Nikos Chantziaras wrote:
> It didn't look like it to me at all. From the man page:
>
>Examples:
>
># match anything with a version containing , which can be used in
># package.mask to prevent emerge --autounmask from selecting live
># ebuilds
>=*/*-**
James wrote:
>
> works for a specific file, but I want to parse the entire /dev-python
> portion of the portage tree. Is there a more robust tool?
eix -c --eapi 6 --and -C dev-python
»Q« <boxc...@gmx.net> wrote:
> On Mon, 7 Mar 2016 10:50:45 + (UTC)
> Martin Vaeth <mar...@mvath.de> wrote:
>
>> Except generating the metadata by yourself there is not much you
>> can do.
>
> Is it `emerge --regen` which will do that for me?
Not really
the...@sys-concept.com wrote:
>
> grep CONFIG_TMPFS_XATTR /usr/src/linux/.config
> CONFIG_TMPFS_XATTR=y
Does your compilation happen on a temp file system?
You can configure XATTR for each file system type individually.
»Q« wrote:
>
>> $ grep KEYWORDS /usr/portage/metadata/md5-cache/dev-perl/Pango-1.224.0-r1
>> KEYWORDS=~alpha ...
>>
>> $ grep KEYWORDS /usr/portage/dev-perl/Pango/Pango-1.224.0-r1.ebuild
>> KEYWORDS="alpha ..."
This seems to be a race issue in the gentoo infrastructure:
»Q« wrote:
> eix-sync
Which method do you use for syncing (rsync, git, ...)?
> I've run 'emerge --metadata' and 'eix-update'
The requirement to run emerge --metadata seems to suggest that
you use git? If this is true, better use egencache to generate
the metadata in the
cov...@ccs.covici.com wrote:
>
> I have thinmanifests=true as specified in some news item or post, I
> think this was a mandatory change some time ago using rsync.
If you really use rsync/webrsync and not git, this is unlikely:
The file containing this line
Alan Mackenzie wrote:
>!!! /usr/portage/sys-apps/busybox/busybox-.ebuild
>!!! Got: 8493
>!!! Expected: 8580
Do you use the default (rsync) for syncing, or have you changed
the method?
I have the above claimed filesize (8493), but the Manifest
I obtained from rsync
Neil Bothwick wrote:
>
> I deleted the busybox directory from the tree then ran emerge --sync.
> The error is still there
You have the same files that I have.
Unfortunately, only now I actually did:
$ grep busybox- Manifest
EBUILD busybox-.ebuild 8580 [...]
???
I
Simon Thelen wrote:
> I sync from git and none of my Manifests track the ebuilds, so this
> could be a thing.
No. git has (probably, I didn't check)
thin-manifests = true
in its metadata/layout.conf, but for rsync this should
not be the case for security reasons. I
Grant wrote:
>>
>> The way to do it nowadays would be by placing a file with the content
>> d /run/munin 0775 munin nginx
>> into /usr/lib/tmpfiles.d (if done by the distribution) or into
>> /etc/tmpfiles.d (if this is only needed for your special setup).
>
> Will do. Is
Alan McKinnon wrote:
> On 07/10/2015 18:27, Grant wrote:
>> I have to chown munin:nginx and chmod g+x on directory /run/munin/
>> after every reboot. The munin list suggests altering the initscript
>> but is there a better way?
>
> There are ways, but I wouldn't call
James wrote:
>[cr
> DAG's
All this can work only if you reflect the complete history
in the DAG. Such approaches had been discussed and eliminated
as unrealistic: You do not want to keep the history forever;
the data will always grow and eventually be too much.
wrote:
> Alan Grimes wrote:
>
>> You know that famous Van Gough painting? That kinda haunts you because
>> it's absolutely silent...
>
> "The Scream" is painted by Edvard Munch. Van Gogh (not Gough!) is well
> known for his paintings
Rich Freeman wrote:
>
> Sure, but the portage team can really only dictate the upstream
> defaults of portage, not tree policy.
