From gotar at polanet.pl Sat Nov 12 10:44:39 2011 From: gotar at polanet.pl (Tomasz Pala) Date: Sat, 12 Nov 2011 10:44:39 +0100 Subject: xulrunner 8 vs VLC Message-ID: <20111112094439.GA15601@polanet.pl> http://buildlogs.pld-linux.org/index.php?dist=th&arch=x86_64&ok=0&name=vlc&id=c5bede34-ce5a-4cbd-9669-7a67c0d70653&action=tail please fix and rebuild VLC (libdvbpsi bumped to so.7). -- Tomasz Pala From arekm at maven.pl Sat Nov 12 12:19:02 2011 From: arekm at maven.pl (Arkadiusz =?utf-8?q?Mi=C5=9Bkiewicz?=) Date: Sat, 12 Nov 2011 12:19:02 +0100 Subject: xulrunner 8 vs VLC In-Reply-To: <20111112094439.GA15601@polanet.pl> References: <20111112094439.GA15601@polanet.pl> Message-ID: <201111121219.02373.arekm@maven.pl> On Saturday 12 of November 2011, Tomasz Pala wrote: > http://buildlogs.pld-linux.org/index.php?dist=th&arch=x86_64&ok=0&name=vlc& > id=c5bede34-ce5a-4cbd-9669-7a67c0d70653&action=tail > > please fix and rebuild VLC (libdvbpsi bumped to so.7). VLC needs to be ported to new xulrunner most likely. Unfortunately new xulrunner 8 doesn't work for me (iceweasel hangs before even GUI appears) and for now I'm going to drop it. -- Arkadiusz Mi?kiewicz PLD/Linux Team arekm / maven.pl http://ftp.pld-linux.org/ From gotar at polanet.pl Sat Nov 12 15:54:47 2011 From: gotar at polanet.pl (Tomasz Pala) Date: Sat, 12 Nov 2011 15:54:47 +0100 Subject: xulrunner 8 vs VLC In-Reply-To: <201111121219.02373.arekm@maven.pl> References: <20111112094439.GA15601@polanet.pl> <201111121219.02373.arekm@maven.pl> Message-ID: <20111112145447.GA10683@polanet.pl> On Sat, Nov 12, 2011 at 12:19:02 +0100, Arkadiusz Mi?kiewicz wrote: >> please fix and rebuild VLC (libdvbpsi bumped to so.7). > > VLC needs to be ported to new xulrunner most likely. Unfortunately new > xulrunner 8 doesn't work for me (iceweasel hangs before even GUI appears) and > for now I'm going to drop it. OK, I see you've been 2 minutes faster with VLC;) and now there are 2 being builded. -- Tomasz Pala From lm at zork.pl Wed Nov 16 09:41:54 2011 From: lm at zork.pl (Lukasz Michalski) Date: Wed, 16 Nov 2011 09:41:54 +0100 Subject: nodejs - missing req Message-ID: <4EC37752.3050609@zork.pl> Patch attached. Regards, ?ukasz -------------- next part -------------- A non-text attachment was scrubbed... Name: nodejs-missing-req.patch Type: text/x-patch Size: 363 bytes Desc: not available URL: From glen at pld-linux.org Wed Nov 16 11:45:06 2011 From: glen at pld-linux.org (=?UTF-8?B?RWxhbiBSdXVzYW3DpGU=?=) Date: Wed, 16 Nov 2011 12:45:06 +0200 Subject: nodejs - missing req In-Reply-To: <4EC37752.3050609@zork.pl> References: <4EC37752.3050609@zork.pl> Message-ID: <4EC39432.3070409@pld-linux.org> On 16.11.2011 10:41, Lukasz Michalski wrote: > Patch attached. patches should be attached in unified format (diff -u) and we do not fill such dependencies manually, these should be generated by rpmbuild so most likely the actual problem is shared library missing executable bit the usual fix for that is: chmod a+rx $RPM_BUILD_ROOT%{_libdir}/*.so* this is due crappy build systems like waf or scons or cmake that install libraries with 644 permissions $ l ~/tmp/nodejs-0.4.12-root-glen/usr/lib/libnode.so* lrwxrwxrwx 1 glen users 16 nov 16 12:39 /home/users/glen/tmp/nodejs-0.4.12-root-glen/usr/lib/libnode.so -> libnode.so.4.0.0 lrwxrwxrwx 1 glen users 16 nov 16 12:39 /home/users/glen/tmp/nodejs-0.4.12-root-glen/usr/lib/libnode.so.4 -> libnode.so.4.0.0 -rw-r--r-- 1 glen users 992K nov 16 12:39 /home/users/glen/tmp/nodejs-0.4.12-root-glen/usr/lib/libnode.so.4.0.0 so fixed now: http://cvs.pld-linux.org/cgi-bin/viewvc.cgi/cvs/packages/nodejs/nodejs.spec?r1=1.23&r2=1.24 as seen: $ rpm -qp nodejs-0.4.12-1.x86_64.rpm --requires /sbin/ldconfig /sbin/ldconfig libc.so.6()(64bit) libc.so.6(GLIBC_2.2.5)(64bit) libnode.so.4()(64bit) rpmlib(PayloadIsLzma) <= 4.4.6-1 $ rpm -qp ../RPMS/nodejs-0.4.12-2.i686.rpm --requires /sbin/ldconfig /sbin/ldconfig libc.so.6 libc.so.6(GLIBC_2.0) libc.so.6(GLIBC_2.1) libc.so.6(GLIBC_2.1.2) libc.so.6(GLIBC_2.1.3) libc.so.6(GLIBC_2.2) libc.so.6(GLIBC_2.3) libc.so.6(GLIBC_2.3.2) libc.so.6(GLIBC_2.3.4) libc.so.6(GLIBC_2.4) libc.so.6(GLIBC_2.6) libcares.so.2 libcrypto.so.1.0.0 libdl.so.2 libdl.so.2(GLIBC_2.0) libdl.so.2(GLIBC_2.1) libev.so.4 libgcc_s.so.1 libgcc_s.so.1(GCC_3.0) libgcc_s.so.1(GLIBC_2.0) libm.so.6 libnode.so.4 libpthread.so.0 libpthread.so.0(GLIBC_2.0) libpthread.so.0(GLIBC_2.1) libpthread.so.0(GLIBC_2.2) libpthread.so.0(GLIBC_2.3.2) librt.so.1 libssl.so.1.0.0 libstdc++.so.6 libstdc++.so.6(CXXABI_1.3) libstdc++.so.6(GLIBCXX_3.4) libutil.so.1 libutil.so.1(GLIBC_2.0) libv8.so.3 libz.so.1 -- glen From mike at osdn.org.ua Wed Nov 16 12:36:03 2011 From: mike at osdn.org.ua (Michael Shigorin) Date: Wed, 16 Nov 2011 13:36:03 +0200 Subject: nodejs - missing req In-Reply-To: <4EC39432.3070409@pld-linux.org> References: <4EC37752.3050609@zork.pl> <4EC39432.3070409@pld-linux.org> Message-ID: <20111116113603.GO13267@osdn.org.ua> On Wed, Nov 16, 2011 at 12:45:06PM +0200, Elan Ruusam??e wrote: > the usual fix for that is: > chmod a+rx $RPM_BUILD_ROOT%{_libdir}/*.so* Doesn't your buildroot processing fix up the trivia? -- ---- WBR, Michael Shigorin ------ Linux.Kiev http://www.linux.kiev.ua/ From glen at pld-linux.org Wed Nov 16 13:00:38 2011 From: glen at pld-linux.org (=?ISO-8859-1?Q?Elan_Ruusam=E4e?