[opensuse-factory] dist meeting minutes 2006-11-16
FYI, here're the minutes from our discussion. I hope to see this for 10.3... Andreas Topic: Encrypted Home Directories * Main new feature: Per user encrypted home * Proposal: - Enable per user encrypted home partitions (using pam_mount) - use dm-crypt + LUKS as default instead of cryptoloop Challenges + Problems: * currently KDM accesses home directory before authentification (after user name is known) to get information about the last session. An encrypted home partition this needs changes in the logic. * For ssh-key it's a problem to read the key files since they are stored in the home directory, only password authentification would work. * Other programs might read the homedirectory, like procmail. We have to check which other programs do this and decide how to handle this, e.g. a shadow home directory (or union filesystems) for procmail, secret keys... * Backup software is a challenge, users want encrypted backups. * Manually mounting via /etc/fstab is not possible currently with dm-crypt, other distributions use /etc/fscrypttab or we would need to extra add support to allow this with /etc/fstab. Use-case: A separate encrypted partition with secrect data that is only mounted manually if needed by the user and then unmounted again. * On-the-fly upgrade would be fine. Unfortunately dm-crypt uses two extra blocks so this cannot be done without losing data. * 10.2 has all the basic support for dm-crypt and LUKS but it's not integrated. * Linux only supports only 255 loopback mounts, so this limits the maximum of users that can be logged in at the same time. * FUSE and encrypted single files would be an option as well but there are some drawbacks with it. * Use case: Laptop stolen or taken away. If one user is comprimised, not all should be comprised. * Masterkey that is encrypted by the users login, so that only one password is needed to login. * screensaver issues (just close the lid) What happens with a locked screen and laptop taken away still running? * suspend to disk How to handle suspend to disk? Umount before suspend and remount later? Changes for this: YaST changes: * support dm-crypt by default for new installations in yast2-storage * during user creation allow creation of encrypted home directories * During update: Support old cryptoloop partitions and allow new installations. Base system changes: * Using pam_mount * Enable dm-crypt in boot.crypto * Handle /etc/fstab unless to not regress * Migration programs to migrate from cryptoloop to dm-crypt Andreas -- Andreas Jaeger, [EMAIL PROTECTED], http://www.suse.de/~aj/ SUSE Linux Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany GPG fingerprint = 93A3 365E CE47 B889 DF7F FED1 389A 563C C272 A126 pgpCsNoyj3v41.pgp Description: PGP signature
Re: [opensuse-factory] Ati 3D
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andreas Hanke schreef: Robby (M9.) schrieb: I found the file, but it is a sax generated file, which cannot be edited the way a script can be edited... Of course you can edit the file! Just ignore the comment and edit it anyway. (What you shouldn't do is editing xorg.conf and then filing a bug against SaX2 for a config file that hasn't been generated by SaX2. But otherwise, xorg.conf is yours and you can do with it whatever you want.) So i did, edited and added: Loaddri to the top of the module list. Result: no xserver: out of range. (sax2 is handy in these situations.. ;) While trying to edit and repair the damage in safe mode, (how to save changes and exit here?),previous to the sax-'save', i saw: Section DRI Group video Mode 0660 EndSection near the bottom of the file... Does that mean that the driver is working by default, so adding dri to load is not nessesary, or desirable, and causes to prevent the xserver from starting? Or do i have another option to enable the 3D support for the card? I attached a sample of the config file... (if no time, i am not in a hurry..) tia. M9. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFFXZaNX5/X5X6LpDgRAvYXAKCo8wObVC/PFbPoZVR7ezdXYSDA7QCfQmT0 vg4Iu3BjvOASZPWQZTZ182c= =WGvt -END PGP SIGNATURE- # /.../ # SaX generated X11 config file # Created on: 2006-11-17T11:33:40+0100. # # Version: 8.1 # Contact: Marcus Schaefer [EMAIL PROTECTED], 2005 # Contact: SaX-User list https://lists.berlios.de/mailman/listinfo/sax-users # # Automatically generated by [ISaX] (8.1) # PLEASE DO NOT EDIT THIS FILE! # Section Files FontPath /usr/share/fonts/misc:unscaled FontPath /usr/share/fonts/local FontPath /usr/share/fonts/75dpi:unscaled FontPath /usr/share/fonts/100dpi:unscaled FontPath /usr/share/fonts/Type1 FontPath /usr/share/fonts/URW FontPath /usr/share/fonts/Speedo FontPath /usr/share/fonts/PEX FontPath /usr/share/fonts/cyrillic FontPath /usr/share/fonts/latin2/misc:unscaled FontPath /usr/share/fonts/latin2/75dpi:unscaled FontPath /usr/share/fonts/latin2/100dpi:unscaled FontPath /usr/share/fonts/latin2/Type1 FontPath /usr/share/fonts/latin7/75dpi:unscaled FontPath /usr/share/fonts/baekmuk:unscaled FontPath /usr/share/fonts/japanese:unscaled