As I understand, they intend to remove non-dynamic deps
(if they agreed to not implement it properly for sub-slots,
this makes sense).
So we are not
Michael Orlitzky wrote:
>
> With dynamic deps, portage will scan (that is, execute) all of the
> ebuilds for installed packages that could affect the dependency graph.
This is not correct. This data is already stored in metadata/
(or in /var/cache/edb, depending on the backend),
James wrote:
>
> Basically from my point of view, something like TUP [1] is needed so
> that at dependency check time you only list files that need
> attention (linking, loading, compiling etc) thus speeding up the
> update processes for the Package Manager (portage).
Rich Freeman wrote:
> There really wasn't much loud objection when the proposal came up
> again last week
This does not mean that everybody agreed.
However, all arguments had been exchanged before,
so repeating them would just have been pointless:
Eventually a decision had to
jfmxl jf...@sdf.org wrote:
I wrote a coupla days ago, using the guest interface at the website ...
I do not know what you mean by guest interface.
One right place for your support question would be the
gentoo forum Installing Gentoo:
https://forums.gentoo.org/viewforum-f-14.html
but the kernel
Helmut Jarausch jarau...@skynet.be wrote:
It turned out that something has installed /lib/udev
while removing the symlink /lib - /lib64 on my machine.
Therefore /lib did contains nothing but udev
This sounds like a very serious bug of portage or
of the ebuild; but it did not happen here.
It
walt w41...@gmail.com wrote:
Oops, journalctl tells me that systemd-networkd is segfaulting
repeatedly during boot.
systemd has become very picky on cflags; e.g. -DNDEBUG
and friends cause strange behaviour and segfaults.
meino.cra...@gmx.de meino.cra...@gmx.de wrote:
I took a look at parted and the resize command
Use a parted-3.0. With parted-3.0 the maintainers
considered removing the most important functionality
of the prorgram a development.
parted-2.4 (e.g.) has a resize command which is working
(in the
Alon Bar-Lev alo...@gentoo.org wrote:
I do not want to write completion for every command out there.
For most commands there already do exist completion functions.
Essentially, it is only your own scripts for which you have
to do it, and this does not take a lot of time when you write
the
Alon Bar-Lev alo...@gentoo.org wrote:
Only issue I could not find a solution to is tab completion after '=',
for example:
xxx --file=TAB
This will not complete files, while it will be nice if it does.
For standard commands, it works as it should. For instance,
tar --file=TAB
chmod
Joerg Schilling joerg.schill...@fokus.fraunhofer.de wrote:
Martin Vaeth mar...@mvath.de wrote:
This is not true, either: Although finally bash took some of the
features of zsh (arrays, regular expression matching, etc.) there
are still many features missing in bash (extended globbing, many
Joerg Schilling joerg.schill...@fokus.fraunhofer.de wrote:
bash vs. POSIX, as bash tried to ignore long existing
rules just because the bash maintainer did not understand them.
Are there really several? I know only one such example:
bash insists on compound commands ({ ... } or ( ... ))
for
Andrew Tselischev andre...@farlander.net wrote:
On Sun, Jul 12, 2015 at 06:52:35PM -0700, walt wrote:
[...]
http://wiki.redbrick.dcu.ie/mw/Account_Customisation_(zsh)
Note that this does not activate all features e.g. concerning
completion: You can have files displayed in your custom ls
colors
Neil Bothwick n...@digimed.co.uk wrote:
I agree. Being able to customise is good, but the defaults should be
sensible and appealing to new users.
Yes, but not only new users but also not breaking expectations
of old users are important - it is a subtle balance,
and shells tend to be
Nikos Chantziaras rea...@gmail.com wrote:
I really don't have time to learn arcane settings anymore.
That's why it is good that you can adapt the shell completely
to your needs: My opinion is that the computer must adapt to
*my* habits and not vice versa.
