo-user] gnunet dependency dnssec-root checksum fail for 7 yrs old IANA XML
I just posted in the wiki, as there is no way for me yet to communicate in the normal internet, not the Schmoog, Stasibook and all the big players' crazy internet... I'm working on it, but not there yet... And for the above reasons [I just posted in] this [wiki]: https://wiki.gentoo.org/wiki/Overlay_Talk:Youbroketheinternet I hope it's pretty clear what the problem is. Ouch!... I have to summarize it here, can't force the readers to go to pages if they don't want to, without a summary first... So, fetching packages for the overlay: http://youbroketheinternet.org/#overlay that I reached to from: https://overlays.gentoo.org/ all went fine, except for one exact file, as witnessed by the log in my Overlay_Talk:Youbroketheinternet post of today: ... >>> Downloading 'http://data.iana.org/root-anchors/root-anchors.xml' ... and later: ... > /usr/portage/distfiles/root-anchors-20100715.xml._checksum_failure_.wxcel31j ... And, as I wrote in that post: > I think that a 7 ys old root-anchors-20100715.xml XML file having been > changed, or me being MiTM'ed, or the developers having got exactly and > only that file's hashes wrong... is pretty interesting here... Because > I thought about getting that file elsewhere, and then I look closely, > and hey: it's the Internet Assigned Numbers Authority themselves > website. They can't be wrong, can they, so what is it: my connection > to them, or the devs' hashes...? Or is it really still that the IANA changed that nearly 7 yrs old file? Can anybody: 1) alert the gnunet developers about this 2) suggest a solution for fixing this issue (w/o which can't emerge gnunet) Regards! -- Miroslav Rovis Zagreb, Croatia http://www.CroatiaFidelis.hr signature.asc Description: Digital signature
Re: [gentoo-user] Bad luck with new installation: Compilation issues (eudev)
On 170213-04:19+0100, meino.cra...@gmx.de wrote: > Miroslav Rovis <miro.ro...@croatiafidelis.hr> [17-02-12 14:03]: ... > > C'mon, give people the link to that bug that you reported, pls.! Thanks! > > Thanks! Thanks! Thanks! Sorry for this. I forgot to delete it, because I saw I was wrong. Wasn't actually going to send it. Sent it eventually by mistake. > > From the first answer in this thread: > > Alexander Openkowski <opn...@googlemail.com> [17-02-05 18:28]: > > Have you seen this thread in the forums? It looks like your problem: > > > > https://forums.gentoo.org/viewtopic-t-1057500-view-previous.html?sid=9c8b57325eef824a0748ec4ca94ac8b1 > > > > Found via a quick google search. Keywords: "eudev 3.2.1 error gentoo". > > No offense, really. But you do not need to wait for an answer if you > > search for yourself. :-) You are right. Sorry! -- Miroslav Rovis Zagreb, Croatia http://www.CroatiaFidelis.hr signature.asc Description: Digital signature
Re: [gentoo-user] GUI-less (non-dbus) virt-manager (to run Tails in Gentoo)
Not about Tails, this message, but yes it is about GUI-less (non-dbus) virt-manager. About its use for installing and running a Tails' relative: Whonix. I made a well-accepted, I believe, push for Whonix to be installable and runnable (actually it maybe already is!) in sans-dbus systems. Pls. if anybody feels passionate enough about Unix heredity staying sound and prosperous, and you feel you can contribute by helping in this thread: Whonix on Gentoo issues https://forums.whonix.org/t/whonix-on-gentoo-issues/3188 then pls. do contribute! There is a poor-eyesight old man that I am useless digression somewhere in one of the first three posts (which I can't remove anymore, old posts are not editable in Whonix forums), and also previous to below all attempts of mine were unsuccessful, so... So maybe if you start from: https://forums.whonix.org/t/whonix-on-gentoo-issues/3188/7 [from] post 7, you will be sufficiently in the clear what the issue is. And on a sidenote on this thread that you're reading. I probably need to re-evaluate the current status of no-dbus virt-manager using virt-viewer as GUI, with the last night update of Gentoo installtion of mine (always such a pleasure). Pls. contribute if you are familiar with Whonix and the issues there! I've top posted this, because it regards the entire thread, not this particular email below. On 170114-22:53+0100, Miroslav Rovis wrote: > More errata. > > On 170114-13:06+0100, Miroslav Rovis wrote: ... > > If anybody is interested, I attach the install log: > > > > app-emulation_virt-viewer-5.0-r1_20170113-164725.log.gz > > (that's from /var/log/portage, just I replaced the : with _) > > > > where it's easy to spot lines like: > > > > virt-viewer-app.h:47:5: error: unknown type name 'GtkApplicationClass' > > > > because the new API is missing in GTK2. And the package virt-viewer cannot > > possibly compile. > > > you can read in the changelog of the source of virt-viewer-5.0, if you > unpack the virt-viewer-5.0.tar.gz, these lines: > > /usr/portage/distfiles/virt-viewer-5.0.tar.gz > > virt-viewer-5.0/ChangeLog : > > [...] > > 2016-02-15 Fabiano Fidêncio <fiden...@redhat.com> > > Drop support to gtk2 > The 3.0 release was the last one that still supports GTK2. For the > Windows builds the support to GTK2 was dropped in the previous release. > Let's do the same for the entire project now. > > 2016-02-15 Pavel Grunt <pgr...@redhat.com> > > display: Use correct variable name > Fix gtk2 build > > [...] > ... Regards! -- Miroslav Rovis Zagreb, Croatia http://www.CroatiaFidelis.hr signature.asc Description: Digital signature
Re: [gentoo-user] Bad luck with new installation: Compilation issues (eudev)
On 170207-01:11+0100, meino.cra...@gmx.de wrote: > Hi Alexander, > > it was documente in a bugreport by someone else. > I did exactle the same. Great, no everybody interested use the search engine, or maybe browse all the thousands of bugs if you want to know which bug Meino reported it in... C'mon, give people the link to that bug that you reported, pls.! Thanks! Thanks! Thanks! Thanks! -- Miroslav Rovis Zagreb, Croatia http://www.CroatiaFidelis.hr signature.asc Description: Digital signature
Re: [gentoo-user] Bad luck with new installation: Compilation issues (eudev)
On 170205-18:37+0100, meino.cra...@gmx.de wrote: > Hi Alexander, > > thanks for the link! > > Had found the culprit myself and fixed it with > a user patch... And which program/other entity/process/whatever was the culprit? The purpose of the mailing list is also reference for later search for someone possibly having an issue like yours. Some people may consider it rude to keep the solution for yourself instead of sharing it with others. > Cheers > Meino > > > > Alexander Openkowski <opn...@googlemail.com> [17-02-05 18:28]: > > Have you seen this thread in the forums? It looks like your problem: > > > > https://forums.gentoo.org/viewtopic-t-1057500-view-previous.html?sid=9c8b57325eef824a0748ec4ca94ac8b1 > > > > Found via a quick google search. Keywords: "eudev 3.2.1 error gentoo". > > No offense, really. But you do not need to wait for an answer if you > > search for yourself. :-) > > > > On 02/05/2017 03:08 PM, meino.cra...@gmx.de wrote: > > > Hi, > > > > > > I am still compiling my new root... > > > > > > After some of the rebuild/sinc/revdep/ cycles I got this while trying > > > to update sys-fs/eudev > > > > > > (ACCEPT_KEYWORDS is set to ~amd64 globally right before any > > > compilations) > > > > > > /var/tmp/portage/sys-fs/eudev-3.2.1/work/eudev-3.2.1/src/udev/udev-builtin-keyboard.c:31:26: > > > note: previous declaration of 'keyboard_lookup_key' was here > > > static const struct key *keyboard_lookup_key(const char *str, unsigned > > > len); > > > ^ > > > x86_64-pc-linux-gnu-gcc -DHAVE_CONFIG_H -I. > > > -I/var/tmp/portage/sys-fs/eudev-3.2.1/work/eudev-3.2.1/src/udev -I../.. > > > -include ../../config.h -DROOTPREFIX=\"\" > > > -DUDEV_HWDB_DIR=\"/etc/udev/hwdb.d\" > > > -DUDEV_HWDB_BIN=\"/etc/udev/hwdb.bin\" -DUDEV_CONF_DIR=\"/etc/udev\" > > > -DUDEV_ROOT_RUN=\"/run\" -DUDEV_RULES_DIR=\"/lib/udev/rules.d\" > > > -DUDEV_LIBEXEC_DIR=\"/lib/udev\" -DUDEV_VERSION=\"220\" -I > > > /var/tmp/portage/sys-fs/eudev-3.2.1/work/eudev-3.2.1/src/shared -I > > > /var/tmp/portage/sys-fs/eudev-3.2.1/work/eudev-3.2.1/src/libudev -I > > > ../../src/udev -march=native -msse -msse2 -msse3 -O2 -pipe -c -o > > > udevadm-monitor.o > > > /var/tmp/portage/sys-fs/eudev-3.2.1/work/eudev-3.2.1/src/udev/udevadm-monitor.c > > > make[4]: *** [Makefile:813: libudev_core_la-udev-builtin-keyboard.lo] > > > Error 1 > > > make[4]: *** Waiting for unfinished jobs > > > make[4]: Leaving directory > > > '/var/tmp/portage/sys-fs/eudev-3.2.1/work/eudev-3.2.1-abi_x86_64.amd64/src/udev' > > > make[3]: *** [Makefile:500: all] Error 2 > > > make[3]: Leaving directory > > > '/var/tmp/portage/sys-fs/eudev-3.2.1/work/eudev-3.2.1-abi_x86_64.amd64/src/udev' > > > make[2]: *** [Makefile:394: all-recursive] Error 1 > > > make[2]: Leaving directory > > > '/var/tmp/portage/sys-fs/eudev-3.2.1/work/eudev-3.2.1-abi_x86_64.amd64/src' > > > make[1]: *** [Makefile:446: all-recursive] Error 1 > > > make[1]: Leaving directory > > > '/var/tmp/portage/sys-fs/eudev-3.2.1/work/eudev-3.2.1-abi_x86_64.amd64' > > > make: *** [Makefile:378: all] Error 2 > > > * ERROR: sys-fs/eudev-3.2.1::gentoo failed (compile phase): > > > * emake failed > > > * > > > * If you need support, post the output of `emerge --info > > > '=sys-fs/eudev-3.2.1::gentoo'`, > > > * the complete build log and the output of `emerge -pqv > > > '=sys-fs/eudev-3.2.1::gentoo'`. > > > * The complete build log is located at > > > '/var/tmp/portage/sys-fs/eudev-3.2.1/temp/build.log'. > > > * The ebuild environment file is located at > > > '/var/tmp/portage/sys-fs/eudev-3.2.1/temp/environment'. > > > * Working directory: > > > '/var/tmp/portage/sys-fs/eudev-3.2.1/work/eudev-3.2.1-abi_x86_64.amd64' > > > * S: '/var/tmp/portage/sys-fs/eudev-3.2.1/work/eudev-3.2.1' > > > > > >>>> Failed to emerge sys-fs/eudev-3.2.1, Log file: > > > > > > eix eudev shows: > > > solfire ~ # eix sys-fs/eudev > > > [U] sys-fs/eudev > > > Available versions: 1.9-r2 1.10-r2 3.1.2 3.1.5 (~)3.2 (~)3.2.1 > > > **4. ** {+blkid doc efi gudev +hwdb introspection +keymap +kmod > > > +modutils +openrc (+)rule-generator selinux smack static-libs test > &
Re: [gentoo-user] Again emerge represents a wise koan
On 170128-09:27+, J. Roeleveld wrote: > >Hyour mirror and a new sysnc doe snot fix the > >problem...strange... > > > >Meino > > Try a webrsync? > -- The only way in gentoo, to be sure that what you get is what you asked for, from your mirror, without MiTM of any kind, is the webrsync, because the Releng Team PGP-signs those portage snapshots. The link to webrsync must be in the Portage/Sync (or so) link already given in some previous emails. git would really really be great, but if you can't be sure about what you get, no, thanks! The Gentoo devs were unable/unwilling to solve that intricate verifiability issue... -- Miroslav Rovis Zagreb, Croatia http://www.CroatiaFidelis.hr signature.asc Description: Digital signature
Re: [gentoo-user] trouble updating texlive
On 170123-16:25+0100, Arve Barsnes wrote: > On 23 January 2017 at 16:17, Miroslav Rovis <miro.ro...@croatiafidelis.hr> > wrote: > > > Only quick ideas (as I have bigger issues for solving before me)... if > > anyone knows? [[ The latest line that I'm writing is this one just below here: ]] > > Quick fix for me was to just unmerge texlive-basic before running emerge, > but you could also try adding --backtrack=30 to the emerge command and see > if portage figures out the block on its own. And I added it. No, no meaningful extra information in the log than already posted in the previous email. Just done also adding --backtrack=100... And I don't see any meaningful extra information in that one either, but I'm attaching it gzipped: emerge-tuDN_world_backtrack100_1485186916.gz DETACHING IT! Not there! It's even hard to see what the differences are... And I do have much worse issues than this trifle... for which, if there's no quick fix, I prefer to wait till it's fixed... [[ No, these below are the latest lines: ]] I had to emerge -C these: texlive-basic app-doc/pms dev-texlive-latex and now all is being emerged hopefully fine. Of course, I'll re-emerge those, if they are not emerged automatically, and run emerge --depclean . I don't have inconsistency in my Air-Gapped... But, boy! Do I have sometimes, not always, idiotic inconsistency in my online clone! You wouldn't believe it, but that the being openened to the often dirty and bad, which the internet is, if it is not being targeted... I decided to, before I send this reply, wait to see... texlive-core just installed fine, so this issue is likely solved for me... @Arve: Thanks for the tip! -- Miroslav Rovis Zagreb, Croatia http://www.CroatiaFidelis.hr signature.asc Description: Digital signature
[gentoo-user] trouble updating texlive