FontPath /usr/share/fonts/kwintv FontPath /usr/share/fonts/truetype FontPath /usr/share/fonts/uni:unscaled FontPath /usr/share/fonts/CID FontPath /usr/share/fonts/ucs/misc:unscaled FontPath /usr/share/fonts/ucs/75dpi:unscaled FontPath /usr/share/fonts/ucs/100dpi:unscaled FontPath /usr/share/fonts/hellas/misc:unscaled FontPath /usr/share/fonts/hellas/75dpi:unscaled FontPath /usr/share/fonts/hellas/100dpi:unscaled FontPath /usr/share/fonts/hellas/Type1 FontPath /usr/share/fonts/misc/sgi:unscaled FontPath /usr/share/fonts/xtest FontPath /opt/kde3/share/fonts FontPath unix/:7100 InputDevices /dev/gpmdata InputDevices /dev/input/mice EndSection Section ServerFlags Option AllowMouseOpenFail on EndSection Section Module Load dbe Load type1 Load freetype Load extmod Load glx Load v4l EndSection Section InputDevice Driver kbd Identifier Keyboard[0] Option Protocol Standard Option XkbLayout us Option XkbModel pc104 Option XkbRules xfree86 EndSection Section InputDevice Driver mouse Identifier Mouse[1] Option Buttons 5 Option Device /dev/input/mice Option Name PS2++ Logitech Wheel Mouse Option Protocol explorerps/2 Option Vendor Sysp Option ZAxisMapping 4 5 EndSection Section Monitor DisplaySize 408 255 HorizSync29-82 Identifier Monitor[0] ModelNameCMC 19AW Option DPMS VendorName CMO VertRefresh 43-76 UseModes Modes[0] EndSection Section Modes Identifier Modes[0] Modeline 1440x900 104.58 1440 1520 1672 1904 900 901 904 931 Modeline 1366x768 104.73 1368 1448 1592 1816 768 769 772 801 Modeline 1360x768 85.50 1360 1408 1440 1520 768 771 776 794 +HSync -VSync Modeline 1280x800 105.78 1280 1360 1496 1712 800 801 804 835 Modeline 1280x800 87.00 1280 1328 1360 1440 800 803 809 828 +HSync -VSync Modeline 1152x864 104.99 1152 1224 1352 1552 864 865 868 902 Modeline 1152x864 96.77 1152 1224 1344 1536 864 865 868 900 Modeline 1152x864 89.56 1152 1224 1344 1536 864 865 868 897 Modeline 1152x864 86.75 1152 1200 1232 1312 864 867 871 895 +HSync
Re: [opensuse-factory] dist meeting minutes 2006-11-16
Hi, I'm sorry but i mean another thing. I would like that yast can use apt repository, because you and the openSUSE team removed the apt official support in SUSE 10.1, and the people that use apt and synaptic from 9.2 are oblige to use apt with their risk. I hope that you understand my question. Vincenzo
[opensuse-factory] USB memory devices are mounted with root as owner and only root have write access
Hi, I have looked around in bug reports and in the factory mailing list but have not found the same problem. This is in openSUSE 10.2 Beta 2. It is a fresh install from DVD. I have a 128Mb SD memory card that I use in a USB memory card reader. It mounts and I can read files, but not write. The ownership gets set to root/root and only owner has write access, The same happens when I connect my Nokia N80 with a 2 Gb memory card and a 128Mb no name USB memory stick Oddly enough, when I connect my Nokia 770 which have a 2Gb MMC card it mounts as expected with the user as owner. This is all done through the same USB memory card reader which also has a USB port. I checked with the phone connected to another USB port and it behaves the same so I do count the USB memory card reader out of the problem. /var/log/messages from the N80 connection: Nov 17 15:23:27 norbert kernel: usb 2-3: new full speed USB device using ohci_hcd and address 6 Nov 17 15:23:27 norbert kernel: usb 2-3: new device found, idVendor=0421, idProduct=0446 Nov 17 15:23:27 norbert kernel: usb 2-3: new device strings: Mfr=1, Product=2, SerialNumber=3 Nov 17 15:23:27 norbert kernel: usb 2-3: Product: Nokia N80 Nov 17 15:23:27 norbert kernel: usb 2-3: Manufacturer: Nokia Nov 17 15:23:27 norbert kernel: usb 2-3: SerialNumber: 358361005186063 Nov 17 15:23:27 norbert kernel: usb 2-3: configuration #1 chosen from 1 choice Nov 17 15:23:27 norbert kernel: scsi10 : SCSI emulation for USB Mass Storage devices Nov 17 15:23:27 norbert kernel: usb-storage: device found at 6 Nov 17 15:23:27 norbert kernel: usb-storage: waiting for device to settle before scanning Nov 17 15:23:28 norbert kernel: Vendor: Model: Rev: Nov 17 15:23:28 norbert kernel: Type: Direct-Access ANSI SCSI revision: 00 Nov 17 15:23:28 norbert kernel: SCSI device sdh: 3988232 512-byte hdwr sectors (2042 MB) Nov 17 15:23:28 norbert kernel: sdh: Write Protect is off Nov 17 15:23:28 norbert kernel: sdh: Mode Sense: 03 00 00 00 Nov 17 15:23:28 norbert kernel: sdh: assuming drive cache: write through Nov 17 15:23:28 norbert kernel: SCSI device sdh: 3988232 512-byte hdwr sectors (2042 MB) Nov 17 15:23:28 norbert kernel: sdh: Write Protect is off Nov 17 15:23:28 norbert kernel: sdh: Mode Sense: 03 00 00 00 Nov 17 15:23:28 norbert kernel: sdh: assuming drive cache: write through Nov 17 15:23:28 norbert kernel: sdh: Nov 17 15:23:28 norbert kernel: sd 10:0:0:0: Attached scsi removable disk sdh Nov 17 15:23:28 norbert kernel: sd 10:0:0:0: Attached scsi generic sg7 type 0 Nov 17 15:23:28 norbert kernel: usb-storage: device scan complete Nov 17 15:23:30 norbert hald: mounted /dev/sdh on behalf of uid 0 From the successfull N770 : Nov 