Re: [gentoo-user] type keyboard problem
Hi, On Fri, 6 Oct 2017 08:31:27 +0800 Bill Kenworthy wrote: > Hi all, I have a laptop keyboard problem - it fails to reconnect the > keyboard on opening after closing. > > MS Surface pro 4 with type keyboard. > > The keyboard connects correctly on bootup or resume from hibernate (when > open). > > Close keyboard (removes power), open keyboard and it no longer works. > Requires a reboot (or hibernate/resume) for it it to work again. > > On opening the keyboard, the kernel detects it, it shows up in lsusb. > > Oct 6 05:57:15 bunyip kernel: usb 1-7: Product: Surface Type Cover > Oct 6 05:57:15 bunyip kernel: input: Microsoft Surface Type Cover > Keyboard as > /devices/pci:00/:00:14.0/usb1/1-7/1-7:1.0/0003:045E:07E8.0003/input/input29 > Oct 6 05:57:15 bunyip kernel: input: Microsoft Surface Type Cover > Consumer Control as > /devices/pci:00/:00:14.0/usb1/1-7/1-7:1.0/0003:045E:07E8.0003/input/input31 > Oct 6 05:57:15 bunyip kernel: input: Microsoft Surface Type Cover > Touchpad as > /devices/pci:00/:00:14.0/usb1/1-7/1-7:1.0/0003:045E:07E8.0003/input/input33 > Oct 6 05:57:15 bunyip kernel: hid-multitouch 0003:045E:07E8.0003: > input,hiddev96,hidraw0: USB HID v1.11 Keyboard [Microsoft Surface Type > Cover] on usb-:00:14.0-7/input0 > > It looks like it changes input when reopening but the event framework > fails to re-enumerate it. > > Ive tried restarting udev but no luck. Try to update your kernel to the latest one, preferably to vanilla one. Also try udevadm trigger. Best regards, Andrew Savchenko pgpN3ElF63trz.pgp Description: PGP signature
Re: [gentoo-user] A portage nuisance
On Fri, 27 Oct 2017 14:58:13 +0100 Peter Humphrey wrote: > On Fri, 27 Oct 2017 12:52:54 - > Helmut Jarausch wrote: > > > I have a problem with emerge for a long time. > > Sometimes I need to (re-)emerge many packages like in an > > emerge --emptytree @world > > > > Because I use several overlays, there are problems with a lot of > > packages. > > Unfortunately, emerge shows me just the first problem (like a missing > > USE-flags) and then terminates. > > Is there any means to let emerge go and report several (all) problems > > which are independent of each other? > > EMERGE_DEFAULT_OPTS="--keep-going" ? No, --keep-going allows to continue as long as possible after a build failure. Helmut asks about dependecies resolution failures, e.g. in some package REQUIRED_USE is not met, or circular dependency occurs and so on. AFAIK there is no way to use keep-going like option for deps resolution, because first error may trigger a lot of others and there will be inevitably false errors, because the dependency tree was not fully built. Best regards, Andrew Savchenko pgp00OQ7zNaOM.pgp Description: PGP signature
Re: [gentoo-user] Does Gentoo support more than 8 bits per color channel?
On Fri, 20 Oct 2017 16:17:37 - Helmut Jarausch wrote: > Hi, > I'm considering buying a new monitor (and graphics card) which supports > 10 bits per color channel. > Will Gimp on a Linux machine (X11) support this now or in the near future. > Or is it just waste of money to buy a monitor with more than 8 bits/color > channel? > Many thanks for some hints, > Helmut Linux and Gentoo in particular supports 10 and 12 bits per channel. But in order for this to work you need to have support from all chain, both hardware and software: application -> de/wm or rendering stack (gtk/qt) -> xorg (supports) -> video driver (see below) -> video card -> cable(! ) -> monitor You have not told us what is your video card, but at least Intel[1] and nVidia[2] products support 10/12 bits in Linux. Definitely not all application support deep colour (10/12 bpc), but most multimedia oriented do: gimp, ffmpeg, mplayer, mpv... You may encounter some problems with GTK apps, though the proof links I found[3,4] are quite old and situation may have improved. Also take a note that 10 bpc imposes some limitations on the screen resolution depending on your connectivity[5]. [1] https://communities.intel.com/thread/101627 [2] https://nvidia.custhelp.com/app/answers/detail/a_id/3050/~/how-to-enable-30-bit-color-on-linux [3] http://www.oyranos.org/tag/30-bit/ [4] http://darktable-users.narkive.com/ndONjycG/anyone-with-30-bit-color-depth [5] http://bilder.hifi-forum.de/medium/262100/hdmi-20-597x266_609346.jpg Best regards, Andrew Savchenko pgpmanGDHoNsB.pgp Description: PGP signature
Re: [gentoo-user] A portage nuisance
On Sat, 28 Oct 2017 22:59:26 +0100 Anthony Youngman wrote:
[...]
> All I'm asking is that as it progresses, it makes a list of those
> packages it can resolve the dependencies for. If it then gives up with
> the current list it's processing, eg "world", it then goes back to the
> list it thinks it can process, and has another go with them.
>
> Because that's exactly what I do, take the first few packages off the
> list that look fine, and emerge them. I then re-run the original emerge,
> rinse and repeat, but it takes absolutely ages, and worse I have to
> babysit the emerge because I'm *expecting* it to hit a problem.
[...]
> To give you a very clear example of what I'm thinking ...
>
> emerge -u world
> A will be emerged with options ...
> B will be emerged with options ...
> C will be emerged with options ...
> D is blocked by E
> F will be emerged with options ...
> G is blocked by H
> Giving up, too many circular dependencies
> emerge A B C F
Ah, man, this is where your mistake is. You are assuming that it
is possible to get a correct dependency subgraph without building
full correct dependency graph first. This is not possible and this
is math. While the approach you described abode may work in some
practical cases, it will be busted in general case.
The key moment here is that graph's root node may be changed during
dependency recalculation based on _how_ conflict is solved, the
same as all other nodes may be reordered. And dependencies which
appear to be valid before conflict is resolved may became invalid
after, consider the following dep tree:
A
/ \
B C
|
!{D,E}
- B and C depends on A;
- D conflicts with E and both depend on C;
You assume that !{D,E} conflict can be skipped and A, B, C canbe
emerged. But let's assume that you selected D later, but D depends
on F and F conflicts with A[some_flag]. So you'll have to choose
some alternative to A or change its USE flags, this may require to
rebuild the whole dependency tree (and build order may change as
well). In order to prevent dozens (sometimes hundreds or even
thousands) of useless rebuilds and to avoid leaving intermediate
tree in the utterly broken state emerge fails if it can't build the
dependency graph.
Maybe my example above is synthetic and not the best one, you
should understand that dependencies are very complex, may be
intricately interconnected and there is no way to tell which parts
are correct until all picture is seen.
Best regards,
Andrew Savchenko
pgpBVWkDHhpq1.pgp
Description: PGP signature
Re: [gentoo-user] emerge -e @world failed
On Tue, 5 Dec 2017 01:08:12 +0100 tu...@posteo.de wrote: > HHi, > > I did it, > > I started emerge -e @world --keep-going. > > And it failed while installing linux-gazette: > >>> Emerging (370 of 2114) app-doc/linux-gazette-117::gentoo > >>> Installing (360 of 2114) app-doc/linux-gazette-31::gentoo > >>> Emerging (371 of 2114) app-doc/linux-gazette-69::gentoo > >>> Installing (361 of 2114) app-doc/linux-gazette-74::gentoo > >>> Jobs: 341 of 2114 complete, 5 running Load avg: 1.48, 1.61, 1.82 > Traceback (most recent call last): > File "/usr/lib64/python3.5/site-packages/portage/dbapi/vartree.py", line > 740, in aux_get > mydir_stat = os.stat(mydir) > File "/usr/lib64/python3.5/site-packages/portage/__init__.py", line 250, in > __call__ > rval = self._func(*wrapped_args, **wrapped_kwargs) > FileNotFoundError: [Errno 2] No such file or directory: > b'/var/db/pkg/app-doc/linux-gazette-74' Apparently your /var/db/pkg database is broken. What bothers me here is that you have two likely parallel installs here. Maybe you just hit a race condition bug. Try to emerge required linux-gazette slots manually, one by one. If this helps, report the bug on portage to bugzilla. Best regards, Andrew Savchenko pgpjTVN5boSFh.pgp Description: PGP signature
Re: [gentoo-user] is anyone using Nouveau graphics driver ?
On Mon, 23 Jul 2018 06:17:40 -0400 Philip Webb wrote: > (1) What are people's experiences with Nouveau ? > -- does it work easily with various kernels ? Yes. > -- does it manage graphics stably & reliably ? Depends on your setup. For single monitor mode it is definitely yes. For multiple monitors in Xinerama mode it is usually yes. For multiple monitors with multiple X screens mode it is no (segfault), upstream right now is aware of the problem[1]. > -- I don't do much with video (a few newsreels) & don't use sound. > > (2) If I install it, how do I switch between Nouveau & Nvidia ? 1. You'll have two different Xorg configurations for nvidia and nouveau (at least in Driver option in Section "Device" at its settings). I usually switch between them using symlink. 2. eselect opengl set xorg-x11 | nvidia 3. I have to switch KMS on for nouveau and off for nvidia (to have normal VGA console): nomodeset vga=normal (for nvidia). > (3) Sadly, I didn't make a Quickpkg of the Nvidia version I was using > when my scanner was working with Gentoo (last time 180626). > I have the distfiles, but not the ebuilds : > is there anywhere I can find ebuilds for Nvidia-Drivers 390.42 390.48 ? Why you don't want to use the latest 390.77 (or 390.67) for stable? [1] https://bugs.freedesktop.org/show_bug.cgi?id=106772 Best regards, Andrew Savchenko pgpBZ1YjiyAkd.pgp Description: PGP signature
Re: [gentoo-user] is anyone using Nouveau graphics driver ?
On Mon, 23 Jul 2018 21:28:08 +0200 Davyd McColl wrote: > Thanks for taking the time to reply, Dr Valdés. > > Unfortunately, I would like to game now and then Whether nouveau is usable for games depends on a) game, b) your card, see [1] for a reference. For recent chip generations all 3D features are implemented, looks like the most troublesome part is power management. Usually you'll have lower FPS is nouveau compared to nvidia driver, but if your game is not top notch, it should be playable. [1] https://nouveau.freedesktop.org/wiki/FeatureMatrix/ Best regards, Andrew Savchenko pgpmD0byG8OcJ.pgp Description: PGP signature
Re: [gentoo-user] Building kernel with floppy support
On Sun, 10 Jun 2018 05:01:51 -0400 Shea Alterio wrote: > Hi everybody > > I've got a mini form factor Pentium 4 I just acquired. I have a huge amount > of floppy disks to make backup images of as well as write to new floppies. > Yeah I know, floppies suck, but i thought i could use Gentoo on it to make > the process less painful. This is a plain internal floppy drive so not a > USB one. Do you need build any packages with floppy support or just make > sure it's in the kernel? Just enable it in the kernel: COFNIG_BLK_DEV_FD will be sufficient unless something rare like AMIGA/ATARI/MAC floppy is used, they have separate config opttions. If you want FAT tools, install sys-fs/dosfstools. > When i was doing some googling to see if i would > have issues trying to do floppy stuff with the latest kernels, it seemed > like that could be a potential issue. No, it works just fine. > I will do my main compiling on my main PC then send it to the P4 to keep it > from burning itself up. haha. Best regards, Andrew Savchenko pgpp89ew2ray1.pgp Description: PGP signature
Re: [gentoo-user] iproute2 reference
On Sun, 10 Jun 2018 14:15:03 +0100 Peter Humphrey wrote: > Hello list, > > I'm trying to learn how to use the "ip" command to manage routing on one of > my > boxes, which has two Ethernet interfaces. > > Can anyone recommend suitable reading material? I don't mind paying for a > book, provided that it's reasonably up to date and won't bury me in a morass > of bit patterns, OSI transport layers and so on. Just the stuff that a > network > admin would need. The best howto on iproute I ever saw: https://www.tldp.org/HOWTO/Adv-Routing-HOWTO/ Best regards, Andrew Savchenko pgp0DOHxbcIuy.pgp Description: PGP signature
Re: [gentoo-user] net-misc/openssh-7.7_p1-r4 switched off hpn use flag
Hi! On Wed, 13 Jun 2018 09:21:45 +0100 Mick wrote: > Any idea why the latest openssh has set USE="-hpn"? > > PS. The multi-threaded AES-CTR is broken and disabled, which is OK, but the > larger buffer used by single threaded HPN can still be useful in some cases. It is enabled in openssh-7.7_p1-r6. Sometimes hpn becomes disabled for the latest openssh because hpn patch is not yet ready. So better stick to older or stable versions if you need hpn to be always available. Best regards, Andrew Savchenko pgpwUdv2q2goh.pgp Description: PGP signature
Re: [gentoo-user] trying to use Nouveau
On Sat, 4 Aug 2018 01:48:15 -0400 Philip Webb wrote: > Last month, I sent in a query re Nouveau : thanks for the replies. > > I have emerged it : > > root:508 log> eix nouveau > [I] x11-drivers/xf86-video-nouveau > Available versions: 1.0.15 1.0.15-r1 > Installed versions: 1.0.15-r1([2018-07-26 15:39:37]) > Homepage:https://nouveau.freedesktop.org/wiki/ > Description: Accelerated Open Source driver for nVidia cards > > I have tried to switch to it with 'eselect opengl set xorg-x11' : > > root:507 log> eselect opengl list > Available OpenGL implementations: > [1] nvidia > [2] xorg-x11 * > > I have renamed /lib/udev/rules.d/99-nvidia.rules by appending '.dft', > as recommended in the Wiki. > > But when I 'startx' & then check /var/log/Xorg.0.log , I find : > > (II) Module glx: vendor="X.Org Foundation" > compiled for 1.19.5, module version = 1.0.0 > ABI class: X.Org Server Extension, version 10.0 > (II) LoadModule: "nvidia" > (II) Loading /usr/lib64/xorg/modules/drivers/nvidia_drv.so > (II) Module nvidia: vendor="NVIDIA Corporation" > compiled for 4.0.2, module version = 1.0.0 > Module class: X.Org Video Driver > (II) NVIDIA dlloader X Driver 390.67 Fri Jun 1 02:45:19 PDT 2018 > (II) NVIDIA Unified Driver for all Supported NVIDIA GPUs > (--) using VT number 7 > > I suspect that I need to re-merge some pkgs ; > I have added 'nouveau' to VIDEO_CARDS in make.conf , > but it won't have an effect until a pkg is re-merged. > > Can anyone offer advice what to try next ? Your xorg.conf (or a file from xorg.conf.d directory) must contain the following: Section "Device" Identifier "Card1" Driver "modesetting" ... (some options may follow) EndSection You probably name `Driver "nvidia"` there right now. Best regards, Andrew Savchenko pgpKEjFz0sR6X.pgp Description: PGP signature
Re: [gentoo-user] trying to use Nouveau
On Mon, 6 Aug 2018 02:38:28 -0400 Philip Webb wrote: > 180805 Philip Webb wrote: > > 180804 Andrew Savchenko wrote: > >> Your xorg.conf -- or a file from xorg.conf.d directory -- > >> must contain the following : > >> > >> Section "Device" > >> Identifier "Card1" > >> Driver "modesetting" > >> ... (some options may follow) > >> EndSection > > I've done that, as described in my previous msg, without success. > > Then I noticed that Wiki says the kernel needs recompiling > with 'Drivers->Graphics-><*>DirectRenderingManager > <*>NouveauCards' ; Well, that was too obvious to mention :) > I also unset the "<->Backlight ... " just below, as I don't need it. > The new kernel is noticeably bigger than the previous version ; > I copied it to /boot as usual, updated lilo.conf & ran Lilo ; > the new kernel (called 4.14.52b) booted successfully, > but neither Nouveau nor Nvidia would start ; > even worse, neither would start with the previous version 4.14.52 , > which had been working with Nvidia for some time. > > The kernel log stops after several repeats of the lines : > > kernel: nvidia: Unknown symbol backlight_device_unregister (err 0) > kernel: nvidia: Unknown symbol backlight_device_register (err 0) You need to rebuild nvidia-drivers. As a rule of thumb after each kernel update (or major config change) one must rebuild external kernel modules: emerge -av @module-rebuild > Finally, I booted into kernel 4.9.95 & Nvidia still starts there. > > This is turning into a nightmare. It all started when 4.14.52 > couldn't find my scanner, which 4.9.16 had no trouble with, > & then I found I couldn't test 4.9.16, as Nvidia no longer worked with it. > To test 4.9.16 it seems sensible to try Nouveau instead of Nvidia, > but that has led to a further tangle. > > I suspect the problem with the scanner is that the Epson driver > needs an update to work with the most recent kernels. > That's something I'll have to take up with Epson, if I can. What is your scanner model? Are you using sane-epson2 and the latest sane version? It really shouldn't depend on the kernel unless you are missing some crucial (e.g. usb) drivers. > However, the Nouveau/Nvidia mess is something I sb able to sort out. > Can anyone suggest what's gone wrong & how to put it right ? You have not stated what is wrong with your Nouveau + kernel 4.14.52 setup. Please provide Xorg logs. Best regards, Andrew Savchenko pgpm8mSm_712S.pgp Description: PGP signature
Re: [gentoo-user] libGL symlinks vs `eselect opengl`
Hi! On Wed, 22 Aug 2018 20:33:00 +0200 Davyd McColl wrote: > The other day I installed Celestia for the entertainment of my son, who is > delighted with anything stellar / planetary. Celestia wouldn't start up, > and, long-story-short, I tracked down the issue to the symlinks: > > /usr/lib64/libGL.so > /usr/lib64/libGL.so.1 > > which ultimately point to > > /usr/lib64/libGL.so.1.2.0, > > provided by media-libs/mesa. Naturally, I assumed I'd made a mistake with > `eselect` at some point, so I checked with `eselect opengl list` and found > that, as expected, my selected opengl implementation was nvidia. Just in > case, I switched over to xorg-x11 (mesa) and back again, but this didn't > fix the problem. > > Manually redirecting these to /usr/lib64/opengl/nvidia/lib/libGL.so > (provided by x11-drivers/nvidia-drivers) works, however, of course, portage > doesn't know anything about this, so the update I received today for > media-libs/mesa reverted these symlinks back to pointing at mesa libs. > > So the questions I have are these: > 1) Am I reasonable in expecting `eselect opengl` to maintain these > symlinks? I feel like it's a reasonable expectation, but perhaps there's > just yet another thing I have to learn / understand. No, eselect opengl works differently. It uses /etc/env.d to alter LDPATH and OPENGL_PROFILE environment variables. It also changes xorg.conf. So you may need to restart your X server and source /etc/profile in active shells for changes to take effect. > 2) Should I be logging a bug (against eselect, or perhaps celestia, since > this is the only app which seems to have suffered this fate -- games like > Torchlight 2 and utils like glxgears work just fine; glxinfo reports NVIDIA > extensions), or is there just something I've fundamentally missed or messed > up here? If glxinfo reports correct data and glxgears works fine, then this may be a bug and please report it. You may CC both celestia and opengl since right now it is not obvious which is the culprit. Best regards, Andrew Savchenko pgpBED_xijwSA.pgp Description: PGP signature
Re: [gentoo-user] Nouveau test : back to Nvidia
On Sun, 26 Aug 2018 03:48:04 -0400 Philip Webb wrote: > Following my recent request for info + replies, > I tried using Nouveau for a week & didn't have any basic problems, > but it couldn't handle the 3D Xscreensavers, eg Gears + Pipes, > so I've come back to Nvidia, which has always worked well enough, > but tends to create problems matching Nvidia/Kernel versions. > > Is there any prospect that Nouveau wb able to do 3D one day ? It depends very much on your chip. Some card already have good 3D support, some should have it in a while. See feature matrix for details: https://nouveau.freedesktop.org/wiki/FeatureMatrix/ In most cases 3D works, but slower than on the proprietary driver and some advanced features may be missing. > Are there any 3rd possibilities ? No, at least if you want 3D. Best regards, Andrew Savchenko pgp08d7Y9pTiP.pgp Description: PGP signature
Re: [gentoo-user] CFLAGs for kernel compilation
On Wed, 29 Apr 2015 13:31:13 +0200 Ralf wrote:
> Hi,
>
> just a short question: I don't like genkernel, I always compile my
> kernel manually using menuconfig.