# emerge -atuDN world These are the packages that would be merged, in reverse order: Calculating dependencies . ... done! [nomerge ] app-doc/pms-6_p20151113::gentoo USE="html -binary" [ebuild U ] dev-texlive/texlive-latexextra-2016::gentoo [2015-r1::gentoo] USE="-doc -source" 12,041 KiB [ebuild U ] dev-texlive/texlive-bibtexextra-2016::gentoo [2015::gentoo] USE="-doc -source" 1,656 KiB [ebuild U ] dev-texlive/texlive-latexrecommended-2016::gentoo [2015-r1::gentoo] USE="-doc -source" 12,729 KiB [ebuild U ] dev-texlive/texlive-latex-2016::gentoo [2015::gentoo] USE="-doc -source" 861 KiB [nomerge ] app-doc/pms-6_p20151113::gentoo USE="html -binary" [nomerge ] dev-texlive/texlive-science-2015::gentoo USE="-doc -source" [ebuild U ] dev-texlive/texlive-pstricks-2016::gentoo [2015::gentoo] USE="-doc -source" 25,619 KiB [nomerge ] app-doc/pms-6_p20151113::gentoo USE="html -binary" [nomerge ] dev-tex/tex4ht-20090611_p1038-r4::gentoo USE="-java" [nomerge ] virtual/latex-base-1.0::gentoo [ebuild U ]dev-texlive/texlive-fontutils-2016::gentoo [2015::gentoo] USE="-doc -source" 208 KiB [nomerge ] app-doc/pms-6_p20151113::gentoo USE="html -binary" [nomerge ] dev-tex/leaflet-20041222::gentoo [ebuild U ] dev-texlive/texlive-fontsrecommended-2016::gentoo [2015::gentoo] USE="-doc -source" 90,668 KiB [nomerge ] dev-texlive/texlive-latexextra-2016::gentoo [2015-r1::gentoo] USE="-doc -source" [ebuild U ] dev-texlive/texlive-pictures-2016::gentoo [2015-r2::gentoo] USE="-doc -source" 3,398 KiB [nomerge ] dev-texlive/texlive-latexextra-2016::gentoo [2015-r1::gentoo] USE="-doc -source" [nomerge ] dev-texlive/texlive-fontsrecommended-2016::gentoo [2015::gentoo] USE="-doc -source" [ebuild U ] dev-texlive/texlive-genericrecommended-2016::gentoo [2015::gentoo] USE="-doc -source" 223 KiB [ebuild U ]dev-texlive/texlive-basic-2016::gentoo [2015::gentoo] USE="luajittex -doc -source" 4,723 KiB [ebuild U ] app-text/texlive-core-2016::gentoo [2015-r1::gentoo] USE="X luajittex xetex -cjk -doc -source -tk" 10,305 KiB [blocks B ] =dev-texlive/texlive-basic-2016 required by (dev-texlive/texlive-pstricks-2016:0/0::gentoo, ebuild scheduled for merge) >=dev-texlive/texlive-basic-2016 required by (dev-texlive/texlive-fontsrecommended-2016:0/0::gentoo, ebuild scheduled for merge) >=dev-texlive/texlive-basic-2016 required by (dev-texlive/texlive-pictures-2016:0/0::gentoo, ebuild scheduled for merge) >=dev-texlive/texlive-basic-2016 required by (dev-texlive/texlive-fontutils-2016:0/0::gentoo, ebuild scheduled for merge) >=dev-texlive/texlive-basic-2016 required by (dev-texlive/texlive-genericrecommended-2016:0/0::gentoo, ebuild scheduled for merge) >=dev-texlive/texlive-basic-2016 required by (dev-texlive/texlive-latex-2016:0/0::gentoo, ebuild scheduled for merge) (dev-texlive/texlive-latex-2016:0/0::gentoo, ebuild scheduled for merge) pulled in by dev-texlive/texlive-latex required by (dev-tex/xcolor-2.11:0/0::gentoo, installed) >=dev-texlive/texlive-latex-2015 required by (dev-texlive/texlive-science-2015:0/0::gentoo, installed) >=dev-texlive/texlive-latex-2016 required by (dev-texlive/texlive-latexrecommended-2016:0/0::gentoo, ebuild scheduled for merge) dev-texlive/texlive-latex required by (app-doc/pms-6_p20151113:0/0::gentoo, installed) >=dev-texlive/texlive-latex-2016 required by (dev-texlive/texlive-bibtexextra-2016:0/0::gentoo, ebuild scheduled for merge) For more information about Blocked Packages, please refer to the following section of the Gentoo Linux x86 Handbook (architecture is irrelevant): https://wiki.gentoo.org/wiki/Handbook:X86/Working/Portage#Blocked_packages # I haven't sync and updated in maybe 6 days, and I've updated everything else, just the texlive, as you can see above, cannot be updated. In case it wouldn't show fine, I'm also attaching it gzipped: emerge-tuDN_world_1485181984.gz Only quick ideas (as I have bigger issues for solving before me)... if anyone knows? -- Miroslav Rovis Zagreb, Croatia http://www.CroatiaFidelis.hr emerge-tuDN_world_1485181984.gz Description: Binary data signature.asc Description: Digital signature
Re: [gentoo-user] Configuring Firefox for more privacy - an attempt (results)
On 170115-14:23+0100, meino.cra...@gmx.de wrote: > Hi, > > while trying to setup a better environment for online banking, > I wanted to make my daily Linux environment also more secure (in the > sense of keeping my digital footprint as small as possible). > > I read some informations on the internet. > Conclusion: Its more private to hide in the mass as > to be the only one, who is able to keep all information > off the internet -- which is remarkable unique -- > you are putting a label with your name right onto > your fronthead just before entering the digital world > of surveillance. > > I did not tried to do the same with PaleMoon which > I did with Firefox since the amount of compatible plugins/extensions > for PaleMoon is quite small and I still cant use NoScript with PaleMoon. True, quite small, still. And growing slowly. But just wait to learn more... > Two sites I found on the internet, which are quite handy to > check what the current browser is submitting: > > https://panopticlick.eff.org/ > and for more detailed results: Didn't know about the this one: > https://anonymous-proxy-servers.net/en/help/security_test.html > (the presented results on that page are examples. Click > "Check it!" on the upper right corner of that page. If a > authetication dialog pops up, click it away and click > "Start test" on the page.) > > The results of the modification and addons I added > are shown in the attached images. > > I removed the informations of my ISP and IP-address. > > If there is an interest of what I did I would be happy > to describe it...but there is a problem of the memory > footprint... I don't understand what you mean by the "problem of the memory footprint". I've limited time to delve into this issue, but I suggested to you that you "just wait to learn more". Here's a post in reply to my long standing query, which is just abounding with information I'm sure you'll find you don't want to miss: Tracking protection and NSS SSL secrets logging (two security questions)? https://forum.palemoon.org/viewtopic.php?f=26=12544=103747#p103695 Just two of the links (they're really several links there, most all relevant, none mentioned yet in gentoo-user ML, and I've been reading/skimming pretty much faithfully)... [Just two of the links] (that may even be linked from some of the links therefrom), first: http://www.ghacks.net/2017/01/05/browser-autofill-data-may-be-phished/ (yes, it's kind of a referred link, it's from: Autofill vulnerability https://forum.palemoon.org/viewtopic.php?f=4=14425 ) And second... Which is also something related to memory, but it's not about memory footprint that is not clear what you mean above. Latest Tor Browser Exploit Shows Firefox's Urgent Need To Increase Security http://www.tomshardware.com/news/tor-browser-firefox-security-defenses,33117.html which somebody should tell the author that it's not "user-after-free", the bug, but the bug is "use-after-free" bug. Just the kind of bug that was strongly suspected, either that or some race condition, by probably the top world expert on security in this Gentoo bug: =sys-kernel/hardened-sources-4.7.6: Kernel panic when starting KVM guests https://bugs.gentoo.org/show_bug.cgi?id=597554#c16 (in the end it appears to me, the bug shows how virtualization people want unfettered use of sysfs pseudo filesystem... Be sure to read also why sysfs should not protected: https://en.wikibooks.org/wiki/Grsecurity/Appendix/Grsecurity_and_PaX_Configuration_Options#Sysfs.2Fdebugfs_restriction Good luck with anonimity using virt stuff!... To myself I wish good luck too, because I have no option either... ) I remember you said you had Secret Agent Spoofer[1] addon installed in Palemoon. I'm checking the traces (which is arduous and very time-consuming work), as it appears that one was _the_ bad addon, to me. And it might be what spoofed you from Palemoon... I can say that I was finally able to log into Palemoon forums (I posted in the link "...NSS SSL..." above) right after I removed that addon, and also I was able to subscribe right away to: https://lists.gnu.org/mailman/listinfo/bug-wget which I had tried quite a few times previously, with Secret Agent Spoofer installed, to no avail. Took me long time to write this... Pls. see if I needed to correct, esp. any links, in the possible errata follow-ups of mine, sooner, or not-too-soon. Regards! -- [1] You wrote in Message-ID: <20170109163721.GB4970@solfire>: > Furthermore I installed SecretAgent, Encrypted web (replacement for > HTTPsEverywhere), Decentraleyes, CrushThoseCookies, CleanLinks and > Adblock Latitude (or: https://lists.gt.net/gentoo/user/321711#321711 ), where "SecretAgent" can only stand for Secret Agent Spoofer. -- Miroslav Rovis Zagreb, Croatia http://www.CroatiaFidelis.hr signature.asc Description: Digital signature
Re: [gentoo-user] GUI-less (non-dbus) virt-manager (to run Tails in Gentoo)
More errata. On 170114-13:06+0100, Miroslav Rovis wrote: > On 170113-23:50+0100, Miroslav Rovis wrote: ... > > The (gzip'ed) virt-viewer-5.0-r1.ebuild is included for completeness, and to > demonstrate the issue awaiting Gentoo, and any other distro with a > non-poetterware offer, in the future. > > I patched it by placing the patch: ( in the slightly wrong way, because it would try to patch that 3.1-r1 version, not just the 5.0-r1 version ) > gtk+-2_revert.patch > > like this: > > # ls -lRa /etc/portage/patches/app-emulation/ > /etc/portage/patches/app-emulation/: > total 12 > drwxr-xr-x 3 portage portage 4096 2017-01-13 10:24 . > drwxr-xr-x 7 portage portage 4096 2017-01-13 10:24 .. > drwxr-xr-x 2 portage portage 4096 2017-01-14 09:21 virt-viewer > > /etc/portage/patches/app-emulation/virt-viewer: > total 20 > drwxr-xr-x 2 portage portage 4096 2017-01-14 09:21 . > drwxr-xr-x 3 portage portage 4096 2017-01-13 10:24 .. > -rw-r--r-- 1 portage portage 12189 2017-01-13 17:33 gtk+-2_revert.patch > # The right way is (with the same patch): # ls -lRa /etc/portage/patches/app-emulation/ /etc/portage/patches/app-emulation/: total 12 drwxr-xr-x 3 portage portage 4096 2017-01-13 10:24 . drwxr-xr-x 7 portage portage 4096 2017-01-13 10:24 .. drwxr-xr-x 2 portage portage 4096 2017-01-14 09:21 virt-viewer /etc/portage/patches/app-emulation/virt-viewer-5.0: total 20 drwxr-xr-x 2 portage portage 4096 2017-01-14 09:21 . drwxr-xr-x 3 portage portage 4096 2017-01-13 10:24 .. -rw-r--r-- 1 portage portage 12189 2017-01-13 17:33 gtk+-2_revert.patch # where notice the change in this line: /etc/portage/patches/app-emulation/virt-viewer-5.0: ^ ^ ^ ^ ^ ^ ^ ^ and that does not try to patch 3.1-r1 ... And with regard to this: > but it was still to no avail, because they are starting to implement the new > API of GTK3, and the GTK2, which in Gentoo and in some other distros is kept > so dbus is not a dependency, don't have those new calls, functions et cetera. > > If anybody is interested, I attach the install log: > > app-emulation_virt-viewer-5.0-r1_20170113-164725.log.gz > (that's from /var/log/portage, just I replaced the : with _) > > where it's easy to spot lines like: > > virt-viewer-app.h:47:5: error: unknown type name 'GtkApplicationClass' > > because the new API is missing in GTK2. And the package virt-viewer cannot > possibly compile. > you can read in the changelog of the source of virt-viewer-5.0, if you unpack the virt-viewer-5.0.tar.gz, these lines: /usr/portage/distfiles/virt-viewer-5.0.tar.gz virt-viewer-5.0/ChangeLog : [...] 2016-02-15 Fabiano Fidêncio <fiden...@redhat.com> Drop support to gtk2 The 3.0 release was the last one that still supports GTK2. For the Windows builds the support to GTK2 was dropped in the previous release. Let's do the same for the entire project now. 2016-02-15 Pavel Grunt <pgr...@redhat.com> display: Use correct variable name Fix gtk2 build [...] All that means more work for our developers, since I don't believe that the dbus useflag would be invalidated to impose dbus on Gentoo users, and if anybody knows that GTK3 might ever in the future drop dependency to dbus, pls. do tell us! Otherwise, I was able to follow my tip "GUI-less (non-dbus) virt-manager (to run Tails in Gentoo)" and the attachments thereof to install all correctly in my Air-Gapped. But I want to try and install Tails into, and later run it form, either real or virtual USB storage, and of course, with persistent volume available, which will all take me more familiarizing with all these virtualization tools and ways. The problem is, and it's my grsecurity hardened kernel that's logging it in my syslog, the installed virtual machine tails domain keeps trying to connect to, I guess tor nodes, by inexistent, or fake should I say, subjects, have a look (it's verbose, but it's complete information about this segment, along with the information that it is what has been happening consistently for all these hours since the installation, of course, the IP addresses of the presumed nodes varying all the time as well): Jan 14 21:30:01 g0n kernel: [358997.592199] grsec: (root:U:/) exec of /usr/bin/find (find /var/spool/cron/lastrun -name cron.daily -cmin +1445 -exec rm {} ; ) by /usr/bin/find[run-crons:22618] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/run-crons[run-crons:22614] uid/euid:0/0 gid/egid:0/0 [721 lines cut] Jan 14 21:30:44 g0n kernel: [359041.239800] grsec: (miro:U:/) denied connect() to 81.7.16.59 port 443 sock type stream protocol tcp by /var/tmp/portage/app-emulation/qemu-2.8.0/image/usr/bin/qemu-system-x86_64[CPU 0/KVM:5447] uid/euid:1000/1000 gid/egid:1000/1000, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 Jan 14 21:31:49 g0n ker
Re: [gentoo-user] GUI-less (non-dbus) virt-manager (to run Tails in Gentoo)
One attachment missing... On 170114-13:06+0100, Miroslav Rovis wrote: > On 170113-23:50+0100, Miroslav Rovis wrote: > > I made it! ... > /etc/portage/patches/app-emulation/virt-viewer: > total 20 > drwxr-xr-x 2 portage portage 4096 2017-01-14 09:21 . > drwxr-xr-x 3 portage portage 4096 2017-01-13 10:24 .. > -rw-r--r-- 1 portage portage 12189 2017-01-13 17:33 gtk+-2_revert.patch > # As you can see, I posted the patch, albeit pertaining to the unsuccessful install, posted just as demo of more troubles ahead with the opaque dbus thing in GTK3... But I forgot to post the ebuild with which the patch does the utmost possible with the GTK2 setup: virt-viewer-5.0-r1.ebuild.gz Just for completeness, as I said. ... > I will next check this in my Air-Gapped, and post errata if any in the next > email to this, in slow time. Still more might be pending. If not, the confirmation when I install it in Air-Gapped. -- Miroslav Rovis Zagreb, Croatia http://www.CroatiaFidelis.hr virt-viewer-5.0-r1.ebuild.gz Description: Binary data signature.asc Description: Digital signature
Re: [gentoo-user] GUI-less (non-dbus) virt-manager (to run Tails in Gentoo)