17 15:25:04 norbert kernel: ohci_hcd :00:02.0: wakeup Nov 17 15:25:05 norbert kernel: usb 1-2: new full speed USB device using ohci_hcd and address 12 Nov 17 15:25:05 norbert kernel: usb 1-2: new device found, idVendor=0421, idProduct=0431 Nov 17 15:25:05 norbert kernel: usb 1-2: new device strings: Mfr=1, Product=2, SerialNumber=3 Nov 17 15:25:05 norbert kernel: usb 1-2: Product: Nokia 770 Nov 17 15:25:05 norbert kernel: usb 1-2: Manufacturer: Nokia Nov 17 15:25:05 norbert kernel: usb 1-2: SerialNumber: 3230204F6374 Nov 17 15:25:05 norbert kernel: usb 1-2: configuration #1 chosen from 1 choice Nov 17 15:25:05 norbert kernel: scsi11 : SCSI emulation for USB Mass Storage devices Nov 17 15:25:05 norbert kernel: usb-storage: device found at 12 Nov 17 15:25:05 norbert kernel: usb-storage: waiting for device to settle before scanning Nov 17 15:25:06 norbert kernel: Vendor: Nokia Model: 770 Rev: 0308 Nov 17 15:25:06 norbert kernel: Type: Direct-Access ANSI SCSI revision: 02 Nov 17 15:25:06 norbert kernel: SCSI device sdg: 4078592 512-byte hdwr sectors (2088 MB) Nov 17 15:25:06 norbert kernel: sdg: Write Protect is off Nov 17 15:25:06 norbert kernel: sdg: Mode Sense: 0f 00 00 00 Nov 17 15:25:06 norbert kernel: sdg: assuming drive cache: write through Nov 17 15:25:06 norbert kernel: SCSI device sdg: 4078592 512-byte hdwr sectors (2088 MB) Nov 17 15:25:06 norbert kernel: sdg: Write Protect is off Nov 17 15:25:06 norbert kernel: sdg: Mode Sense: 0f 00 00 00 Nov 17 15:25:06 norbert kernel: sdg: assuming drive cache: write through Nov 17 15:25:06 norbert kernel: sdg: sdg1 Nov 17 15:25:06 norbert kernel: sd 11:0:0:0: Attached scsi disk sdg Nov 17 15:25:06 norbert kernel: sd 11:0:0:0: Attached scsi generic sg6 type 0 Nov 17 15:25:06 norbert kernel: usb-storage: device scan complete Nov 17 15:25:07 norbert hald: mounted /dev/sdg1 on behalf of uid 0 So my question is, is this something to write a bug report about? Is there anything more I can do to try to pinpoint where my problem is? Regards Birger Kollstrand Arendal Norway - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse-factory] USB memory devices are mounted with root as owner and only root have write access
Birger Kollstrand [EMAIL PROTECTED] writes: Hi, I have looked around in bug reports and in the factory mailing list but have not found the same problem. in that case: please report this in bugzilla... Andreas -- Andreas Jaeger, [EMAIL PROTECTED], http://www.suse.de/~aj/ SUSE Linux Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany GPG fingerprint = 93A3 365E CE47 B889 DF7F FED1 389A 563C C272 A126 pgpgJZJMc89Lz.pgp Description: PGP signature
Re: [opensuse-factory] dist meeting minutes 2006-11-16
On 2006-11-17 14:39:10 +0100, Vincenzo Barranco wrote: I'm sorry but i mean another thing. I would like that yast can use apt repository, because you and the openSUSE team removed the apt official support in SUSE 10.1, and the people that use apt and synaptic from 9.2 are oblige to use apt with their risk. I hope that you understand my question. i think we already have a common repository format: repomd it can be handled by: yast2/libzypp/zypper/zmd apt smart yum synaptik and i maybe forgot more. furthermore the apt sources are create from yast2/repomd repositories. so the files are accessible there aswell. i dont see any need in teaching yast2 apt repo format just my 2 cents, darix -- openSUSE - SUSE Linux is my linux openSUSE is good for you www.opensuse.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse-factory] Re: USB memory devices are mounted with root as owner and only root have write access
Am Freitag, 17. November 2006 15:20 schrieb Birger Kollstrand: I found the problem. I was logged in on two graphical terminal windows. One as root and one as as normal user. I was working in the user GUI. It seems like it was random which user got the ownership. If I only run the user GUI then it seems to work correctly each time. Would it be a solution that the group was set to users or that the owner was set to the user that responds to the Memory card pop up window? The moment the popup appears the device is already mounted as people want their devices to be mounted independently from these popups. So this is basically impossible to solve unless we add support almost everywhere to find out what user you're just looking at (which is very hard and only useful for a handful of use cases and as such would be closed as WONTFIX ;( Greetings, Stephan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse-factory] dist meeting minutes 2006-11-16
* Christoph Thiel [EMAIL PROTECTED] [Nov 17. 2006 15:07]: Enableing YaST to support apt repositories doesn't make a lot of sense IMHO. At least, we won't put effort into this. But the YasT (resp. libzypp) architecture has the flexibility to support other repository format. So if anyone out there wants to add 'apt' format, we will assist as time allows. Klaus - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse-factory] Re: USB memory devices are mounted with root as owner and only root have write access