> So the CFLAGs of my make.conf won't get applied.
>
> What is the best way to (persistently) set the CFLAGs for the kernel
> compilation?
>
> - I don't like invoking 'CFLAGS="-O2 -march=foo"make'
> - I don't want to set CFLAGS as a persistent environment variable.
> - I don't want to modify the kernel Makefile
>
> Does it actually make sense to set an optimization level and -march?
Short answer: don't even try to use general CFLAGS for a kernel,
you'll badly damage its performance.
Long answer: context switching between integer and floating point
is very expensive, that's why kernel is integer only, any
non-integer calculations are implemented using fixed point (integer
numbers from CPU's POW). That's why kernel makes sure that no
floating point instructions sneaks in using CFLAGS, you may see a
lot of -mno-${intrucion_set} flags when running make -V. Futhermore
kernel needs several memory alignment flags which should not be
removed as well.
The proper way to fine-tune CFLAGS for a local CPU support will be
to use kernel-gcc-patches[1], as was pointed in other reply already.
This code will ensure that proper CPU support is enabled while
keeping all floating point instructions disabled. Just apply a
patch and select native arch in CPU arch menu.
[1] https://github.com/graysky2/kernel_gcc_patch
Best regards,
Andrew Savchenko
pgpuqTvm6pXaj.pgp
Description: PGP signature
Re: [gentoo-user] CFLAGs for kernel compilation
Hi, On Thu, 30 Apr 2015 18:26:22 +0200 Volker Armin Hemmann wrote: > That simple. The kernel is too important and the people programming it > know what they are doing. Don't set anything. It is retarded. > > > > - I don't like invoking 'CFLAGS="-O2 -march=foo"make' > > - I don't want to set CFLAGS as a persistent environment variable. > > - I don't want to modify the kernel Makefile > > > > Does it actually make sense to set an optimization level and -march? > > no While I completely agree with you that kernel CFLAGS should not be randomly tampered with, I can't agree that -march itself is useless. Tests and results are available here: https://github.com/graysky2/kernel_gcc_patch Optimization is a very powerful tool if taken with care. Of course it may lead to a disastrous result if mindlessly used. Best regards, Andrew Savchenko pgpeiw2NIYR7p.pgp Description: PGP signature
Re: [gentoo-user] CFLAGs for kernel compilation
On Thu, 30 Apr 2015 20:11:52 +0200 Volker Armin Hemmann wrote: > Am 30.04.2015 um 19:45 schrieb Andrew Savchenko: > > Hi, > > > > On Thu, 30 Apr 2015 18:26:22 +0200 Volker Armin Hemmann wrote: > >> That simple. The kernel is too important and the people programming it > >> know what they are doing. Don't set anything. It is retarded. > >>> - I don't like invoking 'CFLAGS="-O2 -march=foo"make' > >>> - I don't want to set CFLAGS as a persistent environment variable. > >>> - I don't want to modify the kernel Makefile > >>> > >>> Does it actually make sense to set an optimization level and -march? > >> no > > While I completely agree with you that kernel CFLAGS should not be > > randomly tampered with, I can't agree that -march itself is useless. > > Tests and results are available here: > > https://github.com/graysky2/kernel_gcc_patch > > > > Optimization is a very powerful tool if taken with care. Of course > > it may lead to a disastrous result if mindlessly used. > > > > Best regards, > > Andrew Savchenko > > if your mail client or browser is miscompiled, it is crashy, but worst > case, a bunch of emails or bookmarks are lost. > > If the kernel fucks up, it might write across partition boundaries and > destroy ALL your data. Or writes garbage instead of data. > > Don't f* with the kernel. That's why we have tests. Follow the link above. As for a personal experience: we have kernels with this patch and gcc native optimization in production for several years. Results are fine (no kernel related issues). In order not to crash kernel, do not add -ffast-math there. You need to have some understanding before touching such stuff. Best regards, Andrew Savchenko pgpoFIq0IXs1C.pgp Description: PGP signature
Re: [gentoo-user] Re: CFLAGs for kernel compilation
On Fri, 1 May 2015 05:09:51 + (UTC) Martin Vaeth wrote:
> Andrew Savchenko wrote:
> >
> > That's why kernel makes sure that no floating point instructions
> > sneaks in using CFLAGS, you may see a lot of -mno-${intrucion_set}
> > flags when running make -V.
>
> So it should be sufficient that the kernel does not use "float"
> or "double", shouldn't it?
No. Optimizer paths may be very unobvious, i.e. I'll not be
surprised if under some conditions vectorizer may use float
instructions for int code.
> I can hardly imagine that otherwise the compiler converts integer
> or pointer arithmetic into floating point arithmetics, or is
> this really the case for certain flags? If yes, why should these
> flags *ever* be useful?
> I mean: The context switching happens for non-kernel code as well,
> doesn't it?
Yes, context switching happens for all code and have its costs. But
for userspace code context switching happens for many other
reasons, e.g. on each syscall (userspace <-> kernelspace switching).
Also some user applications may need high precision or context
switching pays off due to mass parallel data processing, e.g. SIMD
instructions in scientific or multimedia applications. But unless
special conditions mentioned above, fixed point is still faster in
userspace, some ffmpeg codecs have both fixed and floating point
implementations, you may compare them. Programming in fixed point
is much harder, so most people avoid it unless they have a very
goode reason to use it. And dont't forget that kernel is
performance critical unlike most of userspace applications.
Best regards,
Andrew Savchenko
pgpmtvztAOVCW.pgp
Description: PGP signature
Re: [gentoo-user] Changing the email address for bugzilla account
On Sat, 9 May 2015 07:06:25 -0300 José Romildo Malaquias wrote: > Hello. > > I have requested Gentoo's Bugzilla to change the email address for my > account, because the current address does not exist anymore. > > The site told me that "An email has been sent to both old and new email > addresses to confirm the change of email address." > > When confirming the change by following the link sent to the new email > address, bugzilla tells me that "The token you submitted does not exist, > has expired, or has been canceled." I believe that means it expects me > to click the old email link before the new email link. No, it doesn't. Well, at least at November 2014 (when I resubscribed from another e-mail) it did not. > How to proceed now? Should I contact some admin to fix my account for > me? If so, how can he/she be contacted? Just make another request on Bugzilla. Best regards, Andrew Savchenko pgpJye1cVvrb0.pgp Description: PGP signature
Re: [gentoo-user] recommended applications
Hi, On Sun, 24 May 2015 15:02:13 +0430 behrouz khosravi wrote: > Hello everyone. After spending about a year in the world of linux (and > mostly beloved gentoo!) I have realized that the key to a stable and fast > machine is to keep the system as small as possible. > So I am going to use console based tools mostly. I will also replace KDE > with i3wm. > > What do you recommend as a replacement for kmail? (is mutt a good choise?) I depends on personal preferences. I'm not sure why, but I always had problems with intensive mail traffic and mutt. Also many mails are html-base and mutt is not the best way to deal with them. (I know that html mails are disgusting, but too many people use them these days to disregard this trend completely.) So I use sylpheed. It is GUI-based, can read html mails (but not write them, he-he). So it suits me well. Your mileage may vary, of course. > What about IRC client? Use irssi. It is a reliable and highly configurable CLI solution. > Torrent client? Use transmission. Just compile it without qt* and gtk flags. This is a client-server application, so transmission-daemon runs as system service as unpriviledged user and all management is done via nice CLI tool transmission-remote. Also transmission is fully-fledged solution supporting all trends like dht, utp and so on. You'll love it. > I know that I can use google! but I would like to know your opinion. Browser-based solution can't be lightweight, so I try to avoid them whenever possible. Best regards, Andrew Savchenko pgp1oUncgslOe.pgp Description: PGP signature
Re: [gentoo-user] What is the definition of a gentoo "binary" package?
On Fri, 29 May 2015 18:48:55 -0700 walt wrote: > gentoo package have been snipped to eliminate uncouth language> > > I think of a gentoo "binary" package (e.g. oracle-jdk-bin) as an ebuild > that fetches a file from somewhere, then merely unpacks that file and > sticks the results in /opt/. > > My experience today with libreoffice-bin has broken my mental model of > how a gentoo "binary" package behaves. > > While trying to debug some broken behavior in the (non-binary) localc > spreadsheet app, I decided to install libreoffice-bin as an experiment. > > The libreoffice-bin package wanted to drag in dozens of other non-binary > gentoo packages before it would install itself, and even caused a blocker > between two different versions of poppler. (I said "no" because I thought > the blocker would make the entire experiment fail in the end.) It requires many other packages because it was compiled with specific versions of that packages. Of course that other packages will be source ebuilds mostly. You have blockers because your current system have different versions of some of that packages. These issues are usually solved either via slot installs or update of your currently installed system. Sometimes emerge -DNu @world may be needed. As for terminology, there are two kinds of binary packages: 1) binpkg — (usually) user-build binary packages, just a tarballs of source build packages. They are usufull for clustering, fast deployment, fast downgrades and so on. 2) The same binpkg packages, but put into the portage tree for specific "hard to build" packages, they usually have "-bin" suffix. That is your case. Best regards, Andrew Savchenko pgpE1rzm3lUeq.pgp Description: PGP signature
Re: [gentoo-user] Profile listings
On Sun, 14 Jun 2015 19:22:14 + (UTC) James wrote: > Hello > > Background: > As a minimalist I'm trying to ferret out the differences in some of the more > minimal profiles versus potential embedded profiles, across several > different architectures: (arm32, arm64 x63_32 x86_64 ppc etc). I am also > quite curious to find a tool that will clearly list the complete set of > packages a given (eselected) profile will yield and the best ways to > customize that list of minimal (critical) packages. > > > > So in /etc/portage/profiles, we have lots of good information. For example > the 'base' dir currently lists 77 packages found in most profiles (?). The > '/usr/portage/profiles/arch.list' dir lists not only the recognized arches > but also "Prefix Keywords". I'm not exactly sure how all of this profile > stuff works; who decides what's (packages) in and out, package_masks etc etc. > > > So my questions related to how does gentoo actually determines the exact > list of programs that are minimally installed, with the specific > arch and the profile selected? In previous times, I just put USE='-*' in the > make.conf file and built upwards from there. Profile do all the stuff that can be done or overridden in /etc/portage, but they define some sane "default" sets of settings for common profiles. USE="-*" will override all USE settings in your profile. As you were already warned, this may break stuff: e.g. expected functionality will not be available or package will refuse to build if it needs at least one of USE flags set (e.g. alternative foo providers). So you must test things very carefully with USE="-*". A set of default packages is defined in the "packages" file of each profile. Profiles usually have "parent" file which lists parent profiles: they are inherited, but may be overridden here and there in a child profile. If you want an absolutely minimal system, after you have set it up you may remove some packages even from the @system set. E.g. if you're sure you don't need man or ssh, remove corresponding packages. Just be careful here since it is easy to brick your system here. Best regards, Andrew Savchenko pgpLBt6CBmQM3.pgp Description: PGP signature
Re: [gentoo-user] Google Chrome and audio capture
On Wed, 24 Jun 2015 07:08:01 +0100 Mick wrote: > On Tuesday 23 Jun 2015 11:54:02 Neil Bothwick wrote: > > On Tue, 23 Jun 2015 05:26:31 -0500, Dale wrote: > > > > Take from that what you will. Note, the issues are for chromium and > > > > not for Google Chrome, shouldn't make a difference for what you want > > > > to know though. > > > > > > Thanks. That was what I was looking for. I guess they did do this > > > then. This may be the first time I checked into a story from that site > > > and it be true. It seems google did sort of sneak some code in there. > > > o_O > > > > There is a now a USE flag to specifically enable this. It defaults to > > disabled but if you previously emerged chromium before the flag as added, > > you will still have it. Using --newuse will cause a world update to > > re-emerge chromium, but if you use --changed-use it doesn't, so re-emerge > > chromium if you want to get rid of this. > > What is the new USE flag and does it also apply to 43.0.2357.65? The flag is USE="hotwording", it applies to 45.0.2431.0 and later versions. Please note that this flag disables autoload of hotwording nacl plugin, so if one had earlier chromium versions installed, one will still have this plugin installed on a system. In order to remove already installed plugin one have to delete the following directory: ~/.config/chromium/Default/Extensions/lccekmodgklaepjeofjdjpbminllajkg See also: https://bugs.gentoo.org/show_bug.cgi?id=552298 Best regards, Andrew Savchenko pgpnWFEhA3sVN.pgp Description: PGP signature
Re: [gentoo-user] Should www-plugins/adobe-flash have "stable" versions?