=) Date: Wed, 16 Nov 2011 14:00:38 +0200 Subject: nodejs - missing req In-Reply-To: <20111116113603.GO13267@osdn.org.ua> References: <4EC37752.3050609@zork.pl> <4EC39432.3070409@pld-linux.org> <20111116113603.GO13267@osdn.org.ua> Message-ID: <4EC3A5E6.2080500@pld-linux.org> On 16.11.2011 13:36, Michael Shigorin wrote: > On Wed, Nov 16, 2011 at 12:45:06PM +0200, Elan Ruusam??e wrote: >> the usual fix for that is: >> chmod a+rx $RPM_BUILD_ROOT%{_libdir}/*.so* > Doesn't your buildroot processing fix up the trivia? not this one. care to point to yours where it does? :) -- glen From mike at osdn.org.ua Wed Nov 16 16:42:39 2011 From: mike at osdn.org.ua (Michael Shigorin) Date: Wed, 16 Nov 2011 17:42:39 +0200 Subject: nodejs - missing req In-Reply-To: <4EC3A5E6.2080500@pld-linux.org> References: <4EC37752.3050609@zork.pl> <4EC39432.3070409@pld-linux.org> <20111116113603.GO13267@osdn.org.ua> <4EC3A5E6.2080500@pld-linux.org> Message-ID: <20111116154239.GR13267@osdn.org.ua> On Wed, Nov 16, 2011 at 02:00:38PM +0200, Elan Ruusam?e wrote: > >>the usual fix for that is: > >>chmod a+rx $RPM_BUILD_ROOT%{_libdir}/*.so* > >Doesn't your buildroot processing fix up the trivia? > not this one. > care to point to yours where it does? :) Like this: http://git.altlinux.org/people/ldv/packages/?p=rpm.git;a=blob;f=scripts/brp-fix-perms.in;hb=HEAD http://git.altlinux.org/people/ldv/packages/?p=rpm.git;a=blob;f=scripts/fixup-libraries;hb=HEAD :) -- ---- WBR, Michael Shigorin ------ Linux.Kiev http://www.linux.kiev.ua/ From gotar at polanet.pl Wed Nov 16 19:11:05 2011 From: gotar at polanet.pl (Tomasz Pala) Date: Wed, 16 Nov 2011 19:11:05 +0100 Subject: cvsweb.cgi links not working Message-ID: <20111116181104.GA13294@polanet.pl> E.g. directly from ~builderth/queue.html: http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/drwright/drwright.spec?only_with_tag=HEAD only viewvc.cgi/cvs/packages works. -- Tomasz Pala From arekm at maven.pl Wed Nov 16 19:19:13 2011 From: arekm at maven.pl (Arkadiusz =?utf-8?q?Mi=C5=9Bkiewicz?=) Date: Wed, 16 Nov 2011 19:19:13 +0100 Subject: cvsweb.cgi links not working In-Reply-To: <20111116181104.GA13294@polanet.pl> References: <20111116181104.GA13294@polanet.pl> Message-ID: <201111161919.13543.arekm@maven.pl> On Wednesday 16 of November 2011, Tomasz Pala wrote: > E.g. directly from ~builderth/queue.html: > > http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/drwright/drwright.spec > ?only_with_tag=HEAD > > only viewvc.cgi/cvs/packages works. Typo in rewrite rule - fixed. -- Arkadiusz Mi?kiewicz PLD/Linux Team arekm / maven.pl http://ftp.pld-linux.org/ From gotar at polanet.pl Wed Nov 16 19:21:12 2011 From: gotar at polanet.pl (Tomasz Pala) Date: Wed, 16 Nov 2011 19:21:12 +0100 Subject: cvsweb.cgi links not working In-Reply-To: <201111161919.13543.arekm@maven.pl> References: <20111116181104.GA13294@polanet.pl> <201111161919.13543.arekm@maven.pl> Message-ID: <20111116182112.GA16213@polanet.pl> On Wed, Nov 16, 2011 at 19:19:13 +0100, Arkadiusz Mi?kiewicz wrote: >> http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/drwright/drwright.spec >> ?only_with_tag=HEAD >> >> only viewvc.cgi/cvs/packages works. > > Typo in rewrite rule - fixed. Thanks. -- Tomasz Pala From glen at pld-linux.org Thu Nov 17 11:38:24 2011 From: glen at pld-linux.org (=?ISO-8859-1?Q?Elan_Ruusam=E4e?=) Date: Thu, 17 Nov 2011 12:38:24 +0200 Subject: nodejs - missing req In-Reply-To: <20111116154239.GR13267@osdn.org.ua> References: <4EC37752.3050609@zork.pl> <4EC39432.3070409@pld-linux.org> <20111116113603.GO13267@osdn.org.ua> <4EC3A5E6.2080500@pld-linux.org> <20111116154239.GR13267@osdn.org.ua> Message-ID: <4EC4E420.8000109@pld-linux.org> On 16.11.2011 17:42, Michael Shigorin wrote: > On Wed, Nov 16, 2011 at 02:00:38PM +0200, Elan Ruusam?e wrote: >>>> the usual fix for that is: >>>> chmod a+rx $RPM_BUILD_ROOT%{_libdir}/*.so* >>> Doesn't your buildroot processing fix up the trivia? >> not this one. >> care to point to yours where it does? :) > Like this: > http://git.altlinux.org/people/ldv/packages/?p=rpm.git;a=blob;f=scripts/brp-fix-perms.in;hb=HEAD > http://git.altlinux.org/people/ldv/packages/?p=rpm.git;a=blob;f=scripts/fixup-libraries;hb=HEAD eh, these two do the opposite: removing executable bit from library :) -- glen From arekm at maven.pl Thu Nov 17 19:34:21 2011 From: arekm at maven.pl (Arkadiusz =?utf-8?q?Mi=C5=9Bkiewicz?