Birger Kollstrand [EMAIL PROTECTED] writes: I found the problem. I was logged in on two graphical terminal windows. One as root and one as as normal user. I was working in the user GUI. It seems like it was random which user got the ownership. If I only run the user GUI then it seems to work correctly each time. Would it be a solution that the group was set to users or that the owner was set to the user that responds to the Memory card pop up window? Do you still want a bugzilla on it? As Enhancement or minor - for discussion perhaps. This is really a corner case but might bit us in other areas... Andreas -- Andreas Jaeger, [EMAIL PROTECTED], http://www.suse.de/~aj/ SUSE Linux Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany GPG fingerprint = 93A3 365E CE47 B889 DF7F FED1 389A 563C C272 A126 pgprklRzD8emR.pgp Description: PGP signature
Re: [opensuse-factory] USB memory devices are mounted with root as owner and only root have write access
The bug was resolved in the package hal-remgr, but the new package are'nt in the repos today. rpm -q --changelog hal-resmgr | head to verify that your hal-resmgr has bug 218393 fixed: --- * Mon Nov 13 2006 - [EMAIL PROTECTED] - move all resmgr fdi files to /etc so hal applies them last (#218393) Regards 2006/11/17, Birger Kollstrand [EMAIL PROTECTED]: Hi, I have looked around in bug reports and in the factory mailing list but have not found the same problem. This is in openSUSE 10.2 Beta 2. It is a fresh install from DVD. I have a 128Mb SD memory card that I use in a USB memory card reader. It mounts and I can read files, but not write. The ownership gets set to root/root and only owner has write access, The same happens when I connect my Nokia N80 with a 2 Gb memory card and a 128Mb no name USB memory stick Oddly enough, when I connect my Nokia 770 which have a 2Gb MMC card it mounts as expected with the user as owner. This is all done through the same USB memory card reader which also has a USB port. I checked with the phone connected to another USB port and it behaves the same so I do count the USB memory card reader out of the problem. /var/log/messages from the N80 connection: Nov 17 15:23:27 norbert kernel: usb 2-3: new full speed USB device using ohci_hcd and address 6 Nov 17 15:23:27 norbert kernel: usb 2-3: new device found, idVendor=0421, idProduct=0446 Nov 17 15:23:27 norbert kernel: usb 2-3: new device strings: Mfr=1, Product=2, SerialNumber=3 Nov 17 15:23:27 norbert kernel: usb 2-3: Product: Nokia N80 Nov 17 15:23:27 norbert kernel: usb 2-3: Manufacturer: Nokia Nov 17 15:23:27 norbert kernel: usb 2-3: SerialNumber: 358361005186063 Nov 17 15:23:27 norbert kernel: usb 2-3: configuration #1 chosen from 1 choice Nov 17 15:23:27 norbert kernel: scsi10 : SCSI emulation for USB Mass Storage devices Nov 17 15:23:27 norbert kernel: usb-storage: device found at 6 Nov 17 15:23:27 norbert kernel: usb-storage: waiting for device to settle before scanning Nov 17 15:23:28 norbert kernel: Vendor: Model: Rev: Nov 17 15:23:28 norbert kernel: Type: Direct-Access ANSI SCSI revision: 00 Nov 17 15:23:28 norbert kernel: SCSI device sdh: 3988232 512-byte hdwr sectors (2042 MB) Nov 17 15:23:28 norbert kernel: sdh: Write Protect is off Nov 17 15:23:28 norbert kernel: sdh: Mode Sense: 03 00 00 00 Nov 17 15:23:28 norbert kernel: sdh: assuming drive cache: write through Nov 17 15:23:28 norbert kernel: SCSI device sdh: 3988232 512-byte hdwr sectors (2042 MB) Nov 17 15:23:28 norbert kernel: sdh: Write Protect is off Nov 17 15:23:28 norbert kernel: sdh: Mode Sense: 03 00 00 00 Nov 17 15:23:28 norbert kernel: sdh: assuming drive cache: write through Nov 17 15:23:28 norbert kernel: sdh: Nov 17 15:23:28 norbert kernel: sd 10:0:0:0: Attached scsi removable disk sdh Nov 17 15:23:28 norbert kernel: sd 10:0:0:0: Attached scsi generic sg7 type 0 Nov 17 15:23:28 norbert kernel: usb-storage: device scan complete Nov 17 15:23:30 norbert hald: mounted /dev/sdh on behalf of uid 0 From the successfull N770 : Nov 17 15:25:04 norbert kernel: ohci_hcd :00:02.0: wakeup Nov 17 15:25:05 norbert kernel: usb 1-2: new full speed USB device using ohci_hcd and address 12 Nov 17 15:25:05 norbert kernel: usb 1-2: new device found, idVendor=0421, idProduct=0431 Nov 17 15:25:05 norbert kernel: usb 1-2: new device strings: Mfr=1, Product=2, SerialNumber=3 Nov 17 15:25:05 norbert kernel: usb 1-2: Product: Nokia 770 Nov 17 15:25:05 norbert kernel: usb 1-2: Manufacturer: Nokia Nov 17 15:25:05 norbert kernel: usb 1-2: SerialNumber: 3230204F6374 Nov 17 15:25:05 norbert kernel: usb 1-2: configuration #1 chosen from 1 choice Nov 17 15:25:05 norbert kernel: scsi11 : SCSI emulation for USB Mass Storage devices Nov 17 15:25:05 norbert kernel: usb-storage: device found at 12 Nov 17 15:25:05 norbert kernel: usb-storage: waiting for device to settle before scanning Nov 17 15:25:06 norbert kernel: Vendor: Nokia Model: 770 Rev: 0308 Nov 17 15:25:06 norbert kernel: Type: Direct-Access ANSI SCSI revision: 02 Nov 17 15:25:06 norbert kernel: SCSI device sdg: 4078592 512-byte hdwr sectors (2088 MB) Nov 17 15:25:06 norbert kernel: sdg: Write Protect is off Nov 17 15:25:06 norbert kernel: sdg: Mode Sense: 0f 00 00 00 Nov 17 15:25:06 norbert kernel: sdg: assuming drive cache: write through Nov 17 15:25:06 norbert kernel: SCSI device sdg: 4078592 512-byte hdwr sectors (2088 MB) Nov 17 15:25:06 norbert kernel: sdg: Write Protect is off Nov 17 15:25:06 norbert kernel: sdg: Mode Sense: 0f 00 00 00 Nov 17 15:25:06 norbert kernel: sdg: assuming drive cache: write through Nov 17 15:25:06 norbert kernel: sdg: sdg1 Nov 17 15:25:06 norbert kernel: sd 11:0:0:0: Attached scsi disk sdg Nov 17 15:25:06 norbert kernel: sd 11:0:0:0: Attached scsi generic sg6 type 0 Nov 17 15:25:06 norbert kernel: usb-storage: device scan complete Nov 17 15:25:07 norbert