Hi, On Thu, 25 Jun 2015 16:02:00 -0700 walt wrote: > Title: Adobe Releases Emergency to Patch Zero Day Under Active > Exploitation in the Wild > Description: Adobe released an out-of-band patch to address > CVE-2015-3113, a Flash Player zero-day vulnerability that is actively > being used by an APT group. The exploit has been ongoing since early > this month via phishing emails and affects Windows, Mac, and Linux > users. CVE-2015-3113 is a vulnerability in the way Flash parses Flash > Video Files (FLV). The exploit bypasses memory-based protection such > as ASLR and uses return-oriented programming (ROP) to bypass data > execution prevention (DEP). > Reference: > https://helpx.adobe.com/security/products/flash-player/apsb15-14.html > > I see that the gentoo devs have already added the latest version to my > ~amd64 machine (thanks, team) but what about all the people who are > running stable gentoo? Taking how intensive vulnerability rate for adobe-flash is and considering its closed nature (e.g. no ability to fix issues in time yourself) I'd recommend to avoid its use at all. For cases where it can't be replaced (e.g. with gnash or html5-compatible browser) use isolated container or vm. Best regards, Andrew Savchenko pgpN4D6MH65Qf.pgp Description: PGP signature
Re: [gentoo-user] Re: In the fear of getting hacked (WLAN setup)
H, On Sat, 18 Jul 2015 06:47:21 +0300 Nikos Chantziaras wrote: > > The problem I (possibly needless) see is: While I am tinkering and > > testing the configuration I may setup an open Wifi access point > > without noticing it in first glance and > > BANG! get hacked ... in the worst case: unrecognized... > > > > What is the "best practice" here? > > Is there a certain independant configuration, which I can set, > > which prevents this scenario? > > > > Thank you very much in advance for any help! > > Best regards, > > Meino > > > > PS: If one knows the ASUS Memo Pad 7 ME176CX and knows a > > way to locally connect this tablet to the internet...this > > would be a way to go also. I would appreciate any hint in > > this case (Using Lollipop 5.0). > > If you don't have any daemons running that provide network services > (have opened listen ports), you can't get hacked. This is usually a > problem for Windows, which by default has a gazillion of services > running (NetBIOS, printer/media/filesystem/everything sharing, > messaging, remote desktop, etc.) > > On Gentoo, if *you* didn't set up a service, then nothing is listening > on the network. Yes and no. If user enabled network interface and has no network daemons running, kernel still listens to that interface (ARP, icmp and so on) and may be hacked using vulnerabilities in network stack, protocol handlers or even network device drivers. By default Gentoo has no interfaces enabled, but usually they are set up during initial install. And users may be unaware that even without any network applications they may be vulnerable with enabled interfaces. Proper configuration of kernel, especially iproute2 and iptables can minimize such risks, of course. Best regards, Andrew Savchenko pgpKQ3DbwKSv3.pgp Description: PGP signature
Re: [gentoo-user] Packaging ASL
On Tue, 21 Jul 2015 07:18:58 -0600 Jc García wrote: > 2015-07-21 5:41 GMT-06:00 Zeev Pekar : > > Dear Gentoo Developers, > > > > We have just released the version 0.1.4 of ASL - Advanced Simulation > > Library <http://asl.org.il>. > > > > May I ask somebody to volunteer to package it for Gentoo? > > > > Packaging efforts for other distros are underway and probably can be > > helpful for Gentoo [1]. > > Really interesting library, but I doubt you will get what you expect > in this list, neither in the -dev list because as it is a library and > AFAIK there's no applications requiring it, I doubt they'll want to > add it to the main repository, There is no rule forbidding to have library with zero consumers in the main repository. As long, as someone maintains it. > but sure there's a place in gentoo for > the library, the gentoo-science project[1], you can try create a > github issue[2] requesting the add of the library there. You could > also find more folks interested in it, this list I would say is mostly > sysadmin/troubled-user stuff. I agree, on science overlay there are more interested people. Mail to gentoo-science and gentoo-physics lists. I'm working on another branch of physics, so I'm not sure I'll be able to test this library thorough, though. Note to Zeev: if you're interested in packaging by various distributions, try to make their job easier. A quick check shows that there are version constrains on dependencies, e.g. >=vtk-6.1, but they're not mentioned in the documentation. Fixing this will save people from digging into cmake files. Best regards, Andrew Savchenko pgpt687JWdJiO.pgp Description: PGP signature
Re: [gentoo-user] [OT] Very recent change in behavior of gmail imap/smtp servers
On Tue, 21 Jul 2015 18:34:25 -0700 walt wrote: > Very soon after being invited to open a gmail account, I discovered > that google offers non-web-browser access to their free (as in beer) > email servers. > > This puzzled me (still does) because it seems to violate google's basic > business model, which is based on advertising revenue. (I never see an > advertisement when sending/reading email via smtp/imap, obviously.) 1. Even with pop3/gmail users occasionally use web interface: a) When travelling and location/country is changed, Google denies pop3/smtp login saying "web access required". After web login (possibly with two-factor auth) user needs to confirm new location. b) In order to delete occasional spam messages as spam. c) In order to look through spam folder and retrieve false-positives. Unfortunately this happens sometimes. 2. Users are paying for services not only by reading ads, but with their private data: contents of their e-mails, various profiles, Google+ data and so on. > Google has just introduced a 120-second delay before allowing login to > their email servers. Just in the last day or two, literally. > > I can understand the delay for sending email (spammers) but why the > same delay for reading email? I use POP3 and SMTP for gmail daily, no delays here. Maybe your ISP is doing something: either bug, or MitM or some other nasty things. Best regards, Andrew Savchenko pgpZ0HdjYsOda.pgp Description: PGP signature
Re: [gentoo-user] Packaging ASL
On Tue, 21 Jul 2015 07:18:58 -0600 Jc García wrote: > 2015-07-21 5:41 GMT-06:00 Zeev Pekar : > > Dear Gentoo Developers, > > > > We have just released the version 0.1.4 of ASL - Advanced Simulation > > Library <http://asl.org.il>. > > > > May I ask somebody to volunteer to package it for Gentoo? > > > > Packaging efforts for other distros are underway and probably can be > > helpful for Gentoo [1]. > > Really interesting library, but I doubt you will get what you expect > in this list, neither in the -dev list because as it is a library and > AFAIK there's no applications requiring it, I doubt they'll want to > add it to the main repository, but sure there's a place in gentoo for > the library, the gentoo-science project[1], you can try create a > github issue[2] requesting the add of the library there. You could > also find more folks interested in it, this list I would say is mostly > sysadmin/troubled-user stuff. If I find time I might try to make the > ebuild and send pull request to the science repo, but I haven't > learned much about CMake, so I would have to learn a bit more about it > first. > > Regards, and thank you for the spread of such Important type software > in a FOSS way. > > [1] https://wiki.gentoo.org/wiki/Project:Science > [2] https://github.com/gentoo-science/sci (If you check the commits > log you'll see that it is a very alive repo) I added sci-libs/asl-0.1.4 to the science overlay. Enjoy! Best regards, Andrew Savchenko pgpxlzvN6OU2s.pgp Description: PGP signature
Re: [gentoo-user] want to upgrade 50 month old installation
On Tue, 4 Aug 2015 18:44:47 +0100 Neil Bothwick wrote: > On Tue, 04 Aug 2015 13:12:42 -0400, Felix Miata wrote: > > > 2-clone the existing partition to a larger one to be the upgrade target > > 3-boot the target > > 4-note that there exists no /etc/portage/ > > How did you clone it? It appears parts are missing. In the old days make.conf and other files were not in /etc/portage, but in /etc. At least non-optional stuff. Best regards, Andrew Savchenko pgpk_ozEwD__p.pgp Description: PGP signature
Re: [gentoo-user] Re: want to upgrade 50 month old installation
On Tue, 4 Aug 2015 17:20:40 + (UTC) Grant Edwards wrote: > On 2015-08-04, Felix Miata wrote: > > > That's right, May 2011, my first and only Gentoo installation, 32 bit on an > > old Athlon, which means no sse2, and kernel 2.6.37. It coexists in multiboot > > on one HD with 12 installations of Fedora and openSUSE. I'd like to upgrade > > it rather than installing fresh, > > Can we ask why? > > > if it's doable. > > It probably is (for some degnerate value of "doable"). > > My gut feeling is that a fresh install is going to be a _lot_ easier > and faster. A fresh install will take a couple hours. With all userspace software? No way on 32-bit Athlon. I have Athlon-XP. Even with distcc to Core2Duo it takes about 10 days of compilation time to build all stuff, I'm not counting time to fix all failures here. Well, I have >3000 packages installed... > An upgrade will > take somewhere between a couple days and a couple weeks. > Best regards, Andrew Savchenko pgpIgLqQq7xXs.pgp Description: PGP signature
Re: [gentoo-user] iptables tunneling a chrooted Linux?
Hi, On Sat, 15 Aug 2015 06:53:30 +0200 meino.cra...@gmx.de wrote: > on my Android tablet I have installed a Gentoo rootfs. > I can start this by chgrooting it after Android has booted. > Via xvnc I can connect from a running Android to the also > running Gentoo Linux. > If I set up a firewall as root (the Android is rooted) while > I am in the chrooted Linux this firewall setting have to be > active also in the Android environment, right? > Of vice versa: I can track any network traffic of the Android > OS inside my chrooted Linux, right? > > One kernel to rule them all...? If this is only chroot, you have to set all iptables rules (and other network configuration) in the host system environment (on Android). If you are using LXC or other container, involving network namespace separation (not sure this is doable on Android, kernel must support NET_NS as well as userspace tools should support this), then you have to set up network inside container and bridge/route it with the host system. Best regards, Andrew Savchenko pgp79Vhj9xFZf.pgp Description: PGP signature
Re: [gentoo-user] portage can not find local ebuild
Hi, On Thu, 17 Sep 2015 21:15:38 -0600 the...@sys-concept.com wrote: > I'm trying to emerge one of my local ebuild and portage can not find it. > What am I missing? > > emerge -avq nxclient > > emerge: there are no ebuilds to satisfy "nxclient". > > My settings: > > make.conf. > ... > PORTDRI_OVERLAY="/usr/local/portage" 1. PORTDIR_OVERLAY 2. It is no longer used, overlays should be declared at repos.conf these days. > cat /etc/portage/repos.conf/gentoo.conf > [DEFAULT] > main-repo = gentoo > > [gentoo] > location = /usr/portage > sync-type = rsync > sync-uri = rsync://192.168.139.7/gentoo-portage You are missing local overlay description. Add to gentoo.conf something like this: [local] priority = 100 location = /usr/local/portage Best regards, Andrew Savchenko pgpa7G4JRbOCP.pgp Description: PGP signature
Re: [gentoo-user] Distfiles cache setup
On Fri, 18 Sep 2015 17:48:15 -0700 Daniel Frey wrote: > On 09/18/2015 01:15 PM, Neil Bothwick wrote: > > How tight is space? eclean-dist only removes distfiles for packages that > > are no longer in the tree. So you can run it on one system and keep > > $DISTDIR reasonably trimmed. If you use the --package-names option, it > > will do as you suggest and only keep files needed by the machine running > > the command. > > > > Thanks for the replies. > > I regularly run eclean-dist on the mythtv frontends as I still have 32GB > SSDs on a couple of them. These are pretty lean as all file shares & > mythtv recordings are on the server that is running 24/7. > > I figured eclean-dist would wipe out everything that wasn't needed by > the machine it was run on, but if all it does is clean stuff that isn't > in the tree any longer that would work too. This is controllable: - eclean-dist cleans what is in the tree no longer and not installed in the system; - eclean-dist -d cleans everything not installed in the system. One can also restrict cleaning by file date (e.g. don't touch files newer than) or by file size; fetch-protected files may be spared as well. See eclean-dist --help for more details. > The server I'd be running it on has ample space. Which is why I was > debating over the http-replicator (thanks for the suggestion Peter!) and > just exporting the damn distfiles directory. > > I think I'm going to try exporting it first and see if it does what I > want first, if it works I'll leave it. :-) We have a cluster of identical machines. Exporting over NFS works just fine, though we exported not only /usr/portage, but /usr/local/portage, /var/lib/layman and /var/cache/edb/dep as well (we use sqlite backed for portage). Best regards, Andrew Savchenko pgpDWhszIE_6Q.pgp Description: PGP signature
Re: [gentoo-user] Re: Can't paste from selection in gtk-3 apps
On Wed, 16 Sep 2015 14:41:48 + (UTC) Grant Edwards wrote: > On 2015-09-16, J. Roeleveld wrote: > > On Tuesday, September 15, 2015 06:57:36 PM Grant Edwards wrote: > >> On 2015-09-15, Grant Edwards wrote: > >> > In most X11 apps I can select some text and then paste it somewhere > >> > else with a middle-click, or dump it to stdout with the command 'xclip > >> > -o'. That doesn't work for highligted text in gtk-3 apps (meld, > >> > evince, audacious, etc.). After selecting text in a gtk-3 app, if I > >> > middle-click in a terminal window it does nothing and 'xclip -o' just > >> > hangs. Selecting text elsewhere will deselect the text in the gtk-3 > >> > app, so gtk-3 isn't _completely_ ignoring X11 clipboards/buffers. > >> > > >> > Any ideas why gtk-3 copy/paste is broken and how to fix it? > >> > >> Ah, it turns out it's only a problem if you have multiple screens: you > >> can only paste a gtk-3 selection if the destination is on the same X11 > >> screen as the source. I'm pretty sure this is a known problem, but > >> I'm having trouble finding it again in the Gnome bugtracker... > > > > Must be related to gtk-3 then. > > > > I use 2 screens extensively and never experienced any issues like you > > describe. > > And you can select/paste from one screen to another where the source > is a gtk-3 app? > > I should clarify that I mean "screen" in the strict X11 usage. Using > Xinerama or the like to spread a single desktop across multiple > monitors is still a single screen setup. I'm trying to select text on > DISPLAY=:0.0 and paste it on DISPLAY=:0.1 Just for the record: I have the same problem with multihead setup (:0.0 and :0.1). While selecting with mouse doesn't work. Using menu functions "copy" in one application and "paste" in another one works fine. IIRC there are actually two buffers in X: for mouse selection and for copy-and-paste (both via menu and keyboard shortcuts). Best regards, Andrew Savchenko pgpQtXl3f62Nt.pgp Description: PGP signature
Re: [gentoo-user] Re: Can't paste from selection in gtk-3 apps
On Fri, 18 Sep 2015 16:22:00 +0200 Alan McKinnon wrote: [...] > >> That is a single X11 screen spread across two physical monitors. It > >> will not exhibit the gtk-3 selection bug. > >> > >> Are you sure you have two desktops and it's not just a single desktop > >> that is spread across two monitors? Can you drag a window from one > >> monitor to the other? If you can, then it's a single desktop. > > > > Yes, I can. > > When I maximize a window, it's only on 1 screen. > > > > This is how it seems "right" to me. > > > > Why would I want it to be different? Eg. windows can't be moved between > > screens? I don't see the point of having more than 1 screen in that case. > > There's a few reasons you might want more than one screen. Primary one > is two heads and two video cards with different resolutions and dpi. > Xinerama and big desktop et al will use the lower setting for both. Another reason (e.g. my case) is one dual head video card, but monitors with different dpi and colorspace. I tried xinerama: it looks really ugly on such setup. One more reason already mentioned by Grant is true for my case too: in my window manager (e16) I can have independent desktops on each screen, but not in xinerama mode. Probably this can be fixed in software, but might require a lot of work. JFYI dwm allows independent work on xinerama screens, but I have another issues with dwm. Best regards, Andrew Savchenko pgp0yKiSht8LF.pgp Description: PGP signature