On 170113-23:50+0100, Miroslav Rovis wrote: > I made it! > > See: > http://www.croatiafidelis.hr/foss/cap/cap-170113_tails/ > or open: > $ \ > http://www.croatiafidelis.hr/foss/cap/cap-170113_tails/Screen_170113_2102_g0n_1.webm > > (and also Screen_170113_2102_g0n_2.webm and Screen_170113_2102_g0n_3.webm ) > Just the end result of how it worked, you can see at, not much there, at this time. > But there are stories to tell, along with patches to share, and a place > for a nice bug report, coming. > Main story, or tip, that I hope might be useful to others, in this email. --- This was the successful command that started the domain "tails" (pls. note that I will be converting any commands in this email to fit withing 72 char lines, but they were without those "\" at end, and were one long line each; I'll also be wrapping pastes such as from /var/log/messages): [So this was the successful command that started the domain "tails"]: $ virt-install --name tails --disk tails.img --graphics spice --memory 1024 \ --cdrom tails-i386-2.9.1.iso --livecd --debug |& tee \ virt-install_$(date +%y%m%d_%H%M)_g0n Also note that the |& tee virt-install_$(date +%y%m%d_%H%M)_g0n is not needed, but allows me to reconstruct the procedure, to find it in the logs, and of course that redirection (along with the --debug of course) produced the debugging log named: virt-install_170113_0701_g0n (find it gunzip'ed in the attachment) However, that command didn't start any GUI, since the no-dbus virt-manager has no GUI whatsoever. But, as you can see from that log virt-install_170113_0701_g0n: [Fri, 13 Jan 2017 07:01:37 virt-install 5357] DEBUG (virt-install:732) Domain state after install: 1 was there made notice of in bottom, and I take it that it means the domain was created and started. And it also gave advice as to what can be done about it (on a previous line): [Fri, 13 Jan 2017 07:01:36 virt-install 5357] WARNING (cli:487) Unable to connect to graphical console: virt-viewer not installed. Please install the 'virt-viewer' package. Which I went about installing, which wasn't easy at all, as you can read below. During all those 14 hours the VM was running, pretty quietly, it didn't leave much in the logs... During most of which time thereof I made many unsuccessful attempts at installing virt-viewer, and eventually I made it to install it, and ran: $ virt-viewer tails which shows in the syslog as: Jan 13 21:02:53 g0n kernel: [270966.343875] grsec: exec of /usr/bin/virt-viewer (virt-viewer tails ) by /usr/bin/virt-viewer[bash:30436] uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/bash[bash:19756] uid/euid:1000/1000 gid/egid:1000/1000 which is what you can see the screencasts of at: http://www.croatiafidelis.hr/foss/cap/cap-170113_tails/ (the link already given above) To be honest, it's not at all so easy to track down exactly how I did it. But there are a few reasons why I want to do it, the most important being, that I need to replicate the entire procedure, patches and all, because I completed this installation in my clone machine, which I also use for test-installs like this, but the more permanent install I want to do in Air-Gapped [1] machine, which never goes online, and which installation I can then clone [2] onto this contacting-with-the-dangerous-and-dirty-internet machine (and other machines of mine sometimes). Air-Gapping is complex of course, yes, but it so clean and peaceful. Especially the updating the Air-Gapped from my local Gentoo mirror with the portage snapshots signed by the Releng Team. My Air-Gapped is pretty reliably non-compromised, or at least has been, and continues to be, very difficult to compromise. And there'll be some strange things to show from this clone, introduced wih this installation, which don't let me calm and peaceful, there will be! Another reason which looke very important to me when I was getting confused if no-dbus gtk2 virt-manager, along with virt-viewer, was at all possible, is, I even thought for those hard long hours that it looked impossible, that already the time was running out to fix it for everybody, from older packages that would work... Because there really ended up being no way that I could do it, pls. look it up: https://packages.gentoo.org/packages/app-emulation/virt-viewer with, say, what is currently in testing: https://gitweb.gentoo.org/repo/gentoo.git/tree/app-emulation/virt-viewer/virt-viewer-5.0.ebuild While I tried patching quite a few files in the virt-viewer-5.0 source, it could never anymore be done without making gtk+-2.0 into more of a gtk+-3.0 just without the dbus dependency, which I am not apt to accomplishing. Instead, I had to bump into my local portage repo this one: https://gitweb.gentoo.org/repo/gentoo.git/tree/app-emulation/virt-viewer/virt-viewer-3.1.ebuild (of course for both of those --and other packages that I needed to patch--,
Re: [gentoo-user] tor browser also anti-fingerprinting
On 170114-07:34+0100, meino.cra...@gmx.de wrote: > Miroslav Rovis <miro.ro...@croatiafidelis.hr> [17-01-14 03:36]: > > On 170113-18:01+0100, meino.cra...@gmx.de wrote: > > > Adam Carter <adamcart...@gmail.com> [17-01-13 02:51]: > > > > I said in a recent thread that tor was an ip obfuscation tool, but also > > > > "Tor > > > > Browser normalizes many browser outputs to mitigate existing browser > > > > fingerprinting," according to; > > > > > > > > https://www.bleepingcomputer.com/news/security/new-fingerprinting-techniques-identify-users-across-different-browsers-on-the-same-pc/ > > > > Great new research! Thanks! This will be linked all over the internet, > > for a few more months from now, till newser research comes along! > > > > > > > > Hi Adam, > > > > > > would it possible to re-configure a Tor-Browser to use the "normal > > > web" instead of the tor-network? > > > > > I see you asked Adam, but this is trivial. Tor-Browser is just Firefox, > > modified and improved in some ways. > > > > -- > > Miroslav Rovis > > Zagreb, Croatia > > http://www.CroatiaFidelis.hr > > > Hi Miroslav, > > You have checked that yourself? ;) No, I didn't, no time, I have other issues that occuply all my time, see the concurrent thread in this ML: GUI-less (non-dbus) virt-manager (to run Tails in Gentoo) But maybe Adam will, as he sent a mail to that effect, before this email of yours... > ok...becaused I tried and failed: how can I revert "modified and > improved in some ways" to get back to "normal internet" and keep > the other improvements... > > For example: Starting the torbrowser connect to the Tor-network before > the browser itsself is visible...where is that implemented? > (I dont want to dig into the source of the TB...) > > Cheers > Meino > > > -- Miroslav Rovis Zagreb, Croatia http://www.CroatiaFidelis.hr signature.asc Description: Digital signature
Re: [gentoo-user] GUI-less (non-dbus) virt-manager (to run Tails in Gentoo)
I made it! See: http://www.croatiafidelis.hr/foss/cap/cap-170113_tails/ or open: $ \ http://www.croatiafidelis.hr/foss/cap/cap-170113_tails/Screen_170113_2102_g0n_1.webm (and also Screen_170113_2102_g0n_2.webm and Screen_170113_2102_g0n_3.webm ) But there are stories to tell, along with patches to share, and a place for a nice bug report, coming. ( only when it's short info, and clear from the title what it's about, do I top post ) On 170111-21:55+0100, Miroslav Rovis wrote: > Hi! > > This is my installation of the package virt-manager: > > # equery l virt-manager > * Searching for virt-manager ... > [IP-] [ ] app-emulation/virt-manager-1.4.0-r2:0 > # > > # emerge -pv virt-manager > > These are the packages that would be merged, in order: > > Calculating dependencies ... done! > [ebuild R] app-emulation/virt-manager-1.4.0-r2::gentoo USE="sasl -debug > -gnome-keyring -gtk -policykit" LINGUAS="-as -bg -bn_IN -bs -ca -cmn -cs -da > -de -en_GB -es -fi -fr -gu -hi -hr -hu -is -it -ja -kn -ko -ml -mr -ms -nb -nl > -or -pa -pl -pt -pt_BR -ro -ru -sk -sr -sr@latin -sv -ta -te -tr -uk -vi > -zh_CN -zh_TW" PYTHON_TARGETS="python2_7" 0 KiB > > Total: 1 package (1 reinstall), Size of downloads: 0 KiB > # > > Also gunzip the equery_f_virt-manager.txt.gz for the list of files, of which I > present only those that I will, apparently, have to try and use, once my > initial query is cleared: > > /usr/bin/virt-clone > /usr/bin/virt-convert > /usr/bin/virt-install > /usr/bin/virt-xml > > While at the list of files, pls. notice that there is no executable named > 'virt-manager' in my system's virt-manager install: > > # grep -E '\/?bin\/virt-manager' equery_f_virt-manager.txt > # > > or: > > # grep 'virt-manager$' equery_f_virt-manager.txt > # > > both return empty. > > If I try sticking: > echo "app-emulation/virt-manager gtk" >> > /etc/portage/package.use/package.use.file > > hopeful to get the GUI, then: > > # emerge -pv virt-manager > > These are the packages that would be merged, in order: > > Calculating dependencies ... done! > > !!! All ebuilds that could satisfy "x11-libs/gtk+:3[introspection]" have been > masked. > !!! One of the following masked packages is required to complete your request: > - x11-libs/gtk+-3.22.5::gentoo (masked by: package.mask) > /etc/portage/package.mask/package.mask.file: > #media-video/libav > #gnome-base/gconf > > - x11-libs/gtk+-3.22.4::gentoo (masked by: package.mask) > - x11-libs/gtk+-3.20.9::gentoo (masked by: package.mask) > - x11-libs/gtk+-3.18.9::gentoo (masked by: package.mask) > - x11-libs/gtk+-3.16.7::gentoo (masked by: package.mask, missing keyword) > > (dependency required by "app-emulation/virt-manager-1.4.0-r2::gentoo[gtk]" > [ebuild]) > (dependency required by "virt-manager" [argument]) > For more information, see the MASKED PACKAGES section in the emerge > man page or refer to the Gentoo Handbook. > > # > > And that is a story that I have met many times with many packages, and, in > short, it hasn't ever been possible to solve it because in my > security-oriented no-frills true-unix only system I have "-dbus" among other > useflags: > > # grep -B3 -A6 '\-dbus' /etc/portage/make.conf > # These are the USE flags that were used in addition to what is provided by > the > # profile used for building. > USE="a52 alsa apache2 audit bash-completion berkdb bzip2 caps cdr crypt \ >cscope css -dbus dri dvb dvdr fam ffmpeg fontconfig gdbm \ >-geoip gif git -gnome gnutls gpm gstreamer gzip hardened \ >imagemagick -introspection jack jpeg jpeg2k -kde lame libcaca -libav \ >mad maildir mhash mng mplayer ncurses nls ogg opengl -pam png > -policykit \ >readline sasl sdl -selinux -systemd sysvipc smp sound sox sqlite > sqlite3 \ >ssl subversion svg tiff truetype -udev unicode v4l vim-syntax vorbis \ >X x264 xattr xine xv xvid zlib -pulseaudio" > > ( > A sidenote: notice what is banned with the '-' prefix. It's an > non-poetterware [1], true-unix only system, and the 'hardened' useflag is of > course for grsecurity-based hardened system, not for NSA Linux based. Oh > sorry, I meant SELinux, but NSA, at the turn of the millenium, created SELinux > just as, say, Mozilla, back in the Netscape days, created Javascript. So it > should be called that, shouldn't it? > ) > > So I guess, to get Tails installed, the way I will need to follow: > > https://tails.boum.org/doc/advanced_topics/virtualization/virt-manager/i
Re: [gentoo-user] tor browser also anti-fingerprinting
On 170113-18:01+0100, meino.cra...@gmx.de wrote: > Adam Carter <adamcart...@gmail.com> [17-01-13 02:51]: > > I said in a recent thread that tor was an ip obfuscation tool, but also "Tor > > Browser normalizes many browser outputs to mitigate existing browser > > fingerprinting," according to; > > > > https://www.bleepingcomputer.com/news/security/new-fingerprinting-techniques-identify-users-across-different-browsers-on-the-same-pc/ Great new research! Thanks! This will be linked all over the internet, for a few more months from now, till newser research comes along! > > Hi Adam, > > would it possible to re-configure a Tor-Browser to use the "normal > web" instead of the tor-network? > I see you asked Adam, but this is trivial. Tor-Browser is just Firefox, modified and improved in some ways. -- Miroslav Rovis Zagreb, Croatia http://www.CroatiaFidelis.hr signature.asc Description: Digital signature
Re: [gentoo-user] wget SSL authentication problem?
On 170112-09:36+, Neil Bothwick wrote: > On Thu, 12 Jan 2017 19:19:11 +1100, Adam Carter wrote: > > > > > wget > > > > 'https://data.giss.nasa.gov/gistemp/tabledata_v3/GLB.Ts+dSST.txt' > > > > > > > > Resolving data.giss.nasa.gov... 128.183.4.33 > > > > Connecting to data.giss.nasa.gov|128.183.4.33|:443... connected. > > > > OpenSSL: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 > > > > alert handshake failure > > > > Unable to establish SSL connection. > > > > > > > Works ok here (~amd64) with the following versions/flags; > > Works here too. Could it be a certificate problem? Re-emerging > ca-certificates and removing any dead symlinks to old certificates might > help, but first I'd try cranking up the verbosity in wget. Sure that "-S": -S, --server-response print server response cranks up verbosity. But, maybe you're playing with the wrong sample that behaves well in three of us that posted, and bad in one machine only (Walter Dnes's). How about when you get with: wget -S \ https://www.redhat.com/archives/virt-tools-list/2017-January.txt.gz \ |& tee 2017-January.txt.gz.log consistently same good size, same hash: sha256sum 2017-January.txt.gz 2017-January.txt.gz.1 0ed31e4b55af11f341d7158741b3f1ab46c3b0eb07548063665fc038a50cc547 2017-January.txt.gz 0ed31e4b55af11f341d7158741b3f1ab46c3b0eb07548063665fc038a50cc547 2017-January.txt.gz.1 ( formatted for mail, but 3 lines only ) but alas, not gunzip'able file! (download it from http://www.croatiafidelis.hr/foss/cap/cap-170112_wget-ssl/ and also find the log, done with "wget -S", there now: 2017-January.txt.gz.log ) $ cat 2017-January.txt.gz | gunzip > 2017-January.txt gzip: stdin: not in gzip format $ And that's consistent, just rechecked. The hash is that same one as in the dir on my NGO's site, and as in this email. Is it because saves something from the attempt at using IPv6 first! Don't know... And it is here that the network traces play important role... But I get different results tracing with Tcpdump, then tracing with Dumpcap... And it may be that in neither case is the 2017-January.txt.gz extractable correctly from traces. I only tried it with the other wget-downloding file that's in that dir on my NGO's site, and that other file, the wget-1.18.tar.xz, extract partly and differently with tcpdump and with dumpcap... However, I have more interfering issues. Interfering, because they're network, but they are different network issues, unrelated. And also not explainable in a sentence or two. Give me time, if you care, and check the right file this time around... ;-) And if the download shows like I described, then this is bug, and in that case, pls. if anybody has the time, try and just give the address of my samples to Giuseppe Scrivano, the Wget maintaner (a connational of Croatia, Hrvoje Nikšić, whom I don't know, is the original author of Wget), post the bug at the already given: http://lists.gnu.org/mailman/listinfo/bug-wget (of course, only if the download shows like I described above) Give me more time, and I'll try and tell about those interfering unrelated network issues. ( And did anybody noticed that the network might be getting decryptable for us final users, it the Wget's trend to decrypt SSL-keys into the $SSLKEYLOGFILE catches up? Repasting the link from the first post: Write TLS session keys to $SSLKEYLOGFILE https://github.com/rg3/youtube-dl/issues/11614 Nobody understands how big thing that is, should the trend catch up? youtube-dl, and then imagine, decrypting your conversations that you do with git, just imagine, no more opaque conversations for the user!! And then all the other FOSS programs that interact with the network! SSL encrypted well for everybody else, noone can MiTM you, you passwords secure, but the conversations opens up like a flower to you, and tells you everything that happened on the network... Which is not the case today. Exampli gratia: Youtube, the stinking Schmoog's Youtube. It is as opaque as prison without light five storeys underground! The self proclamed "do-no-evil" liers and factual spies on almost the whole world! ) Regards! -- Miroslav Rovis Zagreb, Croatia http://www.CroatiaFidelis.hr signature.asc Description: Digital signature
Re: [gentoo-user] wget SSL authentication problem?