If it doesn't work out of the box
I
cov...@ccs.covici.com cov...@ccs.covici.com wrote:
I cannot see, so I use speakup or orca to read the screen
I have no experience whether zsh is appropriate for this.
Certainly zshrc-mv is not written with this case in mind,
and probably you should refrain from using
zsh-syntax-highlighting or
Nikos Chantziaras rea...@gmail.com wrote:
I tried it, for exactly 10 seconds. My home/end keys didn't work.
The default configuration is horrible, and they won't change it
since compatibility with stone age and all zsh features switched
off is a design goal of the defaults. I already wrote on
Neil Bothwick n...@digimed.co.uk wrote:
As a
scripting language, Bash is probably better
This is not true, either: Although finally bash took some of the
features of zsh (arrays, regular expression matching, etc.) there
are still many features missing in bash (extended globbing, many
variable
Nikos Chantziaras rea...@gmail.com wrote:
On 10/07/15 18:00, Gevisz wrote:
bindkey '^[[7~' beginning-of-line # Home (xterm)
bindkey '^[[8~' end-of-line# End (xterm)
lol... are these guys serious?
It's 2015...
... and yet the way of handling
Neil Bothwick n...@digimed.co.uk wrote:
In one sub-thread we've so far managed to cover:
Bash vs Zsh
Vim vs Emacs
Perl vs Python
not to forget: POSIX vs Bash
What are your thoughts on KDE, kernel modules or USE=3D-*? ;-)
Substitute kernel modules by Gnome (incl. systemd, policykit) and
James wirel...@tampabay.rr.com wrote:
use to match the arg string against all three:
(1) gentoo tree /usr/portage
(2) the /var/lib/layman/ overlays I had installed and manage with layman
(3) my /usr/local/portage local ebuild placed in /usr/local/portage/
Now, only option (1) shows the
James wirel...@tampabay.rr.com wrote:
There is no dir '/var/portage' on my system. Yet this command works fine:
PORTAGE_PROFILE=/var/portage/profiles/default/linux/arm/13.0/armv7a eix -c
--system
Strange, to say the least.
Not at all strange: Again, PORTAGE_PROFILE points to a
James wirel...@tampabay.rr.com wrote:
Martin Vaeth martin at mvath.de writes:
James wireless at tampabay.rr.com wrote:
# PORTAGE_PROFILE=/usr/portage/profiles/arch/arm/armv7a/eapi
This is not a directory. [...]
How do I determine [...]
Choose the directory to which you would put
James wirel...@tampabay.rr.com wrote:
# PORTAGE_PROFILE=/usr/portage/profiles/arch/arm/armv7a eix -c --system
No matches found.
Obviously, this profile contains no @system packages.
Which appears natural for an embedded profile...
James wirel...@tampabay.rr.com wrote:
# PORTAGE_PROFILE=/usr/portage/profiles/arch/arm/armv7a/eapi
This is not a directory. If PORTAGE_PROFILE is not a readable
directory, eix falls back to the symlink
Neil Bothwick n...@digimed.co.uk wrote:
PORTAGE_PROFILE=/usr/portage/profiles/$PROFILE eix -c --system
The 4 is an interloper.
Yep, a typo: Next key to the E when one finger presses shift...
Although once PORTAGE_PROFILE was supposed to become a
variable in make.conf, it seems to not have
James wirel...@tampabay.rr.com wrote:
This is why I was looking for a 'tool' or script that would allow me
to easily browse the default package listings for the different
arch types with a default profile.
If you only want to see the @system set of $PROFILE, use
hw h...@gartencenter-vaehning.de wrote:
texdoc labels
This seems to be for pre-defined labels like you get them in A4 size?
I have no experience with it; for my purposes a simple manual setting
was always enough. There are of course more (La)TeX packages for labels,
probably most already
hw h...@gartencenter-vaehning.de wrote:
there are quite a few TeX/LaTeX packages available.
emerge texlive with USE=latexextra
print labels on label printers
texdoc labels
James wirel...@tampabay.rr.com wrote:
Pod leaves me with too many choices. Can you narrow it down?
pod (and pod2*) is part of perl. Very likely it is already installed.
man perlpod (or perldoc pod::perlpod if the former does not work
on your system).
eix latex returns too many choices. What
James wirel...@tampabay.rr.com wrote:
So instead of my spew of ascii information files, I'm now composing
'man pages' mostly using txt2man.