[gentoo-user] Gnupg-2.1.* nightmare
Hello, I updated to gnupg-2.1.9 from 2.0.x on both my desktop and laptop and now I have big problems. 1. gpgme is now broken. Gpgme consumers (e.g. sylpheed, mcabber) can verify, encrypt and decrypt messages, but can't sign them. On signing I have the following issues: Please enter your PGP passphrase: [17:26:06] GPGME signature error: Unusable secret key Or: ** Sylpheed-WARNING: pgp_sign(): signing failed: User defined error code 1 I _can_ sign using the very same keys and plain gpg -s --default-key $id command. GPG itself works fine, something is amiss with gmgme. I updated gpgme, libgcrypt, libgpg-error and libassuan to the latest unstable versions and rebuilt consumer applications. Of course, keys were migrated to the new format using gpg --import and gpg-agent was restarted (I even rebooted the whole host), but problem is still here. The problem is even more strange, since I found a workaround way to sign messages in sylpheed. Program has three options for key selection: a) use default GPG key; b) select key by e-mail; c) use key with provided ID. Options b) and c) cause the error above, while option a) works, so by editing gpg.conf I can set default key id to what I need to sign a message. This is very inconvenient (since I have many keys), but at least works somehow. 2. I have duplicated keys in the ring with the same ID and fingerprint. Duplication happens only to _some_ of my keys where I have a secret key, fetched public keys of other users are not duplicated. Examples: a) Here I have the very same key twice: $ gpg --fingerprint -K 0x8EE705C07CFA83D3 sec rsa4096/0x8EE705C07CFA83D3 2012-09-11 [expired: 2015-09-11] Key fingerprint = 3F2D 1E49 4F96 2CE6 1597 F217 8EE7 05C0 7CFA 83D3 uid [ expired] Bircoph sec rsa4096/0x8EE705C07CFA83D3 2012-09-11 [expired: 2015-09-11] Key fingerprint = 3F2D 1E49 4F96 2CE6 1597 F217 8EE7 05C0 7CFA 83D3 uid [ expired] Bircoph b) Now comes more interesting: $ gpg --fingerprint -K 0x565953B95372756C sec rsa4096/0x565953B95372756C 2013-02-27 [expires: 2018-02-26] Key fingerprint = 63EB 04FA A30C 76E2 952E 6ED6 5659 53B9 5372 756C uid [ultimate] Andrew Savchenko uid [ultimate] Andrew A. Savchenko (NRNU MEPhI) uid [ultimate] Andrew A. Savchenko (UT Department) uid [ultimate] Andrew Savchenko (Gentoo Dev) uid [ultimate] Andrew A. Savchenko (XMPP) uid [ultimate] Andrew A. Savchenko (UT Department) uid [ultimate] Andrey Savchenko (RHIC) ssb rsa4096/0x7AB649CA518C8321 2013-02-27 [expires: 2018-02-26] ssb rsa4096/0xF6535A33BA1EE48D 2015-01-13 [expires: 2018-01-12] sec rsa4096/0x565953B95372756C 2013-02-27 [expires: 2018-02-26] Key fingerprint = 63EB 04FA A30C 76E2 952E 6ED6 5659 53B9 5372 756C uid [ultimate] Andrew A. Savchenko (NRNU MEPhI) uid [ultimate] Andrew Savchenko uid [ultimate] Andrew Savchenko (Gentoo Dev) uid [ultimate] Andrew A. Savchenko (XMPP) uid [ultimate] Andrew A. Savchenko (UT Department) uid [ultimate] Andrew A. Savchenko (UT Department) ssb rsa4096/0x7AB649CA518C8321 2013-02-27 [expires: 2018-02-26] ssb rsa4096/0xF6535A33BA1EE48D 2015-01-13 [expires: 2018-01-12] I have two versions of the same key: the latest and previous one (before I added one more e-mail uid to the key). This problem may be related to the first one, may be not, I'm not sure. It is possible that gpgme goes crazy with these duplicates. I have no idea how to remove duplicates and old versions. All gpg commands are tied to either key id, e-mail or fingerprint. They are all not unique to delete such duplicates. I have though that this may happen due to both secring.gpg and private-keys-v1.d present, but moving secring.gpg away doesn't help. Maybe manual editing of pubring.gpg will help to remove duplicates, but it will be quite hard to handle this binary format. Googling gave me very litte here: 1st issue: may happen for some custom gpgme client software, but no data on global failures after gnupg update. 2nd issue: may happen when key is stored in multiple sources and fetched from them, but I have no --keyring options in my gpg.conf (see attached file). Any ideas how to fix these issues, especially the signing failure are much appreciated. Best regards, Andrew Savchenko default-key 0x565953B95372756C require-cross-certification charset utf-8 keyserver hkp://pool.sks-keyservers.net keyserver-options auto-key-retrieve personal-digest-preferences SHA512 SHA384 SHA256 personal-cipher-preferences CAMELLIA256 AES256 TWOFISH CAMELLIA192 AES192 CAST5 AES personal-compress-preferences BZIP2 ZLIB ZIP Uncompressed default-preference-list SHA512 SHA384 SHA256 CAMELLIA256 AES256 TWOFISH CAMELLIA192 AES192 CAST5 AES
Re: [gentoo-user] Gnupg-2.1.* nightmare
Hi, On Mon, 19 Oct 2015 10:57:37 +0200 Jean-Christophe Bach wrote: > I have a very similar problem, at least concerning your 2nd point > (duplicated keys). All my problems came when I updated gnupg from 1.x to > 2.x. I tried to solve them by playing with different 2.x versions but > with the last one it is broken: > > 1. I detect duplicated keys in the ring > 2. some friends told me my signature was bad > 3. I am not able to verify all the signatures with Mutt or Thunderbird > (I do not understand why it works for some signatures and not for others) > 4. with Thunderbird, I am not able anymore to sign/verify/cypher/decypher > > I think that it is related to your problems, but I have no clue to fix > that. I would also appreciate any help. I got help on gnupg-users mail list on this issue, see https://lists.gnupg.org/pipermail/gnupg-users/2015-October/054569.html Basically you need to re-import all your public keys, *delete* old pubring.gpg file (new file format is pubring.kbx) and restart your gpg-agent: gpg --export-ownertrust >myownertrust.lst gpg --export >allmykeys.gpg rm pubring.kbx killall gpg-agent gpg --import pgpVV_dBVquiH.pgp Description: PGP signature
Re: [gentoo-user] tc filter add ... fails
Hi, On Thu, 26 Nov 2015 13:52:20 +0100 lee wrote: > it seems I might be missing some kernel modules: > > > , > | heimdali ~ # tc filter add dev ppp0 parent : protocol all prio 10 basic > police mpu 64 rate 16000kbit burst 10kb action drop > | RTNETLINK answers: Invalid argument > | We have an error talking to the kernel > | heimdali ~ # > ` > > > This is a filter shorewall would add. I have enabled options as shown > in [1]. How can I find out which modules I'm missing, or what else went > wrong? See your dmesg after such command, it usually contains a hint on what is wrong. Also it is much better to write iptables / iproute / tc rules manually then using high level generators like shorewall — this will give you a good understanding on what is going on and how to optimize or tighten your setup. Best regards, Andrew Savchenko pgpqL3S9RiSjn.pgp Description: PGP signature
Re: [gentoo-user] blocking facebook
On Sat, 12 Dec 2015 01:29:20 -0500 waltd...@waltdnes.org wrote: > On Fri, Dec 11, 2015 at 08:03:14PM -0700, the...@sys-concept.com wrote > > Does anybody have an idea how to block facebook? > > > > I'm using dd-wrt. The "access restriction" can block http but not https > > and I'm not good in iptables :-/ > > In addition users are using VirtualBox on the network as well. > > An excerpt from my /var/lib/iptables/rules-save ruleset... > > [0:0] -A INPUT -s 31.13.24.0/21 -j FECESBOOK > [154:11168] -A INPUT -s 31.13.64.0/18 -j FECESBOOK > [0:0] -A INPUT -s 66.220.144.0/20 -j FECESBOOK > [0:0] -A INPUT -s 69.63.176.0/20 -j FECESBOOK > [0:0] -A INPUT -s 69.171.224.0/19 -j FECESBOOK > [0:0] -A INPUT -s 74.119.76.0/22 -j FECESBOOK > [0:0] -A INPUT -s 103.4.96.0/22 -j FECESBOOK > [0:0] -A INPUT -s 173.252.64.0/18 -j FECESBOOK > [0:0] -A INPUT -s 204.15.20.0/22 -j FECESBOOK > > [0:0] -A OUTPUT -d 31.13.24.0/21 -j FECESBOOK > [3763325:225839770] -A OUTPUT -d 31.13.64.0/18 -j FECESBOOK > [56:3360] -A OUTPUT -d 66.220.144.0/20 -j FECESBOOK > [0:0] -A OUTPUT -d 69.63.176.0/20 -j FECESBOOK > [874:52440] -A OUTPUT -d 69.171.224.0/19 -j FECESBOOK > [0:0] -A OUTPUT -d 74.119.76.0/22 -j FECESBOOK > [0:0] -A OUTPUT -d 103.4.96.0/22 -j FECESBOOK > [3306:198360] -A OUTPUT -d 173.252.64.0/18 -j FECESBOOK > [0:0] -A OUTPUT -d 204.15.20.0/22 -j FECESBOOK > > [3767715:226105098] -A FECESBOOK -j LOG --log-prefix "FECESBOOK:" --log-level > 6 > [3767715:226105098] -A FECESBOOK -j DROP +1. Just block their CIDR ranges. No need to do DPI like was suggested here. Of course smart users can use proxies or tunneling, so this is not 100% solution, but for the majority it will work. Just a tip here: use ipset hash:net for all this ranges and just a few iptables rules to check src and dst in FORWARD and/or INPUT/OUTPUT depending on whether host is router or target system, e.g. for dd-wrt will be sufficient: iptables -A FORWARD -m set --match-set facebook src -j DROP iptables -A FORWARD -m set --match-set facebook dst -j DROP A set can be created like this: ipset create facebook hash:net ipset add facebook 31.13.24.0/21 ... Of course logging may be enabled as above if desired. This way filtering will be much faster and blocklist may be updated without touching iptables rules. Gentoo init script support ipset rules save/load as well as iptables. Do not forget about ipv6 if it is enabled on your network. Best regards, Andrew Savchenko pgp4gZGYmgNxX.pgp Description: PGP signature
Re: [gentoo-user] procps: mysterious option
On Sat, 10 Dec 2016 05:06:54 +0100 meino.cra...@gmx.de wrote: > Hi > > for the options "-nN" and "-d" the manpage of procps mentions > the option "-f" is implied. > > For SYNOPSIS all possible options are summarized as: > procinfo [ -dDSbrhv ] [ -nN ]. > > Furthermore the option "-f" isn't explained anywhere. > > What I don't understand here ? ;) Is your man page out of date? From my man procinfo: SYNOPSIS procinfo [ -fsmadiDSbrChv ] [ -nN ] [ -Ffile ] ... OPTIONS -f Run procinfo continuously full-screen. =procinfo-18-r2 is installed here. Best regards, Andrew Savchenko pgpKuXis1wZtR.pgp Description: PGP signature
Re: [gentoo-user] procps: mysterious option
On Thu, 15 Dec 2016 04:43:56 +0100 meino.cra...@gmx.de wrote: > Andrew Savchenko [16-12-14 17:07]: > > On Sat, 10 Dec 2016 05:06:54 +0100 meino.cra...@gmx.de wrote: > > > Hi > > > > > > for the options "-nN" and "-d" the manpage of procps mentions > > > the option "-f" is implied. > > > > > > For SYNOPSIS all possible options are summarized as: > > > procinfo [ -dDSbrhv ] [ -nN ]. > > > > > > Furthermore the option "-f" isn't explained anywhere. > > > > > > What I don't understand here ? ;) > > > > Is your man page out of date? From my man procinfo: > > > > SYNOPSIS > >procinfo [ -fsmadiDSbrChv ] [ -nN ] [ -Ffile ] > > ... > > OPTIONS > >-f Run procinfo continuously full-screen. > > > > =procinfo-18-r2 is installed here. > > > > Best regards, > > Andrew Savchenko > > Hi Andrew, > > This is, what I have: > > * app-admin/procinfo > Available versions: 18-r2 > Homepage:http://www.kozmix.org/src/ > Description: Displays some kernel stats and info on a running > Linux system > > [I] app-admin/procinfo-ng > Available versions: 2.0.304-r1 > Installed versions: 2.0.304-r1(05:40:40 01/10/15) > Homepage:https://sourceforge.net/projects/procinfo-ng/ > Description: Completely rewrite of the old system monitoring app > procinfo > > Found 2 matches > > So, the *-ng seems not to match the installed manpage? > Something is wrong here... procinfo-ng indeed have incorrect man page, feel free to report upstream, though it is inactive as well for ages. Best regards, Andrew Savchenko pgpDJUdJwtIBv.pgp Description: PGP signature
Re: [gentoo-user] xterm menu
On Sun, 18 Dec 2016 02:48:28 -0800 Jorge Almeida wrote: > I tried Ctrl+click (any button) on an xterm window, to bring up the > menu (which I never used before; after reading a recent thread about X > (in)security, I was trying to access the secure mode for password > entering). > > This crashes xterm. The logs: On xterm-325 "secure keyboard" mode works perfectly fine for me. Try to change font used by xterm, there are many ways to do this, I prefer to put in ~/.Xresources: xterm*faceName: DejaVu Sans Mono:style=Bold xterm*faceSize: 15 Anyway, application should not crash, so if your system is up-to-date (not only xterm, but Xorg, freetype and friends as well, so better update all system) and bug is still here, please report it on bugzilla. Best regards, Andrew Savchenko pgpAI9MsI8JDF.pgp Description: PGP signature
Re: [gentoo-user] Compiling maim fails...
On Thu, 5 Jan 2017 04:45:33 +0100 meino.cra...@gmx.de wrote:
> Hi,
>
> this morning I tried to compile
> * media-gfx/maim
> Available versions: ~3.4.47
> Homepage:https://github.com/naelstrof/maim
> Description: Commandline tool to take screenshots of the desktop
>
> which needs
> * x11-misc/slop
> Available versions: (~)4.3.21 {opengl}
> Homepage:https://github.com/naelstrof/slop
> Description: An application that queries the user for a
> selection for printing
Go to https://bugs.gentoo.org and report a bug there.
Please select title correctly, since bug you are reporting is
x11-misc/slop-4.3.21 compilation failure. It has nothing to do with
media-gfx/maim aside from being its dependency.
Best regards,
Andrew Savchenko
pgpMci7Fi6dXL.pgp
Description: PGP signature
Re: [gentoo-user] To do or not to do...
On Wed, 11 Jan 2017 18:00:11 +0100 meino.cra...@gmx.de wrote: > Hi, > > > After fcron updateing, I got this informations as the last > stepsand cant decide, whether this has already be done > while emerge was running or whether it is something I have > to do. > > > <<< dir /usr/share/doc/fcron-3.1.2-r2/html > <<< dir /usr/share/doc/fcron-3.1.2-r2 > >>> Regenerating /etc/ld.so.cache... > >>> Original instance of package unmerged safely. > * fcron's default systab was updated since your last installation. > * You can use > * > * # emerge --config sys-process/fcron > * > * to re-install systab (do not call this command before you > * have merged your configuration files). > >>> sys-process/fcron-3.2.1-r1 merged. > >>> Auto-cleaning packages... > > >>> No outdated packages were found on your system. > > * GNU info directory index is up-to-date. > * After world updates, it is important to remove obsolete packages with > * emerge --depclean. Refer to `man emerge` for more information. > > > By the way...cfg-update -l prints nothing to merge... Verify manually that there is no related ._cfg* file in your /etc. cfg-update -l may return nothing because nothing changed since your manual update. If everything is ok, run # emerge --config sys-process/fcron as you were asked. > HELP! I need somebody... HELP! not just anybodu, HELP! > I need just GENTOOO UH!H!... > > Thanks in advance! > > Cheers > Meino > > > > > Best regards, Andrew Savchenko pgpdy_PFvy3hw.pgp Description: PGP signature
Re: [gentoo-user] how to control firefox input and output?
On Thu, 2 Feb 2017 23:40:25 +0330 behrouz khosravi wrote: > Hello everyone. I was wondering is any method to force firefox to render > its output to a off-screen buffer? another app should be able to monitor > its video output and send mouse and keyboard events to the browser. any > suggestion would be greatly appreciated. Try Xnest or Xvfb. Best regards, Andrew Savchenko pgp64Rk3v7PFv.pgp Description: PGP signature
Re: [gentoo-user] How to keep my system from (nearly) freezing?
Hi,
On Sun, 19 Feb 2017 13:53:49 +0100 Helmut Jarausch wrote:
> Hi,
>
> sometime I have some memory hungry ebuilds in the background, when I
> start (e.g.) Chromium which needs very much memory if you have a lot of
> open tabs.
>
> In that case my system nearly freezes. I cannot even kill chrome.
> What can I do in that case. (Remote login doesn't work either)
>
> Can I have any additional program (like Chromium) die if there is not
> enough memory.
1. Use reasonable -j and -l options in MAKEOPTS. A good start will
be -j N and -l 2*N, where N is a number of your logical cores.
2. Set the lowest CPU and I/O priorities for emerge:
PORTAGE_NICENESS=19 and run emerge as `ionice -c3 emerge ...`,
you have to use CFQ scheduler to be able to use ionice.
3. Use zswap with z3fold allocator. It helps me well on my laptop
with 2GB RAM.
4. If everything above doesn't help:
a) reduce -j to a value where memory usage is suitable for you;
b) consider using -Os in your {C,CXX,F,FC}FLAGS, since such system
is certainly short of memory.
5. If even 4. doesn't help, consider using more powerful host to
build binary packages for this one.
Best regards,
Andrew Savchenko
pgpfJpZXTRw2Y.pgp
Description: PGP signature
Re: [gentoo-user] Is this a dependency bug?
