Jump to content
Read the Funtoo Newsletter: Summer 2023 ×

klipkyle

Members
 View Profile  See their activity

  • Posts

    20

  • Joined

  • Last visited

  • Days Won

    1

 Content Type 

Posts posted by klipkyle

  2. corrupt meta-repo

    in General Discussion

    Posted

    All the repos are git repositories.  So usually the easiest way is to clone a fresh copy of the meta-repo. 

    mv /var/git/meta-repo /var/git/meta-repo.old
ego sync

    ego will clone a fresh copy of the meta-repo from Github.

    Since this is a case where Virtualbox crashed, I also recommend performing file system checks if they have not been performed automatically.

  5. Troubles updating gnome

    in General Help

    Posted

    Right now, the general Funtoo advice is to remove pygtk (and anything that depends on it) because pygtk has been unmaintained for years.

    It looks like the main culprit is app-portage/porthole.  gimp and nmap should upgrade without any pygtk dependency (double-check package.user and other USE flag overrides).  So, you will need to remove app-portage/porthole to remove pygtk and upgrade to GNOME 3.34.

    I'm sorry to say that right now, the pygtk dilemma is still unresolved.  It hit LXDE quite hard.  The latest information is in this bug report: https://bugs.funtoo.org/browse/FL-6860

  6. Troubles updating gnome

    in General Help

    Posted

    The problem is that something is depending on pygtk, which currently doesn't build under the newer pango.  This might be fixed in the future.  Research is ongoing.

    Gimp should have dropped the requirement on pygtk (since we have disabled the python USE flag of Gimp by default in Funtoo).

    What else is pulling in pygtk?  Try 

    equery depends pygtk

    Also, try rerunning the command with --verbose-conflicts.

  12. My laptop, it's AMD APU, and epro...

    in General Help

    Posted

    In general, if one graphics profile doesn't work, then try another.  By "not work", typical symptoms of missing graphics drivers are software fallback rendering (very slow), the GNOME "Oops something went wrong" sad computer face, and other failure modes where desktop environments will not start.

    If you are concerned, you should be able to enable several generations of AMD/Radeon profiles at the same time.  For instance, I have a BARTS card in this machine I am typing on, but at some point I hope to swap that with a Bonaire (couple generations later).  Enabling both gfxcard-radeon (for the older card) and gfxcard-amdgpu (for the newer card) could be a transitional step.

  13. [Solved] useradd refuses to create a user when LXD is configured with subuid/subgid

    in General Help

    Posted

    On 10/20/2019 at 9:09 PM, drobbins said:

    So /etc/login.defs should have SUB_GID_COUNT and SUB_UID_COUNT set to 0 by default.

    I tried setting those variables to 0, but useradd still complains even though the ranges have plenty of subuids/subgids to allocate.  Maybe shadow-utils doesn't support this configuration? 

    kyle@perkins ~ $ sudo useradd -m -g users -G lp,audio,cdrom,video,plugdev -u 1112 test2
Password: 
useradd: Can't get unique subordinate UID range
useradd: can't create subordinate user IDs
    #
# Min/max values for automatic uid selection in useradd(8)
#
UID_MIN			 1000
UID_MAX			60000
# System accounts
SYS_UID_MIN		  101
SYS_UID_MAX		  999
# Extra per user uids
SUB_UID_MIN		   100000
SUB_UID_MAX	       2000000000
SUB_UID_COUNT			0

#
# Min/max values for automatic gid selection in groupadd(8)
#
GID_MIN			 1000
GID_MAX			60000
# System accounts
SYS_GID_MIN		  101
SYS_GID_MAX		  999
# Extra per user group ids
SUB_GID_MIN		   100000
SUB_GID_MAX	       2000000000
SUB_GID_COUNT			0

     

  14. flatpak - category not listed /etc/portage/categories

    in Portage Help

    Posted

    On 10/17/2019 at 7:55 PM, rspartz said:

    aragon ~ # emerge -avl --pretend gnome-software
    !!! Repository name or alias 'gentoo', defined for repository 'core-kit', overrides existing alias or repository.

    Usually, that appears when defining an overlay with a different name than the name contained in the overlay's metadata.  That's a little disturbing that somehow core-kit is involved...