If you want to avoid learning *roff, there is also e.g. pod from perl
which gives you simple basic markup functionality and can output in
man page format
Andrew Savchenko birc...@gentoo.org wrote:
That's why kernel makes sure that no floating point instructions
sneaks in using CFLAGS, you may see a lot of -mno-${intrucion_set}
flags when running make -V.
So it should be sufficient that the kernel does not use float
or double, shouldn't it?
I
Philip Webb purs...@ca.inter.net wrote:
If you're willing to wait an hour, it might be able to come up
with a list of ways you could resolve a conflict, but basically
all of them will be wrong, eg suggestion #1, uninstall everything.
Really, this is a flippant response to a serious issue,
Nikos Chantziaras rea...@gmail.com wrote:
Now that 5.1 is in Portage (masked), you should keep in mind that
emerging it will result in the 5.1 libraries being used, even if you
keep 4.9 (or 4.8) as the default compiler.
If you should really get problems with this, you can manually
remove the
meino.cra...@gmx.de meino.cra...@gmx.de wrote:
A novice asks the master Emerge:
Is there Zen also in every upgrade, which will serve to Gentoo?
Did the novice ask the correct question about the life, the world,
and everything? Your mantra should be
emerge -NaDu @world
(--with-bdeps=y in
Neil Bothwick n...@digimed.co.uk wrote:
On Sun, 26 Apr 2015 06:49:09 + (UTC), Martin Vaeth wrote:
nvidia legacy drivers?
In the latter case you are doomed...
I also had to throw out recently an nvidia card because of this.
Was nouveau not an option.
No. It seems, nouvau is lost without
meino.cra...@gmx.de meino.cra...@gmx.de wrote:
But the same script states:
[I] x11-base/xorg-server
Available versions: 1.12.4-r4(0/1.12.4) [m]1.15.2-r2(0/1.15.2)
The [m] means that you masked newer versions of xorg-server locally.
If you remove that local mask, the blockers should be
walt w41...@gmail.com wrote:
it tries to read from the floppy and prints an error message to the console
No. The kernel does not do this. It is either udev or some other
part of your init system which does this.
mount at a bash prompt, and then spams the screen
with errors about /dev/fd0.
Andreas K. Huettel dilfri...@gentoo.org wrote:
Moreover, I didn't check before the rebuild, but after
the rebuild there is no 5.20.1 in @INC.
Sure about this?
I checked this, of course.
But now I realize that the path is *added* to @INC
(even to the perl -V output!) when I re-create it...
Andreas K. Huettel dilfri...@gentoo.org wrote:
Minor updates (5.x.y - 5.x.y+1) do not need any rebuilds
or reinstallations of modules.
This is at most partially correct:
At least, after the update, the install directories change;
here from
/usr/lib/perl5/{vendor_perl,}/5.20.1
to
hasufell hasuf...@gentoo.org wrote:
Martin Vaeth:
hasufell hasuf...@gentoo.org wrote:
With rsync I believe you can exclude categories:
http://www.gentoo-wiki.info/TIP_Exclude_categories_from_emerge_sync
That is uninformed.
I think he is right.
check the --depth option of git. You can
hasufell hasuf...@gentoo.org wrote:
With rsync I believe you can exclude categories:
http://www.gentoo-wiki.info/TIP_Exclude_categories_from_emerge_sync
That is uninformed.
I think he is right.
check the --depth option of git. You can even clone specific tags with
--depth=1.
