Jump to content
funtoo forums

klipkyle

Members
  • Content Count

    14
  • Joined

  • Last visited

About klipkyle

  • Rank
    Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Yes, enable the corresponding gfxcard mix-in and remove VIDEO_CARDS from make.conf. There is no need to explicitly specify VIDEO_CARDS in Funtoo 1.4. https://www.funtoo.org/Make.conf/VIDEO_CARDS/Mix-ins
  2. Thank you! This was fixed in FL-6773. The additional patch disables subuid/subgid modifications in the useradd command. Problem solved.
  3. This is Docker's way of asking you to set some kernel variables. It has been a while since I set up Docker, so my memory of Docker's required kernel variables is a little hazy. You will need to research those and most likely configure them (in /etc/sysctl.conf or similar). I think some of them are required for Docker to work properly.
  4. Actually, after searching the web, I think you might need gfxcard-amdgpu. 6310 APU appears to be related to Beema and Mullins. (Mullins is in GFX7 in the X.org reference.) https://en.wikipedia.org/wiki/List_of_AMD_accelerated_processing_units#"Beema",_"Mullins"_(2014) Will you please post the line that appears in lspci?
  5. In general, if one graphics profile doesn't work, then try another. By "not work", typical symptoms of missing graphics drivers are software fallback rendering (very slow), the GNOME "Oops something went wrong" sad computer face, and other failure modes where desktop environments will not start. If you are concerned, you should be able to enable several generations of AMD/Radeon profiles at the same time. For instance, I have a BARTS card in this machine I am typing on, but at some point I hope to swap that with a Bonaire (couple generations later). Enabling both gfxcard-radeon (for the older card) and gfxcard-amdgpu (for the newer card) could be a transitional step.
  6. I tried setting those variables to 0, but useradd still complains even though the ranges have plenty of subuids/subgids to allocate. Maybe shadow-utils doesn't support this configuration? kyle@perkins ~ $ sudo useradd -m -g users -G lp,audio,cdrom,video,plugdev -u 1112 test2 Password: useradd: Can't get unique subordinate UID range useradd: can't create subordinate user IDs # # Min/max values for automatic uid selection in useradd(8) # UID_MIN 1000 UID_MAX 60000 # System accounts SYS_UID_MIN 101 SYS_UID_MAX 999 # Extra per user uids SUB_UID_MIN 100000 SUB_UID_MAX 2000000000 SUB_UID_COUNT 0 # # Min/max values for automatic gid selection in groupadd(8) # GID_MIN 1000 GID_MAX 60000 # System accounts SYS_GID_MIN 101 SYS_GID_MAX 999 # Extra per user group ids SUB_GID_MIN 100000 SUB_GID_MAX 2000000000 SUB_GID_COUNT 0
  7. Usually, that appears when defining an overlay with a different name than the name contained in the overlay's metadata. That's a little disturbing that somehow core-kit is involved...