  15. flatpak - category not listed /etc/portage/categories

    in Portage Help

    Posted

    44 minutes ago, rspartz said:

    Calculating dependencies |
    !!! 'acct-group/flatpak' has a category that is not listed in /etc/portage/categories           ... done!

    I don't have a file or a directory in /etc/portage called categories

    This is a relatively new Gentoo convention.  Gentoo is organizing dedicated users and groups into virtual packages, and to do this, they have created two new categories: acct-user and acct-group.  Packages under these categories are virtual packages that create new Linux users and groups.

    The only thing that package does is make sure that the flatpak Linux group exists with a certain hard-coded gid.  You may need to create a local overlay and pull that virtual package from Gentoo.

    I ran into this new convention when pulling the latest Emacs from Gentoo.  I eventually pulled in the acct-group package that was needed and declared the two new categories:

    https://code.funtoo.org/bitbucket/users/klipkyle/repos/klipkyle-overlay/browse/profiles/categories

    Based on the error message, I think you can alternatively declare "custom" categories in /etc/portage/categories.

    More info about the specific situation I ran into:

    How to create a custom overlay: https://www.funtoo.org/Creating_Your_Own_Overlay

    I hope this helps,
    --Kyle

  16. [Solved] useradd refuses to create a user when LXD is configured with subuid/subgid

    in General Help

    Posted

    Recently, I followed the LXD setup instructions: https://www.funtoo.org/LXD

    One of the steps is creating /etc/subuid and /etc/subgid and giving root very large ranges.  From my understanding, this sets up unprivileged containers.  I.e. "root" inside of a container is actually an unprivileged user inside the defined range in subuid.

    However, when I tried to add a temporary test user today, I got hung up trying to solve an ancillary problem: 

    kyle@perkins ~ $ sudo useradd -m -g users -G lp,audio,cdrom,video,plugdev -u 1111 test
useradd: Can't get unique subordinate UID range
useradd: can't create subordinate user IDs

    useradd also exits with exit code 16, which is undocumented in its man page.  (Slightly annoying)

    It turns out that useradd attempts to modify subuid and subgid to allocate individual "extra" subranges for each user.  Of course this is configurable in login.defs. 

    #
# Min/max values for automatic uid selection in useradd(8)
#
UID_MIN			 1000
UID_MAX			60000
# System accounts
SYS_UID_MIN		  101
SYS_UID_MAX		  999
# Extra per user uids
SUB_UID_MIN		   100000
SUB_UID_MAX		600100000
SUB_UID_COUNT		    65536

#
# Min/max values for automatic gid selection in groupadd(8)
#
GID_MIN			 1000
GID_MAX			60000
# System accounts
SYS_GID_MIN		  101
SYS_GID_MAX		  999
# Extra per user group ids
SUB_GID_MIN		   100000
SUB_GID_MAX		600100000
SUB_GID_COUNT		    65536

    So, my questions are:

    • Considering LXD handles privilege management, should unprivileged users have a subrange at all?
    • What is the best way to bring useradd to a usable state again?  Ideally, I would like to disable adding a subrange.  (I tried setting SUB_UID_COUNT to 0.)  However, I suppose I can mess around with the ranges.

  17. How do you ensure privacy in this day and age?

    in General Discussion

    Posted

    10 hours ago, walterw said:

    From the desktop / end computer standpoint, I feel securing the system is much easier than a mobile device as the knobs are much easier to get at.  Google / Apple give developers more control over security / privacy than the end user.

    Yes, that's definitely the case.  That's an interesting observation about how mobile platforms give developers rather than users more control over security.  That's partly the price of convenience.

    10 hours ago, walterw said:

    Back to your philosophical view, so my concerns are:

    1. I would like to minimize the blatant advertising that I am exposed to (here, privoxy works fairly well, but only for HTTP unless you're running an SSL Bump proxy).  DNS / IP blocks work okay at this.

    I use an ad-blocker for most of that stuff.  In the past, I have used custom /etc/hosts files and NoScript.  Ad-blocking is an ongoing cat/mouse game.

    I have heard very positive things about Pi-hole, a DNS caching server that runs on a Raspberry Pi.