[opensuse-factory] Media for openSUSE 10.2 - additional sources, Idea?
Hi, I noticed an earlier discussion on adding additional sources. And I also find it tedious to add additional sources and I can not get my kids to use openSUSE without them :-) Would it be possible to make a link that triggered Yast and added the source when the user manually clicked on it? this is a bit cryptic for the average user. Quote: For openSUSE 10.2 or the Factory tree: Type- rpm-md/repomd Protocol- HTTP Server Name - software.opensuse.org Directory - /download/X11:/XGL/SUSE_Factory If this could be as a link like: link href=http://exampledomain.no/openSUSE/yast.repo; type=text/yast-source/ or something similar? I'm sorry if this has been discussed earlier, but I did not find any reference to it. probably a bit late for 10.2 anyway. Regards Birger Kollstrand Arendal Norway - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse-factory] dist meeting minutes 2006-11-16
On Fri, Nov 17, 2006 at 11:58:53AM +0100, Andreas Jaeger wrote: FYI, here're the minutes from our discussion. I hope to see this for 10.3... Andreas Topic: Encrypted Home Directories * Main new feature: Per user encrypted home * Proposal: - Enable per user encrypted home partitions (using pam_mount) - use dm-crypt + LUKS as default instead of cryptoloop Challenges + Problems: * currently KDM accesses home directory before authentification (after user name is known) to get information about the last session. An encrypted home partition this needs changes in the logic. What about encrypting ~/Documents only per default? Other diretories could be added by the user easily. Mandriva has a very smart way and a nice gui. The encrypted folder is loopmounted over the same folder. So you have /home/joe/secret (which is a dm-crypt container) /home/joe/secret (which shows the unencrypted content after giving the right password. Ideally Konqueror/Nautilus should ask automatically for a passphrase, when clicking on an encrypted container. Of course it would be nicer to have full /home encrypted. * For ssh-key it's a problem to read the key files since they are stored in the home directory, only password authentification would work. * Other programs might read the homedirectory, like procmail. We have to check which other programs do this and decide how to handle this, e.g. a shadow home directory (or union filesystems) for procmail, secret keys... * Backup software is a challenge, users want encrypted backups. * Manually mounting via /etc/fstab is not possible currently with dm-crypt, other distributions use /etc/fscrypttab or we would need to extra add support to allow this with /etc/fstab. Use-case: A separate encrypted partition with secrect data that is only mounted manually if needed by the user and then unmounted again. * On-the-fly upgrade would be fine. Unfortunately dm-crypt uses two extra blocks so this cannot be done without losing data. * 10.2 has all the basic support for dm-crypt and LUKS but it's not integrated. * Linux only supports only 255 loopback mounts, so this limits the maximum of users that can be logged in at the same time. * FUSE and encrypted single files would be an option as well but there are some drawbacks with it. * Use case: Laptop stolen or taken away. If one user is comprimised, not all should be comprised. * Masterkey that is encrypted by the users login, so that only one password is needed to login. * screensaver issues (just close the lid) What happens with a locked screen and laptop taken away still running? * suspend to disk How to handle suspend to disk? Umount before suspend and remount later? Changes for this: YaST changes: * support dm-crypt by default for new installations in yast2-storage * during user creation allow creation of encrypted home directories * During update: Support old cryptoloop partitions and allow new installations. Base system changes: * Using pam_mount * Enable dm-crypt in boot.crypto * Handle /etc/fstab unless to not regress * Migration programs to migrate from cryptoloop to dm-crypt Andreas -- Andreas Jaeger, [EMAIL PROTECTED], http://www.suse.de/~aj/ SUSE Linux Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany GPG fingerprint = 93A3 365E CE47 B889 DF7F FED1 389A 563C C272 A126 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse-factory] Media for openSUSE 10.2 - additional sources, Idea?