On 170111-22:57-0500, Walter Dnes wrote: > I'm trying to pull down a text file with a script. A web browser works > fine, but wget dies as follows... > At first I thought I had the same issue (will tell why further below). But I didn't have an issue with this download: > wget 'https://data.giss.nasa.gov/gistemp/tabledata_v3/GLB.Ts+dSST.txt' > > Resolving data.giss.nasa.gov... 128.183.4.33 > Connecting to data.giss.nasa.gov|128.183.4.33|:443... connected. > OpenSSL: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert > handshake failure > Unable to establish SSL connection. I had a normal output instead: $ wget 'https://data.giss.nasa.gov/gistemp/tabledata_v3/GLB.Ts+dSST.txt' --2017-01-12 06:45:19-- https://data.giss.nasa.gov/gistemp/tabledata_v3/GLB.Ts+dSST.txt Resolving data.giss.nasa.gov... 128.183.4.33 Connecting to data.giss.nasa.gov|128.183.4.33|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 15883 (16K) [text/plain] Saving to: ‘GLB.Ts+dSST.txt’ GLB.Ts+dSST.txt 100%[===>] 15.51K --.-KB/sin 0.1s 2017-01-12 06:45:20 (119 KB/s) - ‘GLB.Ts+dSST.txt’ saved [15883/15883] $ And the download is correct, the same as with Palemoon. I do have the same wget-1.18 installed as below: > Output from "emerge -pv wget" is... > > Calculating dependencies... done! > [ebuild R] net-misc/wget-1.18::gentoo USE="pcre ssl zlib -debug > -gnutls -idn -ipv6 (-libressl) -nls -ntlm -static {-test} -uuid" 0 KiB > > The URL has recently changed from "http" to "https", which is when > the problem showed up. I repeat, web browser works fine but wget dies. The story about SSL is a good one, however. The network might by and large be getting all the more decryptable for users, have a look at: Write TLS session keys to $SSLKEYLOGFILE https://github.com/rg3/youtube-dl/issues/11614 and: SSL-key logging with Wget http://www.croatiafidelis.hr/foss/cap/cap-170105_wget-ssl/ ( Just imaging if youtube-dl soon starts decrypting Schmoog the Schmoogle!? That'd be sooo great! If only! And the spies won't be able to hide to whoever they want! ) But I'm really writing this for problems with downloading with wget elsewhere, other files, pls. have a look at this that I just posted: < title pending, busy elsewhere > http://www.croatiafidelis.hr/foss/cap/cap-170112_wget-ssl/ where, at this time only the screenshots and the traces tell the story, no time to post text there yet. But in short, I couldn't download this gzip archive: https://www.redhat.com/archives/virt-tools-list/2017-January.txt.gz with wget, but could with Palemoon browser. In fact it downloads with Wget, and it has the right size, but it doesn't have the magic number (0x1FB808) at start and it doesn't gunzip... File a bug? To: http://lists.gnu.org/mailman/listinfo/bug-wget I'm unsure... As I have other issues that might be interfering... Tried to subscribed though, just in case, but have issues... But no time... Regards! -- Miroslav Rovis Zagreb, Croatia http://www.CroatiaFidelis.hr signature.asc Description: Digital signature
[gentoo-user] GUI-less (non-dbus) virt-manager (to run Tails in Gentoo)
Gentoo, be it that they decide even for the non-true unix options available in Gentoo, or even for the NSA Linux however much that I could never recommend it... And this is, to my best understanding, my integral view on the issue about virt-manager, a program that I need if I want to get Tails running in my Gentoo system. This is my integral view because it is comprising of the aspects that are, even though partly technical, still more in the moral and ethical domain in their nature, and which aspects are yes: very important. These aspects go beyond the merely technical deployment of the said virt-manager, but are, yes theya are: very important to understand. Exampli gratia, why would there be the need to impose dbus if you want to run a GUI that runs those commands? Why? Why? Here's why: dbus is embattled. It is being abandoned by a growing majority of unix-oriented FOSS developers. Just an example or two: in Devuan, the very young Debian non-systemd fork, developers regard it as mostly a systemd impositioner. The GnuPG developers didn't want to use it, because they openly didn't trust it. And I'm certain every informed developer can tell you many more really good examples. And so, why not get a nice point of entry for the embattled dbus! they must have thought! People like me, which are not as advanced as to, say, convert programs to their liking, get to a page like (link already given above, repeating it): https://tails.boum.org/doc/advanced_topics/virtualization/virt-manager/index.en.html and they see they can't (easily) install virt-manager without installing dbus, and so, what happens? Very few of the likes of me (in the level of aptness for developing) have the kind of time like this time that I am dedicating to this issue, and what do they do? They install that poetterware-introducer opaque dbus thing! And the poetterization of their system is almost guarrantied! How dirty...! [1] poetterware stands for Poettering ware, after the name of the main developer (or if it shows right in your mail client, and in the web: Lennart Pöttering, written with the German "ö", o with umlaut, in original charset --it should show, UTF-8 is set in my Mutt--; btw he is not a kind German that I admire, and I am somewhat of a fan of teutonic culture and teutonic ways of life), who is the main author of systemd and other non-true unix and non-true FOSS programs that plague huge swaths of FOSS nowadays. -- Miroslav Rovis Zagreb, Croatia http://www.CroatiaFidelis.hr equery_f_virt-manager.txt.gz Description: Binary data signature.asc Description: Digital signature
Re: [gentoo-user] Pale Moon Air-Gapped portage EAPI 6 Install WAS: [Logging] SSL with PM
On 161223-17:58+0100, Miroslav Rovis wrote: > On 161223-05:38+0100, Miroslav Rovis wrote: > > It took me all of my skills ;-) . But I installed Pale Moon > ... > > That's new technology. EAPI=6 in the ebuild > > Nothing I've seen in my previous 7 years as Gentoo ... > > The git object pack sources, guess where they are by looking up: > > # du -hs /usr/portage/distfiles/git3-src\ > EGIT_MIRROR_URI\=git\:/localhost/cgi-bin/cgit.cgi/cgi-bin_cgit.cgi_Pale-Moon.git/*/ > > 48K /usr/portage/distfiles/git3-src > EGIT_MIRROR_URI=git:/localhost/cgi-bin/cgit.cgi/cgi-bin_cgit.cgi_Pale-Moon.git/hooks/ > > 8.0K /usr/portage/distfiles/git3-src > EGIT_MIRROR_URI=git:/localhost/cgi-bin/cgit.cgi/cgi-bin_cgit.cgi_Pale-Moon.git/info/ > > 283M /usr/portage/distfiles/git3-src > EGIT_MIRROR_URI=git:/localhost/cgi-bin/cgit.cgi/cgi-bin_cgit.cgi_Pale-Moon.git/objects/ > > 744K /usr/portage/distfiles/git3-src > EGIT_MIRROR_URI=git:/localhost/cgi-bin/cgit.cgi/cgi-bin_cgit.cgi_Pale-Moon.git/refs/ > > # > > ( reformatted the above output for email, but those are 5 distinct lines of > stdout only ) > ... > > What is needed in the /etc/portage/make.conf is: > > EGIT3_STORE_DIR=${DISTDIR}/git3-src" > EGIT_MIRROR_URI=git://localhost/cgi-bin/cgit.cgi/" > > ( Note at proofreading time: true, that is still stuck in the make.conf, > and it is what was in there when the successful install happend, but > shouldn't it be http://localhost/cgi-bin/cgit.cgi/ instead? ) I tried changing that (and updated, the Air-Gapped way, to www-client/palemoon-27.0.3-r7 (which is my local bump of www-client/palemoon-27.0.3-r1 from unofficial) , and the only difference is that now, the top dir in /usr/portage/distfiles/ looks: # ls -l /usr/portage/distfiles/git3-src\ EGIT_MIRROR_URI\=http\:/ total 4 drwxr-xr-x 3 portage portage 4096 2017-01-10 02:54 localhost # while previously was: EGIT_MIRROR_URI\=git\:/ instead of what is now: EGIT_MIRROR_URI\=http\:/ The rest is all the same. But, again, Palemoon works just fine. And my wonder about it still remains. But it works, and seems a reliable method. Just thought to make clear on this. This email should appear in reply to where I explained it as really the best I could. -- Miroslav Rovis Zagreb, Croatia http://www.CroatiaFidelis.hr signature.asc Description: Digital signature
[gentoo-user] Palemoon as Tor browser? WAS: What Firefox (what browser) for Online-Banking?
On 170107-23:27+0100, Floyd Anderson wrote: > On Sat, 07 Jan 16:51:41 +0100 > meino.cra...@gmx.de wrote: > >Hi, > > > >what Firefox-Version/what browser is the most secure one for Online-Banking? > > Who is able to tell about that? I think nobody which has evaluated this > for every version (if some really has) is reading this list. > > I would recommended at least a separate well configured browser profile > for the banking purpose and to strip off all unnecessary connections. > > The latter can be achieved by using a Proxy Auto Config (PAC) file [1]. > Have a look at [2] for more background information on this — even when > it’s quite old. > > For Mozilla Firefox create a file (e.g. “proxy.pac”) with following > content for example (don’t copy ’n paste, the spaces aren’t such): > > function FindProxyForURL(url, host) { > // Proxy bypass logic > if ( > dnsDomainIs(host, '.your-bank.com') > // || dnsDomainIs(host, 'addons.cdn.mozilla.net') > // || dnsDomainIs(host, 'addons.mozilla.org') > ) { return 'DIRECT'; } > > // Redirect all other requests through localhost which should always > // fail due no listen server. > return 'PROXY 127.0.0.1:65535'; > } > > and place it in the root of your browser profile, apply it due property > “network.proxy.autoconfig_url” or via GUI by using the “file:” protocol > in about:preferences#advanced > Network > Connection Settings. > > Before you ask, I’ve never tried to use a relative path definition which > may be important on an USB device nor can say if it’ll also work. > > Notice the comment lines for the mozilla domains. Comment those out if > you really need to use add-ons in a banking profile and want to have a > more comfortable way to update them. But you know, comfort/add-ons and > security is often like fire and water nowadays. > > To test that only your banking connection is possible invoke: > > /usr/bin/firefox --private-window "https://www.example.com/" --no-remote -P > banking.profile > > > [1] <https://calomel.org/proxy_auto_config.html> > [2] > <https://web.archive.org/web/20040821144727/http://developer.netscape.com/docs/manuals/proxy/adminux/> The above method certainly looks appealing to me and calomel.org is designed great. But that would take me time to understand. Can I ask you, and other readers, a question which is only partly related to the above. Related insomuch as Tor is about proxying as well. I'm looking at: https://wiki.gentoo.org/wiki/Tor It appears to me that, with a grsecurity-hardened kernel-base Gentoo machine, using TBB is next to impossible (tried it, doesn't work the simple user way _at all_). Neither did I have much luck with Whonix, since porting Whonix to Gentoo appears dead, to say just so much about my tries. Also the Tails page... Aaahhh, I have to find it, to make at least that info complete... https://tails.boum.org/doc/advanced_topics/virtualization/virt-manager/index.en.html [Also that Tails page] requires translation for a non-dbus system like mine (no dbus in your system, no GUI virt-manager you get), the translation (not languagewise but methodwise) of that GUI virt-manager tutorial into virsh command line tutorial, which hasn't been done yet. I close to entirely abandoned Firefox because Mozilla promissed with solemn repeated oaths, that they will impose Pulseaudio on all Linuces, else no audio in Firefox (a long --heavily diverted-- thread about that at end-of-2016 in this ML), and I am using Palemoon, pretty happily so far, for all any any browsing. Has anybody got Palemoon to work as Tor browser like Firefox is set to work in the abovementioned https://wiki.gentoo.org/wiki/Tor page? That I believe would be great, because I'm banking on Palemoon to grow, and it appears to me they might be good on privacy, much better that Mozilla (well I'm only betting on them, I'm not an expert to be able to really tell...)! -- Miroslav Rovis Zagreb, Croatia http://www.CroatiaFidelis.hr signature.asc Description: Digital signature
Re: [gentoo-user] Weird warning message when emerging gcc
On 161230-11:59+0200, Alan McKinnon wrote: > On 30/12/2016 11:44, Nikos Chantziaras wrote: > > A world update emerged gcc-5.4.0-r2 (update from 5.4.0). At the end of > > the build, I got this: > > > > * Python seems to be broken, attempting to locate CHOST ourselves ... > > * Switching native-compiler to x86_64-pc-linux-gnu-5.4.0 > > ...PORTAGE_BZIP2_COMMAND setting is invalid: 'bzip2' > > PORTAGE_BZIP2_COMMAND setting from make.globals is invalid: 'bzip2' > > > > I'm not seeing how python is broken here (works fine), and why > > PORTAGE_BZIP2_COMMAND is invalid. Can someone explain what's going on here? > > > > > > > I get the same odd message for all of the 5.x series for which I have > build logs: > > $ grep -r "Python seems to be broken" /var/log/portage/ > to be broken, attempting to locate CHOST ourselves ... > /var/log/portage/sys-devel:gcc-5.4.0-r2:20161229-080856.log: * Python > seems to be broken, attempting to locate CHOST ourselves ... > to be broken, attempting to locate CHOST ourselves ... Looking it up, I get this exact same message, plus another for gnueabi: ./cross-arm-unknown-linux-gnueabi:gcc-5.4.0-r2:20161229-131203.log: * Python seems to be broken, attempting to locate CHOST ourselves ... ./sys-devel:gcc-5.4.0-r2:20161229-121300.log: * Python seems to be broken, attempting to locate CHOST ourselves ... > > I suggest file a bug > Yes! Looking it up at: https://bugs.gentoo.org/buglist.cgi?chfield=[Bug%20creation]=24h=atom=Bugs%20reported%20in%20the%20last%2024%20hours only this one entry is (currently) about 5.4.0: sys-devel/gcc-5.4.0-r2 has deceitful ${PV} https://bugs.gentoo.org/show_bug.cgi?id=604084 If it is indeed a case for reporting, whoever does it, pls. inform this mailing list, please! -- Miroslav Rovis Zagreb, Croatia http://www.CroatiaFidelis.hr signature.asc Description: Digital signature
Re: [gentoo-user] from Firefox52: NO pure ALSA?, WAS: Firefox 49.0 & Youtube... Audio: No