    I used squid a few years ago for some tunneling, and I remember looking at the logs and watching HTTPS traffic flow through squid's HTTP-based proxy.  I had SSH tunneling on top of squid, and I was the only user on the local system, so I didn't care too much about it.  This was also with either SeaMonkey or Pale Moon a few years ago, both of which were at the time a couple generations behind today's Firefox.  So it might be the case that newer Firefox versions no longer tunnel HTTPS through an HTTP proxy.

    I noticed there is another thread open about the HTTPS proxying question.

    10 hours ago, walterw said:

    2. The more subtle advertising such as studies showing how blue light keeps you up at night and why you need these blue-light filtering glasses are also a nuisance (this is just a recent pertinent example).  This is a more difficult problem to solve because often times the sources for these advertisements are reputable and will not be in a blocklist.  This type of stuff is pervasive and gets into your mind without necessarily appearing as advertising directly.

    That's the next step in the ad-blocking cat/mouse game.  Someone creates ads that get around the filters.  Then, the filters figure out new ways of blocking the ads, and the cycle continues.

    10 hours ago, walterw said:

    3. From the mobile "app" perspective, when installing an "app" you're handing over much of your private information just to use the "app".  The only choice you have here is to not use it.  I think Android is getting better at selecting what permissions you give apps, but this is still the wild west.  If you want to "secure" this information or data from "leaking" it is very difficult to do at the gateway level even with SSL Bump.  Another option is to run the app inside of a sandbox such as VirtualBox where you have that app running in isolation.  Sometimes you can do this, other times, the app needs to be on the device to be useful.

    It is possible to setup Android without the Google Applications.  However, that also means ripping out the Play Store.  Yeah, the situation stinks.

    I try to opt for open source applications (e.g. the ones on F-Droid) when possible because those applications are far less likely to do sneaky things behind your back.  There are a few reasons for this.  One is that all the cards are laid on the table for everyone to see.  Another is that open source projects are usually designed around someone having a problem he/she wants to solve and a desire to share the solution, instead of the desire to make a quick buck.

    Sometimes, permission overreach is an issue introduced by User Experience (UX) engineers who were unaware of the security implications of some of their decisions.  Much commercial software nowadays is architected top-down around a scripted user interaction, and the goal is to make the task as "easy" (i.e. convenient) as possible.  So, security is sacrificed.

    Containerization on Android would be something interesting to see.  Also, a native Android runtime that can run Android applications on a desktop would be interesting.  I don't foresee the former coming anytime soon.  The permissions system already provides some security by compartmentalization.  The latter probably exists already.  Both would reduce convenience in favor of security.

  18. How do you ensure privacy in this day and age?

    in General Discussion

    Posted

    Hello,

    On a philosophical level, privacy involves thinking about what data goes where, and usually where the data passes through.  Also, security and convenience are inversely proportional, i.e. if you increase one variable, then the other will decrease.  Balancing security and convenience is the tricky part, and it is a source of many disagreements.

    On a practical level, much of the tracking and profiling on the web is based on cookies.  If you clear your cookie store, most of the time you will look like a new user to the websites you visit.

    Unfortunately, some sites will refuse to talk to you if you disable cookies entirely (intentional?  maybe).  So, one of my strategies is to constantly remove cookies when they are no longer needed. Extensions like Self-Destructing Cookies can automatically clear cookies when you leave a website.  (That extension is for Pale Moon.  However, I am sure there are similar extensions for other browsers.)  In the absence of such extensions, all of the major web browsers have an option to clear cookies when exiting the browser.

    Also, if website A requires authentication and has a history of encouraging website B to embed iframes and scripts into website B's pages, thus allowing website A to log pages you view on website B (examples: Facebook, LinkedIn), then I will create a dedicated Google Chrome profile for website A and use the dedicated profile only for website A.  Each Google Chrome profile has its own cookie store, so each profile looks like a different user.  (Security by compartmentalization)

    I hope this helps.

  20. A bunch of stuff now requires static-libs USE flag

    in Portage Help

    Posted

    Hello,

    While running world updates in Funtoo 1.4 today, I noticed that cryptsetup is now built in a static configuration.  (See FL-6642.)  This caused emerge to complain about some USE flags that needed to be added to package.use.