On Mon, 20 Feb 2017 17:45:28 + (UTC) Grant Edwards wrote: > I installed weasyprint-0.29, but it won't run: > > $ weasyprint > Traceback (most recent call last): > File "/usr/lib/python-exec/python2.7/weasyprint", line 6, in > from pkg_resources import load_entry_point > [...] > File "/usr/lib64/python2.7/site-packages/pkg_resources/__init__.py", line > 849, in resolve > raise DistributionNotFound(req, requirers) > pkg_resources.DistributionNotFound: The 'CairoSVG<2,>=1.0.20' distribution > was not found and is required by WeasyPrint > > I have cairosvg installed, but apparently it's not recent enough (1.07 vs. > 1.20)? > > $ emerge --search cairosvg > > > * media-gfx/cairosvg > Latest version available: 1.0.7 > Latest version installed: 1.0.7 > Size of files: 29 KiB > Homepage: http://cairosvg.org/ > Description: A simple cairo based SVG converter with support for PDF, > PostScript and PNG formats > License: LGPL-3 > > Is this a dependency bug in the weasyprint ebuild? Yes, please report on bugzilla. Best regards, Andrew Savchenko pgpbd1PsZ_M4e.pgp Description: PGP signature
Re: [gentoo-user] Cross-compiling for an unstable architecture.
On Thu, 23 Feb 2017 16:21:04 -0600 R0b0t1 wrote: > Hello, > > So apparently I am single-handedly attempting to stabilize arm64 (at > least, it feels that way). Per the "Gentoo on Alternative > Architectures" subforum > (https://forums.gentoo.org/viewforum-f-32.html) two users have gotten > almost everything working, in some cases having to resort to building > packages not in @system on-device. Ideally I want to be able to build > every package I make use of from my desktop but in some cases this > will involve bug reports to the projects to see if they will change > their build process. > > However it's gotten to the point where not even building on-device > works. I'm experiencing breakage in a lot of core packages that may or > may not be related to portage. What is the best way to ask for help? > The users on the forums and IRC do not seem to really know how to go > about solving some of the problems or do not have the time, and I'm > not sure it's polite to open up a bunch of bug reports on > https://bugs.gentoo.org. What seems to complicate this is solving some > of the issues looks like it will take knowledge only the developers of > the corresponding software have. Get in touch with the arm Gentoo team. If you sure your fix is correct, open bugs on bugzilla. There is nothing wrong in opening tons of good bug reports with patches :) Best regards, Andrew Savchenko pgpfTa_N6QIrm.pgp Description: PGP signature
Re: [gentoo-user] SSH rekeying straight after authentication
On Thu, 23 Feb 2017 20:10:05 + Mick wrote: > I am trying to understand why an ssh server keeps dropping the connection > when > using openssh on Linux straight after a successful authentication, but it > works fine with Filezilla in MSWindows. [...] > I am guessing all this respawning probably triggers some DDoS protection > limit > on the server and it disconnects the client. Have you observed anything > similar and would you know why Linux fails, but MSWindows works as it should? I use HPN for years and connect to hundreds of servers, most of them are without HPN support. I have no problems so far. But HPN is unofficial and it may trigger problems. Maybe this is a bug in HPN, maybe a server's custom protection. Try to report this on bugzilla for openssh maintainers. Best regards, Andrew Savchenko pgpEM5hBjqNZP.pgp Description: PGP signature
Re: [gentoo-user] SHA-1 has just been broken
On Sat, 25 Feb 2017 22:12:10 +0100 Miroslav Rovis wrote: > https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html > > ( you know I hate the Schmoog, and didn't take their cookies, and so > they didn't show me their page in my Palemoon --working great here!, an > Angel of Honesty in comparison to Firefox --and if anybody else don't > want Schmoog prying in his machine, likely: Mass generation of collisions is much easier if document structure is taken into account, e.g. for PDF it is sufficient to compute collision block once and it is possible to generate different PDFs with the same SHA1 hash. On-line service is available together with detailed description: https://alf.nu/SHA1 So danger of SHA1 collision is much closer than 9,223,372,036,854,775,808 SHA1 computations or 1 110-GPU year. Best regards, Andrew Savchenko pgpdZdRXx8Qdq.pgp Description: PGP signature
Re: [gentoo-user] SHA-1 has just been broken
On Sun, 26 Feb 2017 12:00:50 +0100 Miroslav Rovis wrote: > But, when we talk crypto being broken, Git is not in the immediate threat due to SHA1 collision being practical. See Linux blog about this: https://plus.google.com/+LinusTorvalds/posts/7tp2gYWQugL Note that git devs are working on moving to a more secure hash function. Also note that git can handle several files in the repo with the same hash function. While this doesn't protect from the possible repo forgery, it protects from accidental file collision where subversion fails badly: https://www.bleepingcomputer.com/news/security/sha1-collision-attack-makes-its-first-victim-subversion-repositories/ I do not want to offence subversion devs, but they haven't even considered the possibility that hash function may collide. Huge blunder on their side. > I can help thinking of other > threats to Gentoo and other FOSS GNU Linux that I fear are perfectly > feasible (for the resourceful subjects) > > Gentoo distro is increasingly served the insecure way, IMO, that is: via > git, without the repositories being, for end users, PGP-verifiable. It is verifiable for end users, but not in an easy way. You can either use web rsync or verify git commits yourself using gpupg and gkeys. > And via a new private big business, the Github. Giving over all users to > big Github brother. ??? Github is entirely optional and is only for those who want to use it (we have both users and devs willing so), but in no way anyone demands its usage. If you want to have sync-friendly git repo, Gentoo infra provides one for you: https://gitweb.gentoo.org/repo/sync/gentoo.git/ > And, in the trasition all the history got lost. Git started remembering > only from 2015. No, it isn't. Full historical git repo is available: https://gitweb.gentoo.org/repo/gentoo/historical.git/ One may use git graft to join historical and actual repo together. > I have asked a question about getting git-served repository verifiable > for end users, but I didn't get any replies: Do not forget that all devs are volunteers. User-transparent GnuPG tree verification is indeed important. You can help! Join gkeys project, get in touch with infra, discuss what needs to be done. Don't just rattle about how insecure data is provided, help to make it secure! (And as I shown above actual state is not that bad and some options are already available.) Best regards, Andrew Savchenko pgp2DzXAJ_N32.pgp Description: PGP signature
Re: [gentoo-user] Its ground hog day... how to escape the syndrome?
On Thu, 2 Mar 2017 09:44:20 +0200 Alan McKinnon wrote: > On 02/03/2017 06:33, Harry Putnam wrote: > > Setup: VBox vm running gentoo(amd64) guest on a win-10 (64bit) host > > Hardware: HP xw8600 - 2x Xeon CPU X5450 @ 3.00GHz - 32 GB ram > > > > I've seen a few other mentions of the phenomena I'm about to describe. > > It is not clear to me why something like this would happen. Or what is > > to be done to prevent it. > > > > After going thru install and bulding of X based lxde desktop gentoo > > OS, I'm at the stage where I would do another emerge world followed by > > --depclean or something similar. > > > > Decided to take the @world in the two available bites; @system then > > @world > > > > My cmdline was `emerge -vaDt @system' > > Add -u to the options, it activates update behaviour > > Without it, emerge takes you literally at your word and emerges > everything in the system set. Also add -N, otherwise USE flags changes will be ignored if no update or rebuild, and add --with-bdeps y if you don't want to miss updates for packages pulled an build-only deps, so use `-DNuavt --with-bdeps y'. "vt" here is optional and affects only on-screen output. Best regards, Andrew Savchenko pgpyvddSFDcaV.pgp Description: PGP signature
Re: [gentoo-user] SHA-1 has just been broken
On Thu, 2 Mar 2017 03:42:24 -0500 taii...@gmx.com wrote: > It is possible to have a reasonably secure system where the hard drive > firmware (or any other devices) can't fuck around with the stuff on > disk, although I highly doubt that the gentoo infrastructure (and > kernel.org, and all the source repos for all the other software) does this Hard drive's firmware is a drive's micro OS, it can manipulate data on the disk as it pleases. The only way to protect privacy of the data is to write it already encrypted, so it still can be mangled and become unusable, but privacy will be kept. But see below about DMA. > One way is to use a blob-free coreboot IOMMU supporting board and > bootstrap the crypto/kernel off of the board firmware EEPROM chip to > load the initial kernel thus no plaintext touches the disk and thus > nothing can mess with it. > > The IOMMU (theoretically) protects the CPU and memory from rogue > devices, such as the hard drive. No. Any DMA capable device can bypass IOMMU. IOMMU was not designed to protect OS from device. > In terms of ethics IBM *for now* is a way better company than Intel/AMD, > their POWER servers are owner controlled as there isn't any boot > guard/secure boot/management engine/platform "security" processor (amd's > ME) to stop you from re-writing the firmware as you please. They also > have an getting-there-almost-reasonable open source effort (OpenPOWER) Indeed they are. But that boxes are quite expensive and hard to get. Best regards, Andrew Savchenko pgpwYnzvVK92P.pgp Description: PGP signature
Re: [gentoo-user] SHA-1 has just been broken
On Tue, 28 Feb 2017 18:05:29 +0100 Miroslav Rovis wrote: [...] > Gentoo Keys > --- > > ### About > > Gentoo Keys is a Python based project that aims to manage the GPG keys used > for validation on users and Gentoo's infrastracutre servers. Gentoo Keys > will be able > to verify GPG keys used for Gentoo's release media, such as installation > CD's, > Live DVD's, packages and other GPG signed documents. It will also be used by > Gentoo infrastructure to achieve GPG signed git commits in the forthcoming > git > migration of the main CVS tree. > > ### License > > Gentoo Keys is under GPL-2 License > # > > But do I read this correctly?: > > ...Gentoo Keys will be able > to verify GPG keys used for Gentoo's release media, such as installation > CD's, > Live DVD's, packages and other GPG signed documents. > > Again, about this (syntactical) object (in the sentence), with other > objects removed: > > ...Gentoo Keys will be able > to verify GPG keys used for ... > ... packages... > > Does that mean what I read? That with gkeys any user will be able to get > packages via git, and somehow automatically gpg -verify the signature of > each package that (s)he got when (s)he, say: Yes and no. AFAIK gkeys is not yet fully implemented. Right now it can be used to verify dev keys, but I'm not aware about a way to verity git tree using gkeys. Probably this should be done at the end of emaint sync process. Best regards, Andrew Savchenko pgpprJPSHYH3u.pgp Description: PGP signature
Re: [gentoo-user] SHA-1 has just been broken
On Thu, 2 Mar 2017 19:04:06 -0500 Rich Freeman wrote: > On Thu, Mar 2, 2017 at 6:26 PM, Andrew Savchenko wrote: > > On Thu, 2 Mar 2017 03:42:24 -0500 taii...@gmx.com wrote: > >> > >> The IOMMU (theoretically) protects the CPU and memory from rogue > >> devices, such as the hard drive. > > > > No. Any DMA capable device can bypass IOMMU. IOMMU was not > > designed to protect OS from device. > > > > Huh? I thought protection against DMA attacks was half the reason for > an IOMMU in the first place. > > https://en.wikipedia.org/wiki/Input%E2%80%93output_memory_management_unit Even the page you cited contains: ``Some units also provide memory protection from faulty or malicious devices.'' Please note the word "some" here. IOMMU was created to restrict OS access to devices (and bring desired guest VM direct hw access when needed). While it may be used the other way around — to protect OS from device — it usually don't work this way, not every IOMMU even supports this. If we'll look further, IOMMU bypass is a part of normal operation of many device drivers: https://lists.gt.net/linux/kernel/365102 Just some real world examples, one can search the web or grep kernel sources for more: https://lwn.net/Articles/144207/ https://lists.ozlabs.org/pipermail/linuxppc-dev/2014-February/115239.html And the funniest stuff: even if IOMMU can be and is configured to sandbox malicious devices, it can be easily bypassed in most real world implementations: https://hal.archives-ouvertes.fr/hal-01419962/document So relying on IOMMU to protect from malicious devices is even more naive than relying on SHA1 for crypto integrity needs. Best regards, Andrew Savchenko pgpuiLIUE2qve.pgp Description: PGP signature
Re: [gentoo-user] SHA-1 has just been broken
On Fri, 3 Mar 2017 08:48:30 -0500 taii...@gmx.com wrote: > Of course, as I stated you have to bootstrap the crypto from the > motherboard EEPROM chip. > >> One way is to use a blob-free coreboot IOMMU supporting board and > >> bootstrap the crypto/kernel off of the board firmware EEPROM chip to > >> load the initial kernel thus no plaintext touches the disk and thus > >> nothing can mess with it. > >> > >> The IOMMU (theoretically) protects the CPU and memory from rogue > >> devices, such as the hard drive. > > No. Any DMA capable device can bypass IOMMU. IOMMU was not > > designed to protect OS from device. > That isn't true, it was designed for exactly that and of course for > assigning devices to VM's. > > I get an AMD-Vi IOMMU IO_PAGE_FAULT alert in dmesg whenever a device > tries to do something it shouldn't and the remapping hardware blocks it. > > In linux the kernel/drivers configure which memory locations the devices > are allowed to access. This can be easily bypassed. See my reply to Rich in this thread. It may protect you from accidental errors, it will not protect you from malicious action. > >> In terms of ethics IBM *for now* is a way better company than Intel/AMD, > >> their POWER servers are owner controlled as there isn't any boot > >> guard/secure boot/management engine/platform "security" processor (amd's > >> ME) to stop you from re-writing the firmware as you please. They also > >> have an getting-there-almost-reasonable open source effort (OpenPOWER) > > Indeed they are. But that boxes are quite expensive and hard to get. > Hard to get? You can buy them from IBM's website like any other computer. > http://www-03.ibm.com/systems/power/hardware/linux-lc.html There is no way to import them into my country now. In a year or two maybe, but not now :/ Best regards, Andrew Savchenko pgpncblckJVCz.pgp Description: PGP signature
Re: [gentoo-user] Strange IPv6 behaviour
On Sat, 25 Mar 2017 12:36:04 +0100 Alarig Le Lay wrote: > Hi, > > On one of my machines, I have two public IPv6 from two different > providers (one natively, another by VPN). I use ip -6 rule to make both > pingable. > > I see some strange things on the native one. It stops responding from > time to time. Here are some examples of mtr: > https://paste.swordarmor.fr/raw/mXVT > > At this time, the other IPv6 (bulbizarre.swordarmor.fr) works normally. > > And if I do the same test on another machine in the same LAN, no loss: > https://paste.swordarmor.fr/raw/XGbK > > I have this routing table: > alarig@bulbizarre ~ $ ip -6 rule list > 0:from all lookup local > 31010:from 2a01:cb08:898c:fc00:9913:b7a:b9bf:d30c lookup 3215 > 31100:from all lookup 51083 > 32766:from all lookup main > alarig@bulbizarre ~ $ ip -6 route show > 2a00:5881:4008:400::/64 dev tun0 proto kernel metric 256 pref medium > 2a01:cb08:898c:fc00::/64 dev eth0 proto kernel metric 4 pref medium > fe80::/64 dev eth0 proto kernel metric 256 pref medium > fe80::/64 dev tun0 proto kernel metric 256 pref medium > fe80::/64 dev tun-mysql proto kernel metric 256 pref medium > default via fe80::20d:b9ff:fe3a:1fa1 dev eth0 metric 4 pref medium > alarig@bulbizarre ~ $ ip -6 route show table 3215 > 2a01:cb08:898c:fc00::/64 dev eth0 metric 1024 pref medium > default via fe80::20d:b9ff:fe3a:1fa1 dev eth0 metric 1024 pref medium > alarig@bulbizarre ~ $ ip -6 route show table 51083 > default dev tun0 metric 1024 pref medium > > I’m using the kernel 4.9.16-gentoo. > > I’m running out of ideas, so I ask for your help :) Run tcpdump -w on both sides. Compare dumps when connection stalls and when it works fine. Many reasons are possible, it's hard to guess from data you provided. But it makes me wonder why you have default via VPN and given address via eth0. This may lead to undesirable consequences like VPN carrier (or some aux request) trying to go through its own VPN tunnel. Best regards, Andrew Savchenko pgp3fIREW1JZ4.pgp Description: PGP signature
Re: [gentoo-user] Mysterious encodig problem...
On Sun, 2 Apr 2017 09:23:49 +0200 tu...@posteo.de wrote:
> Hi,
>
> it seems, that I have an encoding problem...which is triggered
> (only???) somewhere in the chain fetchmail=>procmail=>neomutt with vim.
>
> ...and it only effects single and double quotes.
>
> I am living in Non-Ascii-land (germany). Therefore I have
> some "strange" ;) characters on my keyboard...the "Umlauts"
> und the sharp S.
>
> All those are displayed nicely...in neomutt/vim also (which I use for
> mailing).
>
> When I receive an email with single quotes (') or double
> quotes ("), they will be changed to "???".