=) Date: Thu, 17 Nov 2011 19:34:21 +0100 Subject: grsecurity users? Message-ID: <201111171934.22012.arekm@maven.pl> Hi, I wonder if we have grsecurity users that use pld kernels? Asking because there was an idea of dropping grsec from default kernel which can happen iif we have no users of this feature. I'm using one or two tiny features of grsec kernel and I can live without these. zbyniu AFAIK uses grsec but he doesn't use pld kernels, so that doesn't count. Don't know other grsec pld users. -- Arkadiusz Mi?kiewicz PLD/Linux Team arekm / maven.pl http://ftp.pld-linux.org/ From gotar at polanet.pl Thu Nov 17 20:03:18 2011 From: gotar at polanet.pl (Tomasz Pala) Date: Thu, 17 Nov 2011 20:03:18 +0100 Subject: grsecurity users? In-Reply-To: <201111171934.22012.arekm@maven.pl> References: <201111171934.22012.arekm@maven.pl> Message-ID: <20111117190318.GA6894@polanet.pl> On Thu, Nov 17, 2011 at 19:34:21 +0100, Arkadiusz Mi?kiewicz wrote: > I wonder if we have grsecurity users that use pld kernels? grep \=y kernel/kernel-grsec.config I guess there are many people not knowing they rely on grsec parts. > Asking because there was an idea of dropping grsec from default kernel which > can happen iif we have no users of this feature. > > I'm using one or two tiny features of grsec kernel and I can live without Like this? CONFIG_GRKERNSEC_PROC_USERGROUP=y CONFIG_GRKERNSEC_PROC_GID=17 Without this one day people will hit exposed process data. That's my only concern, but personally I don't need it either. -- Tomasz Pala From mike at osdn.org.ua Fri Nov 18 18:20:17 2011 From: mike at osdn.org.ua (Michael Shigorin) Date: Fri, 18 Nov 2011 19:20:17 +0200 Subject: nodejs - missing req In-Reply-To: <4EC4E420.8000109@pld-linux.org> References: <4EC37752.3050609@zork.pl> <4EC39432.3070409@pld-linux.org> <20111116113603.GO13267@osdn.org.ua> <4EC3A5E6.2080500@pld-linux.org> <20111116154239.GR13267@osdn.org.ua> <4EC4E420.8000109@pld-linux.org> Message-ID: <20111118172017.GA16707@osdn.org.ua> On Thu, Nov 17, 2011 at 12:38:24PM +0200, Elan Ruusam?e wrote: > >>>>the usual fix for that is: > >>>>chmod a+rx $RPM_BUILD_ROOT%{_libdir}/*.so* > >>>Doesn't your buildroot processing fix up the trivia? > >>not this one. > >>care to point to yours where it does? :) > >Like this: > >http://git.altlinux.org/people/ldv/packages/?p=rpm.git;a=blob;f=scripts/brp-fix-perms.in;hb=HEAD > >http://git.altlinux.org/people/ldv/packages/?p=rpm.git;a=blob;f=scripts/fixup-libraries;hb=HEAD > eh, these two do the opposite: removing executable bit from library :) Yeah, as decided some time after the tweak was introduced; you can partially un-tweak it back as you wish :) -- ---- WBR, Michael Shigorin ------ Linux.Kiev http://www.linux.kiev.ua/ From marti at pld-linux.org Fri Nov 18 20:09:52 2011 From: marti at pld-linux.org (Marcin Rybak) Date: Fri, 18 Nov 2011 20:09:52 +0100 Subject: packages: bind/bind.spec - updated ac, openssl versions (openssl 0.9.8d+ or ... In-Reply-To: References:

Message-ID: 2011/11/17 qboosh > Author: qboosh Date: Thu Nov 17 15:54:10 2011 GMT > Module: packages Tag: HEAD > ---- Log message: > - updated ac,openssl versions (openssl 0.9.8d+ or 0.9.7l+ required) > "0.9.7l+ required" this isn't true :) - package does not build at carme-ac-i686 From qboosh at pld-linux.org Sat Nov 19 07:11:43 2011 From: qboosh at pld-linux.org (Jakub Bogusz) Date: Sat, 19 Nov 2011 07:11:43 +0100 Subject: packages: bind/bind.spec - updated ac, openssl versions (openssl 0.9.8d+ or ... In-Reply-To: References:

Message-ID: <20111119061143.GA13672@mail> On Fri, Nov 18, 2011 at 08:09:52PM +0100, Marcin Rybak wrote: > 2011/11/17 qboosh > > > Author: qboosh Date: Thu Nov 17 15:54:10 2011 GMT > > Module: packages Tag: HEAD > > ---- Log message: > > - updated ac,openssl versions (openssl 0.9.8d+ or 0.9.7l+ required) > > > > "0.9.7l+ required" > > this isn't true :) - package does not build at carme-ac-i686 Maybe. It's a quote from configure script, I haven't verified each version of openssl. -- Jakub Bogusz http://qboosh.pl/ From adamg at pld-linux.org Sat Nov 19 09:07:23 2011 From: adamg at pld-linux.org (Adam Golebiowski) Date: Sat, 19 Nov 2011 09:07:23 +0100 Subject: grsecurity users? In-Reply-To: <20111117190318.GA6894@polanet.pl> References: <201111171934.22012.arekm@maven.pl> <20111117190318.GA6894@polanet.pl> Message-ID: <4EC763BB.4010103@pld-linux.org> W dniu 2011-11-17 20:03, Tomasz Pala pisze: > On Thu, Nov 17, 2011 at 19:34:21 +0100, Arkadiusz Mi?kiewicz wrote: > >> I wonder if we have grsecurity users that use pld kernels? > > grep \=y kernel/kernel-grsec.config > > I guess there are many people not knowing they rely on grsec parts. > >> Asking because there was an idea of dropping grsec from default kernel which >> can happen iif we have no users of this feature. >> >> I'm using one or two tiny features of grsec kernel and I can live without > > Like this? > > CONFIG_GRKERNSEC_PROC_USERGROUP=y > CONFIG_GRKERNSEC_PROC_GID=17 > > Without this one day people will hit exposed process data. That's my > only concern, but personally I don't need it either. > Same here, personally I never used full grsec, but I'd leave grsec-minimal patch. -- adamg at pld-linux.org From arekm at maven.pl Sat Nov 19 09:26:49 2011 From: arekm at maven.pl (Arkadiusz =?iso-8859-2?q?Mi=B6kiewicz?=) Date: Sat, 19 Nov 2011 09:26:49 +0100 Subject: grsecurity users? In-Reply-To: <4EC763BB.4010103@pld-linux.org> References: <201111171934.22012.arekm@maven.pl> <20111117190318.GA6894@polanet.pl> <4EC763BB.4010103@pld-linux.org> Message-ID: <201111190926.50000.arekm@maven.pl> On Saturday 19 of November 2011, Adam Golebiowski wrote: > Same here, personally I never used full grsec, but I'd leave > grsec-minimal patch. No one maintains this :-/ Maybe some automated extracting of diffs for specific feature could be done? glen? -- Arkadiusz Mi?kiewicz PLD/Linux Team arekm / maven.pl http://ftp.pld-linux.org/ From marcin.rybak at gmail.com Sat Nov 19 10:24:33 2011 From: marcin.rybak at gmail.com (Marcin Rybak) Date: Sat, 19 Nov 2011 10:24:33 +0100 Subject: packages: bind/bind.spec - updated ac, openssl versions (openssl 0.9.8d+ or ... In-Reply-To: <20111119061143.GA13672@mail> References:

<20111119061143.GA13672@mail> Message-ID: 2011/11/19 Jakub Bogusz > On Fri, Nov 18, 2011 at 08:09:52PM +0100, Marcin Rybak wrote: > > 2011/11/17 qboosh > > > > > Author: qboosh Date: Thu Nov 17 15:54:10 2011 GMT > > > Module: packages Tag: HEAD > > > ---- Log message: > > > - updated ac,openssl versions (openssl 0.9.8d+ or 0.9.7l+ required) > > > > > > > "0.9.7l+ required" > > > > this isn't true :) - package does not build at carme-ac-i686 > > Maybe. It's a quote from configure script, I haven't verified each > version of openssl. no, not that case, but: %{?with_ssl:BuildRequires: openssl-devel >= 0.9.8d} disqualifies 0.9.7 line which exist in AC. --- Marcin Rybak http://marcinrybak.com From marcin.rybak at gmail.com Sat Nov 19 10:44:20 2011 From: marcin.rybak at gmail.com (Marcin Rybak) Date: Sat, 19 Nov 2011 10:44:20 +0100 Subject: grsecurity users? In-Reply-To: <20111117190318.GA6894@polanet.pl> References: <201111171934.22012.arekm@maven.pl> <20111117190318.GA6894@polanet.pl> Message-ID: W dniu 17 listopada 2011 20:03 u?ytkownik Tomasz Pala napisa?: > CONFIG_GRKERNSEC_PROC_USERGROUP=y > CONFIG_GRKERNSEC_PROC_GID=17 > > Without this one day people will hit exposed process data. That's my > only concern, but personally I don't need it either. this is the only reason I use grsec, and I'll use it even if it means I have to use older kernel anyway, maybe - question should be send to pld-users not only devels? --- Marcin Rybak http://marcinrybak.com From arekm at maven.pl Sat Nov 19 10:55:53 2011 From: arekm at maven.pl (Arkadiusz =?iso-8859-2?q?Mi=B6kiewicz?=) Date: Sat, 19 Nov 2011 10:55:53 +0100 Subject: grsecurity users? In-Reply-To: References: <201111171934.22012.arekm@maven.pl> <20111117190318.GA6894@polanet.pl> Message-ID: <201111191055.54211.arekm@maven.pl> On Saturday 19 of November 2011, Marcin Rybak wrote: > W dniu 17 listopada 2011 20:03 u?ytkownik Tomasz Pala napisa?: > > CONFIG_GRKERNSEC_PROC_USERGROUP=y > > CONFIG_GRKERNSEC_PROC_GID=17 > > > > Without this one day people will hit exposed process data. That's my > > only concern, but personally I don't need it either. > > this is the only reason I use grsec, and I'll use it even if it means I > have to use older kernel Ok, so lets create feature set that needs to be in grsec-minimal. So far we have this one: CONFIG_GRKERNSEC_PROC_USERGROUP=y Any others? > anyway, maybe - question should be send to pld-users not only devels? Look closely at initial email. -- Arkadiusz Mi?kiewicz PLD/Linux Team arekm / maven.pl http://ftp.pld-linux.org/ From marekguevara at gmail.com Mon Nov 21 11:17:47 2011 From: marekguevara at gmail.com (Marek Guevara Braun) Date: Mon, 21 Nov 2011 11:17:47 +0100 Subject: grsecurity users? In-Reply-To: <201111171934.22012.arekm@maven.pl> References: <201111171934.22012.arekm@maven.pl> Message-ID: W dniu 17 listopada 2011 19:34 u?ytkownik Arkadiusz Mi?kiewicz napisa?: > > I wonder if we have grsecurity users that use pld kernels? I use this feature. > Asking because there was an idea of dropping grsec from default kernel which > can happen iif we have no users of this feature. SELinux a'la RHEL then or nothing at all ? Regards, Marek PS. Do we still need tuxonice and vservers? Have someone got any experience with vserver -> linux containers/lxc porting of virtual systems, Is lxc production ready on our kernels? I've got issues with vservers on 3.0 kernels, so I'm considering moving them to lxc. PS2. The question should have gone to the pld-uses-pl/en lists. From arekm at maven.pl Mon Nov 21 11:33:01 2011 From: arekm at maven.pl (Arkadiusz =?utf-8?q?Mi=C5=9Bkiewicz?=) Date: Mon, 21 Nov 2011 11:33:01 +0100 Subject: grsecurity users? In-Reply-To: References: <201111171934.22012.arekm@maven.pl> Message-ID: <201111211133.02058.arekm@maven.pl> On Monday 21 of November 2011, Marek Guevara Braun wrote: > W dniu 17 listopada 2011 19:34 u?ytkownik Arkadiusz Mi?kiewicz > > napisa?: > > I wonder if we have grsecurity users that use pld kernels? > > I use this feature. Ok but what part? RBAC? > > > Asking because there was an idea of dropping grsec from default kernel > > which can happen iif we have no users of this feature. > > SELinux a'la RHEL then or nothing at all ? Well, right now some parts of grsec are used among people here, so these won't be dropped. The real problem is in 3.1.x kernels where there is some functional conflict between grsecurity and vserver. That causes such oops: http://pastebin.com/ciS5ud30 Our 3.1.1+vserver works fine, 3.1.1+grsec works fine, 3.1.1+vserver+grsec fails as shown above. There were some changes in dup_mm/copy_process area in vserver between 3.0 and 3.1 but the real reason for oops is unknown at this moment. That's the only thing that prevents us from having 3.1 kernel in PLD. > Regards, > Marek > > PS. Do we still need tuxonice and vservers? tuxonice was dropped. vserver is used by many people here. > Have someone got any > experience with vserver -> linux containers/lxc porting of virtual > systems, There is work needed to make lxc usable on pld. For example we don't have template script for pld at this moment. http://www.pld-linux.org/Docs/LXC also needs updates. > Is lxc production ready on our kernels? Well, LXC is in mainline, so our kernels equal linus kernels in this area. Should work. > I've got issues with > vservers on 3.0 kernels, What issues? > so I'm considering moving them to lxc. I also have long term plan to migrate all my guests to lxc (to be able to use kernel that's not patched with invasive vserver patch). > PS2. The question should have gone to the pld-uses-pl/en lists. Look at first mail in this thread again. -- Arkadiusz Mi?kiewicz PLD/Linux Team arekm / maven.pl http://ftp.pld-linux.org/ From glen at pld-linux.org Mon Nov 21 11:35:01 2011 From: glen at pld-linux.org (=?UTF-8?B?RWxhbiBSdXVzYW3DpGU=?=) Date: Mon, 21 Nov 2011 12:35:01 +0200 Subject: grsecurity users? In-Reply-To: References: <201111171934.22012.arekm@maven.pl> Message-ID: <4ECA2955.1020607@pld-linux.org> On 21.11.2011 12:17, Marek Guevara Braun wrote: > PS. Do we still need tuxonice and vservers? Have someone got any > experience with vserver -> linux containers/lxc porting of virtual > systems, Is lxc production ready on our kernels? I've got issues with > vservers on 3.0 kernels, so I'm considering moving them to lxc. i use vserver and /proc security would like to keep as well -- glen From gotar at polanet.pl Mon Nov 21 14:17:58 2011 From: gotar at polanet.pl (Tomasz Pala) Date: Mon, 21 Nov 2011 14:17:58 +0100 Subject: grsecurity users? In-Reply-To: References: <201111171934.22012.arekm@maven.pl> Message-ID: <20111121131757.GA17411@polanet.pl> On Mon, Nov 21, 2011 at 11:17:47 +0100, Marek Guevara Braun wrote: > PS. Do we still need tuxonice and vservers? Have someone got any > experience with vserver -> linux containers/lxc porting of virtual > systems, Is lxc production ready on our kernels? I've got issues with I've tried running lxc a year ago and failed. Some parts were working, e.g. I was able to start container from local console (but not using ssh connection!). -- Tomasz Pala From marekguevara at gmail.com Mon Nov 21 17:05:49 2011 From: marekguevara at gmail.com (Marek Guevara Braun) Date: Mon, 21 Nov 2011 17:05:49 +0100 Subject: grsecurity users? In-Reply-To: <201111211133.02058.arekm@maven.pl> References: <201111171934.22012.arekm@maven.pl> <201111211133.02058.arekm@maven.pl> Message-ID: W dniu 21 listopada 2011 11:33 u?ytkownik Arkadiusz Mi?kiewicz napisa?: > Ok but what part? RBAC? Yes. without PAX >> I've got issues with >> vservers on 3.0 kernels, > > What issues? OpenVPN server in vserver does not see any tun interfaces provided by host (3.0.8-1). This config (documented in docs.pld-li...) works with older 2.6 kernels, but unfortunatelly not with the newest kernel from th repository. >> PS2. The question should have gone to the pld-uses-pl/en lists. > > Look at first mail in this thread again. Sorry 8-) Regards, Marek From arekm at maven.pl Mon Nov 21 20:08:34 2011 From: arekm at maven.pl (Arkadiusz =?utf-8?q?Mi=C5=9Bkiewicz?=) Date: Mon, 21 Nov 2011 20:08:34 +0100 Subject: grsecurity users? In-Reply-To: References: <201111171934.22012.arekm@maven.pl> <201111211133.02058.arekm@maven.pl> Message-ID: <201111212008.34127.arekm@maven.pl> On Monday 21 of November 2011, Marek Guevara Braun wrote: > W dniu 21 listopada 2011 11:33 u?ytkownik Arkadiusz Mi?kiewicz > > napisa?: > > Ok but what part? RBAC? > > Yes. without PAX Ouh, help fixing grsec+vserver then. I'm also thinking about another aproach, introducing second type of kernel: - kernel without vserver, without grsecurity, possibly with grsec minimal (3.1.x at the moment) - kernel with vserver and full grsecurity (3.0.x at the moment) I guess both with all related packages. > >> I've got issues with > >> vservers on 3.0 kernels, > > > > What issues? > > OpenVPN server in vserver does not see any tun interfaces provided by > host (3.0.8-1). This config (documented in docs.pld-li...) works with > older 2.6 kernels, but unfortunatelly not with the newest kernel from > th repository. Don't have such setup. Here openvpn is running on host and is only providing single IP address to two guests. -- Arkadiusz Mi?kiewicz PLD/Linux Team arekm / maven.pl http://ftp.pld-linux.org/ From glen at delfi.ee Sat Nov 26 13:20:15 2011 From: glen at delfi.ee (=?ISO-8859-1?Q?Elan_Ruusam=E4e?=) Date: Sat, 26 Nov 2011 14:20:15 +0200 Subject: ac-sparc Message-ID: <4ED0D97F.8080901@delfi.ee> attn! ac-sparc owner needed, it's /var is mounted readonly and needs sysadmin attention last bits from dmesg: Unimplemented SPARC system call 151 Info fld=0x61f0, Current sdb: sense key Recovered Error Additional sense: Write error - recovered with auto reallocation SCSI error : <0 0 0 0> return code = 0x8000002 Info fld=0x8a0991, Current sda: sense key Hardware Error Additional sense: No defect spare location available end_request: I/O error, dev sda, sector 9046417 Aborting journal on device sda4. ext3_abort called. EXT3-fs abort (device sda4): ext3_journal_start: Detected aborted journal Remounting filesystem read-only EXT3-fs error (device sda4) in start_transaction: Journal has aborted EXT3-fs error (device sda4) in start_transaction: Journal has aborted EXT3-fs error (device sda4) in start_transaction: Journal has aborted EXT3-fs error (device sda4) in start_transaction: Journal has aborted EXT3-fs error (device sda4) in start_transaction: Journal has aborted EXT3-fs error (device sda4) in start_transaction: Journal has aborted EXT3-fs error (device sda4) in start_transaction: Journal has aborted From mike at osdn.org.ua Sat Nov 26 15:08:37 2011 From: mike at osdn.org.ua (Michael Shigorin) Date: Sat, 26 Nov 2011 16:08:37 +0200 Subject: ac-sparc In-Reply-To: <4ED0D97F.8080901@delfi.ee> References: <4ED0D97F.8080901@delfi.ee> Message-ID: <20111126140836.GP11418@osdn.org.ua> On Sat, Nov 26, 2011 at 02:20:15PM +0200, Elan Ruusam?e wrote: > Info fld=0x61f0, Current sdb: sense key Recovered Error > Additional sense: Write error - recovered with auto reallocation > SCSI error : <0 0 0 0> return code = 0x8000002 > Info fld=0x8a0991, Current sda: sense key Hardware Error Just in case, there are a few SCSI drives (68/80 pin) over here, I plan to be in Lviv next weekend so can toss them closer. (if that'd be useful, drop me a note to have a closer look) -- ---- WBR, Michael Shigorin ------ Linux.Kiev http://www.linux.kiev.ua/ From arekm at maven.pl Sat Nov 26 23:06:17 2011 From: arekm at maven.pl (Arkadiusz =?utf-8?q?Mi=C5=9Bkiewicz?