    I added the below entries to package.use, and all was fine after that.  However, I wonder why is this not detected automatically?  Should these USE changes be in one of Funtoo's profiles? 

    kyle@perkins ~ $ emerge -puDN @world

These are the packages that would be merged, in order:

Calculating dependencies... done!
[ebuild     U  ] sys-libs/glibc-2.29-r3 [2.29-r2]
[ebuild   R    ] app-crypt/argon2-20171227-r1  USE="static-libs*" 
[ebuild     U  ] media-libs/freetype-2.9.1-r5 [2.9.1-r4]
[ebuild   R    ] dev-libs/openssl-1.1.1b-r2  USE="static-libs*" 
[ebuild   R    ] dev-libs/json-c-0.13.1-r1  USE="static-libs*" 
[ebuild   R    ] dev-libs/popt-1.16-r2  USE="static-libs*" 
[ebuild   R    ] dev-libs/libgpg-error-1.36  USE="static-libs*" 
[ebuild   R    ] sys-fs/lvm2-2.02.173  USE="static-libs*" 
[ebuild   R    ] sys-fs/cryptsetup-2.1.0  USE="static*" 

The following USE changes are necessary to proceed:
 (see "package.use" in the portage(5) man page for more details)
# required by sys-fs/cryptsetup-2.1.0::core-kit[-static-libs,static]
# required by sys-libs/libblockdev-2.22::core-kit[cryptsetup]
# required by sys-fs/udisks-2.7.8::gnome-kit
# required by media-sound/clementine-1.3.1_p20190127::media-kit[udisks]
# required by @selected
# required by @world (argument)
>=sys-fs/lvm2-2.02.173 static-libs
# required by sys-fs/cryptsetup-2.1.0::core-kit[-libressl,-static-libs,static,openssl]
# required by sys-libs/libblockdev-2.22::core-kit[cryptsetup]
# required by sys-fs/udisks-2.7.8::gnome-kit
# required by media-sound/clementine-1.3.1_p20190127::media-kit[udisks]
# required by @selected
# required by @world (argument)
>=dev-libs/openssl-1.1.1b-r2 static-libs
# required by sys-fs/cryptsetup-2.1.0::core-kit[-static-libs,static]
# required by sys-libs/libblockdev-2.22::core-kit[cryptsetup]
# required by sys-fs/udisks-2.7.8::gnome-kit
# required by media-sound/clementine-1.3.1_p20190127::media-kit[udisks]
# required by @selected
# required by @world (argument)
>=dev-libs/json-c-0.13.1-r1 static-libs
# required by sys-fs/cryptsetup-2.1.0::core-kit[-static-libs,argon2,static]
# required by sys-libs/libblockdev-2.22::core-kit[cryptsetup]
# required by sys-fs/udisks-2.7.8::gnome-kit
# required by media-sound/clementine-1.3.1_p20190127::media-kit[udisks]
# required by @selected
# required by @world (argument)
>=app-crypt/argon2-20171227-r1 static-libs
# required by sys-fs/cryptsetup-2.1.0::core-kit[-static-libs,static]
# required by sys-libs/libblockdev-2.22::core-kit[cryptsetup]
# required by sys-fs/udisks-2.7.8::gnome-kit
# required by media-sound/clementine-1.3.1_p20190127::media-kit[udisks]
# required by @selected
# required by @world (argument)
>=dev-libs/popt-1.16-r2 static-libs
# required by sys-fs/cryptsetup-2.1.0::core-kit[-static-libs,static]
# required by sys-libs/libblockdev-2.22::core-kit[cryptsetup]
# required by sys-fs/udisks-2.7.8::gnome-kit
# required by media-sound/clementine-1.3.1_p20190127::media-kit[udisks]
# required by @selected
# required by @world (argument)
>=dev-libs/libgpg-error-1.36 static-libs

emerge: there are no ebuilds built with USE flags to satisfy "dev-libs/json-c:=[static-libs(+)]".
!!! One of the following packages is required to complete your request:
- dev-libs/json-c-0.12::core-kit (Change USE: +static-libs)
(dependency required by "sys-fs/cryptsetup-2.1.0::core-kit[-static-libs,static]" [ebuild])
(dependency required by "sys-libs/libblockdev-2.22::core-kit[cryptsetup]" [installed])
(dependency required by "sys-fs/udisks-2.7.8::gnome-kit" [installed])
(dependency required by "media-sound/clementine-1.3.1_p20190127::media-kit[udisks]" [installed])
(dependency required by "@selected" [set])
(dependency required by "@world" [argument])