Hi, It's a good idea, not only for your kids, because there are a lot of people that try openSUSE for the first time in they're life and don't know how to can see a .mpg file or listen an mp3 with amarok. For me this is a very good idea that give to openSUSE another one reason for consider it a very simple distribution. Vincenzo
Re: [opensuse-factory] Media for openSUSE 10.2 - additional sources, Idea?
Fredag 17 november 2006 16:53 skrev Birger Kollstrand: I noticed an earlier discussion on adding additional sources. And I also find it tedious to add additional sources and I can not get my kids to use openSUSE without them :-) Would it be possible to make a link that triggered Yast and added the source when the user manually clicked on it? this is a bit cryptic for the average user. This has been discussed endlessly.. There can be no links to packman or guru for fear of lawsuits. It's is possible since 10.1 to add repos to both yast and zen-updater without having to split the url into different parts, but by copying in a complete url. You should be happy that now at least the official repos can be added automatically. Finally you might wanna take a look at this, a revised version will be available for 10.2: http://kde-apps.org/content/show.php?content=43378 Martin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse-factory] Media for openSUSE 10.2 - additional sources, Idea?
Hi, I tried this kommander script when i had 10.1, it works very well, but who of the new user that try openSUSE for first time know this application? Vincenzo
Re: [opensuse-factory] Media for openSUSE 10.2 - additional sources, Idea?
Vincenzo, On Friday 17 November 2006 08:35, Vincenzo Barranco wrote: Hi, I tried this kommander script when i had 10.1, it works very well, but who of the new user that try openSUSE for first time know this application? ... this kommander script ?? Which kommander script? Vincenzo Randall Schulz - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[opensuse-factory] Huge fonts
Hi, I installed from the factory tree on a laptop, and I get HUGE fonts, and I mean really Huge, lie a work does not fit one the screen. This is under KDE. I didn't file a bug report because I installed directly from the Factory tree (and as such it might be in a incorrect state), and I do not have my camera at hand to send a picture of this. The panel in the bottom has the correct size, but since the fonts are so huge, I can only see a very, very small part of the windows, making it impossible to do anything under KDE. The same happens with the KDM login screen. Any hints on how to correct this? Hugo Costelha - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[opensuse-factory] Re: Huge fonts
On Friday 17 November 2006 17:28, Hugo Costelha wrote: Hi, I installed from the factory tree on a laptop, and I get HUGE fonts, and I mean really Huge, lie a work does not fit one the screen. This is under KDE. I didn't file a bug report because I installed directly from the Factory tree (and as such it might be in a incorrect state), and I do not have my camera at hand to send a picture of this. The panel in the bottom has the correct size, but since the fonts are so huge, I can only see a very, very small part of the windows, making it impossible to do anything under KDE. The same happens with the KDM login screen. Any hints on how to correct this? I went to runlevel 3, ran sax2, and this also gave me very Huge fonts. Just for you to get an idea, Automatic ocuppies the screen width. I really have to take a picture and send it... Hugo - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse-factory] Media for openSUSE 10.2 - additional sources, Idea?
On Friday 17 November 2006 19:19, Randall R Schulz wrote: Vincenzo, On Friday 17 November 2006 08:35, Vincenzo Barranco wrote: Hi, I tried this kommander script when i had 10.1, it works very well, but who of the new user that try openSUSE for first time know this application? ... this kommander script ?? Which kommander script? It was in the mail: http://kde-apps.org/content/show.php?content=43378 Andras -- Quanta Plus developer - http://quanta.kdewebdev.org K Desktop Environment - http://www.kde.org pgpP7TSbsUxq7.pgp Description: PGP signature
Re: [opensuse-factory] Re: USB memory devices are mounted with root as owner and only root have write access
On Friday 17 November 2006 16:29, Andreas Jaeger wrote: As Enhancement or minor - for discussion perhaps. This is really a corner case but might bit us in other areas... It reminds me of an other bug present in 10.0 as well (media found dialog pops up for all users), but to be honest I didn't checked the ownership there as it always worked well. Ok, to be more concrete: what will happen if there is a server used for LTSP clients, with 10 different users logged in to it, running KDE and somebody inserts a media in the server itself? Will it be mounted as the user sitting in front of the media or with the permission of some random user logged in? Unfortunately I cannot test it as I won't update the production server unless 10.2 comes out and I play a little bit with it at home. ;-) Andras -- Quanta Plus developer - http://quanta.kdewebdev.org K Desktop Environment - http://www.kde.org pgplfIzIVJK9x.pgp Description: PGP signature
[opensuse-factory] Re: Media for openSUSE 10.2 - additional sources, Idea?