  8. This is a relatively new Gentoo convention. Gentoo is organizing dedicated users and groups into virtual packages, and to do this, they have created two new categories: acct-user and acct-group. Packages under these categories are virtual packages that create new Linux users and groups. The only thing that package does is make sure that the flatpak Linux group exists with a certain hard-coded gid. You may need to create a local overlay and pull that virtual package from Gentoo. I ran into this new convention when pulling the latest Emacs from Gentoo. I eventually pulled in the acct-group package that was needed and declared the two new categories: https://code.funtoo.org/bitbucket/users/klipkyle/repos/klipkyle-overlay/browse/profiles/categories Based on the error message, I think you can alternatively declare "custom" categories in /etc/portage/categories. More info about the specific situation I ran into: How to create a custom overlay: https://www.funtoo.org/Creating_Your_Own_Overlay I hope this helps, --Kyle
  9. Recently, I followed the LXD setup instructions: https://www.funtoo.org/LXD One of the steps is creating /etc/subuid and /etc/subgid and giving root very large ranges. From my understanding, this sets up unprivileged containers. I.e. "root" inside of a container is actually an unprivileged user inside the defined range in subuid. However, when I tried to add a temporary test user today, I got hung up trying to solve an ancillary problem: kyle@perkins ~ $ sudo useradd -m -g users -G lp,audio,cdrom,video,plugdev -u 1111 test useradd: Can't get unique subordinate UID range useradd: can't create subordinate user IDs useradd also exits with exit code 16, which is undocumented in its man page. (Slightly annoying) It turns out that useradd attempts to modify subuid and subgid to allocate individual "extra" subranges for each user. Of course this is configurable in login.defs. # # Min/max values for automatic uid selection in useradd(8) # UID_MIN 1000 UID_MAX 60000 # System accounts SYS_UID_MIN 101 SYS_UID_MAX 999 # Extra per user uids SUB_UID_MIN 100000 SUB_UID_MAX 600100000 SUB_UID_COUNT 65536 # # Min/max values for automatic gid selection in groupadd(8) # GID_MIN 1000 GID_MAX 60000 # System accounts SYS_GID_MIN 101 SYS_GID_MAX 999 # Extra per user group ids SUB_GID_MIN 100000 SUB_GID_MAX 600100000 SUB_GID_COUNT 65536 So, my questions are: Considering LXD handles privilege management, should unprivileged users have a subrange at all? What is the best way to bring useradd to a usable state again? Ideally, I would like to disable adding a subrange. (I tried setting SUB_UID_COUNT to 0.) However, I suppose I can mess around with the ranges.
  10. Yes, that's definitely the case. That's an interesting observation about how mobile platforms give developers rather than users more control over security. That's partly the price of convenience. I use an ad-blocker for most of that stuff. In the past, I have used custom /etc/hosts files and NoScript. Ad-blocking is an ongoing cat/mouse game. I have heard very positive things about Pi-hole, a DNS caching server that runs on a Raspberry Pi. I used squid a few years ago for some tunneling, and I remember looking at the logs and watching HTTPS traffic flow through squid's HTTP-based proxy. I had SSH tunneling on top of squid, and I was the only user on the local system, so I didn't care too much about it. This was also with either SeaMonkey or Pale Moon a few years ago, both of which were at the time a couple generations behind today's Firefox. So it might be the case that newer Firefox versions no longer tunnel HTTPS through an HTTP proxy. I noticed there is another thread open about the HTTPS proxying question. That's the next step in the ad-blocking cat/mouse game. Someone creates ads that get around the filters. Then, the filters figure out new ways of blocking the ads, and the cycle continues. It is possible to setup Android without the Google Applications. However, that also means ripping out the Play Store. Yeah, the situation stinks. I try to opt for open source applications (e.g. the ones on F-Droid) when possible because those applications are far less likely to do sneaky things behind your back. There are a few reasons for this. One is that all the cards are laid on the table for everyone to see. Another is that open source projects are usually designed around someone having a problem he/she wants to solve and a desire to share the solution, instead of the desire to make a quick buck. Sometimes, permission overreach is an issue introduced by User Experience (UX) engineers who were unaware of the security implications of some of their decisions. Much commercial software nowadays is architected top-down around a scripted user interaction, and the goal is to make the task as "easy" (i.e. convenient) as possible. So, security is sacrificed. Containerization on Android would be something interesting to see. Also, a native Android runtime that can run Android applications on a desktop would be interesting. I don't foresee the former coming anytime soon. The permissions system already provides some security by compartmentalization. The latter probably exists already. Both would reduce convenience in favor of security.