     

  21. app-editors/emacs-26.3 and acct-group/* catpkgs

    in Dev Central

    Posted

    Hello all,

    I have backported the Emacs 26.3 ebuild from Gentoo.  It is currently in my overlay, but I would like to request it merged into editors-kit eventually.

    https://code.funtoo.org/bitbucket/users/klipkyle/repos/klipkyle-overlay/browse

    However, there is one issue I ran into.  In the Gentoo world, there is a recent change (i.e. shortly after the late June 2019 branch-off point for 1.4) in how automatically-created users and groups are handled.  Specifically, instead of calling enewgroup from within pkg_setup, there are now individual catpkgs (under the categories acct-user and acct-group) that handle creation of individual users and groups.  The newer app-editors/emacs and app-emacs/emacs-common-gentoo ebuilds from Gentoo use this new feature to programmatically create the gamestat group (acct-group/gamestat) when the games USE flag is enabled.

    gamestat-0.ebuild 

    # Copyright 2019 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2

EAPI=7

inherit acct-group

DESCRIPTION="Group for shared high-score and game state files"
ACCT_GROUP_ID=36

    I have tested the emacs-26.3 ebuild in Funtoo 1.4, and Funtoo 1.4 appears to have the right eclasses to handle the acct-user/* and acct-group/* catpkgs.  I can't speak for Funtoo 1.3 though.

    Nevertheless, I appear to be the first person trying to use the acct-user and acct-group stuff on Funtoo.  There are no such catpkgs on Funtoo 1.4 currently.  In fact, I had to declare those two categories explicitly in profile/categories otherwise portage refused to use them.

    Are there any strong opinions against introducing acct-user/* and acct-group/* catpkgs?  If so, I can remove the catpkgs and go back to creating the gamestat group the old-school school way.  If not, I would prefer keeping app-editors/emacs synchronized with Gentoo.

  22. Argh! exFAT USB stick

    in General Discussion

    Posted

    11 hours ago, stamasd said:

    Small update, it seems that this USB stick is not very adequate for my purpose. It does not handle large files well. I tested it with a few files, between 5 and 8GB. They appear to copy well, but the stick's activity LED continues to flash as if stuff still happens (and it doesn't stop for a long time: I waited at one point for 1h and it still continued to do it). This activity continues even if I unmount the drive. No error message is generated, and if I try to mount the stick again it gives me a device busy error. If I physically remove the stick after unmounting and then plug it back in and mount it, the files copied over are damaged.

    Looks like I'll have to look elsewhere for a large file transfer medium.

    Maybe this drive has some bad blocks.  If you are writing a large file that takes a substantial amount of the drive's capacity, the chances of hitting that block increase, even with wear-leveling.

    Unfortunately, I don't think there is much you can do because wear-leveling almost guarantees that you will write to different blocks each time you write, so there isn't an easy way to isolate that bad block.  Thankfully, USB drives are relatively cheap nowadays.

  24. Argh! exFAT USB stick

    in General Discussion

    Posted

    This is a wild guess, but I wonder if the stick is GPT-formatted.  If the stick is GPT-formatted, then there are two backup partition tables (one near the start of the disk and another near the end) that can sometimes get restored automatically.

    If this is the case, then sgdisk should be able to wipe out both the MBR and GPT labels: 

    sgdisk -Z /dev/sdb

    According to sgdisk(8): 

           -Z, --zap-all
              Zap (destroy) the GPT and MBR data structures and  then  exit.
              This  option  works  much  like -z, but as it wipes the MBR as
              well as the GPT, it's more suitable if you want to repartition
              a  disk  after using this option, and completely unsuitable if
              you've already repartitioned the disk.

     

×
×
  • Create New...