Every tag
Peter Humphrey pe...@prh.myzen.co.uk wrote:
The following installed packages are not in the database:
virtual/-MERGING-perl-CPAN-Meta-YAML
portage generates such a directory or file in /var/db/pkg
when it is merging the package. When portage exits
(even uncleanly), this entry should be
Mike Gilbert flop...@gentoo.org wrote:
I'm not sure if the portage team has decided what to do long-term.
The long-term plans are to drop PORTDIR and PORTDIR_OVERLAY
completely, the reason being that it is not flexible enough:
With repos.conf you can specify details for every repository,
you
Michael Orlitzky m...@gentoo.org wrote:
I haven't bothered with it either, I really like being able to do:
PORTDIR=$REPOS/gentoo-x86 PORTDIR_OVERLAY= emerge -1 whatever
Why don't you do emerge -1 whatever::gentoo
Moreover, you can use PORTAGE_REPOSITORIES for temporary overrides
of
On Tuesday, August 05, 2014 06:33:59 AM Martin Vaeth wrote:
When you are at it you should probably also encrypt the communication
schedule-0.15 is finally able to use encryption, hence the current mild
security risks will practically vanish, even if listening to a
world-wide port.
schedule
J. Roeleveld jo...@antarean.org wrote:
No, it wouldn't, since jobs just finishing and wanting to report their
status cannot do this when there is no server. You would need a rather
involved protocol to deal with such situations dynamically.
It can certainly be done, but it is not something which
J. Roeleveld jo...@antarean.org wrote:
With the kind of schedules I am working with (and I believe Alan will
also end up with), restarting the whole process from the start can
lead to issues.
Finding out how far the process got before the service crashed can become
rather complex.
I am not
J. Roeleveld jo...@antarean.org wrote:
These schedules then also can't be restarted from the beginning
when they stop halfway through without risking massive consistency
problems in the final data.
So you have a command which might break due to hardware error
and cannot be rerun. I cannot see
J. Roeleveld jo...@antarean.org wrote:
So you have a command which might break due to hardware error
and cannot be rerun. I cannot see how any general-purpose scheduler
might help you here: You either need to be able to split your command
into several (sequential) commands or you need
J. Roeleveld jo...@antarean.org wrote:
Depends on the specific requirements.
If you want:
In a sense, most you require can be done with my mentioned schedule
tool, although perhaps the usage is not in the way you expected.
I reorder your points for a clearer explanation:
- have schedules
J. Roeleveld jo...@antarean.org wrote:
A useful addition to your schedule-tool would be to store the
scripts in a way that makes editing simpler
Since it is an arbitrary script in an arbitrary language,
I think this is not in the scope of this project to do this.
In most cases I used it so
in beta testing phase:
https://github.com/vaeth/schedule/
You can install it from the mv overlay (available over layman).
J. Roeleveld jo...@antarean.org wrote:
https://github.com/vaeth/schedule/
What are the features it currently has already
This is hard to answer, since at a first glance the whole thing
does not even look like a scheduler: It looks more like a means to
communicate with some server, but after
meino.cra...@gmx.de meino.cra...@gmx.de wrote:
while trying to use eix I got constantly this error:
error while reading from database: end of file
It seems that your eix database was truncated (out of disk space?).
Have you tried to recreate it with eix-update?
Peter Humphrey pe...@prh.myzen.co.uk wrote:
Dropping the aliases into ~/.zshrc is the easy option, that way to get
your aliases and a superior shell.
That's what I've done so far.
If you have a complex bash configuration file which you want to keep,
source your .bashrc (or whatever you use)
Andrew Savchenko birc...@gmail.com wrote:
Another challenge is to make dependency resolution parallel
It's a challange but won't solve the problem: On fast processors
portage's speed is not so much a big issue. Moreover, the factor
you can obtain this way is in the (unrealistic) best case at
Greg Turner g...@malth.us wrote:
On Mon, Feb 3, 2014 at 2:55 AM, Martin Vaeth mar...@mvath.de wrote:
On fast processors
portage's speed is not so much a big issue.
What kind of processor have you got, and where can I get one?