>
> My settings (settings to English language are for displaying -- for
> example -- manpages in their original version - not the translated ones):
Try to set LANG=de_DE.UTF-8. For manual you can set LANG=en_US, or
change LANG only for neomutt/vim, e.g.:
#/bin/sh
LANG=de_DE.UTF-8 vim ...
Best regards,
Andrew Savchenko
pgpMsOl9GU91R.pgp
Description: PGP signature
Re: [gentoo-user] Ryzen initial results.
On Tue, 4 Apr 2017 14:45:44 -0700 Daniel Frey wrote: > On 04/04/2017 10:37 PM, Alan Grimes wrote: > > I installed my Ryzen system today, using a mATX b350 mobo. > > > > My existing kernel mostly works, > > > > > > > > .00] Linux version 4.6.7 (root@tortoise) (gcc version 5.4.0 (Gentoo > > 5.4.0-r3 p1.3, pie-0.6.5) ) #6 SMP Tue Apr 4 22:34:38 EDT 2017 > > From what I've been reading, Ryzen support wasn't added until 4.10, with > partial support in 4.9. So you probably won't get everything out of your > new hardware. > > I am using 4.9.16 on my laptop with binary nvidia drivers, I haven't had > issues yet. Although, it is one of those dual-gpu models, intel and > nvidia - but the nvidia kernel module loads with no erroneous messages. > > If you have bleeding edge hardware you really need to use a newer kernel > for proper support. I didn't even try my new laptop with an old kernel > (most of my other machines are on 4.1 LTS still.) Ditto. With a bleeding edge hardware one needs a bleeding edge software, at least kernel, drivers/firmware and @system. Best regards, Andrew Savchenko pgpJRkj_YZJsv.pgp Description: PGP signature
Re: [gentoo-user] vim colorschemes: A question regarding terminal capabilities
On Mon, 10 Apr 2017 05:00:26 + tu...@posteo.de wrote: > I am playing around with colorschemes in vim and came across a problem: It > seems impossible to change the fore-/background color of the cursor itself. > $TERM is xterm-256color and vim itself offers settings for the color of the > cursor. Different colortests for terminals validate that the terminal is able > to display 256 colors. > > Is there something special terminal-wise when setting cursor colors ? > Why does it fail? Cursor colour has its own control sequence: http://rcr.io/words/dynamic-xterm-colors.html e.g. echo -ne "\033]12;#DD3123\007" will change your cursor to red (colour DD3123) without affecting normal text foreground and background colors. Best regards, Andrew Savchenko pgpF2WZYsRDLk.pgp Description: PGP signature
Re: [gentoo-user] replacement for ftp?
On Tue, 25 Apr 2017 15:29:18 +0100 lee wrote: > > Hi, > > since the usage of FTP seems to be declining, what is a replacement > which is at least as good as FTP? I fail to see why FTP needs to be replaced: it works, it is supported, it is secure when used with care, it is damn fast. Best regards, Andrew Savchenko pgpH4meGDETra.pgp Description: PGP signature
Re: [gentoo-user] Re: htop wants cgroups
On Mon, 1 May 2017 09:46:38 -0400 Rich Freeman wrote: > On Sun, Apr 30, 2017 at 4:17 PM, Kai Krakow wrote: > > Am Sun, 30 Apr 2017 10:33:05 -0700 > > schrieb Jorge Almeida : > > > >> It makes sense that the kernel has it. Should it be enabled? For a > >> server, probably. For a single-user workstation? Maybe. > > > > Maybe I don't have the ordinary workstation, but I use it to limit > > memory of sometimes-run-away services (memory-wise) and to control > > resource usage of container machines I'm using during development. > > Probably not the ordinary use-case... > > > > Honestly, I can't think of why you wouldn't want to use it. It is an additional attack surface. If there is no use for some $feature on some system, it must be disabled. Also this subsystem is still new in the kernel and there were many related vulnerabilities in the past. Best regards, Andrew Savchenko pgp2TMZZ4xXFn.pgp Description: PGP signature
Re: [gentoo-user] Re: htop wants cgroups
On Wed, 3 May 2017 15:11:33 -0700 Daniel Campbell wrote: > cgroups are not being pushed in this case. Portage threw up a warning, > letting you know that some features of htop may not be available without > the CONFIG_CGROUPS flag on in the kernel. htop should work to your > liking as it is right now. Go try it out! > > I'm having a little trouble understanding why this particular package > has you worried when there are dozens of others that spit out similar > "heads up" warnings, like qemu, anything relating to graphics and > virtualization... they're helpful messages that let you know that, if > something doesn't work as you expect, it's probably due to something you > have disabled. That's it. > > Perfect example: I use an AMD processor, but still get 'warning' > messages about checking CONFIG_KVM_INTEL and other variables. qemu still > works, because my kernel is built to virtualize with my CPU. Someone > with an Intel CPU might really want that warning message, though. The problem is that this warning is too severe: it suggests that package may not work properly without feature: "may cause unexpected problems" instead of saying "some additional features will be disabled" Hey, this is _very_ different to have some extra stuff off and to have core stuff with "unexpected problems". Best regards, Andrew Savchenko pgpwXnme3Sqty.pgp Description: PGP signature
Re: [gentoo-user] layman: cannot properly execute...
On Sat, 6 May 2017 14:28:51 -0400 John Blinka wrote: > Hi, all, > > For some time I've been getting messages like: > > cannot properly execute > /var/lib/layman/science/virtual/lapack/lapack-3.6-r100.ebuild > > for *every* package in the science overlay. This happened on 2 of 3 > very similar gentoo > systems I maintain, but not the third. As far as I could tell, the > permissions and > ownership of all /etc/portage and /usr/portage and /var/lib/layman > files and directories > are identical. All the machines have the same /etc/passwd and /etc/group > files, > the same /var/lib/portage/world files, and so on. I've gone to some > effort to make these > machines as identical as possible. I have done layman -d science then layman > -a > science to see if wiping out the overlay then reinstalling it would > help, but that makes no > difference. > > Googling the error produces just a few hits that recommend permissions > and ownerships > that helped solve this problem for others, but don't help me. > > It appears that this error message comes from /usr/bin/eix. I've > looked through the > source code a bit, but it's been long enough since I've messed with C > that this didn't > yield any answers. > > strace indicates that eix does an lstat on every element of > /var/lib/layman/science/virtual/lapack/lapack-3.6-r100.ebuild before > deciding to print the > error message. It also indicates that eix does a setuid and setgid to > portage:portage > early in its execution. As far as I can tell, portage:portage ought > to be able to both read > and execute this ebuild (and all the other ones eix complains about). > > And now, out of the blue apparently, the third system has started > spitting out this error > message as well. > > Any ideas on how to debug this? First of all, update all affected parties to the latest versions (eix, portage, layman). Second, use divide and conqueror strategy. If this is the eix problem, isolate it to eix only without invoking layman (or emaint sync -a or what on the earth you were doing?!). Try with eix-update. If problem persists, look for what eix cache method you are using: see man eix for the list, there are many of them. Since you have exec error, it likely is ebuild, try to change it to parse or metadata. Best regards, Andrew Savchenko pgpCCEU7HDgyK.pgp Description: PGP signature
Re: [gentoo-user] gcc 6 PIE use flag
On Mon, 8 May 2017 08:46:54 +1000 Adam Carter wrote: > Since an update to the default USE flags on gcc 6 turned on PIE and SSP, > i'm getting these errors; > > /usr/lib/gcc/x86_64-pc-linux-gnu/6.3.0/../../../../x86_64-pc-linux-gnu/bin/ld: > atof-generic.o: relocation R_X86_64_32 against `.rodata' can not be used > when making a shared object; recompile with -fPIC > /usr/lib/gcc/x86_64-pc-linux-gnu/6.3.0/../../../../x86_64-pc-linux-gnu/bin/ld: > dw2gencfi.o: relocation R_X86_64_32 against `.rodata.str1.8' can not be > used when making a shared object; recompile with -fPIC > /usr/lib/gcc/x86_64-pc-linux-gnu/6.3.0/../../../../x86_64-pc-linux-gnu/bin/ld: > frags.o: relocation R_X86_64_32 against `.rodata.str1.8' can not be used > when making a shared object; recompile with -fPIC > /usr/lib/gcc/x86_64-pc-linux-gnu/6.3.0/../../../../x86_64-pc-linux-gnu/bin/ld: > messages.o: relocation R_X86_64_32 against `.rodata.str1.1' can not be used > when making a shared object; recompile with -fPIC > /usr/lib/gcc/x86_64-pc-linux-gnu/6.3.0/../../../../x86_64-pc-linux-gnu/bin/ld: > subsegs.o: relocation R_X86_64_32 against `.rodata' can not be used when > making a shared object; recompile with -fPIC > /usr/lib/gcc/x86_64-pc-linux-gnu/6.3.0/../../../../x86_64-pc-linux-gnu/bin/ld: > symbols.o: relocation R_X86_64_32S against symbol `_sch_toupper' can not be > used when making a shared object; recompile with -fPIC > /usr/lib/gcc/x86_64-pc-linux-gnu/6.3.0/../../../../x86_64-pc-linux-gnu/bin/ld: > atof-ieee.o: relocation R_X86_64_32S against `.rodata' can not be used when > making a shared object; recompile with -fPIC > /usr/lib/gcc/x86_64-pc-linux-gnu/6.3.0/../../../../x86_64-pc-linux-gnu/bin/ld: > symbols.o: warning: relocation against `strlen@@GLIBC_2.2.5' in readonly > section `.text' > /usr/lib/gcc/x86_64-pc-linux-gnu/6.3.0/../../../../x86_64-pc-linux-gnu/bin/ld: > final link failed: Nonrepresentable section on output > collect2: error: ld returned 1 exit status > > If I add -fPIC to CFLAGS it will compile. Interestingly some packages (eg > PHP) will compile without the -fPIC. Also the man page says; "This option > makes a difference on AArch64, m68k, PowerPC and SPARC:, whereas i'm > running amd64. > > What's going on here? Shared objects often need -fPIC for proper relocations when linking, just add it when you're told to. It allows COW strategy for DLOs but at the cost of extra CPU register and some slowdown. Best regards, Andrew Savchenko pgp_7cjU5i50K.pgp Description: PGP signature
Re: [gentoo-user] gcc 6 PIE use flag
On Tue, 9 May 2017 14:36:09 +1000 Adam Carter wrote:
> Shared objects often need -fPIC for proper relocations when
>
> > linking, just add it when you're told to. It allows COW strategy
> > for DLOs but at the cost of extra CPU register and some slowdown.
> >
> >
> Shouldn't this be in the ebuilds? eg.
> if gcc:6[pie];
> then CFLAGS=${CFLAGS} -fPIC
I'm not so sure. Whether -fPIC is required or not depends on too
many factors and adding it when not needed will bring harm.
Are you using hardened?
Best regards,
Andrew Savchenko
pgp8oPjdoXM85.pgp
Description: PGP signature
Re: [gentoo-user] libreoffice and java.
Hi, On Thu, 18 May 2017 14:46:56 +0800 Bill Kenworthy wrote: > Hi, > I am trying use some java based plugins with libreoffice. > > libreoffice is compiled with the java use flag, both the oracle JDK and > JRE are installed and the user and system VM's are set and JAVA_HOME is > set in the environment. In the libreoffice jre selection dialog the jre > is showing an selected but I still get this error: > > $ lowriter > javaldx: Could not find a Java Runtime Environment! > Warning: failed to read path from javaldx > > > What have I missed? eselect java-vm? Best regards, Andrew Savchenko pgpRjkc2TshNj.pgp Description: PGP signature
Re: [gentoo-user] tmp on tmpfs
Hi, On Wed, 24 May 2017 05:34:09 -0400 Rich Freeman wrote: > On Wed, May 24, 2017 at 1:16 AM, Ian Zimmerman wrote: > > > > I have long been in the camp that thinks tmpfs for /tmp has no > > advantages (and may have disadvantages) over a normal filesystem like > > ext3, because the files there are normally so small that they will stay > > in the page cache 100% of the time. > > > > The file being in the page cache only speeds up reads of the file. On > a conventional filesystem the file will still be forced to be > committed to disk within 30 seconds, or whatever you've set your max > writeback delay to. That means guaranteed disk write IO. If the > drive is mostly idle it will have no impact on performance, but if the > disk is fairly busy then it will, especially for spinning disks. For > an SSD /tmp would be a source of erase cycles (which also have > performance implications, but there it is more of a wear issue). When > the file is removed that would also generate write IO. > > The flip side is that on most systems /tmp probably doesn't get THAT much IO. > > On Gentoo doing your builds in tmpfs definitely has a large > performance impact, because there are a lot of files created during > the build process that are sizable but which don't end up getting > installed (object files mostly). Plus you have the extraction of the > source itself. For a typical build that is many MB of data being > extracted and then deleted after maybe a minute, which is a lot of > useless IO, especially when the actual install is probably creating a > fairly sizable IO queue on its own. > > To avoid a reply, I'll also note that tmpfs does NOT require swap to > work. It does of course require plenty of memory, and as with any > situation where lots of memory is required swap may be useful, but it > is not a requirement. > > Others have mentioned zram. I've used it, but unless something has > changed one of its limitations is that it can't give up memory. That > is less of an issue if you're using swap since it can be swapped out > if idle. However, if you're not using swap then you're potentially > giving up a chunk of RAM to do it, though less RAM than a tmpfs if it > is full most of the time (which I doubt is typically the case). For similar needs I found zswap the most suitable, it's so much better than zram: - smaller CPU overhead: not every i/o is being compressed, e.g. if there is sill enough RAM available it is used without compression overhead as usual, but if memory is not enough, swapped out pages are being compressed instead of swapping out to disk; - no size limitation: if zswap pool is full, data is being pulled to swap, the same happens with non-compressible pages; - pool size and compression type can be dynamically adjusted, I prefer z3fold. So I have normal tmpfs on /tmp (and /var/tmp on hosts with lots or RAM), but both tmpfs and running daemons/apps can benefit from compressed memory for rarely used pages while enjoing full RAM speed for frequently accessed ones. Best regards, Andrew Savchenko pgpr8SXNUHm1t.pgp Description: PGP signature
Re: [gentoo-user] Re: tmp on tmpfs
On Wed, 24 May 2017 12:30:36 -0700 Rich Freeman wrote: > On Wed, May 24, 2017 at 11:34 AM, Ian Zimmerman wrote: > > On 2017-05-24 08:00, Kai Krakow wrote: > > > >> Unix semantics suggest that /tmp is not expected to survive reboots > >> anyways (in contrast, /var/tmp is expected to survive reboots), so > >> tmpfs is a logical consequence to use for /tmp. > > > > /tmp is wiped by the bootmisc init job anyway. > > > > In general I haven't found anything that is bothered by /var/tmp being > lost on reboot, but obviously that is something you need to be > prepared for if you put it on tmpfs. > > One thing that wasn't mentioned is that having /tmp in tmpfs might > also have security benefits depending on what is stored there, since > it won't be written to disk. If you have a filesystem on tmpfs and > your swap is encrypted (which you should consider setting up since it > is essentially "free") then /tmp also becomes a useful dumping ground > for stuff that is decrypted for temporary processing. For example, if > you keep your passwords in a gpg-encrypted file you could copy it to > /tmp, decrypt it there, do what you need to, and then delete it. That > wouldn't leave any recoverable traces of the file. > > There are lots of guides about encrypted swap. It is the sort of > thing that is convenient to set up since there is no value in > preserving a swap file across reboots, so you can just generate a > random key on each boot. I suspect that would break down if you're > using hibernation / suspend to disk. It is easy to use both encrypted swap and encrypted hibernation image (I do this on my laptop). Just before s2disk call disable swap completely, then create empty unencrypted swap and run s2disk (swappiness may be disabled to protect from accidental write of unencrypted data before fresh swap creation and s2disk call). Afterwards s2disk may be used to create encrypted memory image and store it in the swap partition. On resume just reverse actions. Apparently it is pointless to encrypt swap if unencrypted hibernation image is used, because all memory is accessible through that image (and even if it is deleted later, it can be restored from hdd and in some cases from ssd). Best regards, Andrew Savchenko pgpHK8m7gAlj4.pgp Description: PGP signature
[gentoo-user] Don't miss the 1 500 000 000 Unix second!
Hi all! I'd like to remind you that $ date -d @15 is drawing close! Don't miss the moment :) Best regards, Andrew Savchenko pgpRdAwlWh1Fd.pgp Description: PGP signature
Re: [gentoo-user] Something wrong when emerging librime
Hi, On Mon, 17 Jul 2017 16:38:00 + IceAmber wrote: > Hi, everyone > > There is an error when I emerging the fcitx-rime. > Here is the build.log > <https://github.com/IceAmber/Error/blob/master/librime_build.log> > Is it the bug of c++ 11 ABI? This is not a C++11 ABI bug, see https://bugs.gentoo.org/show_bug.cgi?id=624370 Just another compilation failure. I had not studied close what is wrong there, but likely some unhandled API change. Best regards, Andrew Savchenko pgpnmtkE_hnSc.pgp Description: PGP signature
Re: [gentoo-user] On making customized profile again.