On 161229-05:13-0500, Tom H wrote: > On Tue, Dec 27, 2016 at 1:53 PM, lee <l...@yagibdah.de> wrote: > > Neil Bothwick <n...@digimed.co.uk> writes: > >> > There are two ways to ensure that you always have the kernel's names: > > 1) Add "net.ifnames=0" to the kernel cmdline I use that all the time. Of course, I don't use the below, no poetterware in my machine: > 2) Override "NamePolicy=..." in "/lib/systemd/network/99-default.link" > with "NamePolicy=kernel" in "/etc/systemd/network/99-default.link". > But I respect if anybody else wants it, let them have it, just, allow free speech, as you, _mostly_, do, id est, to tell people unintrusively what that SystemDisaster is... And, I've been following this discussion, and firmly on the side which wants to keep Gentoo in the beautiful Unix tradition, but... I was wondering, since to get a reply about the original question is pretty difficult ( not all being open and available to know about it? Mozilla itself actually uncertain about alsa/pulse in its future? whatever, cannot spend anymore time on it, I moved, see below... ) , and maybe 3 percent of the text in the thread was on topic ( which is still: from Firefox52: NO pure ALSA?, WAS: Firefox 49.0 ) and the rest was about other matters... I was wondering why hasn't anybody finally changed that subject line. Some of the emails of the thread are fine information, but like this, they are completely misplaced on principle which is, the principle: the subject line should be what the emails in a thread are about... And in this thread they are not well over 90% of the emails! ( I changed the subject line when I departed, and the threat of imposition of Pulseaudio to Linux users of Firefox has resulted in Pale Moon having a happy users and a supporter, Mozilla, you should not have insisted on that stupid impositions!... My split thread subject lines are: Reading the (SSL) traffic with Pale Moon http://www.gossamer-threads.com/lists/gentoo/user/320799 ( Message-ID: <20161218055009.GA11155@g0n.xdwgrp> ) and Pale Moon Air-Gapped portage EAPI 6 Install http://www.gossamer-threads.com/lists/gentoo/user/321074 ( Message-ID: <20161223043823.GA9835@g0n.xdwgrp> ) ) Thanks again to our developers who keep to the matchless Unix tradition, and allow such great choice in Gentoo (also to the other, poetterware side, as in choice, if you will)! -- Miroslav Rovis Zagreb, Croatia http://www.CroatiaFidelis.hr signature.asc Description: Digital signature
Re: [gentoo-user] Pale Moon Air-Gapped portage EAPI 6 Install WAS: [Logging] SSL with PM
On 161223-23:29-0800, Daniel Campbell wrote: > On 12/23/2016 08:58 AM, Miroslav Rovis wrote: ... > > > > Thanks if there will be any explanations and advice. And in the meantime, I > > really enjoy using Pale Moon in my Gentoo, both master and, of course, > > clone(s)! > > > > Regards! > > > > Could you be a bit more concise? I'm not sure what exactly you're asking > about. A simple question or two might be enough to better explain your > problem. It doesn't look easy to me to do it. With palemoon Gentoo overlay cloned, and Pale-Moon sources cloned, and the sources git served by cgit installed on apache, I managed to install Palemoon successfully. But it's strange, because it installed in /usr/portage/distfiles with strange directory names in the structure. Most prominently strange being: git3-src EGIT_MIRROR_URI=git: (that's the name of the dir first level under /usr/portage/distfiles, but there are more underneath) Is that expected behavior with EAPI=6 in the ebuild, or is it a successful installation just by some stroke of luck? Note: the installed palemoon (but we're in the cloned system, another system of same hardware as the Air-Gapped system where I installed...), which I'm browsing online with, works faultlessly, as if I had installed it regularly with layman and emerge while being online. For any more detail, pls. look in the very detailed account of the entire installation in my previous email which I took several hours to write to my best ability. > -- > Daniel Campbell - Gentoo Developer > OpenPGP Key: 0x1EA055D6 @ hkp://keys.gnupg.net > fpr: AE03 9064 AE00 053C 270C 1DE4 6F7A 9091 1EA0 55D6 > Thank you for your kind consideration! -- Miroslav Rovis Zagreb, Croatia http://www.CroatiaFidelis.hr signature.asc Description: Digital signature
Re: [gentoo-user] Pale Moon Air-Gapped portage EAPI 6 Install WAS: [Logging] SSL with PM
On 161223-05:38+0100, Miroslav Rovis wrote: > It took me all of my skills ;-) . But I installed Pale Moon ... > That's new technology. EAPI=6 in the ebuild > Nothing I've seen in my previous 7 years as Gentoo ... > I'd like to provide detailed info here how the above happened Maybe start from the witness of the completed install. That is, from the (witnessing) log: /var/log/portage/www-client:palemoon-27.0.3-r6:20161221-204523.log after having in some apparently correct way modified the ebuild in my local overlay, and upon issuing: # emerge palemoon So, the log: * Package:www-client/palemoon-27.0.3-r6 * Repository: miro * USE:abi_x86_64 alsa amd64 elibc_glibc gstreamer gtk2 kernel_linux official-branding optimize userland_GNU * FEATURES: preserve-libs sandbox userpriv usersandbox >>> Unpacking source... * Fetching http://localhost/cgi-bin/cgit.cgi/Pale-Moon.git ... git fetch http://localhost/cgi-bin/cgit.cgi/Pale-Moon.git +refs/tags/27.0.3_Release:refs/tags/27.0.3_Release From http://localhost/cgi-bin/cgit.cgi/Pale-Moon * [new tag] 27.0.3_Release -> 27.0.3_Release * [new tag] 24.5.1_beta4-> 24.5.1_beta4 ... [130 entries cut here] ... * [new tag] 27.0.1_Release -> 27.0.1_Release * [new tag] 27.0.2_Release -> 27.0.2_Release * [new tag] GUID_working_base -> GUID_working_base ... [35 entries cut here] ... * [new tag] SUMOZI_25.1.0_MERGE -> SUMOZI_25.1.0_MERGE * [new tag] SUMOZI_25.2.0_MERGE -> SUMOZI_25.2.0_MERGE git symbolic-ref refs/git-r3/www-client/palemoon/0/__main__ refs/tags/27.0.3_Release * Checking out http://localhost/cgi-bin/cgit.cgi/Pale-Moon.git to /var/tmp/portage/www-client/palemoon-27.0.3-r6/work/palemoon-27.0.3 ... git checkout --quiet refs/tags/27.0.3_Release GIT NEW branch --> repository: http://localhost/cgi-bin/cgit.cgi/Pale-Moon.git at the commit:cff1b1447aa25e27b7294bb6986e79c98ae04a03 >>> Source unpacked in /var/tmp/portage/www-client/palemoon-27.0.3-r6/work >>> Preparing source in >>> /var/tmp/portage/www-client/palemoon-27.0.3-r6/work/palemoon-27.0.3 ... >>> Source prepared. >>> Configuring source in >>> /var/tmp/portage/www-client/palemoon-27.0.3-r6/work/palemoon-27.0.3 ... * You are enabling official branding. You may not redistribute this build ... [9700 lines cut here] ... >>> /usr/lib64/palemoon/browser/extensions/{972ce4c6-7e08-4474-a285-3208198ce6fd}/install.rdf >>> /usr/lib64/palemoon/browser/blocklist.xml >>> /usr/lib64/palemoon/browser/searchplugins/ ... [5 lines cut here] ... >>> /usr/lib64/palemoon/browser/searchplugins/duckduckgo-palemoon.xml ... [12 lines cut here] ... >>> /usr/lib64/palemoon/libnssdbm3.so >>> /usr/lib64/palemoon/components/ >>> /usr/lib64/palemoon/components/components.manifest >>> /usr/lib64/palemoon/components/libmozgnome.so >>> /usr/lib64/palemoon/palemoon --- /usr/bin/ >>> /usr/bin/palemoon -> /usr/lib64/palemoon/palemoon * Updating desktop mime database ... * Updating icons cache ... [ ok ] >>> www-client/palemoon-27.0.3-r6 merged. >>> Regenerating /etc/ld.so.cache... So the installation completed smoothly. Now, in the /usr/portage/distfiles it looks pretty courious. Never seen anything in my 8 years more or less daily using of Gentoo (hundreds upon hundreds of compilations ;-) ): The git object pack sources, guess where they are by looking up: # du -hs /usr/portage/distfiles/git3-src\ EGIT_MIRROR_URI\=git\:/localhost/cgi-bin/cgit.cgi/cgi-bin_cgit.cgi_Pale-Moon.git/*/ 48K /usr/portage/distfiles/git3-src EGIT_MIRROR_URI=git:/localhost/cgi-bin/cgit.cgi/cgi-bin_cgit.cgi_Pale-Moon.git/hooks/ 8.0K/usr/portage/distfiles/git3-src EGIT_MIRROR_URI=git:/localhost/cgi-bin/cgit.cgi/cgi-bin_cgit.cgi_Pale-Moon.git/info/ 283M/usr/portage/distfiles/git3-src EGIT_MIRROR_URI=git:/localhost/cgi-bin/cgit.cgi/cgi-bin_cgit.cgi_Pale-Moon.git/objects/ 744K/usr/portage/distfiles/git3-src EGIT_MIRROR_URI=git:/localhost/cgi-bin/cgit.cgi/cgi-bin_cgit.cgi_Pale-Moon.git/refs/ # ( reformatted the above output for email, but those are 5 distinct lines of stdout only ) The successful ebuild that I modified the palemon-overlay ebuild into is: palemoon-27.0.3-r6.ebuild but my other previous ebuild modifications/adaptations for local cgit mirror had all failed. Obviously all based on palemoon-27.0.3.ebuild from the official palemoon-overlay repo. Let me again return to the strange looks of the /usr/portage/distfiles/git3-src\ EGIT_MIRROR_URI\=git\:/localhost/cgi-bin/cgit.cgi/cgi-bin_cgit.cgi_Pale-Moon.git That above is the complete path, but here I present it more clearly (and verbosely): # ls -l /u
[gentoo-user] Pale Moon Air-Gapped portage EAPI 6 Install WAS: [Logging] SSL with PM
It took me all of my skills ;-) . But I installed Pale Moon, using my local overlay made from the official https://github.com/deuiore/palemoon-overlay which installed, via my Cgit bare git repo served by my (local only yet) Apache, and so from my local mirror, in arcane ways (which I do not understood the how completely yet, but the install is faultless), by serving the git packs to emerge from the local git clone'd, and cgit-on-apache-served https://github.com/MoonchildProductions/Pale-Moon . That's new technology. EAPI=6 in the ebuild of the above linked official palemoon-overlay ! Nothing I've seen in my previous 7 years as Gentoo user. Only slowly gone into production since less than two years ago now. I'd like to provide detailed info here how the above happened to perform so faultlessly, because I may really need to brush some details (to be able to keep installing it from cgit-on-apache local mirror, I still can't believe it happened ;-) ), and to ask for advice on understanding some of the details, and because those details may be useful to other users, in the next email. In the next email, because I first would like to post about the goodness of Pale Moon, about the why it is the browser to recommend and support, and what a newbie might find still lacking its the current overlay offer (it should move to Portage proper and become official in Gentoo mainstream!), from what I'ver learned about Pale Moon so far. So, this... : On 161221-01:17+0100, Miroslav Rovis wrote: > On 161220-03:00-0500, Walter Dnes wrote: > > On Mon, Dec 19, 2016 at 01:25:19PM +0100, Miroslav Rovis wrote ... > > The Pale Moon project is located at... > > https://github.com/MoonchildProductions/Pale-Moon > That is certainly also what the official overlay uses, the one listed in: > https://overlays.gentoo.org/ ... > Unpacking objects: 100% (8/8), done. > From https://github.com/deuiore/palemoon-overlay > 237160b..d0b6f90 master -> origin/master > Updating 237160b..d0b6f90 > Fast-forward > www-client/palemoon-bin/Manifest | 3 + >www-client/palemoon-bin/palemoon-bin-27.0.3.ebuild | 112 > > www-client/palemoon/Manifest | 3 +- > www-client/palemoon/palemoon-27.0.2.ebuild | 6 +- > www-client/palemoon/palemoon-27.0.3.ebuild | 239 ...[the above] is my install, but: it happened in my Air-Gapped machine, this time. And Palemoon perfectly logs the SSL-keys, just like its elder sibling Firefox does, so I won't spend any more talk on that. But I enjoy using programs when they are (or when I feel they are, of course this may be somewhat subjective) pure, that is, true FOSS, true Open Source GNU-compatible style, and on top when they are morally good. The promise, for no warranted reason, of the imposition of Pulseaudio by Mozilla, in my eyes, is a huge blemish on Firefox. Yes, I'm afraid Firefox is morally tainted as FOSS. But there have been other issues, and in this Gentoo Forum topic you may read more about other issues that I haven't familiarized with: Should firefox be removed from portage? https://forums.gentoo.org/viewtopic-t-1038430-start-25.html#7880354 I defended Firefox there ( https://forums.gentoo.org/viewtopic-t-1038430-start-25.html#7878932 ) , and while I was right in that replacing it with something google, like Chrom{e,ium}, is so much worse yet, and in that there were good sides to Firefox that I posted about there, and those remain moot points for me still, the promise of the imposition of Pulseaudio now sways my remaining feelings away from loyalty to Mozilla Also, read here: Why was the default search changed to DuckDuckGo? https://forum.palemoon.org/viewtopic.php?f=24=4016 where find (just to whet your reading appetite): > A little insight in the $300 million+/year that Mozilla makes as an > Open Source software provider (and how income has grown more than > expenses...) > http://www.eweek.com/enterprise-apps/mozilla-revenue-tops-311-million-from-open-source-technology.html (also btw, DuckDuckGo.com has been my own preferred search engine since years now!) Also read here: Pale Moon, Geolocation and You https://forum.palemoon.org/viewtopic.php?f=24=3658 For newbie users of Palemoon: I have had a few minor issues (e.g. the copying and pasting from navigation bar is not polished, clipboard selection on navigation bar can get messed up on Alt-Tab'ing, which issue Firefox does not have), but nothing at all large! And the addons/extensions are a problem, because seeing a potential capable adversary in its own fork, which Palemoon is for Firefox, Mozilla has started deliberately messing up lots of plugins so that Palemoon could not use them! ( E.g. from this page: http://addons.palemoon.org/incompatible/ I tried ti open link under Privacy Badger: https://addons.mozi
Re: [gentoo-user] Reading the (SSL) traffic with Pale Moon