  11. Hello, On a philosophical level, privacy involves thinking about what data goes where, and usually where the data passes through. Also, security and convenience are inversely proportional, i.e. if you increase one variable, then the other will decrease. Balancing security and convenience is the tricky part, and it is a source of many disagreements. On a practical level, much of the tracking and profiling on the web is based on cookies. If you clear your cookie store, most of the time you will look like a new user to the websites you visit. Unfortunately, some sites will refuse to talk to you if you disable cookies entirely (intentional? maybe). So, one of my strategies is to constantly remove cookies when they are no longer needed. Extensions like Self-Destructing Cookies can automatically clear cookies when you leave a website. (That extension is for Pale Moon. However, I am sure there are similar extensions for other browsers.) In the absence of such extensions, all of the major web browsers have an option to clear cookies when exiting the browser. Also, if website A requires authentication and has a history of encouraging website B to embed iframes and scripts into website B's pages, thus allowing website A to log pages you view on website B (examples: Facebook, LinkedIn), then I will create a dedicated Google Chrome profile for website A and use the dedicated profile only for website A. Each Google Chrome profile has its own cookie store, so each profile looks like a different user. (Security by compartmentalization) I hope this helps.
  12. I'm using neither on this system. I suppose I can go back to a dynamically-linked cryptsetup, but I understand why one might want cryptsetup to be statically linked (no LD_LIBRARY_PATH attacks).
  13. Hello, While running world updates in Funtoo 1.4 today, I noticed that cryptsetup is now built in a static configuration. (See FL-6642.) This caused emerge to complain about some USE flags that needed to be added to package.use. I added the below entries to package.use, and all was fine after that. However, I wonder why is this not detected automatically? Should these USE changes be in one of Funtoo's profiles? kyle@perkins ~ $ emerge -puDN @world These are the packages that would be merged, in order: Calculating dependencies... done! [ebuild U ] sys-libs/glibc-2.29-r3 [2.29-r2] [ebuild R ] app-crypt/argon2-20171227-r1 USE="static-libs*" [ebuild U ] media-libs/freetype-2.9.1-r5 [2.9.1-r4] [ebuild R ] dev-libs/openssl-1.1.1b-r2 USE="static-libs*" [ebuild R ] dev-libs/json-c-0.13.1-r1 USE="static-libs*" [ebuild R ] dev-libs/popt-1.16-r2 USE="static-libs*" [ebuild R ] dev-libs/libgpg-error-1.36 USE="static-libs*" [ebuild R ] sys-fs/lvm2-2.02.173 USE="static-libs*" [ebuild R ] sys-fs/cryptsetup-2.1.0 USE="static*" The following USE changes are necessary to proceed: (see "package.use" in the portage(5) man page for more details) # required by sys-fs/cryptsetup-2.1.0::core-kit[-static-libs,static] # required by sys-libs/libblockdev-2.22::core-kit[cryptsetup] # required by sys-fs/udisks-2.7.8::gnome-kit # required by media-sound/clementine-1.3.1_p20190127::media-kit[udisks] # required by @selected # required by @world (argument) >=sys-fs/lvm2-2.02.173 static-libs # required by sys-fs/cryptsetup-2.1.0::core-kit[-libressl,-static-libs,static,openssl] # required by sys-libs/libblockdev-2.22::core-kit[cryptsetup] # required by sys-fs/udisks-2.7.8::gnome-kit # required by media-sound/clementine-1.3.1_p20190127::media-kit[udisks] # required by @selected # required by @world (argument) >=dev-libs/openssl-1.1.1b-r2 static-libs # required by sys-fs/cryptsetup-2.1.0::core-kit[-static-libs,static] # required by sys-libs/libblockdev-2.22::core-kit[cryptsetup] # required by sys-fs/udisks-2.7.8::gnome-kit # required by media-sound/clementine-1.3.1_p20190127::media-kit[udisks] # required by @selected # required by @world (argument) >=dev-libs/json-c-0.13.1-r1 static-libs # required by sys-fs/cryptsetup-2.1.0::core-kit[-static-libs,argon2,static] # required by sys-libs/libblockdev-2.22::core-kit[cryptsetup] # required by sys-fs/udisks-2.7.8::gnome-kit # required by media-sound/clementine-1.3.1_p20190127::media-kit[udisks] # required by @selected # required by @world (argument) >=app-crypt/argon2-20171227-r1 static-libs # required by sys-fs/cryptsetup-2.1.0::core-kit[-static-libs,static] # required by sys-libs/libblockdev-2.22::core-kit[cryptsetup] # required by sys-fs/udisks-2.7.8::gnome-kit # required by media-sound/clementine-1.3.1_p20190127::media-kit[udisks] # required by @selected # required by @world (argument) >=dev-libs/popt-1.16-r2 static-libs # required by sys-fs/cryptsetup-2.1.0::core-kit[-static-libs,static] # required by sys-libs/libblockdev-2.22::core-kit[cryptsetup] # required by sys-fs/udisks-2.7.8::gnome-kit # required by media-sound/clementine-1.3.1_p20190127::media-kit[udisks] # required by @selected # required by @world (argument) >=dev-libs/libgpg-error-1.36 static-libs emerge: there are no ebuilds built with USE flags to satisfy "dev-libs/json-c:=[static-libs(+)]". !!! One of the following packages is required to complete your request: - dev-libs/json-c-0.12::core-kit (Change USE: +static-libs) (dependency required by "sys-fs/cryptsetup-2.1.0::core-kit[-static-libs,static]" [ebuild]) (dependency required by "sys-libs/libblockdev-2.22::core-kit[cryptsetup]" [installed]) (dependency required by "sys-fs/udisks-2.7.8::gnome-kit" [installed]) (dependency required by "media-sound/clementine-1.3.1_p20190127::media-kit[udisks]" [installed]) (dependency required by "@selected" [set]) (dependency required by "@world" [argument])
  14. Hello all, I have backported the Emacs 26.3 ebuild from Gentoo. It is currently in my overlay, but I would like to request it merged into editors-kit eventually. https://code.funtoo.org/bitbucket/users/klipkyle/repos/klipkyle-overlay/browse However, there is one issue I ran into. In the Gentoo world, there is a recent change (i.e. shortly after the late June 2019 branch-off point for 1.4) in how automatically-created users and groups are handled. Specifically, instead of calling enewgroup from within pkg_setup, there are now individual catpkgs (under the categories acct-user and acct-group) that handle creation of individual users and groups. The newer app-editors/emacs and app-emacs/emacs-common-gentoo ebuilds from Gentoo use this new feature to programmatically create the gamestat group (acct-group/gamestat) when the games USE flag is enabled. gamestat-0.ebuild # Copyright 2019 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=7 inherit acct-group DESCRIPTION="Group for shared high-score and game state files" ACCT_GROUP_ID=36 I have tested the emacs-26.3 ebuild in Funtoo 1.4, and Funtoo 1.4 appears to have the right eclasses to handle the acct-user/* and acct-group/* catpkgs. I can't speak for Funtoo 1.3 though. Nevertheless, I appear to be the first person trying to use the acct-user and acct-group stuff on Funtoo. There are no such catpkgs on Funtoo 1.4 currently. In fact, I had to declare those two categories explicitly in profile/categories otherwise portage refused to use them. Are there any strong opinions against introducing acct-user/* and acct-group/* catpkgs? If so, I can remove the catpkgs and go back to creating the gamestat group the old-school school way. If not, I would prefer keeping app-editors/emacs synchronized with Gentoo.
  15. Maybe this drive has some bad blocks. If you are writing a large file that takes a substantial amount of the drive's capacity, the chances of hitting that block increase, even with wear-leveling. Unfortunately, I don't think there is much you can do because wear-leveling almost guarantees that you will write to different blocks each time you write, so there isn't an easy way to isolate that bad block. Thankfully, USB drives are relatively cheap nowadays.
×
×
  • Create New...