=) Date: Sat, 26 Nov 2011 23:06:17 +0100 Subject: INFO: big mv on ftp happened Message-ID: <201111262306.17262.arekm@maven.pl> Hello, Another major mv on ftp happened. Everything from ready was moved to main. Few things needs fixes, please look and help: http://ep09.pld-linux.org/~pldth/main-ready-test.txt ps. Old tree is still available on ftp1 in PLD-20111126 dir. -- Arkadiusz Mi?kiewicz PLD/Linux Team arekm / maven.pl http://ftp.pld-linux.org/ From adamg at pld-linux.org Sun Nov 27 01:34:58 2011 From: adamg at pld-linux.org (Adam Golebiowski) Date: Sun, 27 Nov 2011 01:34:58 +0100 Subject: INFO: big mv on ftp happened In-Reply-To: <201111262306.17262.arekm@maven.pl> References: <201111262306.17262.arekm@maven.pl> Message-ID: <4ED185B2.4090609@pld-linux.org> W dniu 2011-11-26 23:06, Arkadiusz Mi?kiewicz pisze: > > Hello, > > Another major mv on ftp happened. Everything from ready was moved to main. > > Few things needs fixes, please look and help: > http://ep09.pld-linux.org/~pldth/main-ready-test.txt > > ps. Old tree is still available on ftp1 in PLD-20111126 dir. ftp3 is catching up, give it a day or two to be fully synced. ps: ftp4 (due to be back online real soon now (tm)) is also catching up. -- adamg at pld-linux.org From marcin.rybak at gmail.com Sun Nov 27 08:52:09 2011 From: marcin.rybak at gmail.com (Marcin Rybak) Date: Sun, 27 Nov 2011 08:52:09 +0100 Subject: INFO: big mv on ftp happened In-Reply-To: <201111262306.17262.arekm@maven.pl> References: <201111262306.17262.arekm@maven.pl> Message-ID: W dniu 26 listopada 2011 23:06 u?ytkownik Arkadiusz Mi?kiewicz < arekm at maven.pl> napisa?: > Another major mv on ftp happened. > I understand - accidentally? cause I can't find any previous info about it... Oh sorry, I forget that it's PLD rule. --- Marcin Rybak http://marcinrybak.com From arekm at maven.pl Sun Nov 27 09:48:03 2011 From: arekm at maven.pl (Arkadiusz =?iso-8859-2?q?Mi=B6kiewicz?=) Date: Sun, 27 Nov 2011 09:48:03 +0100 Subject: INFO: big mv on ftp happened In-Reply-To: References: <201111262306.17262.arekm@maven.pl> Message-ID: <201111270948.04015.arekm@maven.pl> On Sunday 27 of November 2011, Marcin Rybak wrote: > W dniu 26 listopada 2011 23:06 u?ytkownik Arkadiusz Mi?kiewicz < > > arekm at maven.pl> napisa?: > > Another major mv on ftp happened. > > I understand - accidentally? cause I can't find any previous info about > it... Oh sorry, I forget that it's PLD rule. I could tell people before if there is need for that. Is there a such need and does it make any difference if I send announcement 1h before mv or just after mv? -- Arkadiusz Mi?kiewicz PLD/Linux Team arekm / maven.pl http://ftp.pld-linux.org/ From marcin.rybak at gmail.com Sun Nov 27 11:37:49 2011 From: marcin.rybak at gmail.com (Marcin Rybak) Date: Sun, 27 Nov 2011 11:37:49 +0100 Subject: INFO: big mv on ftp happened In-Reply-To: <201111270948.04015.arekm@maven.pl> References: <201111262306.17262.arekm@maven.pl> <201111270948.04015.arekm@maven.pl> Message-ID: W dniu 27 listopada 2011 09:48 u?ytkownik Arkadiusz Mi?kiewicz < arekm at maven.pl> napisa?: > > arekm at maven.pl> napisa?: > > > Another major mv on ftp happened. > > > > I understand - accidentally? cause I can't find any previous info about > > it... Oh sorry, I forget that it's PLD rule. > > I could tell people before if there is need for that. > afair - someone already asked for it... of course - I don't have a proof for it, so "it didn't happen" > Is there a such need and does it make any difference if I send > announcement 1h > before mv or just after mv? I guess, it cannot be planed as "in next few days"? --- Marcin Rybak http://marcinrybak.com From arekm at maven.pl Sun Nov 27 12:15:08 2011 From: arekm at maven.pl (Arkadiusz =?iso-8859-2?q?Mi=B6kiewicz?=) Date: Sun, 27 Nov 2011 12:15:08 +0100 Subject: INFO: big mv on ftp happened In-Reply-To: References: <201111262306.17262.arekm@maven.pl> <201111270948.04015.arekm@maven.pl> Message-ID: <201111271215.09007.arekm@maven.pl> On Sunday 27 of November 2011, Marcin Rybak wrote: > > Is there a such need and does it make any difference if I send > > announcement 1h > > before mv or just after mv? > > I guess, it cannot be planed as "in next few days"? Maybe it can. Usually it depends on my free time which is hard to plan. I'll try to make this that way but still don't see any advantage [1] beside more time related problems on my side. 1. since old tree is still available -- Arkadiusz Mi?kiewicz PLD/Linux Team arekm / maven.pl http://ftp.pld-linux.org/ From wiget at pld-linux.org Mon Nov 28 09:29:09 2011 From: wiget at pld-linux.org (Artur Frysiak) Date: Mon, 28 Nov 2011 09:29:09 +0100 Subject: packages: systemd/systemd.spec - fix packagekit files In-Reply-To: References:

Message-ID: > ?# do not cover /media (system-specific removable mountpoints) > -%{__rm} $RPM_BUILD_ROOT/lib/systemd/local-fs.target.wants/media.mount > +%{__rm} -f $RPM_BUILD_ROOT/lib/systemd/local-fs.target.wants/media.mount > ?# do not cover /var/run (packages need rpm-provided subdirectories) > -%{__rm} $RPM_BUILD_ROOT/lib/systemd/local-fs.target.wants/var-run.mount > +%{__rm} -f $RPM_BUILD_ROOT/lib/systemd/local-fs.target.wants/var-run.mount Dlaczego doda?e? -f ? -- Artur Frysiak From gotar at polanet.pl Tue Nov 29 01:08:52 2011 From: gotar at polanet.pl (Tomasz Pala) Date: Tue, 29 Nov 2011 01:08:52 +0100 Subject: pwdutils gone Message-ID: <20111129000852.GA32181@polanet.pl> Looking for faillog binary we do not have:/ I see that neither http://www.thkukuk.de/pam/pwdutils/ is available, nor ftp://ftp.kernel.org/pub/linux/utils/net/NIS/ Should we go back to something not maintained, but existent? ;) http://lists.pld-linux.org/mailman/pipermail/pld-devel-en/2008-January/019598.html BTW during systemd upgrade (from upstart) it's the second time I've noticed disturbing behaviour of rpm on %ghost files: it simply removes them without repackaging, effectively destroying wtmpx data (other are less important, but still significant in multiuser environments). If rpm can't be fixed, I'd go for un%ghosting them. -- Tomasz Pala From jajcus at jajcus.net Tue Nov 29 13:07:35 2011 From: jajcus at jajcus.net (Jacek Konieczny) Date: Tue, 29 Nov 2011 13:07:35 +0100 Subject: Switch to systemd? Message-ID: <20111129120735.GC2121@jajo.eggsoft> On the Polish mailing list there is discussion about systemd support. SysVinit is evil and needs to be replaced ? its hard to argue about that. Though, I have already done some work to replace SysVinit with Upstart. The question is, should we now start maintaining the third init subsystem? Or should we drop anything done for Upstart? Or even drop legacy SysVinit support? I made most of the Upstart support, but it seems no one but me and Glen cares about it. I am ready to give it up in favour of systemd, uniformly handled over whole system and maintained by more than two people. Anybody relies on Upstart or can we assume it was a dead end road and we can give it up? Do we need any transition facilities (I will take care of my systems myself)? What about current SysVinit scripts. Should we keep them and maintain them or start switching everything (including whole rc-scripts) to systemd? This can break backward compatibility a lot, but we could gain much more consistent (which also means: more reliable and faster) system in the end. Anyway, LSB scripts in /etc/init.d should still be supported in some way and probably wrapper scripts for services maintained by systemd should be placed there too ? some things still rely on that and this will allow us port old packages (not bound by complicated dependencies with anything else) one by one. Greets, Jacek From glen at pld-linux.org Tue Nov 29 13:45:07 2011 From: glen at pld-linux.org (=?UTF-8?B?RWxhbiBSdXVzYW3DpGU=?=) Date: Tue, 29 Nov 2011 14:45:07 +0200 Subject: Switch to systemd? In-Reply-To: <20111129120735.GC2121@jajo.eggsoft> References: <20111129120735.GC2121@jajo.eggsoft> Message-ID: <4ED4D3D3.6070804@pld-linux.org> On 29.11.2011 14:07, Jacek Konieczny wrote: > The question is, should we now start maintaining the third init > subsystem? Or should we drop anything done for Upstart? Or even drop > legacy SysVinit support? > in long term, i'd see rc-scripts and systemd both exist for the sake of systems you do not want to upgrade and want the "old & stable" in short term, i wouldn't drop any upstart related code in rc-scripts, until there is usable systemd afaik we do not need rc-scripts for systemd to function and systemd supports running sysv-initscripts itself (i have not verified that, just read some web pages) -- glen From adamg at pld-linux.org Tue Nov 29 14:19:53 2011 From: adamg at pld-linux.org (Adam Golebiowski) Date: Tue, 29 Nov 2011 14:19:53 +0100 Subject: Switch to systemd? In-Reply-To: <20111129120735.GC2121@jajo.eggsoft> References: <20111129120735.GC2121@jajo.eggsoft> Message-ID: <4ED4DBF9.6040409@pld-linux.org> W dniu 2011-11-29 13:07, Jacek Konieczny pisze: > What about current SysVinit scripts. Should we keep them and maintain > them or start switching everything (including whole rc-scripts) to > systemd? This can break backward compatibility a lot, but we could gain > much more consistent (which also means: more reliable and faster) system > in the end. I'd drop upstart (don't use/care), but let's keep SysVinit for as long as it is possible. I prefer to have a solution that is limited (comparing to systemd) but is known to work in strange situations. What I am thinking if there won't be any problems in situations like: - chrooting to a system and attempting to start a service - I boot from rescuecd but I desperately need to start a service from the system that is on the disk - vserver (as was mentioned on -devel-pl) -- adamg at pld-linux.org