On 161220-03:00-0500, Walter Dnes wrote: > On Mon, Dec 19, 2016 at 01:25:19PM +0100, Miroslav Rovis wrote > > > And I'm very curious to learn how to install in Air-Gapped, from git, > > through intermediary action, that is acceptable, but in a verifiable > > way, as I asked in my other reply email to this message. > > The Pale Moon project is located at... > https://github.com/MoonchildProductions/Pale-Moon That is certainly also what the official overlay uses, the one listed in: https://overlays.gentoo.org/ which has updated, as I attempted to work with your scripts. Just pulled: miro@g0n /Cmn/src/palemoon-overlay $ git pull remote: Counting objects: 8, done. remote: Total 8 (delta 6), reused 6 (delta 6), pack-reused 2 Unpacking objects: 100% (8/8), done. From https://github.com/deuiore/palemoon-overlay 237160b..d0b6f90 master -> origin/master Updating 237160b..d0b6f90 Fast-forward www-client/palemoon-bin/Manifest | 3 + www-client/palemoon-bin/palemoon-bin-27.0.3.ebuild | 112 www-client/palemoon/Manifest | 3 +- www-client/palemoon/palemoon-27.0.2.ebuild | 6 +- www-client/palemoon/palemoon-27.0.3.ebuild | 239 5 files changed, 359 insertions(+), 4 deletions(-) create mode 100644 www-client/palemoon-bin/palemoon-bin-27.0.3.ebuild create mode 100644 www-client/palemoon/palemoon-27.0.3.ebuild But I spent hours studying your scripts, and their fine, but my system is hardened, and the /usr/src/ where I put pmmain/ failed. It was that gcc couldn't even create let alone the conftest, but not even conftest.c was created. And the Pale Moon that I have installed works just great (except for logging into the forum, but that's not its fault; btw, I logged into github, no problem...). And the overlay looks good, and all set properly... And it's official, more reliable than homemade. I'll try and see next how the updating will go with the official. ... Doing it now. The line that I use, as admin (root is not much more poweful than just a regular user in grsecurity-hardened), ah, didn't need that, I only need that when there are more packages, this logs the same as what you have later in /var/log/portage/ ...: # emerge -tuDN palemoon 2>&1 | tee emerge-tuDN_palemoon_$(date +%y%m%d_%H%M)_g0n These are the packages that would be merged, in reverse order: Calculating dependencies .. . done! [ebuild U ] www-client/palemoon-27.0.3::miro [27.0.2::miro] USE="alsa gstreamer gtk2 official-branding optimize -dbus -gtk3 -jemalloc -necko-wifi -pulseaudio -shared-js -system-libs -valgrind -webrtc" 0 KiB Total: 1 package (1 upgrade), Size of downloads: 0 KiB Would you like to merge these packages? [Yes/No] >>> Verifying ebuild manifests >>> Running pre-merge checks for www-client/palemoon-27.0.3 * Checking for at least 7 GiB disk space at "/var/tmp/portage/www-client/palemoon-27.0.3/temp" ... [ ok ] >>> Emerging (1 of 1) www-client/palemoon-27.0.3::miro >>> Unpacking source... * Fetching git://github.com/MoonchildProductions/Pale-Moon.git ... git fetch git://github.com/MoonchildProductions/Pale-Moon.git +refs/tags/27.0.3_Release:refs/tags/27.0.3_Release remote: Counting objects: 362, done. ... And more than 4 threads is fine: top - 01:03:03 up 3 days, 6:32, 9 users, load average: 14.08, 10.22, 7.75 Tasks: 171 total, 9 running, 160 sleeping, 2 stopped, 0 zombie %Cpu(s): 85.0 us, 11.3 sy, 3.7 ni, 0.0 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st KiB Mem : 16398240 total, 1935348 free, 3362256 used, 11100636 buff/cache KiB Swap:0 total,0 free,0 used. 12842124 avail Mem PID USER PR NIVIRTRESSHR S %CPU %MEM TIME+ COMMAND 15934 portage 20 0 292768 243536 15284 R 56.8 1.5 0:02.12 cc1plus 15930 portage 20 0 352412 305772 15360 R 50.2 1.9 0:02.83 cc1plus 15921 portage 20 0 369724 321532 15332 R 49.2 2.0 0:03.66 cc1plus 15938 portage 20 0 200696 150028 15360 R 41.9 0.9 0:01.26 cc1plus 31169 miro 20 0 442208 69132 20408 S 23.9 0.4 6:28.81 ffmpeg 15942 portage 20 0 139212 90380 15064 R 16.9 0.6 0:00.51 cc1plus 15955 portage 20 0 96876 56996 14292 R 9.6 0.3 0:00.29 cc1plus 15952 portage 20 0 82248 46356 15008 R 9.0 0.3 0:00.27 cc1plus 11468 miro 39 19 605396 153748 19432 R 3.7 0.9 1404:00 ffmpeg =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- And this is my itch, verification of these: /usr/portage/distfiles/git3-src/: total 4 drwxr-xr-x 6 portage portage 4096 2016-12-18 22:27 MoonchildProductions_Pale-Moon.git /usr/portage/distfiles/git3-src/MoonchildProductions_Pale-Moon.git: total 32 -rw-r--r-- 1 portage
Re: [gentoo-user] Reading the (SSL) traffic with Pale Moon
Thanks! I'll be studying the links that you gave! (I just replied to your other, later mail, first, in this thread, both the mails, and I marked both important in my Mutt.) On 161219-18:33-0500, Walter Dnes wrote: > On Mon, Dec 19, 2016 at 06:43:53PM +0100, Miroslav Rovis wrote > > > And whether the NSS that Pale Moon uses is fine, maybe some of the devs > > can tell us, I apologize for for having made too hasty and very probably > > wrong conclusion in regard... > > See the 2nd post in https://forum.palemoon.org/viewtopic.php?t=8971 > > Moonchild (the lead developer) > > The moment I am given access to the MozSec bugs after each 6-week > > release, I perform a full security audit on the bugs and code > > for applicability. If a vulnerability exists in Pale Moon that is > > addressed by these bugs, it is patched in the next release, with > > chemspill releases for urgent security issues pushed out asap in a > > point release. > > There is some informal slang here that you may not understand... > * "chemspill" ==> an emergency similar in nature to a hazardous chemical >spill, requiring immediate response > * "asap" ==> an acronym for "As Soon As Possible" > > 3rd post in same thread > Matt Tobin (developer) > > One thing to keep in mind is that just because there is a vulnerability > > in a codebase doesn't mean that there always was a vulnerability. As > > most know, Mozilla has been rewriting code (refactoring) at a rabid > > pace and has actually introduced more security flaws just by > > refactoring and rewriting the code badly than were previously there > > in the older incarnation of a chunk of code. > > Short summary... > * Pale Moon is an independant fork > * Pale Moon started out with a snapshot of Firefox code > * Pale Moon has made its own set of changes > * Mozilla (Firefox) has made a different set of changes > * the two browsers' source code is different enough that a problem that > affects Firefox may not affect Pale Moon; see... > https://forum.palemoon.org/viewtopic.php?f=1=13984 > * if there are real problems, there are point releases. That's one > reason why Pale Moon 27.0.1 and 27.0.2 and 27.0.3 have been released. > E.g. see "Security-related and crash fixes:" in > https://forum.palemoon.org/viewtopic.php?f=1=14223 > > -- > Walter Dnes <waltd...@waltdnes.org> > I don't run "desktop environments"; I run useful applications > Thanks! -- Miroslav Rovis Zagreb, Croatia http://www.CroatiaFidelis.hr signature.asc Description: Digital signature
Re: [gentoo-user] Reading the (SSL) traffic with Pale Moon
Very useful! Thanks! But only quick notes now. On 161220-03:00-0500, Walter Dnes wrote: > On Mon, Dec 19, 2016 at 01:25:19PM +0100, Miroslav Rovis wrote > > > And I'm very curious to learn how to install in Air-Gapped, from git, > > through intermediary action, that is acceptable, but in a verifiable > > way, as I asked in my other reply email to this message. > > The Pale Moon project is located at... > https://github.com/MoonchildProductions/Pale-Moon I see. And one thing appears to be missing for me. *IIUC* <-- pls. note. The tags are not verified on the Pale Moon repo above! Do you see that they are, if you open: https://github.com/MoonchildProductions/Pale-Moon/tags ? I don't! *IIUC* <-- pls. note. Do you see that my tags are verified, e.g. if you open: https://github.com/miroR/tshark-hosts-conv/tags and by clicking on "Verified" link, you should see: This tag was signed with a verified signature. @miroR miroR Miroslav Rovis GPG key ID: EA9884884FBAF0AE Learn about signing commits Or am I again missing something? And if the tags are not verified, I may do the below, but I still don't feel right. I'm used to webrsync-gpg which is obsolete in comparison to git, but it's so safe, because all the the portage, including distfiles, all is PGP verifiable! I leave your instuctions below, since this is really useful, and it's a possible route for me to take... But... > The current release branch is "27.0_Relbranch". I'm not a programmer, > and I don't push commits back to the project. So I don't need the full > depth and history. The following command grabs the latest 27.0.x source > and downloads it to a directory pmsrc/ and only downloads what is needed > to do a build. > > git clone -b 27.0_RelBranch --depth 1 > https://github.com/MoonchildProductions/Pale-Moon.git pmsrc > > To save typing, I made a script "getcode". I merely have to type > ./getcode 27.0 > > The script consists of 2 lines... > > #!/bin/bash > git clone -b "${1}_RelBranch" --depth 1 > https://github.com/MoonchildProductions/Pale-Moon.git pmsrc > > Note that this picks up the latest git tag. You can force a specific > tag (e.g. 27.0.0 or 27.0.1 or 27.0.2) if you use the appropriate git > command. Once the the pmsrc/ subdirectory is populated, you can... > > cp -r pmsrc/ /pmsrc/ > >walk over to the air-gapped machine and... > > cp -r /pmsrc/ pmsrc/ > >and then do a "-march=native" build on the air-gapped machine. > > -- > Walter Dnes <waltd...@waltdnes.org> > I don't run "desktop environments"; I run useful applications > ... But also, the time on my hands is an issue. If the Gentoo overlay prooves easier and quicker, I may go that other way... And which way I go may also depend on which one I get to verifiably install... Yes, verifiability is my sine qua non! I have to say, I had no issues with installing from Gentoo palemoon overlay, and I may open an issue about verification there, or in main Pale Moon repo... E.g. there are never even any tags at all on: https://github.com/deuiore/palemoon-overlay/tags If I understand correctly. <-- pls. note. All this in the wake of my asking Gentoo devs about the verifiability in git: Is it safe to switch from webrsync to the git repo now? http://www.gossamer-threads.com/lists/gentoo/dev/320922 Really thanks a lot. -- Miroslav Rovis Zagreb, Croatia http://www.CroatiaFidelis.hr signature.asc Description: Digital signature
Re: [gentoo-user] Reading the (SSL) traffic with Pale Moon
I need to correct what I wrote... Things are *not* as bad as I misunderstood... On 161219-18:17+0100, Miroslav Rovis wrote: ... > ... > > The NSS library that Palemoon uses (as I posted on that link above) is, > IIUC, ancient (paste from about:support): Nope! But see below... > NSS 3.19.5.0 Basic ECC 3.19.5.0 Basic ECC > > See in your own portage: > > # cd /usr/portage/dev-libs/nss/ > # grep 'bug #' ChangeLog | cut -d# -f2 | sed 's/)//' | sed 's/\.//' \ > | sed 's/\.//'|sort -u > 564834 > 571086 > 574848 > 576862 > 585372 > # > > Of the above Gentoo Bugzilla bugs, only the last one (585372) is not about > vulns but > about stable request ("=dev-libs/nss-3.23 stable request"). > > So all of these: Really not! There is talk of 3.19.2.1 and 3.19.4 ... > overflow, integer overflow (CVE-2015-{7181,7182,7183}) > https://bugs.gentoo.org/show_bug.cgi?id=564834 [There is talk of 3.19.2.1 and 3.19.4] on 2015-11-03 20:19:00 UTC here: https://bugs.gentoo.org/show_bug.cgi?id=564834#c0 I don't know about this one, but probably it doesn't apply to what Pale Moon either... > (CVE-2015-7575, CVE-2016-1938) - signature allows attack on client certificate authentication (part of SLOTH > attack), miscalculations in bignum lib (CVE-2015-7575, CVE-2016-1938) > https://bugs.gentoo.org/show_bug.cgi?id=571086 This bug #574848 > dev-libs/nss-3.22[utils] - multilib-minimal_abi_src_install - !!! dobin: > checkcert does not exist > https://bugs.gentoo.org/show_bug.cgi?id=574848 is entirely local error within Gentoo And there is talk of .19.2.3 ... https://bugs.gentoo.org/show_bug.cgi?id=576862#c0 > vulnerabilities (CVE-2016-{1950..1979}, CVE-2016-{2790..2802}) > https://bugs.gentoo.org/show_bug.cgi?id=576862 [And there is talk of .19.2.3] on 2016-03-09 14:42:36 UTC here: https://bugs.gentoo.org/show_bug.cgi?id=576862#c0 > ... > No addons/extensions yet (not even the eff-https-everywhere, the browser > functionalities minimized, privacy browsing set to always, though, and > I'll show that too. Ah, no tracking protection in Pale Moon, we'll see > to that... But later I'll make page 2 with that cast/trace pair. > > ( And, regarding the short post by taii...@gmx.com > http://www.gossamer-threads.com/lists/gentoo/user/320794#320794 > also something to fake browser fingerprinting, probably start looking from: > https://wiki.gentoo.org/wiki/Tor ) > And whether the NSS that Pale Moon uses is fine, maybe some of the devs can tell us, I apologize for for having made too hasty and very probably wrong conclusion in regard... Regards! -- Miroslav Rovis Zagreb, Croatia http://www.CroatiaFidelis.hr signature.asc Description: Digital signature
Re: [gentoo-user] Reading the (SSL) traffic with Pale Moon
On 161219-12:16+0100, Miroslav Rovis wrote: > On 161218-15:29-0500, Walter Dnes wrote: ... > First, I installed Pale Moon, but by no means is the task over. > > And not just because I had issues, i.e. couldn't log into Pale Moon forum: > > SSL-key logging with Pale Moon (the current title) > http://www.croatiafidelis.hr/foss/cap/cap-161218-palemoon/ > ( and great if we get some insight here by seniors as to why the > apparent *fork bomb* or something happened ). > > ( Pls. do note that Pale Moon can SSL-key log just fine, except, it's an > old version of the nss library that Pale Moon uses, which is likely not > a good thing. ) ... The NSS library that Palemoon uses (as I posted on that link above) is, IIUC, ancient (paste from about:support): NSS 3.19.5.0 Basic ECC 3.19.5.0 Basic ECC See in your own portage: # cd /usr/portage/dev-libs/nss/ # grep 'bug #' ChangeLog | cut -d# -f2 | sed 's/)//' | sed 's/\.//' \ | sed 's/\.//'|sort -u 564834 571086 574848 576862 585372 # Of the above Gentoo Bugzilla bugs, only the last one (585372) is not about vulns but about stable request ("=dev-libs/nss-3.23 stable request"). So all of these: https://bugs.gentoo.org/show_bug.cgi?id=564834 (CVE-2015-7575, CVE-2016-1938) - https://bugs.gentoo.org/show_bug.cgi?id=571086 dev-libs/nss-3.22[utils] - multilib-minimal_abi_src_install - !!! dobin: checkcert does not exist https://bugs.gentoo.org/show_bug.cgi?id=574848 https://bugs.gentoo.org/show_bug.cgi?id=576862 [all of the above] speak of serious security risks with the then version of NSS, and Pale Moon uses a version of the NSS that predates any patches to those bugs. If I understand correctly. In the meantime, I have retried to log into Pale Moon forum, same issue shows up. And yet another time I retired. And it's consistent behavior... Maybe because now the forum thinks I tried many times before, which is just not the case by any means! And for that try, I cleared the cache, and get a cast/trace pair short, and clean event, no other, or not much other conversations, but those with the Pale Moon Forum (and its requests, true, which are a lot of requests...). No addons/extensions yet (not even the eff-https-everywhere, the browser functionalities minimized, privacy browsing set to always, though, and I'll show that too. Ah, no tracking protection in Pale Moon, we'll see to that... But later I'll make page 2 with that cast/trace pair. ( And, regarding the short post by taii...@gmx.com http://www.gossamer-threads.com/lists/gentoo/user/320794#320794 also something to fake browser fingerprinting, probably start looking from: https://wiki.gentoo.org/wiki/Tor ) So what should I think of Pale Moon, regarding the SSL-key logging, but with that ancient NSS? Aaarggghhh! -- Miroslav Rovis Zagreb, Croatia http://www.CroatiaFidelis.hr signature.asc Description: Digital signature
Re: [gentoo-user] Reading the (SSL) traffic with Pale Moon, WAS: from Firefox52: NO pure ALSA? Youtube... Audio: No
