Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us $3,400 per month for bandwidth bills alone, and since we don't believe in shoving popup ads to our registered users, we try to make the money back through forum registrations.
  • Post
  • Reply
RFC2324
Jun 7, 2012

Http 418


other people posted:

CONFIG_ENCRYPTED_KEYS is baked into the kernel in both RHEL7 and RHEL8 so I hope that wasn't an official guide you were reading

The downside of our primary work skill being Google is sometimes we find the wrong info to work from.

Adbot
ADBOT LOVES YOU

Volguus
Mar 3, 2009


other people posted:

CONFIG_ENCRYPTED_KEYS is baked into the kernel in both RHEL7 and RHEL8 so I hope that wasn't an official guide you were reading

Welp: https://access.redhat.com/documenta.../sec-encryption

Edit:
I have a question regarding cryptsetup:

Currently if one has an encrypted partition, it can be automatically decrypted if one adds the keyscript=/path/to/some/executable option in crypttab. That executable/script can do whatever it wants to produce the key (read it from the TPM, kernel keyring or the movement of stars in the sky), but it has to output the decryption passphrase for the drive to be decrypted.
Is there a way to to avoid that? Somehow to tell dm-crypt that "hey, you're a module in the kernel, you should go and read it from somewhere where I don't have access to from userland"? Like a kernel keyring that's not user accessible? Am I looking at it wrong? I just started reading this crap (encrypting volumes and securely storing keys) and I am a bit lost in here. The main purpose would be that if someone would have access to the machine (a booted, let's say even a logged-in root shell available, the worst case) that they would not be able to just run the keyscript executable to obtain said key. Or, at that moment is a lost cause no matter what?

Volguus fucked around with this message at 21:53 on Aug 19, 2020

xtal
Jan 9, 2011



I misread your post at first, but I think you're right that that's an inherent problem with automatic mounting mechanisms. They should be interactive and then you should remember the password will be stored in RAM too.

xtal fucked around with this message at 22:38 on Aug 19, 2020

CaptainSarcastic
Jul 6, 2013

HAIL SATAN


Anyone have recommendations for reliable wireless and Bluetooth solutions for Linux?

The last couple Tumbleweed updates have left me with my Realtek USB wireless not working (it works in Windows) and my Broadcom USB Bluetooth adapter not working due to a packaging error in the driver. I'm online using a spare USB wireless stick that is nowhere near as my fast my rtl8812au (the spare is n, the rtl8812 is ac). The frustrating thing is that of course Bluetooth and the Realtek wireless work just fine in Windows.

Should I give up on USB and go to a PCIe card? I'm loathe to do that out of a paranoia about case temperatures and airflow, but always used to run PCI wireless cards back in the old days.

I'd like to have Bluetooth 5 and at least AC1200 speed, but trying to figure out which chipsets are best for Linux is a pain.

Does anyone have recommendations about brands or products that are more known-good?

Computer viking
May 30, 2011
Now with less breakage.

Intel is generally well supported, but I mostly see them integrated in laptops (including my AMD ThinkPad, curiously); I don't think I've ever seen an intel-based USB dongle. I assume they exist as PCIe cards, though.

other people
Jun 27, 2004
Associate Christ





It turns out these bits are built as modules for every arch except x86_64 so the docs are wrong in a different way. Neat.

❯ grep -nr CONFIG_ENCRYPTED_KEYS redhat/configs/
redhat/configs/generic/x86_64/CONFIG_ENCRYPTED_KEYS:1:CONFIG_ENCRYPTED_KEYS=y
redhat/configs/generic/CONFIG_ENCRYPTED_KEYS:1:CONFIG_ENCRYPTED_KEYS=m


I filed a bug against the docs so some day in the future this should be corrected. Thank you for pointing it out.

excellent bird guy
Jan 1, 2020
Probation
Can't post for 41 hours!


Should I install Gentoo on my old laptop that I still rather would program on than my new macbook, or no? Debian just feels so out of date. I have Arch on my workstation but Im curious if I should turn up the heat a little bit

xtal
Jan 9, 2011



excellent bird guy posted:

Should I install Gentoo on my old laptop that I still rather would program on than my new macbook, or no? Debian just feels so out of date. I have Arch on my workstation but Im curious if I should turn up the heat a little bit

You will turn up the heat on your CPU when you compile everything by yourself for no reason. Just use Arch unless you have a philosophical attachment to Gentoo.

astral
Apr 26, 2004



excellent bird guy posted:

Should I install Gentoo on my old laptop that I still rather would program on than my new macbook, or no? Debian just feels so out of date. I have Arch on my workstation but Im curious if I should turn up the heat a little bit

Have you tried Fedora?

excellent bird guy
Jan 1, 2020
Probation
Can't post for 41 hours!


