Jump to content
funtoo forums


  • Content Count

  • Joined

  • Last visited

  • Days Won

  1. I'm sandboxing some applications and I want to have a sound. I did what's written here: https://wiki.gentoo.org/wiki/Simple_sandbox#Configure_Firefox_to_output_sound_to_larry.27s_PulseAudio_daemon echo -e ".include /etc/pulse/default.pa\nload-module module-native-protocol-unix auth-anonymous=1 socket=/tmp/pulse-socket" > ~larry/.config/pulse/default.pa but I dont like that /tmp/pulse-socket has 777 (rwxrwxrwx) permissions. I found this link: https://gist.github.com/Earnestly/4acc782087c0a9d9db58 created pulseaudio user, added other users to that group and changed `auth-anonymous=1` to `auth-group=pulseaudio` but still I have 777 (rwxrwxrwx) permissions on /tmp/pulse-socket How can I change the permissions to e.g. 770? Is it even a good idea to "sandbox" webrowser or media player like that? (https://bugs.funtoo.org/browse/FL-6453)
  2. mrl5

    funtoo and yubikey

    one more note. If someone plans to play with yubikey-personalization-gui - adding /etc/udev/rules.d/69-yubikey.rules is also needed: https://github.com/Yubico/yubikey-personalization/blob/master/69-yubikey.rules ACTION!="add|change", GOTO="yubico_end" # Udev rules for letting the console user access the Yubikey USB # device node, needed for challenge/response to work correctly. # Yubico Yubikey II ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0010|0110|0111|0114|0116|0401|0403|0405|0407|0410", \ ENV{ID_SECURITY_TOKEN}="1" LABEL="yubico_end"
  3. mrl5

    funtoo and yubikey

    thank you very much! the only thing that I had to do to work with YubiKey on google-chrome was to add this file https://github.com/Yubico/libu2f-host/blob/master/70-u2f.rules to the /etc/udev/rules.d. Installing pam_u2f yubikey-personalization-gui yubikey-manager-qt was not needed at all # cat /etc/udev/rules.d/70-u2f.rules # Copyright (C) 2013-2015 Yubico AB # # This program is free software; you can redistribute it and/or modify it # under the terms of the GNU Lesser General Public License as published by # the Free Software Foundation; either version 2.1, or (at your option) # any later version. # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser # General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with this program; if not, see <http://www.gnu.org/licenses/>. # this udev file should be used with udev 188 and newer ACTION!="add|change", GOTO="u2f_end" # Yubico YubiKey KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0113|0114|0115|0116|0120|0200|0402|0403|0406|0407|0410", TAG+="uaccess", GROUP="plugdev", MODE="0660" # Happlink (formerly Plug-Up) Security KEY KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="2581", ATTRS{idProduct}=="f1d0", TAG+="uaccess", GROUP="plugdev", MODE="0660" # Neowave Keydo and Keydo AES KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1e0d", ATTRS{idProduct}=="f1d0|f1ae", TAG+="uaccess", GROUP="plugdev", MODE="0660" # HyperSecu HyperFIDO, KeyID U2F KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="096e|2ccf", ATTRS{idProduct}=="0880", TAG+="uaccess", GROUP="plugdev", MODE="0660" # Feitian ePass FIDO, BioPass FIDO2, KeyID U2F KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="096e", ATTRS{idProduct}=="0850|0852|0853|0854|0856|0858|085a|085b|085d", TAG+="uaccess", GROUP="plugdev", MODE="0660" # JaCarta U2F KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="24dc", ATTRS{idProduct}=="0101|0501", TAG+="uaccess", GROUP="plugdev", MODE="0660" # U2F Zero KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="10c4", ATTRS{idProduct}=="8acf", TAG+="uaccess", GROUP="plugdev", MODE="0660" # VASCO SeccureClick KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1a44", ATTRS{idProduct}=="00bb", TAG+="uaccess", GROUP="plugdev", MODE="0660" # Bluink Key KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="2abe", ATTRS{idProduct}=="1002", TAG+="uaccess", GROUP="plugdev", MODE="0660" # Thetis Key KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1ea8", ATTRS{idProduct}=="f025", TAG+="uaccess", GROUP="plugdev", MODE="0660" # Nitrokey FIDO U2F KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="20a0", ATTRS{idProduct}=="4287", TAG+="uaccess", GROUP="plugdev", MODE="0660" # Google Titan U2F KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="18d1", ATTRS{idProduct}=="5026", TAG+="uaccess", GROUP="plugdev", MODE="0660" # Tomu board + chopstx U2F + SoloKeys KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="cdab|a2ca", TAG+="uaccess", GROUP="plugdev", MODE="0660" # SoloKeys KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1209", ATTRS{idProduct}=="5070|50b0", TAG+="uaccess", GROUP="plugdev", MODE="0660" # Trezor KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="534c", ATTRS{idProduct}=="0001", TAG+="uaccess", GROUP="plugdev", MODE="0660" KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1209", ATTRS{idProduct}=="53c1", TAG+="uaccess", GROUP="plugdev", MODE="0660" # Ledger Nano S and Nano X KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="2c97", ATTRS{idProduct}=="0001|0004", TAG+="uaccess", GROUP="plugdev", MODE="0660" # Kensington VeriMark KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="06cb", ATTRS{idProduct}=="0088", TAG+="uaccess", GROUP="plugdev", MODE="0660" # Longmai mFIDO KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="4c4d", ATTRS{idProduct}=="f703", TAG+="uaccess", GROUP="plugdev", MODE="0660" LABEL="u2f_end"
  4. mrl5