I run gentoo on i3 (double core), c2 (double core), athlon
Pandu Poluan pa...@poluan.info wrote:
I was thinking: is it feasible, to precalculate the dependency tree?
I thought that's what the portage cache does, as far as it can.
Well, AFAIK, portage needs to kind of simulate everything going on in an
ebuild to get the list of
hasufell hasuf...@gentoo.org wrote:
Many defaults gentoo sets do not have anything to do with default
codepaths upstream has tested.
I disagree: The USE-enabling in ebuilds usually follows upstream.
IIRC there was even a policy for gentoo developers which strongly
suggested this.
As above,
Neil Bothwick n...@digimed.co.uk wrote:
To go back to the OP's original point, having hostnames on
the tabs also makes it obvious which sessions I have open.
If you use an appropriate prompt as I have recommended
(which modifies [hard] status line) you see the sessions
in the tabs of tmux -
Neil Bothwick n...@digimed.co.uk wrote:
I haven't used tmux for a while, I tried it and went back to screen, but
does it really show the titles of all sessions?
On the hardstatus line you see in tmux all sessions
with their numbers and their hardstatus line.
[More precisely, you see all
James wirel...@tampabay.rr.com wrote:
I have my lxde/openbox environment mostly setup. One thing I miss
is feature rich tabbed terminal session.
I suggest that you try tmux (or screen) - this is far superiour to
multitab since you can easily also put it to the background or
access it remotely.
Volker Armin Hemmann volkerar...@googlemail.com wrote:
you know - I don't give a rat's ass about 'pig' or not, because:
I have enough ram. Ram is cheap. 16gb of DDR 1600 ECC costs what? 160€?
Cheap.
What kind of argument is this?
I do not consider it cheap to spend 160 bucks only to waste
hasufell hasuf...@gentoo.org wrote:
On 01/27/2014 12:26 AM, William Hubbs wrote:
No, starting with USE=-* is very dangerous.
That's nonsense imo
No, William is completely right.
and I use that setup on multiple servers/routers without any issues.
No one doubts that it is *possible* to
Walter Dnes waltd...@waltdnes.org wrote:
USE=-* ${USECPU} ${USEOTHER}
If you want to look at it that way, what I've
really done is to replace the default USE flag set with my own defaults
... *including* the defaults specified in individual ebuilds.
About the default flags in profiles one may
Alan McKinnon alan.mckin...@gmail.com wrote:
On 27/01/2014 13:59, Tanstaafl wrote:
If the problem is really this potentially serious, why start from
scratch, when Paludis is already very mature? Is it pure politics
(someone just doesn't like Ciaran)?
No-one likes to admit it, but I think
Neil Bothwick n...@digimed.co.uk wrote:
I suggest that you try tmux (or screen) - this is far superiour to
multitab since you can easily also put it to the background or
access it remotely
Screen and tabs are different solutions to different problems. When
working with multiple SSH sessions
Peter Humphrey pe...@prh.myzen.co.uk wrote:
properly; now all I need to do is make grub use the plain old 80x25
Thanks, but I'm using a manually written grub.cfg
Then it is completely trivial: Just do *not* insert code
which sets graphics like insmod {vga,vbe,gfxterm},
loadfont unicode,
Peter Humphrey pe...@prh.myzen.co.uk wrote:
Now, my question is how to have grub2 offer me a choice of kernels from all
those that are present in /boot (a separate ext2 partition). Not only that,
but pass different softlevel selectors to them.
In my opinion you should decide for either
Kfir Lavi lavi.k...@gmail.com wrote:
I'm doing some development and have a local portage tree.
Can I have also local distfiles directory?
In theory, there is something like RO_DISTDIR, but recently
there were some bug reports that it is not working.
You can also use trickyfetch and the related
Marc Joliet mar...@gmx.de wrote:
One of those questions stands out to me right now: the one on understandable
error messages. As some recent posts to this ML demonstrate, it seems to
be one area where portage is visibly falling (staying?) behind right now.