On Wed, 19 Jul 2017 16:41:26 +0700 Ста Деюс wrote: > Hi. > > > Trying to remove several packages from the "common" profile, i did copy > mine to the same directory w/ that difference, that mine is located in > /usr/local/portage > > instead of "common's" > /usr/portage > > Then i copied > /usr/portage/profiles/profiles.desc > > to > /usr/local/portage/profiles/profiles.desc > > In the "local" file, i copied, in the corresponding section (x86), line > x86 default/linux/x86/13.0/desktop stable > > pasted it right after it, and changed just its name: > x86 default/linux/x86/13.0/customized stable > > But, when i run > eselect profile list > > i don't see mine profile enlisted. > > So, where did i make mistake? Use /etc/portage/profile/ directory for profile customization. Best regards, Andrew Savchenko pgptku9AWkkdL.pgp Description: PGP signature
Re: [gentoo-user] Problem with printer after system update
On Sat, 29 Jul 2017 13:36:55 -0300 Raphael MD wrote: > Hi! > > After a system update, my printer only print documents from internet like > sites. > When a send .pdf to print, cups return this error: No Pages Found. > > Did anyone see this error? Look into cups logs, you may increase log verbosity in cupsd.conf. Best regards, Andrew Savchenko pgpbUgvm0Q5T0.pgp Description: PGP signature
Re: [gentoo-user] Re: Something started muting the sound
On Sat, 12 Aug 2017 11:43:24 -0700 Ian Zimmerman wrote: > On 2017-08-12 13:21, John Covici wrote: > > > How about checking the various volumes rather than muting maybe some > > of them are 0 or rather some negative number or something? Also, you > > might delete the asound.state and let the system start over. Last > > resort, there is an alsa users mailing list. > > > > One other thought, get pulse audio out of the way and see if alsa is > > working. > > To clarify: it works for me (TM), I don't need a solution. I am just > curious because I don't heed the warning and it still works. The warning is about old days when alsa init script loaded required kernel modules for your audio to work. These days kernel does the job well and it can autoload modules based on device IDs. So loading modules by alsa init script is no longer needed in general case and was removed. The warning is here is for the people with special setups (e.g. out of the tree modules) updating from very old systems. Best regards, Andrew Savchenko pgp88LkgWGSge.pgp Description: PGP signature
Re: [gentoo-user] Warnings on shutting down bcache: WARNING: CPU: 1 PID: 4378 at lib/idr.c:383
8.382193] task: 880216b24240 task.stack: c900431e4000 > [140398.382197] RIP: e030:ida_remove+0xde/0xef > [140398.382199] RSP: e02b:c900431e7db0 EFLAGS: 00010082 > [140398.382202] RAX: 0033 RBX: 0012 RCX: > > [140398.382204] RDX: 880249654450 RSI: 88024964dc08 RDI: > 88024964dc08 > [140398.382205] RBP: c900431e7e10 R08: R09: > 000448da > [140398.382207] R10: 1668 R11: 81f1dad0 R12: > c08114c8 > [140398.382209] R13: c08114c0 R14: 00fa R15: > 0010 > [140398.382223] FS: () GS:88024964() > knlGS:88024964 > [140398.382225] CS: e033 DS: ES: CR0: 80050033 > [140398.382227] CR2: 7fb681059eb0 CR3: 00020a7b9000 CR4: > 00042660 > [140398.382230] Call Trace: > [140398.382238] ida_simple_remove+0x2f/0x45 > [140398.382247] bcache_device_free+0x8c/0xc4 [bcache] > [140398.382255] cached_dev_free+0x6b/0xe1 [bcache] > [140398.382261] process_one_work+0x16f/0x281 > [140398.382265] ? rescuer_thread+0x24e/0x24e > [140398.382268] worker_thread+0x1a4/0x257 > [140398.382272] ? rescuer_thread+0x24e/0x24e > [140398.382275] kthread+0xfc/0x101 > [140398.382278] ? init_completion+0x24/0x24 > [140398.382284] ret_from_fork+0x25/0x30 > [140398.382287] Code: 00 75 2a 4c 89 f7 e8 79 52 d5 ff 48 8d 75 b0 4c 89 > e2 4c 89 ef e8 03 3a 00 00 eb 11 44 89 fe 48 c7 c7 0a a1 a0 81 e8 c9 79 > d0 ff <0f> ff 48 83 c4 38 5b 41 5c 41 5d 41 5e 41 5f 5d c3 85 f6 79 02 > [140398.382341] ---[ end trace 279bbc0d0aae56cc ]--- Looks like a kernel bug, try the latest vanilla kernel. Best regards, Andrew Savchenko pgpj5uKfEIyVD.pgp Description: PGP signature
Re: [gentoo-user] No beep.
On Mon, 14 Aug 2017 18:22:54 + Alan Mackenzie wrote: > Hello, Gentoo. > > I've almost got my new(ish) machine up and running. In particular, I've > got an email server (s/qmail) running on it, the most difficult part of > bringing up a new box. > > However, during the building, I discovered to my disgust that there was > no loudspeaker in my new case. So, none of the helpful booting beeps > that the motherboard uses to tell us that something's wrong. Still, I > got past that stage. > > But just typing into a virtual tty, sometimes the system (should) beep. > It doesn't. It should. > > It should, because I compiled the kernel with CONFIG_SND_HDA_INPUT_BEEP > and CONFIG_SND_HDA_INPUT_BEEP_MODE set to 1. > > My loudspeakers are working, as shown by running speaker-test. I'm > using the kernel I think I am, verified by checking those two config > settings in /proc/config.gz. > > Would somebody please suggest to me where I am going wrong, here? If you are using ALSA (I suppose you are), run alsamixer and check the settings of the "beep" channel, it can be muted or set to 0. Best regards, Andrew Savchenko pgpz9OvoPw0U0.pgp Description: PGP signature
Re: [gentoo-user] app-eselect dependencies
On Thu, 24 Aug 2017 19:02:14 +0200 Helmut Jarausch wrote: > Hi > > some package (sci-libs/gsl) needs app-eselect/eselect-cblas > > Trying to emerge app-eselect/eselect-cblas portage says > app-eselect/eselect-cblas" is blocking sci-libs/scalapack-2.0.2-r1, > sci-libs/gotoblas2-1.13-r1 > > but in eselect-cblas-0.1.ebuild there are no such dependencies listed. > Where are these blocking messages coming from. Could you please post the full error message? OT: gotoblas2 is quite old, use openblas instead, it has better optimizations, especially for modern CPUs. Best regards, Andrew Savchenko pgpYN2ETdgYXe.pgp Description: PGP signature
Re: [gentoo-user] strange behaviour in quite special case
Hi, On Thu, 24 Aug 2017 18:27:22 -0300 Francisco Ares wrote: > Hi, All. > > This is a rather special case, so I don't expect much, but who knows? > > I've built a Gentoo x86-64 system for an embedded application. > > Just after a lot of updates, which I am unable to track, it stopped working > as usual. > > There is the development system, fully loaded of a lot of packages used for > development, and the production system, that don't need all of those. > > There is a line in both systems in /etc/iniitab responsible for auto-login > the production system user and the programs we need running (in its > ".bash_profile" and ".xinitrc"): > > c6:2345:respawn:/sbin/agetty -a production-user 38400 tty6 linux > > The development system starts a WindowMaker session, and the production > system starts a program that controls the rest of the hardware of this > embedded system, with an X11 graphical interface. That runs normally when > simulated at the development system. > > The development system runs smoothly. The production system, after > removing the files from undesirable packages and creating a squashfs image > of the ripped-off root partition behaves strangely at boot: > > It shows the initialization messages as expected, but when the auto-login > and the controller program start should take place, it completely stalls up > to I plug a USB keyboard and issue some times some of the key combinations > to change to a text console and back to X11 (Ctrl-Alt-F1 and Ctrl-Alt-F6); > only then the things resume as expected. > > As you might suspect, there is no keyboard for the production system ;-) . > > As a matter of fact, I don't know where the stall take place, as when I try > to switch to a text console to see the logs, it switches back to X11 and > starts our program. By the way, the logs just show that the events > occurred at latter times than expected. > > Although the squashfs is read-only, some main directories are arranged in a > way that, using tmpfs mounts and unionfs with the read-only directory to > the read-write tmpfs directory to that main directory provide a way of > creating temporary files that has been working for a few years now. > > For instance, in "/etc/fstab": > > tmpfs /.etc.rwtmpfs defaults,mode=755 > 0 0 > union /etcunionfs > default_permissions,allow_other,use_ino,nonempty,suid,cow,dirs=/. > etc.rw=rw:/.etc.ro=ro 0 0 > > And there is a "/.etc.ro" with a copy of all files present in regular > "/etc" , a "/.etc.rw" directory to be mounted tmpfs, and the original > "/etc" directory, that needs to be there at boot, even before mounting all > this. > > Does anyone have a clue? Try to dissect your problem. Start with removing squashfs and all tmpfs/unionfs manipulations. Create the same image, but on "normal" writable file system and see how it goes. It may be fs-related bug, may be you removed too many files and some "undesired" packages are actually mandatory. If you have some form on snapshots of your changes, you can try to bisect them in a git bisect way. Another approach is to run X server (or any other app suspected as a troublemaker) under strace (or attach strace to a running process) and see what is going on. You will have a lot of low level information and extensive filtering will be required; strace is capable of that, but you will need to dig into its documentation. Best regards, Andrew Savchenko pgpiwHTGCazGH.pgp Description: PGP signature
Re: [gentoo-user] Easiest way to block domains?
On Tue, 29 Aug 2017 01:38:42 -0400 Walter Dnes wrote: > I'm running a Core2-duo desktop from 2008 with 3 gigs of ram. I want > to run it into the ground, not throw it away while it's still > functional. With Gentoo optimization, pluse using ICEWM, it's generally > snappy. But there are a few web pages that throw the kitchen sink of > 3rd-pary adservers+trackers. 178 unique servers for one web page will > peg the load from the web browser to 150% of 1 cpu core. On a 2-core > machine, that is bad. The browser is unresponsive for a few seconds at > a time. > > I'm building up a rather large hosts file, but the adservers have a > gazillion subnames for each domain, in a deliberate attempt to bypass > hosts files. It would be more effective block entire domains. Is there > a lightweight DNS server, or some iptables trick, or whatever, that'll > block specified domains? Use uBlock origin. Both firefox and chromium work perfectly fine for me on a Core2Duo host. Best regards, Andrew Savchenko pgp0mlyc7absR.pgp Description: PGP signature
Re: [gentoo-user] Rename /dev/nvme0n1 to /dev/sda
On Fri, 1 Sep 2017 09:10:13 -0700 Grant wrote: > My new laptop uses /dev/nvme0n1 instead of /dev/sda which conflicts > with the script I use to manage about 12 similar laptops running > Gentoo. Is there a udev method for renaming the disk that will work > well with any USB disks that happen to also be attached? Yes, you can write an udev rule to create any names or symlinks you want on any events selected by triggers. See http://www.reactivated.net/writing_udev_rules.html and udev docs. Best regards, Andrew Savchenko pgpzaY5zG6AW0.pgp Description: PGP signature
Re: [gentoo-user] ceph on btrfs
Hi, On Wed, 22 Oct 2014 20:05:48 + (UTC) James wrote: > Hello, > > So looking at the package sys-cluster/ceph, I see these flags: > cryptopp debug fuse gtk +libaio libatomic +nss radosgw static-libs tcmalloc > xfs zfs No specific flags for btrfs? Ceph is optimized for btrfs by design, it has no configure options to enable or disable btrfs-related stuff: https://github.com/ceph/ceph/blob/master/configure.ac No configure option => no use flag. > ceph-0.67.9 is marked stable, while 0.67.10 and 0.80.5 are marked > (yellow) testing and * is marked (red) masked. So what version > would anyone recommend, with what flags? [1] Just use the latest (0.80.7 ATM). You may just nerame and rehash 0.80.5 ebuild (usually this works fine). Or you may stay with 0.80.5, but with fewer bug fixes. > Ceph will be the DFS on top of a (3) node mesos+spark cluster. > btrfs is being set up with 2 disks in raid 1 on each system. Btrfs > seems to be keenly compatible with ceph [2]. If raid is supposed to be read more frequently than written to, then my favourite solution is raid-10-f2 (2 far copies, perfectly fine for 2 disks). This will give you read performance of raid-0 and robustness of raid-1. Though write i/o will be somewhat slower due to more seeks. Also it depends on workload: if you'll have a lot of independent read requests, raid-1 will be fine too. But for large read i/o from a single or few clients raid-10-f2 is the best imo. > Guidance and comments, warmly requested, > James > > > [1] > http://ceph.com/docs/v0.78/rados/configuration/filesystem-recommendations/ > > [2] http://ceph.com/docs/master/release-notes/#v0-80-firefly Best regards, Andrew Savchenko pgpUJMy39uiEh.pgp Description: PGP signature
Re: [gentoo-user] kernel 3.17.0
Hi, On Mon, 20 Oct 2014 07:06:32 +0200 Tomas Mozes wrote: > On 2014-10-18 23:16, Volker Armin Hemmann wrote: > > Am 18.10.2014 um 06:17 schrieb Philip Webb: > >> I just installed Kernel 3.17.0 (gentoo-sources) > >> & noticed there are specific options for Gentoo right at the > >> beginning. > >> Are we really privileged to have our own place in kernel-land > >> or have these been added by the Gentoo devs ? > >> > > > > and that is why I don't use gentoo-sources. > > Out of curiosity, may I ask why? My 2 cents here. 1) In the past I had hardly traceable issues with gentoo-sources which were not present in vanilla kernels. I just switched back to vanilla. 2) Gentoo-sources are sometimes behind vanilla kernel. Due to some derivative from Murphy's law this always happens when I need some new features. 3) I looked over patches in gentoo-sources and found none I'm interested into. (That doesn't mean they are useless, just not my usecases.) Best regards, Andrew Savchenko pgpLtEw0ic1_w.pgp Description: PGP signature
Re: [gentoo-user] Re: ceph on btrfs
Hello, On Thu, 23 Oct 2014 19:41:22 + (UTC) James wrote: [...] > > Just use the latest (0.80.7 ATM). You may just nerame and rehash > > 0.80.5 ebuild (usually this works fine). Or you may stay with > > 0.80.5, but with fewer bug fixes. > > So just download from ceph.com, put it in distfiles and copy-edit > ceph-0.80.7 in my /usr/local/portage, or is there an overlay somewhere > I missed? I don't know such. Just use a local overlay (or stay with 0.80.5 — difference should not be huge). [...] > Last point. I'm using openrc and not systemd, at this time; any > ceph issues with openrc, as I do see systemd related items with ceph. We are using openrc too, no related issues. (systemd is banned on all our setups: masked and its dirs are in INSTALL_MASK, so we don't have its stuff floating around.) Best regards, Andrew Savchenko pgpqwiFt5PNZ4.pgp Description: PGP signature
Re: [gentoo-user] Re: ceph on btrfs
On Fri, 24 Oct 2014 16:20:36 + (UTC) James wrote: > Andrew Savchenko gmail.com> writes: > > We are using openrc too, no related issues. (systemd is banned on > > all our setups: masked and its dirs are in INSTALL_MASK, so we don't > > have its stuff floating around.) > > замечательно Рад помочь :) Best regards, Andrew Savchenko pgpRxUflonr6N.pgp Description: PGP signature
Re: [gentoo-user] Debian forked, because of systemd brouhaha
On Sat, 29 Nov 2014 22:32:18 -0500 Rich Freeman wrote: > On Sat, Nov 29, 2014 at 9:01 PM, Bill Kenworthy wrote: > > I am already really annoyed that by default > > systemd and apps designed to work with it leave traces on openrc based > > systems. > > You're getting worked up about text files and filenames. I suppose > you'll be really upset that bash completion files are now being > installed by default, and packages install logrotate configs and cron > scripts even if you don't use logrotate or cron. We have INSTALL_MASK for such cases. While it should be used with care (as improper use will broke system), INSTALL_MASK="*/systemd/*" keeps my systems clean from this filthy abomination. > Sure, we could add a million more layers of conditionals to everything > and you might save a few dozen inodes on your 10GB install, at the > cost of lots of hassle/bugs/etc. In general Gentoo tends to take the > pragmatic approach. If you're a purist of just about any kind you're > going to have to hold your nose. However, this cuts both ways - the > purists who don't want YOU to be able to make the choices YOU want to > make also have to hold their noses. :) Best regards, Andrew Savchenko pgpl14gaxAGpX.pgp Description: PGP signature
Re: [gentoo-user] Debian forked, because of systemd brouhaha
On Sat, 29 Nov 2014 17:32:08 +0100 Marc Stürmer wrote: > Am 29.11.2014 um 11:11 schrieb Pandu Poluan: > > > What do you think, people? Shouldn't we offer them our eudev project to > > assist? > > Since Eudev has always been opensource under the GPLv2, like udev too, > there's no need to /offer/ it. > > If they choose to use it, they can use it, no offer/questions necessary. > Simple. As far as I understand, Pandu meant "we can recommend them to use", but not some offer in commercial or proprietary terms. Don't forget that most people on the list are not native speakers, so IMHO superfluous verbalism is inappropriate here. Best regards, Andrew Savchenko pgpEVGBDFymZu.pgp Description: PGP signature
Re: [gentoo-user] How to find out to what file(...) writes goes on a idle system...