    funtoo and yubikey

    I can not use my YubiKey 5 NFC on funtoo. The device works on Windows. I was testing it on this webpage: https://demo.yubico.com/webauthn-technical/registration with google-chrome. The green LED is present when I plug the device and after I tap it. So far I've installed pam_u2f and added my user to the plugdev group $ dmesg | tail [ 3058.732019] usb 7-1: new full-speed USB device number 7 using uhci_hcd [ 3058.917036] usb 7-1: New USB device found, idVendor=1050, idProduct=0407 [ 3058.917039] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=0 [ 3058.917041] usb 7-1: Product: YubiKey OTP+FIDO+CCID [ 3058.917043] usb 7-1: Manufacturer: Yubico [ 3058.923627] input: Yubico YubiKey OTP+FIDO+CCID as /devices/pci0000:00/0000:00:1d.1/usb7/7-1/7-1:1.0/0003:1050:0407.000F/input/input18 [ 3058.980342] hid-generic 0003:1050:0407.000F: input,hidraw4: USB HID v1.10 Keyboard [Yubico YubiKey OTP+FIDO+CCID] on usb-0000:00:1d.1-1/input0 [ 3058.984166] hid-generic 0003:1050:0407.0010: hiddev0,hidraw5: USB HID v1.10 Device [Yubico YubiKey OTP+FIDO+CCID] on usb-0000:00:1d.1-1/input1 $ emerge -pv google-chrome pam_u2f These are the packages that would be merged, in order: Calculating dependencies... done! [ebuild R ] www-client/google-chrome-74.0.3729.108-r1::net-kit L10N="pl -am -ar -bg -bn -ca -cs -da -de -el -en-GB -es -es-419 -et -fa -fi -fil -fr -gu -he -hi -hr -hu -id -it -ja -kn -ko -lt -lv -ml -mr -ms -nb -nl -pt-BR -pt-PT -ro -ru -sk -sl -sr -sv -sw -ta -te -th -tr -uk -vi -zh-CN -zh-TW" 0 KiB [ebuild R ] sys-auth/pam_u2f-1.0.7::nokit USE="-debug" 0 KiB $ groups wheel audio cdrom video plugdev users kuba $ emerge --info Portage 2.3.47 (python 2.7.15-final-0, funtoo/1.0/linux-gnu/arch/x86-64bit, gcc-7.4.1, glibc-2.27-r6, 4.9.168_p1-debian-sources-lts x86_64) ================================================================= System uname: Linux-4.9.168_p1-debian-sources-lts-x86_64-Intel-R-_Core-TM-2_Quad_CPU_Q9650_@_3.00GHz-with-gentoo-2.2.2 KiB Mem: 8110396 total, 4543532 free KiB Swap: 2097148 total, 2097148 free sh bash 4.4_p18 ld GNU ld (Gentoo 2.31.1 p3) 2.31.1 app-shells/bash: 4.4_p18::core-kit dev-java/java-config: 2.2.0-r4::java-kit dev-lang/perl: 5.26.2-r1::perl-kit dev-lang/python: 2.7.15::python-kit, 3.6.6::python-kit dev-util/cmake: 3.12.3::core-kit sys-apps/baselayout: 2.2.2::core-kit sys-apps/openrc: 0.40.2-r2::core-kit sys-apps/sandbox: 2.13::core-kit sys-devel/autoconf: 2.13::core-kit, 2.69-r4::core-kit sys-devel/automake: 1.11.6-r3::core-kit, 1.13.4-r2::core-kit, 1.15.1-r2::core-kit, 1.16.1-r1::core-kit sys-devel/binutils: 2.31.1-r1::core-kit sys-devel/gcc: 7.4.1-r6::core-kit sys-devel/gcc-config: 2.0::core-kit sys-devel/libtool: 2.4.6-r5::core-kit sys-devel/make: 4.2.1-r4::core-kit sys-kernel/linux-headers: 4.14::core-kit (virtual/os-headers) sys-libs/glibc: 2.27-r6::core-kit Repositories: nokit location: /mnt/rwstorage/var/git/meta-repo/kits/nokit masters: core-kit priority: -500 core-gl-kit location: /mnt/rwstorage/var/git/meta-repo/kits/core-gl-kit masters: core-kit priority: 1 core-hw-kit location: /mnt/rwstorage/var/git/meta-repo/kits/core-hw-kit masters: core-kit priority: 1 core-kit location: /mnt/rwstorage/var/git/meta-repo/kits/core-kit masters: core-kit priority: 1 aliases: gentoo core-server-kit location: /mnt/rwstorage/var/git/meta-repo/kits/core-server-kit masters: core-kit priority: 1 core-ui-kit location: /mnt/rwstorage/var/git/meta-repo/kits/core-ui-kit masters: core-kit priority: 1 desktop-kit location: /mnt/rwstorage/var/git/meta-repo/kits/desktop-kit masters: core-kit priority: 1 dev-kit location: /mnt/rwstorage/var/git/meta-repo/kits/dev-kit masters: core-kit priority: 1 editors-kit location: /mnt/rwstorage/var/git/meta-repo/kits/editors-kit masters: core-kit priority: 1 games-kit location: /mnt/rwstorage/var/git/meta-repo/kits/games-kit masters: core-kit priority: 1 gnome-kit location: /mnt/rwstorage/var/git/meta-repo/kits/gnome-kit masters: core-kit priority: 1 haskell-kit location: /mnt/rwstorage/var/git/meta-repo/kits/haskell-kit masters: core-kit priority: 1 java-kit location: /mnt/rwstorage/var/git/meta-repo/kits/java-kit masters: core-kit priority: 1 kde-kit location: /mnt/rwstorage/var/git/meta-repo/kits/kde-kit masters: core-kit priority: 1 lang-kit location: /mnt/rwstorage/var/git/meta-repo/kits/lang-kit masters: core-kit priority: 1 lisp-scheme-kit location: /mnt/rwstorage/var/git/meta-repo/kits/lisp-scheme-kit masters: core-kit priority: 1 llvm-kit location: /mnt/rwstorage/var/git/meta-repo/kits/llvm-kit masters: core-kit priority: 1 media-kit location: /mnt/rwstorage/var/git/meta-repo/kits/media-kit masters: core-kit priority: 1 ml-lang-kit location: /mnt/rwstorage/var/git/meta-repo/kits/ml-lang-kit masters: core-kit priority: 1 net-kit location: /mnt/rwstorage/var/git/meta-repo/kits/net-kit masters: core-kit priority: 1 perl-kit location: /mnt/rwstorage/var/git/meta-repo/kits/perl-kit masters: core-kit priority: 1 python-kit location: /mnt/rwstorage/var/git/meta-repo/kits/python-kit masters: core-kit priority: 1 python-modules-kit location: /mnt/rwstorage/var/git/meta-repo/kits/python-modules-kit masters: core-kit priority: 1 ruby-kit location: /mnt/rwstorage/var/git/meta-repo/kits/ruby-kit masters: core-kit priority: 1 rust-kit location: /mnt/rwstorage/var/git/meta-repo/kits/rust-kit masters: core-kit priority: 1 science-kit location: /mnt/rwstorage/var/git/meta-repo/kits/science-kit masters: core-kit priority: 1 security-kit location: /mnt/rwstorage/var/git/meta-repo/kits/security-kit masters: core-kit priority: 1 text-kit location: /mnt/rwstorage/var/git/meta-repo/kits/text-kit masters: core-kit priority: 1 xfce-kit location: /mnt/rwstorage/var/git/meta-repo/kits/xfce-kit masters: core-kit priority: 1 xorg-kit location: /mnt/rwstorage/var/git/meta-repo/kits/xorg-kit masters: core-kit priority: 1 ACCEPT_KEYWORDS="amd64 ~amd64" ACCEPT_LICENSE="* -@EULA Oracle-BCLA-JavaSE" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=native -O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/lib64/libreoffice/program/sofficerc /usr/share/gnupg/qualified.txt" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo" CXXFLAGS="-march=native -O2 -pipe" DISTDIR="/var/cache/portage/distfiles" FEATURES="assume-digests binpkg-logs config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync multilib-strict news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr" FFLAGS="-march=core2 -O2 -pipe" GENTOO_MIRRORS="https://fastpull-us.funtoo.org" LANG="en_US.utf8" LDFLAGS="-Wl,-O1 -Wl,--sort-common -Wl,--as-needed" LINGUAS="en_US pl_PL" MAKEOPTS="-j5" PKGDIR="/var/cache/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_TMPDIR="/var/tmp" USE="X a52 aac acl alsa amd64 apng berkdb bluray bzip2 cdda cddb cdio cdr cracklib crypt cuda cups curl cxx dbus dnssd dri dts dvd dvdr dvdread elogind encode exif faac faad ffmpeg flac gdbm gif gpm gstreamer gtk ico iconv icu ieee1394 ios ipod ipv6 jpeg jpeg2k lame libass libguess libmpeg2 mad matroska mjpeg mmx modules mp3 mpeg mtp mudflap ncurses nls nptl nsplugin nvenc nvidia ogg opencl opengl openmp pam pcre pdf png postproc pppd python quicktime readline resolvconf sdl sdl1 session sndfile sse sse2 ssl startup-notification svg taglib tcpd theora tiff truetype twolame udev udisks unicode upower v4l vdpau vorbis vpx wav wavpack webp win32codecs wmf x264 x265 xattr xdg xml xvid zeroconf zlib" ABI_X86="64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel ice1724 intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias authn_core authz_core socache_shmcb unixd" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="mmx mmxext sse sse2 sse3 ssse3" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" GRUB_PLATFORMS="efi-64 pc" INPUT_DEVICES="evdev" KERNEL="linux" L10N="en-US pl" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php7-2" POSTGRES_TARGETS="postgres9_5" PYTHON_SINGLE_TARGET="python3_6" PYTHON_TARGETS="python3_6 python2_7" QEMU_SOFTMMU_TARGETS="i386 x86_64" QEMU_USER_TARGETS="i386 x86_64" RUBY_TARGETS="ruby23 ruby24" USERLAND="GNU" VIDEO_CARDS="nvidia" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, ENV_UNSET, INSTALL_MASK, LC_ALL, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS
  5. That's interesting and I'm concerned. Does anyone can confirm and/or provide examples?
  6. Thank you for so many answers. @savasten good point, thanks! FL-6294, FL-6295 and FL-6297. And I'm okay with it - I would be even more okay if Funtoo would adopt something like this: https://nodejs.org/en/about/releases/ or make it more visible, because I've searched for it and after 5-10 minutes I stopped to search
  7. So I had to update my desktop system from version 1.2 to 1.3 and I've chosen to do the fresh install from the stage3 (stage3-core2_64-1.3-release-std-2019-02-05). But.. During the process I've noticed some (at least for me) ugly things that I would like to inform developers about: TL;DR: metalog is NOT added to any runlevel by default. I think it should be added to default/boot runlevel by default sshd IS added to the default runlevel by default. I think it's bad - this should be disabled by default ... if you want to read further please be advised that I'll be grumpy from now on: I've noticed that version 1.3 is out because there were no updates for a while yep it was announced but I'm not checking neither funtoo.org nor forums.funtoo.org on a regular basis - what happened with good old eselect news? I can not find any information when the support for 1.2 version ends - LTS schedule could help with planning the upgrade ... (please consider sth like this: https://nodejs.org/en/about/releases/ ) and yeah performing a fresh install is time consuming, at least for a desktop machine - so it would be cool to be aware early that end of support for 1.2 is coming and that it's recommended to do a fresh install I think that funtoo.org web page should be rearranged. Here is what I mean: there are a lot of useful articles there but often they are hidden and I can find them only via google there should be a section where you can see all of the articles examples: https://www.funtoo.org/Security https://www.funtoo.org/Installing_a_Logger forums.funtoo.org I was not able to write this post using vanilla firefox-bin-65.0 (w/o any addons) I had to do it by using google-chrome ... wow you've came that far now I'll be sentimental: Gentoo was my first distro back in early 2000s When Daniel started Funtoo, for me it was something cool, something fresh I have a feeling that now the Funtoo Project is going in some weird direction (from end user perspective) that is different to what I was used to back in the days. People on the #funtoo IRC channel used to be more responsive I wrote this post in a good faith. I like funtoo but I'm close to the point where I will switch to other distro ... TBH it strongly depends how long and how smooth will be the process of building rest of desktop environment. Ofc everyone has his own point of view but I really wanted to give you some feedback. If I somehow missed something and somebody disagrees - I look forward to know your point of view.
  • Create New...