On 161218-15:29-0500, Walter Dnes wrote: > On Sun, Dec 18, 2016 at 07:43:47PM +0100, Miroslav Rovis wrote > > > [So I don't understand why you] thought dbus was needed to be disabled > > by other means, than the (as yet still) unofficial repo/overlay?) > > > > Or am I missing something? > > You are looking at the Pale Moon overlay. I did not know about it > when I first used Pale Moon. I originally downloaded the official > version tarball from http://linux.palemoon.org/ which needs dbus. I > built Pale Moon from source with several changes in the mozconfig file. > I also built it with gcc 5.4.0 with additional optimization. Gentoo > stable currently uses gcc 4.9.3. Pasting from my about:buildconfig : CompilerVersion Compiler flags gcc 5.4.0 -Wall -Wdeclaration-after-statement -Wempty-body -Wpointer-to-int-cast -Wsign-compare -Wtype-limits -Wno-unused -Wcast-align -march=native -pipe -std=gnu99 -fgnu89-inline -fno-strict-aliasing -fno-math-errno -pthread -pipe > dbus was included in the original code from Firefox before the forking > took place for a few reasons... I see. > * "necko-wifi" for improved geo-location, which you probably do not want. > Since Pale Moon is separate from Firefox, they don't have a licence to > use Google's wifi database. > > * WebRTC. I don't think it's enabled on the official version > > * "WakeLock". *IF YOU HAVE A SCREENSAVER THAT COMMUNICATES VIA DBUS* > then Pale Moon can ask it to temporarily disable screensaving while > you are playing a long video. Those are not there in my Pale Moon (in clone-machine only yet, as I explained in my other reply email to this message), again pasting from my about:buildconfig : Configure arguments --enable-application=browser --disable-install-strip --enable-optimize=-O2 --disable-valgrind --disable-dbus --disable-necko-wifi --enable-gstreamer --disable-webrtc --enable-alsa --disable-pulseaudio --enable-official-branding --enable-default-toolkit=cairo-gtk2 > -- > Walter Dnes <waltd...@waltdnes.org> > I don't run "desktop environments"; I run useful applications > And I'm very curious to learn how to install in Air-Gapped, from git, through intermediary action, that is acceptable, but in a verifiable way, as I asked in my other reply email to this message. Just in case (pasting from about:support): NamePale Moon Version 27.0.2 Build ID20161218222634 ... User Agent Mozilla/5.0 (X11; Linux x86_64; rv:45.9) Gecko/20100101 Goanna/3.0 Firefox/45.9 PaleMoon/27.0.2 Regards! -- Miroslav Rovis Zagreb, Croatia http://www.CroatiaFidelis.hr signature.asc Description: Digital signature
Re: [gentoo-user] Reading the (SSL) traffic with Pale Moon, WAS: from Firefox52: NO pure ALSA? Youtube... Audio: No
On 161218-15:29-0500, Walter Dnes wrote: > On Sun, Dec 18, 2016 at 07:43:47PM +0100, Miroslav Rovis wrote > > > [So I don't understand why you] thought dbus was needed to be disabled > > by other means, than the (as yet still) unofficial repo/overlay?) > > > > Or am I missing something? > > You are looking at the Pale Moon overlay. I did not know about it > when I first used Pale Moon. I originally downloaded the official > version tarball from http://linux.palemoon.org/ which needs dbus. I ... I'll look at those later, likely in the next, or some later email. First, I installed Pale Moon, but by no means is the task over. And not just because I had issues, i.e. couldn't log into Pale Moon forum: SSL-key logging with Pale Moon (the current title) http://www.croatiafidelis.hr/foss/cap/cap-161218-palemoon/ ( and great if we get some insight here by seniors as to why the apparent *fork bomb* or something happened ). ( Pls. do note that Pale Moon can SSL-key log just fine, except, it's an old version of the nss library that Pale Moon uses, which is likely not a good thing. ) But even more, because I only really install in my master Air-Gapped Gentoo --link missing, because I haven't transferred my bookmarks yet... ( No, I just installed, it's completely trivial, via GUi, takes in the the Firefox bookmark JSON just fine...): Air-Gapped Gentoo Install, Tentative https://forums.gentoo.org/viewtopic-t-987268.html ) link not missing-- ...and I really install only what I can verify. So, is there anywhere that I can read on the Wiki, where I can figure out how I could git-install in completely verifiable way? Plus... Plus: I want to be able to clone that install, from this online clone to my master Air-Gapped installation, how? One thing I never stop being excited about it the emerge-webrsync and the fact that every package in Gentoo is verifiably signed by the Releng team, and that's as safe as you can get in any distro in the world. The best! Now came the git install, with the git pack thing and all. May be very safe, but how do I know it? How do I verify it? I remember having read, either on gentoo-dev or on the wiki, or somewhere else, that some devs do have this concern that I also voiced here... Any advice will be appreciated! -- Miroslav Rovis Zagreb, Croatia http://www.CroatiaFidelis.hr signature.asc Description: Digital signature
Re: [gentoo-user] Layman trouble
By the way, I see I'm late (just downloaded new mail), but I've already written, and there is a piece of useful info below. On 161218-14:43+0100, meino.cra...@gmx.de wrote: > Corbin Bird <corbinb...@charter.net> [16-12-18 14:28]: > > > > On 12/18/2016 05:57 AM, meino.cra...@gmx.de wrote: > > > Hi, ... > > > https://wiki.gentoo.org/wiki/Layman#repos.conf_method_.28default.29 ... > > > So far so nice...I can add, fetch and delete repos. > > > > > > But neither eix nor emerge do see that contents ... I cannot > > > emerge anything from added overlays. ... > > > How can I fix it? > > > ... > The installed layman: > [I] app-portage/layman > Available versions: 2.0.0-r1 2.0.0-r3 ~2.1.0-r3 ~2.2.0-r7 ~2.3.0-r1 > ~2.4.0-r1 ~2.4.1-r1 ** {bazaar cvs darcs g-sorcery +git gpg mercurial > sqlite squashfs subversion sync-plugin-portage test PYTHON_TARGETS="pypy > python2_7 python3_4 python3_5"} > Installed versions: 2.0.0-r3(10:16:19 12/18/16)(bazaar cvs darcs git > mercurial subversion -test PYTHON_TARGETS="python2_7 -pypy") > Homepage:http://layman.sourceforge.net > Description: Tool to manage Gentoo overlays So your installed version seem to be: 2.0.0-r3, and that's the version of 2015-08-09 (just list the dir: /usr/portage/*/layman/ and see). Why not update to the current version 2.4.1-r1 ? (ah, maybe it's testing only... so, don't know about that... but know I have that version installed) But this below I remember a little about: ... > /etc/make.conf (yes, it is at that place on my system...why? dont > know...;) was not altered while tryong to layman anything... You're ages behind with that. I don't recall, but maybe you should search the news archives or somewhere, the change to: /etc/portage/make.conf is overdue in your case. It's been made the default some cca. two years ago, IIRC. > Cheers > Meino > Regards! -- Miroslav Rovis Zagreb, Croatia http://www.CroatiaFidelis.hr signature.asc Description: Digital signature
Re: [gentoo-user] Reading the (SSL) traffic with Pale Moon, WAS: from Firefox52: NO pure ALSA? Youtube... Audio: No
On 161218-19:16+0100, Miroslav Rovis wrote: ... > > > > No patches required to the source code for that. > Probably that means what it meant in some of the Mozilla pages... That's > not good. Because it means the SSL-key logging is enabled by default. And that's a security risk. > Was in Firefox too. Not, it need to be at user's decision, compile time > only possible in Firefox, in optimize ebuilds, with my (minuscule) patch... > But in > binary releases, it is enabled by default in Firefox... > > I do my own custom > > manual build, to eliminate the dependancy on dbus, plus other tweaks. > > That involves setting options in the mozconfig file, but no source code > > changes. If you want to do your own build, see my post on December 9th > > https://forum.palemoon.org/viewtopic.php?f=37=13898=20#p100625 > > Note; this is version 2 of my build environment. You should see an > > attached file "pmmain.tgz" on that post. Do not use version 1, with > > (utils.tgz) in the first post of that thread. > You know why the no-dbus way above may be my only way of doing it? Or > for which reason I might have to give up? > > The only way, because after: > > $ git clone https://github.com/deuiore/palemoon-overlay > > I grep'd a log of dbus lines in that repo :-( , so Palemoon has the dbus > dependency... Firefox does not. And not only in Gentoo. > > (And I don't intend to install no poetterware whatsoever --dbus being at > least a relative, or maybe better defined as the precursor, which > prepared the way for poetterware, IMO.) But, looking into: palemoon-overlay/www-client/palemoon/palemoon-27.0.2.ebuild I see: if ! use dbus; then mozconfig_disable dbus fi So dbus is _not_ a requirement... So I don't understand why you ( I had also starting looking into pmmain , your build scripts, and the above does the same as: $ grep -r dbus pmmain/ pmmain/utils/mymozconfig.txt:ac_add_options --disable-dbus $ ) [So I don't understand why you] thought dbus was needed to be disabled by other means, than the (as yet still) unofficial repo/overlay?) Or am I missing something? -- Miroslav Rovis Zagreb, Croatia http://www.CroatiaFidelis.hr signature.asc Description: Digital signature
Re: [gentoo-user] Reading the (SSL) traffic with Pale Moon, WAS: from Firefox52: NO pure ALSA? Youtube... Audio: No
On 161218-02:04-0500, Walter Dnes wrote: > > How come people are so little interested to read the traffic, to learn > > how sites behave which they visit, and often to discover what sites > > really do to them? > > > > I'll go and inquire at the Pale Moon forum about the issues above, and > > will post there this exact question above, I think. > > This is a very obscure topic. Maybe nobody who knows about it read > that post. I only read 3 sub-forums... > > * Announcements... for new versions, etc > * Pale Moon for Linux... because I run the linux version > * Contributed builds... I do an SSE-only contributed 32-bit build. It > is useful for older Pentium 3 class machines, which will not run the > regular Pale Moon build. > > I couldn't find anything about NSS logging on Google... except your Why the Schmoog engine? duckduckgo.com is some much more privacy acceptable... But there are links too in the page that I posted the patch, below... > question. I followed the instructions in your post here, and that's how > I got it to work. I did not know about it until you told me. If Palemoon logs SSL-keys, then it must use some of openssl, libressl, gnutls, or the Mozilla/Google/Oracle (IIRC), but primary Mozilla program Network Security Services, dev-libs/nss-3.27.2 . > > Wait... Did you need to patch the nss library to get the $SSLKEYLOGFILE > > being written to? Like in this bug: > > > > >=dev-libs/nss-3.24 - Add USE flag to enable SSL key logging > > https://bugs.gentoo.org/show_bug.cgi?id=587116 https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.24_release_notes#Notable_changes_in_NSS_3.24 https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Reference/NSS_environment_variables (from that Bugzilla page) > > > > Did you? (That's about the only patch there, that I submitted to > > Bugzilla anywhere ;-) btw.) > > No patches required to the source code for that. Probably that means what it meant in some of the Mozilla pages... That's not good. Because it means the SSL-key logging is enabled by default. Was in Firefox too. Not, it need to be at user's decision, compile time only possible in Firefox, in optimize ebuilds, with my (minuscule) patch... But in binary releases, it is enabled by default in Firefox... > I do my own custom > manual build, to eliminate the dependancy on dbus, plus other tweaks. > That involves setting options in the mozconfig file, but no source code > changes. If you want to do your own build, see my post on December 9th > https://forum.palemoon.org/viewtopic.php?f=37=13898=20#p100625 > Note; this is version 2 of my build environment. You should see an > attached file "pmmain.tgz" on that post. Do not use version 1, with > (utils.tgz) in the first post of that thread. You know why the no-dbus way above may be my only way of doing it? Or for which reason I might have to give up? The only way, because after: $ git clone https://github.com/deuiore/palemoon-overlay I grep'd a log of dbus lines in that repo :-( , so Palemoon has the dbus dependency... Firefox does not. And not only in Gentoo. (And I don't intend to install no poetterware whatsoever --dbus being at least a relative, or maybe better defined as the precursor, which prepared the way for poetterware, IMO.) And that also may prove to be the reason that I might have to give up. Which I will only do if it shows to be too difficult for me. I've only just downloaded: https://forum.palemoon.org/download/file.php?id=6761 from: https://forum.palemoon.org/viewtopic.php?f=37=13898=20#p100625 so I don't yet know... We'll see... > -- > Walter Dnes <waltd...@waltdnes.org> > I don't run "desktop environments"; I run useful applications > Thanks also to Martin Vaeth for his correcting of my assumption. Regards! -- Miroslav Rovis Zagreb, Croatia http://www.CroatiaFidelis.hr signature.asc Description: Digital signature
[gentoo-user] Reading the (SSL) traffic with Pale Moon, WAS: from Firefox52: NO pure ALSA? Youtube... Audio: No