They remind me of the type of error
Alan McKinnon alan.mckin...@gmail.com wrote:
On 06/11/2013 09:46, Martin Vaeth wrote:
Alan McKinnon alan.mckin...@gmail.com wrote:
You don't have to keep explaining subslots to me
But not every reader knows the details - this is not a private
conversation.
Then please [...] describe
Alan McKinnon alan.mckin...@gmail.com wrote:
On 06/11/2013 14:54, Martin Vaeth wrote:
(I am guessing this only from the outputs which are posted):
When portage detects that it cannot resolve something after
backtracking, it dies.
That by itself is good info.
The conflict that portage
Alan McKinnon alan.mckin...@gmail.com wrote:
You know what? I'm not convinced.
What I'm seeing is a rather large towering edifice of complexity to deal
with a problem that is not the general case.
I find it funny that perhaps you did not realize that you repeated
the main argument *in favour
Alan McKinnon alan.mckin...@gmail.com wrote:
It seems to me that you didn't read the whole post fully, and have
cherry-picked a part that you think bolsters your position.
I do not think that I have a position here.
Subslots solve some problem. If they cause inconveniences
like portage
Alan McKinnon alan.mckin...@gmail.com wrote:
You don't have to keep explaining subslots to me
But not every reader knows the details - this is not a private
conversation.
What I have maintained all along is that I don't see the solution as
tested to be production-ready
It has been in ~arch
Alan McKinnon alan.mckin...@gmail.com wrote:
No, no problem whatsoever. emerge @preserved -rebuild is my preferred
method, I find it vastly superior to sub-slot operators which
It is neither superior nor inferior.
It is an unrelated mechanism which will have less to do
once subslot
hasufell hasuf...@gentoo.org wrote:
EMERGE_DEFAULT_OPTS=--ignore-built-slot-operator-deps=y
A different user interface would be preferrable [...]
Could you open a bug report for portage and make a properly formulated
proposal about this?
Done. http://bugs.gentoo.org/show_bug.cgi?id=490350
Michael Orlitzky mich...@orlitzky.com wrote:
Port knocking is cute, but imparts no extra security.
It does, for instance if you use it to protect sshd and
sshd turns out to be vulnerable; remember e.g. the
security disaster with Debian.
A better, secure way to achieve the same goal is with
Pandu Poluan pa...@poluan.info wrote:
Thanks, Martin! I was about to create my own preprocessor, but I'll check
out yours first. If it's what I had planned, may I contribute, too?
Sure, patches are welcome.
William Kenworthy bi...@iinet.net.au wrote:
If you are going to go to this bother ... why not use shorewall, create
When I checked for scripts creating rules, none fulfilled my needs.
(I do not know whether I checked shorewall at this time).
For instance, instead of dropping most packets, I
Michael Orlitzky mich...@orlitzky.com wrote:
On 10/14/2013 07:49 AM, Martin Vaeth wrote:
Using yet another service with possible holes to protect a sshd?
In this case, I would like port knocking at least for this OpenVPN.
The sensitive parts of OpenVPN are audited regularly, and it uses SSL
Tanstaafl tansta...@libertytrek.org wrote:
Like passwords, these sequences should better not stay the same for
too long...
Forced changing of passwords
I agreee: To do this to protect *other* users will not work.
It's a different thing if you use it for protection of your own data...
5. You can't script iptables-restore!
Well, actually you can script iptables-restore.
For those who are interested:
net-firewall/firewall-mv from the mv overlay
(available over layman) now provides a separate
firewall-scripted.sh
which can be conveniently used for such scripting.
shawn wilson ag4ve...@gmail.com wrote:
On Fri, Oct 4, 2013 at 5:58 PM, Michael Orlitzky mich...@orlitzky.com wrote:
1. The iptables-restore syntax is uglier and harder to read.
I don't get this - the syntax is [...]
What am I missing or how is this uglier?
Argument separation (e.g. if you
101 - 200 of 236 matches
Mail list logo