On Sat, 06 Dec 2014 12:01:16 +0100 Johannes Altmanninger wrote: > Hi, > > meino.cra...@gmx.de writes: > > > In the context of preserving the live of flash media by minimizing > > the count of unessary writes I want to know which > > application/daemon/etc is continous writing to that media and which > > """entity""" (file/pipe/fifo...) is receiving those writes... > > You could use this: > > # echo 1 > /proc/sys/vm/block_dump > > then every read and write operation on block devices shows up in dmesg > with the PID, process name and the block id. (This can be a lot of > lines, so dmesg -c might be useful) I'm not exactly sure how to identify > which files belong to which block, though. This depends on filesystem being used. For ext* family debugfs may be used: # debugfs /dev/ ncheck inode1 inode2 ... Best regards, Andrew Savchenko pgpTSVfkHacd7.pgp Description: PGP signature
Re: [gentoo-user] Choosing a new profile: multilib or not?
On Mon, 22 Dec 2014 10:53:06 + Mick wrote: > It used to be the case that adobe flash and other applications would not work > with a no-multilib profile. > > However, I was surprised to see that a previous no-multilib installation of > mine was able to play flash in Firefox. So, I thought of asking here if > there > is any reason to avoid installing a no-multilib profile these days. What > applications binary (e.g. Skype) or source compiled won't work with no- > multilib? For skype you have to either build qt, X11 and some other libs with multilib support (abi_x86_32) or use emul-linux-x86-* prebuilt packages. Either way your system will end up with 32-bit libraries installed, but in case of multilib they will be optimized for your hardware and use cases (*FLAGS and USE). Best regards, Andrew Savchenko pgpE9EeFAs2rB.pgp Description: PGP signature
Re: [gentoo-user] ceph on gentoo?
Hi, On Tue, 23 Dec 2014 15:22:26 +0100 Stefan G. Weichinger wrote: > Anyone here running ceph / http://ceph.com/ on gentoo? > > As server(s) or client or ... ? > > I am learning about this right now and currently on my way to a first > small test cluster. Very interesting possibilities ! We used it about a year ago for our infrastructure (backup and live sync of HA systems), obviously both servers and clients were used, both on Gentoo. We stopped this because of numerous kernel panics, not to mention that it was quite slow even after tuning. So we switch to another solution for data sync and backups: clsync. (It was developed from scratch for our needs, this is not a filesystem, but may be considered as more powerful alternative to lsyncd.) Though this was a year ago or so. Your mileage may vary and it is likely that during this year stability was improved. Ceph is very promising by both design and capabilities. Best regards, Andrew Savchenko pgpVVw_WacZ9H.pgp Description: PGP signature
Re: [gentoo-user] ceph on gentoo?
Hi, On Tue, 23 Dec 2014 16:36:25 +0100 Stefan G. Weichinger wrote: > Am 23.12.2014 um 16:20 schrieb Andrew Savchenko: [...] > > We used it about a year ago for our infrastructure (backup and live > > sync of HA systems), obviously both servers and clients were used, > > both on Gentoo. We stopped this because of numerous kernel panics, > > not to mention that it was quite slow even after tuning. So we > > switch to another solution for data sync and backups: clsync. (It > > was developed from scratch for our needs, this is not a > > filesystem, but may be considered as more powerful alternative to > > lsyncd.) > > > > Though this was a year ago or so. Your mileage may vary and it is > > likely that during this year stability was improved. Ceph is very > > promising by both design and capabilities. > > I agree! > > I expect that there were many changes over the time of a year ... they > went from v0.72 (5th stable release) in Nov 2013 to v0.80 in May 2014 > (6th stable release) ... and v0.87 in Oct 2014 (7th ...) > > We get 0.80.7 in ~amd64 now ... I will see. > > Ad "slow": what kind of hardware did you use and how many nodes/osds? We used 3 servers, where each server was both node and osd (that's our hardware limitation). Each machine had hardware alike 2x Xeon E5450, 16 GB and 2 Gbps network connectivity (via bonding of two 1 Gbps interfaces). We went through a lot of software and kernel tuning, this helped to solve many issues, but not all of them: ceph nodes still got kernel panics once in a while. This was unacceptable and we moved for other approaches to our issues. Best regards, Andrew Savchenko pgplP4mXOrMjz.pgp Description: PGP signature
Re: [gentoo-user] ceph on gentoo?
On Wed, 24 Dec 2014 10:58:35 +0100 Stefan G. Weichinger wrote: > Did you have the journal separated on SSDs? We don't have SSDs at all. > I think that would make quite a difference both in performance and cost ;) > > Do you remember the kernel version and ceph version? Not exactly :/ It was something rather new at that time like 3.12.x. > How many disks / OSDs? 3 OSDs with raid6 attached to each one. > Sorry for being so curious .. Not a problem :) Best regards, Andrew Savchenko pgpp8nppQ12M9.pgp Description: PGP signature
Re: [gentoo-user] ceph on gentoo?
Hi, On Fri, 26 Dec 2014 00:38:58 -0600 Bruce Hill wrote: > To whoever controls this list... > > I just arrived home to find my mailbox spammed with hundreds of messages from > this luser Andrew Savchenko Please stop insults and offensive language. I just sent replies to the list, this is verifiable by mail headers. If you have mail problems, check your MTA or whatever you are using to receive e-mail from this list. As you can see, other people don't have this problems. > What is the explanation for this please? Just my guess: greylisting is broken (or had a temporary lag) on mail server you are using. Best regards, Andrew Savchenko pgpFkYZ2ZzDfy.pgp Description: PGP signature
Re: [gentoo-user] How to automate an sshfs (fusermount) mounted share
Hi, On Sat, 03 Jan 2015 09:23:29 -0500 Harry Putnam wrote: > I'm sshfs mounting an solaris zfs file system in the interactive > fashion. > > sshfs $USR@HOST:/file/system MOUNTPOINT > passwd? > enter passwd > > Once mounted I run an rsnapshot backup onto the mounted FS. > > Any ideas on how to go about doing this mount automatically (scripted) > will be greatly appreciated. 1) Set up your ssh to use keys. Key itself should not be protected by password (or manual intervention will be needed on each mount). 2) Add sshfs command to your .bash_profile (or whatever login shell you're using) with check that filesystem is not mounted already, something like: grep -q $MOUNTPOINT || sshfs $USR@HOST:/file/system MOUNTPOINT Alternatively you may add this to your DE/WM autostart scripts, if you are using GUI logins only. Best regards, Andrew Savchenko pgpJvFFahiIWL.pgp Description: PGP signature
Re: [gentoo-user] pdf viewer
On Sat, 03 Jan 2015 06:15:05 +0100 lee wrote: > Hi, > > what do you as PDF viewer? > > Most of the time, I was using xpdf, and that doesn't seem to be > available in Gentoo. I compiled it from source and found out that it > cannot display PDFs so well and gives error messages about not being > able to find fonts. Pdfpc isn't a good alternative. For advanced actions (e.g. pdf notes editing, pdf fields editing, work with pdf indexes and so on) I use evince. When I need something simple (e.g. to read pdf books) I use mupdf. Another bonus of mupdf is unlimited scale of pdf pages (limited only by available memory). This is really handy when handling huge pdf pages (e.g. some schemes, graphs) with very small fonts, so large zoom is required to made them readable; evince can't handle such issues. Best regards, Andrew Savchenko pgpkt9XrfqNla.pgp Description: PGP signature
Re: [gentoo-user] pdf viewer
On Sat, 03 Jan 2015 16:00:02 +0100 lee wrote: > mupdf seems to display text only? No: images, internal references and hyperlinks are also OK. > How did you find all these packages? I used 'emerge --search' and it > didn't show many results for pdf. $ eix -c -C app-text -S "pdf|viewer" Best regards, Andrew Savchenko pgpJxLhd51IC7.pgp Description: PGP signature
Re: [gentoo-user] pdf viewer
On Fri, 09 Jan 2015 20:49:56 +0100 lee wrote: > Andrew Savchenko writes: > > > When I need something simple (e.g. to read pdf books) I use mupdf. > > How did you get mupdf to display a pdf? Just run it: $ mupdf file.pdf In my case mupdf is configured as follows: Installed versions: 1.5-r1(02:19:48 AM 12/28/2014)(X curl openssl -static -static-libs -vanilla) > I'd have removed it if it > wasn't required by llpp ... Funny thing. llpp segfaults to me to matter on what host I try it. > How do I get seamonkey to suggest llpp as application to view PDFs? > Sometimes it suggests emacsclient, sometimes "browse" ... I don't use seamonkey, so I can't get an exact advice, but in general there are two ways to do this: 1) Configure your handlers in seamonkey. 2) Configure your default mime handler using xdg-mime. Best regards, Andrew Savchenko pgp2viOPgFzel.pgp Description: PGP signature
Re: [gentoo-user] pdf viewer
On Sat, 10 Jan 2015 19:25:54 +0100 lee wrote: > Andrew Savchenko writes: > > > On Fri, 09 Jan 2015 20:49:56 +0100 lee wrote: > >> Andrew Savchenko writes: > >> > >> > When I need something simple (e.g. to read pdf books) I use mupdf. > >> > >> How did you get mupdf to display a pdf? > > > > Just run it: > > $ mupdf file.pdf > > > > In my case mupdf is configured as follows: > > Installed versions: 1.5-r1(02:19:48 AM 12/28/2014)(X curl openssl -static > > -static-libs -vanilla) > > There's only 'utool' and no 'mupdf'. You should enable USE="X" as I wrote above. > >> How do I get seamonkey to suggest llpp as application to view PDFs? > >> Sometimes it suggests emacsclient, sometimes "browse" ... > > > > I don't use seamonkey, so I can't get an exact advice, but in general > > there are two ways to do this: > > > > 1) Configure your handlers in seamonkey. > > How? I don't have seamonkey, read its manual. > > 2) Configure your default mime handler using xdg-mime. > > Hm, xdg-mime is not installed; I've never heared of it. x11-misc/xdg-utils Most WM/DE will pull this package. Best regards, Andrew Savchenko pgpRigLqXTToR.pgp Description: PGP signature
Re: [gentoo-user] Re: Get off my lawn?
On Sat, 17 Jan 2015 21:04:44 -0500 Rich Freeman wrote: > Speak for yourself. :) I did comment on my thoughts in this area in > Donnie's thread. Gentoo (IMHO) tends not to be the best distro for > doing anything in particular. I find that its best feature is that it > is reasonably good at doing just about anything - it is a > jack-of-all-trades. I can't agree with you here, though your position have a rationale. I see Gentoo as a Universal Constructor (UC) which may be used to whatever specific needs Linux can be used at all. In general UC pros is ability to create setup suitable for every specific need, but cons is maintenance cost to create and update such setup. Also creating and maintaining UC-powered setups rises general professional level of system architect or amdin doing the job. So everything comes to how much user needs deviate from what already existing binary distributions provide. If user needs are perfectly satisfied with some binary distro, using Gentoo will only raise maintenance costs. But if users demands something hardly achievable with other (binary) distributions, then this is a good place for Gentoo. >From my own experience I can point three directions where Gentoo was and is reasonably the best choise for our needs (mine or my colleagues): 1) HPC. When it comes to scalable tasks and large amount of hardware, even small performance gain results into huge saving of costs. On our first cluster we replaced CentOS by carefully tuned Gentoo and performance gain was about 30-50% depending on scientific application (please note I'm talking about real applications and not about synthetic tests like linpack). With hardware costs about million of dollars, 30% performance gain results in a great saving. Price for that was much longer time for initial setup (many weeks instead of many days), but it was still less then time required to setup hardware itself and all auxiliary engineering systems. An interesting observation here is that average software update cost of Gentoo is smaller that one of RH-based systems we used before. While it is easier to update RH-based solution within the same branch, then Gentoo setup, it is a complete nightmare to upgrade from one branch to another, e.g. from RHEL4 to RHEL5. I've gone through such update in the past an it is much worse than remove everything and install from scratch, including all user applications. As for Gentoo, all updates are equal: they bring some build failures, runtime issues and compatibility problems, but to a limited extent, which is handleable easy enough by prepared team. 2) High security servers. We have some systems dedicated to a very specific needs where security demands are extreme. Hardened Gentoo is the best solution here, since we can strip down such system close to an absolutely possible minimum and protect that minimum by all means (hardened toolchain and flags, PaX, SELinux and so on). Of course, on top of then containers may be use to isolate different daemons and so on... 3) Individual interested in getting every bit of performance possible from own hardware. Frankly this was the reason why I switched to Gentoo from RH about 8 years ago. I just tired to rebuild each time a significant part of packages with custom flags and configure options. Gentoo is much better suited for this task. And as a result 13 years old hardware is still usable to watch 720p and most of 1080p videos (without GPU hardware decoding). A byproduct of such interest is a deep understanding of system internals, which is a great result on its own. Best regards, Andrew Savchenko pgpIL0spPvaY8.pgp Description: PGP signature
Re: [gentoo-user] Re: Get off my lawn?
On Mon, 19 Jan 2015 18:03:44 + (UTC) James wrote: > Interestingly, Bircoph has solve many of the problems that seem to be in my > path of discovery. If you have any questions about particular issues, we may discuss them. Out of my memory for all setups we use nothing really special — standard Gentoo software, some custom scripts (for sync and/or HA) — and one really beatiful solution we wrote: clsync. In short this is lsyncd replacement in C which is much faster and have much more functionality (at least for our needs). Right now this software is not in tree, but can be found in my dev overlay. New clsync version was recently released and I plan to push it to tree after some testing. Best regards, Andrew Savchenko pgpaUDKvZUjwG.pgp Description: PGP signature
Re: [gentoo-user] Latest chromium-40 on ~x86
On Sat, 24 Jan 2015 16:43:41 +0100 Nils Holland wrote:
> Hi folks,
>
> I've been using chromium successfully on my ~x86 system for quite a
> long time, but starting with the last two updates that came in during
> the last few days (namely, chromium-40.0.2214.85 and
> chromium-40.0.2214.91), I started having problems.
>
> Both of these versions build just fine, but upon trying to launch
> them, the browser's interface comes up just fine, but will only
> display a "Something went wrong..." page. I can try typing in and
> accessing URLs, but all I will ever get is this error page.
>
> That's not all, though, I also get to see error messages, namely the
> following in my terminal:
>
> ../../sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc:**CRASHING**:seccomp-bpf
> failure in syscall 0265
>
> And this here in dmesg:
>
> chrome[5274]: segfault at e806109 ip b5c5c945 sp ac280980 error 6 in
> chrome[b1864000+5eed000]
>
> Great, I thought, something wrong with the sandbox stuff. So I tried
> to launch chromium without it ("chromium --no-sandbox"), and indeed:
> The browser works absolutely fine this way - I get none of the
> problems or messages mentioned above.
>
> Of course, I tried to find a related entry in both the Gentoo as well
> as the chromium bug trackers, but I couldn't find anything in either.
> I'm a bit reluctand to report my own bug as I wouldn't be 100% sure
> that I'm not causing the problem (after all, I'm building my chromium
> with USE=custom-cflags, which is not officially supported, but has
> always produced nicely working builds for me in the past), so I
> thought I'd ask here first if I'm the only one observing this
> behavior.
>
> The question, thus, would probably be: Anyone using one of the recent
> chromium-40 versions on ~x86 or anywhere else and seeing something
> similar? Or probably someone who has experienced something like that
> before and could offer a guess what might be wrong here - a real bug,
> custom-cflags, or something entirely different?
I gave up on chromium starting from chromium-36, where they dropped
pre-SSE2 x86 support (and I use such system: Athlon-XP). I tried to
re-add this stuff with partial success (works, but still SIGILLs
sometimes) and it's very hard to clean all pieces. Looks like
they're slowly abandoning x86 and older hardware at all.
Best regards,
Andrew Savchenko
pgpkjjYmvwwIi.pgp
Description: PGP signature