On 161217-20:56-0500, Walter Dnes wrote: > I'm running Pale Moon. In an xterm, I did... > > export SSLKEYLOGFILE=/dev/shm/sslkeylogfile.txt > > ...and launched Pale Moon manually from the commandline. nd visited a > couple of https sites. I did get /dev/shm/sslkeylogfile.txt which > begins with the line... > > # SSL/TLS secrets log file, generated by NSS > > Following that are a bunch of lines starting with... > > CLIENT_RANDOM > > ...followed by a space, followed by 161 random hex-numeric characters > i.e. [0-9a-f]. > > I also saw a line beginning with... > > RSA > > ...followed by a space, followed by 113 random hex-numeric characters > i.e. [0-9a-f]. The very usual and familiar text that I take all --really all-- the time. Ever since I was pwned: System attacked, Konqueror went on window-popping spree! https://forums.gentoo.org/viewtopic-t-905472.html ( Ah, and my Vimeo videos are back; not the Youtube ones, and it happened relatively recently that my vimeo videos are back, linked from that five, 5, years old topic on Gentoo Forums, as I informed here when they too were removed: https://forums.gentoo.org/viewtopic-t-905472-start-25.html#7881412 Plus, no way for me to update the Forums, since some people, like one of the Site Admins there, really don't like me: Was I really hijacking topics from other members? https://forums.gentoo.org/viewtopic-t-1041614.html Ctrl-F "your account has been banned.", currently still the very last line, date was: "Posted: Fri Apr 01, 2016 3:14 am" ) [Ever since I was pwned], I inquired a lot about this capabilitiy, and some btwn 1 and 2 years ago I learned that since some times 2013 or around there (so I was just around 2 years late from the beeding edge development), Wireshark can read what Firefox SSL-keys captures, and since then I capture SSL-keys all the time time. > If you plan to do this regularly, your program launcher will need to > launch bash scripts with seperate filenames for each profile. Maybe > append date-time stamp to filenames to avoid multiple sessions > overwriting each other. In Firefox, you just need very little settings on the outside, : https://wiki.wireshark.org/SSL > > As for privacy, there are the usual features, like... > > * asking sites to not track (don't trust that) > * control of which sites to accept/refuse regular cookies, and 3rd-party > cookies, from > * whether or not to clear browsing and download history > * private browsing session I think some of the suggested extensions/addons here: https://wiki.gentoo.org/wiki/Tor (sadly) use Australis I currently have eff-https everywhere, RequestPolicy-continued, Privacy Badger, NoScript and Agent Spoofer. Some of them, I read (but don't remember which ones), use Australis... But... > -- > Walter Dnes <waltd...@waltdnes.org> > I don't run "desktop environments"; I run useful applications > ...But thanks, why was this so hard to tell... See there in the Pale Moon forums, nobody replied (yet)... How come people are so little interested to read the traffic? I have all kinds of traces posted ( far from expert talk, but still useful stuff in somebody wants to learn to read the traffic of his own: http://www.croatiafidelis.hr/foss/cap/ )... How come people are so little interested to read the traffic, to learn how sites behave which they visit, and often to discover what sites really do to them? I'll go and inquire at the Pale Moon forum about the issues above, and will post there this exact question above, I think. Also, if this is really true, the Wireshark SSL wiki (the link above) needs to be updated... And more, wait... Wait... Did you need to patch the nss library to get the $SSLKEYLOGFILE being written to? Like in this bug: >=dev-libs/nss-3.24 - Add USE flag to enable SSL key logging https://bugs.gentoo.org/show_bug.cgi?id=587116 Did you? (That's about the only patch there, that I submitted to Bugzilla anywhere ;-) btw.) I'm puzzled... And overwhelmed with work, because I must now find time to install and set Pale Moon to the (SSL) traffic (and I'm really a slow worker). (Still half-disbelieving... so surprised I am.) -- Miroslav Rovis Zagreb, Croatia http://www.CroatiaFidelis.hr signature.asc Description: Digital signature
Re: [gentoo-user] from Firefox52: NO pure ALSA?, WAS: Firefox 49.0 & Youtube... Audio: No
On 161217-00:55-0500, Walter Dnes wrote: > On Fri, Dec 16, 2016 at 02:16:27PM -0500, Rich Freeman wrote > > On Fri, Dec 16, 2016 at 11:51 AM, Miroslav Rovis > > <miro.ro...@croatiafidelis.hr> wrote: > > > > > It's been discussed over and over again. Lots of people are firm in > > > their understanding that Lennart is an actor by and for the big > > > business. Me too. > > > > Well, he is a Red Hat employee. Nobody really debates that. > > Maybe it's not intentional spyware malice, but rather that home users > are being jerked around while Redhat re-writes linux as a corporate OS. > It's as much created-by-chance spyware, as accidentally-happened spyware, IMO, as the google android/iphone/windoze phone and others are eavesdropper devices by chance and by accident. I.e.: not in the least. While lots of people involved are not (plain) malicious, there is, from analysis of the big picture, no escaping the conclusion that the one-ring-cravers needed it, and so they planned it, just like the aforementioned eavesdropper devices. Even though, longer term, very very few people knew, or envisaged, say 20-30 years ago, that this Total Surveillance Age was coming. -- Miroslav Rovis Zagreb, Croatia http://www.CroatiaFidelis.hr signature.asc Description: Digital signature
Re: [gentoo-user] from Firefox52: NO pure ALSA?, WAS: Firefox 49.0 & Youtube... Audio: No
On 161216-14:16-0500, Rich Freeman wrote: > On Fri, Dec 16, 2016 at 11:51 AM, Miroslav Rovis > <miro.ro...@croatiafidelis.hr> wrote: > > On 161216-08:35-0500, Rich Freeman wrote: > >> > >> I'm not sure I understand what distinction you're making. I can't say > >> I'm intimately familiar with the security model around Pulseaudio (at > >> a glance it seems similar to X11 with its use of cookies, though > >> obviously if you tell it to broadcast unencrypted multicast RTP on > >> your LAN you'll get the obvious effects) but X11 has a couple of > >> glaring security weaknesses. The most obvious is the fact that any > >> random X11 client can read the keyboard input of any other client on > >> the same server unless you jump through a bunch of hoops that I don't > >> think anybody actually jumps through (though I do believe some of the > >> X11 PIN entry programs may use them at least). Anything you type into > >> an xterm could be read by your browser, and in turn by any code able > >> to execute outside any sandbox that browser might have (root privs not > >> needed for this). > > > > I don't claim it can not, but I doubt anyone can do it in my > > grsecurity-hardened based Gentoo machine. > > As far as I'm aware grsecurity provides no protection against X11 > client evesdropping. This is an X11 "feature" and not an exploit > per-se. I'm not a match to you. My knowledge is insufficient. So I've taken notice of your claims. However, these below, they need more of my time, than I can afford. If I manage to understand some, I'll possibly comment/reply. > Here is one overview of the possibilities: > https://pipefish.me/2012/08/28/spying-on-screens-and-keystrokes-the-dangers-of-open-x11/ > > Any program that has access to your X11 cookie and which can connect > to your X server (which includes anything actually displaying a window > on your screen), can generally grab any of the keyboard input bound > for any window on your screen. There are ways for programs to block > this, but they're not super-practical. > > Amusingly enough I stumbled upon this blog: > https://blog.separateconcerns.com/2014-10-24-cli-passwords.html > > This page "helpfully" suggests that you can secure your system by > using a console pinentry program instead of an X11-based one, with the > underlying assumption being that console software is more secure for > this sort of thing. While the basic assumption is probably true, in > this particular case it is definitely not. Entering a password on an > actual virtual console or over ssh is in fact secure. However, > entering it into an xterm (which is presumably what you're using if > you would otherwise be using an x11 pinentry program) is absolutely > not secure. The x11 pinentry program probably uses XGrabKeyboard to > ensure that other clients can't evesdrop, while the console-based > version doesn't know anything about x11. Some xterm implementations > have a secure mode buried in the menus which turns on this mode which > you can use to safely enter passwords, but almost nobody knows about > this. > > There are a lot of "cargo cult" tips out there which are based on a > lack of understanding of how software like X11 actually work. Of > course, X11 is so convoluted that almost nobody actually understands > everything about how it works, which is why Wayland has always been > right around the corner. In general, though, it largely dates back to > an era where people had rsh listening on all their hosts. > > > > >> And I wouldn't be surprised if a lot of X servers still run as root > >> for modesetting/etc. > > > > What user is that? It you want, tell me how to check it, and let's see > > how spyware-prone my system is. > > If you don't have USE=-suid on your xorg-server package, then X is > probably running suid root. > > In order to not have it run this way you need support for kernel > modesetting. I was surprised when I found out that X11 even worked > that way (we're talking late 90s here). It seems a bit like running > pppd as root so that it can directly talk to a UART because you have > an aversion to using /dev/ttyS*. In any case the kernel devs have > generally been making the move to kernel modesetting so that your > device drivers actually are in the kernel and not in random userspace > programs (I'm all for microkernels, but not like this). > > If you don't have kernel modesetting enabled then X11 won't be able to > run with -suid set. Google for gentoo kernel modesetting for a guide > on how to enable it on most modern hardware. I don't google. ddg.gg is way safe
Re: [gentoo-user] from Firefox52: NO pure ALSA?, WAS: Firefox 49.0 & Youtube... Audio: No
On 161216-08:35-0500, Rich Freeman wrote: > On Fri, Dec 16, 2016 at 8:13 AM, Miroslav Rovis > <miro.ro...@croatiafidelis.hr> wrote: > > On 161216-07:16-0500, Rich Freeman wrote: > >> On Fri, Dec 16, 2016 at 5:19 AM, Miroslav Rovis > >> <miro.ro...@croatiafidelis.hr> wrote: > >> > > >> > In my stron opinion, and opinions are allowed in Gentoo, just not > >> > imposing your opinion onto others (and that I am not doing, feel free > >> > to disagree!), pulseadio is spyware, read more here: > >> > > >> > Re: [Alsa-user] sans-pulseaudio Firefox? was: a strange thing > >> > https://www.mail-archive.com/alsa-user@lists.sourceforge.net/msg31928.html > >> > > >> > >> What exactly about Pulseaudio do you think makes it "spyware?" The > > You're right actually. Or might be. It is likely not spyware in itself, > > but it surely is spyware enabler. Like dbus and all of poetterware. > > > > And about xorg. Everybody uses it, I do too. Minimalistically. Just > > enough to have, say Firefox and Wireshark, and a good *nix programs that > > need gui. But I'd think the possibilities for spying-required remote > > connections with xorg are nowhere near to what poetterware and > > associates offer. > > > > I'm not sure I understand what distinction you're making. I can't say > I'm intimately familiar with the security model around Pulseaudio (at > a glance it seems similar to X11 with its use of cookies, though > obviously if you tell it to broadcast unencrypted multicast RTP on > your LAN you'll get the obvious effects) but X11 has a couple of > glaring security weaknesses. The most obvious is the fact that any > random X11 client can read the keyboard input of any other client on > the same server unless you jump through a bunch of hoops that I don't > think anybody actually jumps through (though I do believe some of the > X11 PIN entry programs may use them at least). Anything you type into > an xterm could be read by your browser, and in turn by any code able > to execute outside any sandbox that browser might have (root privs not > needed for this). I don't claim it can not, but I doubt anyone can do it in my grsecurity-hardened based Gentoo machine. [ but first (I just now looked it up), I'm not match for you, you are a Gentoo developer: https://www.gentoo.org/inside-gentoo/developers/ where the link under "Rich0" opens: https://wiki.gentoo.org/wiki/User:Rich0 and you would get a better reply from someone of your statue, which I'm not ; and since we're at conditionalities, I'm sorry if I reply slowly, I'm unable to work faster. ] > And I wouldn't be surprised if a lot of X servers still run as root > for modesetting/etc. What user is that? It you want, tell me how to check it, and let's see how spyware-prone my system is. > > That's why they came into existance, after all. > > Uh, somehow I doubt that Lennart wrote Pulseaudio just to simplify the > task of getting audio off of a local host so that somebody can spy on > you. Maybe it had something to do with the fact that before it came > along just doing something like plugging a USB headset into a Linux > desktop was a bit of a chore? It's been discussed over and over again. Lots of people are firm in their understanding that Lennart is an actor by and for the big business. Me too. And, it's not about singular trees but the big picture, and I dare reply even to you with the following argument. Because this argument is understood even without being a programmer, being this argument the sign of the time, so it's in the very big picture. And it's, to some extent, just repeating what I already wrote, regardless of the singular trees looking deliciously innocent (running your multiple desktop sessions looks so innocent and un-evil, almost like Schmoog the Schmoogle!)... The argument: In this day and age, when the state- and other big actors virtually know ever-nearer to virtually everything about everybody, there is not deaf spot anywhere in public, and not even in your own home you are not audio-alone, but rather you are automatically recorded anywhere you go, and that wholesale spying is undeniable, thanks to Edward Snowden... In that big picture, whatever would anybody say that this complex new Pulseaudio code, that communicates to anywhere, local or remote, whatever would anybody try to claim that that perfect --but also the spying firm the Schmoog is perfect as well, and really really not "not evil", they sold so many people!-- whatever would anybody try to claim that that perfect code is for... Whatever would anybody try to claim that that perfect code is for, but, let alone the nice trees like the ones you mention, let them alone... Bec
Re: [gentoo-user] from Firefox52: NO pure ALSA?, WAS: Firefox 49.0 & Youtube... Audio: No
On 161216-07:16-0500, Rich Freeman wrote: > On Fri, Dec 16, 2016 at 5:19 AM, Miroslav Rovis > <miro.ro...@croatiafidelis.hr> wrote: > > > > In my stron opinion, and opinions are allowed in Gentoo, just not > > imposing your opinion onto others (and that I am not doing, feel free > > to disagree!), pulseadio is spyware, read more here: > > > > Re: [Alsa-user] sans-pulseaudio Firefox? was: a strange thing > > https://www.mail-archive.com/alsa-user@lists.sourceforge.net/msg31928.html > > > > What exactly about Pulseaudio do you think makes it "spyware?" The You're right actually. Or might be. It is likely not spyware in itself, but it surely is spyware enabler. Like dbus and all of poetterware. And about xorg. Everybody uses it, I do too. Minimalistically. Just enough to have, say Firefox and Wireshark, and a good *nix programs that need gui. But I'd think the possibilities for spying-required remote connections with xorg are nowhere near to what poetterware and associates offer. That's why they came into existance, after all. But you are free to disagree. -- Miroslav Rovis Zagreb, Croatia http://www.CroatiaFidelis.hr signature.asc Description: Digital signature