On 17/11/06, Martin Schlander [EMAIL PROTECTED] wrote: This has been discussed endlessly.. There can be no links to packman or guru for fear of lawsuits. It's is possible since 10.1 to add repos to both yast and zen-updater without having to split the url into different parts, but by copying in a complete url. I understand and accept that. My suggestion was only to make it easier to add the sources yourself. Not to include them by default. The user should need to click on a web link and then that would serve the needed parameters to Yast. I will look at the mentioned script. That seems to be something that can help me. Regards Birger - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[opensuse-factory] Re: Huge fonts
On Friday 17 November 2006 17:35, Hugo Costelha wrote: On Friday 17 November 2006 17:28, Hugo Costelha wrote: Hi, I installed from the factory tree on a laptop, and I get HUGE fonts, and I mean really Huge, lie a work does not fit one the screen. This is under KDE. I didn't file a bug report because I installed directly from the Factory tree (and as such it might be in a incorrect state), and I do not have my camera at hand to send a picture of this. The panel in the bottom has the correct size, but since the fonts are so huge, I can only see a very, very small part of the windows, making it impossible to do anything under KDE. The same happens with the KDM login screen. Any hints on how to correct this? I went to runlevel 3, ran sax2, and this also gave me very Huge fonts. Just for you to get an idea, Automatic ocuppies the screen width. I really have to take a picture and send it... I asked sax2 to create a new configuration, and this time the generated configuration was right. Comparing the two files xorg.conf files, there are a few differences, but probably the one that matters, is that the new xorg.conf files does not have DisplaySize 16 16 on the Monitor Section. I will give it a try again with RC1, to check if the problem still occurs. Hugo Costelha, on a monologue :) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse-factory] Re: Huge fonts
Hugo Costelha [EMAIL PROTECTED] writes: Comparing the two files xorg.conf files, there are a few differences, but probably the one that matters, is that the new xorg.conf files does not have DisplaySize 16 16 on the Monitor Section. This hit us several times - I thought this is fixed. So, if you have a really recent factory tree: Could you create a new bug report, please? I suggest to attach the xorg.conf files to the report, Andreas -- Andreas Jaeger, [EMAIL PROTECTED], http://www.suse.de/~aj/ SUSE Linux Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany GPG fingerprint = 93A3 365E CE47 B889 DF7F FED1 389A 563C C272 A126 pgpgs6pRwkHzx.pgp Description: PGP signature
[opensuse-factory] xorg hardware data
The Dell P991 display (made by Sony) is apparently part of whatever hardware data is available to select from in setting display configuration. It's there to select, but apparently there is no data attached to it, and DDC doesn't work on it. I still have to manually set the aspect ratio and diagonal dimension for a proper xorg.conf to be created. How can I get the proper 4:3 and 18.1 diagonal into the database so I don't have to manually select these each time? -- Rejoice and be glad, because great is your reward in heaven. Matthew 5:12 NIV Team OS/2 ** Reg. Linux User #211409 Felix Miata *** http://mrmazda.no-ip.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse-factory] Ati 3D
Am Freitag, 17. November 2006 12:01 schrieb Robby (M9.): So i did, edited and added: Loaddri to the top of the module list. Result: no xserver: out of range. (sax2 is handy in these situations.. ;) I've allways added it on the bottom of the list. While trying to edit and repair the damage in safe mode, (how to save changes and exit here?),previous to the sax-'save', i saw: Just boot in runlevel3, Section DRI Group video Mode 0660 EndSection near the bottom of the file... Does that mean that the driver is working by default, so adding dri to load is not nessesary, or desirable, and causes to prevent the xserver from starting? No, it's only to set the rights, when it's enabled. Or do i have another option to enable the 3D support for the card? I attached a sample of the config file... You have to load the dri modul, otherwise it can't work. I've attached my version (at the moment SUSE 10.1 with xorg 7.2 from the buildserver, 3D works, AIGLX not realy, the same problem as in http://bugs.beryl-project.org/ticket/469, but XGL doesn't work, too) -- Machs gut| http://www.iivs.de/schwinde/buerger/tremmel/ | http://packman.links2linux.de/ Manfred | http://www.knightsoft-net.de # /.../ # SaX generated X11 config file # Created on: 2006-10-28T21:46:09+0200. # # Version: 8.1 # Contact: Marcus Schaefer [EMAIL PROTECTED], 2005 # Contact: SaX-User list https://lists.berlios.de/mailman/listinfo/sax-users # # Automatically generated by [ISaX] (8.1) # PLEASE DO NOT EDIT THIS FILE! # Section Files FontPath /usr/share/fonts/misc:unscaled FontPath /usr/share/fonts/local FontPath /usr/share/fonts/75dpi:unscaled FontPath /usr/share/fonts/100dpi:unscaled FontPath /usr/share/fonts/Type1 FontPath /usr/share/fonts/URW FontPath /usr/share/fonts/Speedo FontPath /usr/share/fonts/PEX FontPath /usr/share/fonts/cyrillic FontPath /usr/share/fonts/latin2/misc:unscaled FontPath /usr/share/fonts/latin2/75dpi:unscaled FontPath /usr/share/fonts/latin2/100dpi:unscaled FontPath /usr/share/fonts/latin2/Type1 FontPath /usr/share/fonts/latin7/75dpi:unscaled FontPath /usr/share/fonts/baekmuk:unscaled FontPath /usr/share/fonts/japanese:unscaled FontPath /usr/share/fonts/kwintv FontPath /usr/share/fonts/truetype FontPath /usr/share/fonts/uni:unscaled FontPath /usr/share/fonts/CID FontPath /usr/share/fonts/ucs/misc:unscaled FontPath /usr/share/fonts/ucs/75dpi:unscaled FontPath /usr/share/fonts/ucs/100dpi:unscaled FontPath /usr/share/fonts/hellas/misc:unscaled FontPath /usr/share/fonts/hellas/75dpi:unscaled FontPath /usr/share/fonts/hellas/100dpi:unscaled FontPath /usr/share/fonts/hellas/Type1 FontPath /usr/share/fonts/misc/sgi:unscaled FontPath /usr/share/fonts/xtest FontPath /opt/kde3/share/fonts FontPath unix/:7100 InputDevices /dev/gpmdata InputDevices /dev/input/mice EndSection Section ServerFlags Option AllowMouseOpenFail on EndSection Section Module Load dbe Load type1 Load freetype Load extmod Load glx Load dri EndSection Section InputDevice Driver kbd Identifier Keyboard[0] Option Protocol Standard Option XkbLayout de Option XkbModel pc105 Option XkbRules xfree86 Option XkbVariant nodeadkeys EndSection Section InputDevice Driver mouse Identifier Mouse[1] Option Buttons 5 Option Device /dev/input/mice Option Name Logitech Optical USB Mouse Option Protocol explorerps/2 Option Vendor Sysp Option ZAxisMapping 4 5 EndSection Section InputDevice Driver synaptics Identifier Mouse[3] Option Buttons 7 Option Device /dev/input/mice Option Emulate3Buttons on Option InputFashion Mouse Option Name Synaptics;Touchpad Option Protocol explorerps/2 Option SHMConfig on Option Vendor Sysp Option ZAxisMapping 4 5 EndSection Section Monitor DisplaySize 305 229 HorizSync30-90 Identifier Monitor[0] ModelName[EMAIL PROTECTED] Option DPMS VendorName -- LCD VertRefresh 30-60 UseModes Modes[0] EndSection Section Modes Identifier Modes[0] Modeline 1400x1050 122.61 1400 1488 1640 1880 1050 1051 1054 1087 Modeline 1400x1050 118.42 1400 1488 1640 1880 1050 1051 1054 1086 EndSection Section Screen DefaultDepth 24 SubSection Display Depth 15 Modes 1400x1050 EndSubSection SubSection Display Depth 16 Modes 1400x1050 EndSubSection SubSection Display Depth 24 Modes 1400x1050 EndSubSection SubSection Display Depth 8 Modes 1400x1050 EndSubSection Device Device[0] Identifier
[opensuse-factory] lppasswd
Hi, according to Bug 218745 - /usr/bin/lppasswd has setuid lp which does no longer work. Comment #2 From Klaus Singvogel 2006-11-09 07:34:16 MST [reply] found the cause of the problem: the daemon itself fixed in next version. what is meant by next version, openSUSE10.2 RC1, openSUSE10.3 or CUPS? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse-factory] Re: Huge fonts
On Friday 17 November 2006 19:25, Andreas Jaeger wrote: Hugo Costelha [EMAIL PROTECTED] writes: Comparing the two files xorg.conf files, there are a few differences, but probably the one that matters, is that the new xorg.conf files does not have DisplaySize 16 16 on the Monitor Section. This hit us several times - I thought this is fixed. So, if you have a really recent factory tree: Could you create a new bug report, please? I suggest to attach the xorg.conf files to the report, I guess I will try installing again on Monday from the Factory tree to see how it goes. If I have problems then, I will file a bug report. Hugo Costelha - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[opensuse-factory] GRASS 6.2.0 GIS
Hi, Version 5.0.3-29 of GRASS is included with SuSE 10.1. Will the current stable GRASS 6.2.0 be included in openSUSE 10.2? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse-factory] xorg hardware data
Felix Miata [EMAIL PROTECTED] writes: The Dell P991 display (made by Sony) is apparently part of whatever hardware data is available to select from in setting display configuration. It's there to select, but apparently there is no data attached to it, and DDC doesn't work on it. I still have to manually set the aspect ratio and diagonal dimension for a proper xorg.conf to be created. How can I get the proper 4:3 and 18.1 diagonal into the database so I don't have to manually select these each time? open a bugreport against sax2 and attach all the details, Andreas -- Andreas Jaeger, [EMAIL PROTECTED], http://www.suse.de/~aj/ SUSE Linux Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany GPG fingerprint = 93A3 365E CE47 B889 DF7F FED1 389A 563C C272 A126 pgpSoS4DPiDLB.pgp Description: PGP signature
Re: [opensuse-factory] GRASS 6.2.0 GIS
Keith Goggin [EMAIL PROTECTED] writes: Hi, Version 5.0.3-29 of GRASS is included with SuSE 10.1. Will the current stable GRASS 6.2.0 be included in openSUSE 10.2? Check the current non-oss factory tree - if it's included there, it will be - if not, it's too late :-( Andreas -- Andreas Jaeger, [EMAIL PROTECTED], http://www.suse.de/~aj/ SUSE Linux Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany GPG fingerprint = 93A3 365E CE47 B889 DF7F FED1 389A 563C C272 A126 pgpxaYzsmniP2.pgp Description: PGP signature