No
And do you actually compile _byyourself_ or does Portage assist in cases such as, resolving dependencies? I like to watch computers compile, but only if it builds in success.

Volguus
Mar 3, 2009


excellent bird guy posted:

No
And do you actually compile _byyourself_ or does Portage assist in cases such as, resolving dependencies? I like to watch computers compile, but only if it builds in success.

It does everything for you, you just sit back and relax looking at it work. Until you get the system up and running though (whatever that would mean to you), that's all you can do. Afterwards, if you have a browser, you can at least go on SA.

RFC2324
Jun 7, 2012

Http 418


excellent bird guy posted:

No
And do you actually compile _byyourself_ or does Portage assist in cases such as, resolving dependencies? I like to watch computers compile, but only if it builds in success.

this is why I like gentoo as well. I'm dumb enough I actually once spun up a bunch of VMs so I could compile on them in parallel

then I realized I could multibox hackertyper.com and get the same effect

KozmoNaut
Apr 23, 2008

Happiness is a warm
Turbo Plasma Rifle


Grimey Drawer

excellent bird guy posted:

Should I install Gentoo on my old laptop that I still rather would program on than my new macbook, or no? Debian just feels so out of date. I have Arch on my workstation but Im curious if I should turn up the heat a little bit

Debian Unstable is certainly not outdated. I would also recommend openSUSE Tumbleweed.

excellent bird guy
Jan 1, 2020
Probation
Can't post for 41 hours!


does anybody use: https://github.com/swaywm/sway ? I think it's a fork of i3 except it's Wayland. Not sure what the advantages of that would be,. I start my computing session by first editing .xinitrc to choose my windows manager, and then typing xinit. I guess i'd have to learn a different system

Computer viking
May 30, 2011
Now with less breakage.

If you just like watching things compile, the ports system in FreeBSD is quite similar to portage, but I think it's a bit easier to live with precompiled packages if you desire. And on an old laptop, the hardware is probably supported, too.

(I recommend using synth instead of just ports, though.)

Computer viking
May 30, 2011
Now with less breakage.

On a different note, my partner uses Fedora, and has one of those problems that seem like a nightmare to debug: after a few hours, sudo and unlocking the screen and anything else that need authentication hangs for ten plus seconds before responding; everything else seems fine.

Strace of sudo doesn't work, of course. I've looked at the logs for logind and they look normal; there's nothing special for sss, and there's a bit too much to look through everything.

Powered Descent
Jul 13, 2008

We haven't had that spirit here since 1969.



Yam Slacker

Computer viking posted:

On a different note, my partner uses Fedora, and has one of those problems that seem like a nightmare to debug: after a few hours, sudo and unlocking the screen and anything else that need authentication hangs for ten plus seconds before responding; everything else seems fine.

Strace of sudo doesn't work, of course. I've looked at the logs for logind and they look normal; there's nothing special for sss, and there's a bit too much to look through everything.

This is admittedly a longshot, but they didn't happen to set up that box on an LDAP system or some other exernal auth system, did they? I once set up a personal laptop to be able to auth to the LDAP system at my work, never actually used it and then forgot all about it, and later on was puzzled when anything auth-related took forever (because it was trying to reach the unreachable-from-home LDAP server).

kujeger
Feb 19, 2004

OH YES HA HA

Fun Shoe

excellent bird guy posted:

does anybody use: https://github.com/swaywm/sway ? I think it's a fork of i3 except it's Wayland. Not sure what the advantages of that would be,. I start my computing session by first editing .xinitrc to choose my windows manager, and then typing xinit. I guess i'd have to learn a different system

I use it; I'm pretty happy with it. Mainly because of the always-works vsync, and support for independent DPI per monitor. If i3 already works perfectly for you though, there's probably no real point in switching.


It's not a fork of i3 btw, it's a new from-scratch wm that intentionally works like i3.

D. Ebdrup
Mar 13, 2009
Probation
Can't post for 5 hours!


Computer viking posted:

If you just like watching things compile, the ports system in FreeBSD is quite similar to portage, but I think it's a bit easier to live with precompiled packages if you desire. And on an old laptop, the hardware is probably supported, too.

(I recommend using synth instead of just ports, though.)
Hasn't the portage developer said that he took direct inspiration from FreeBSD ports? Though I imagine other similar systems might also be indirectly inspired from it, since FreeBSD ports was one of the first.

As for building stuff, synth or poudriere are both good - though the first is a community-maintained tool whereas poudriere is project-maintained.
That, in and of itself, doesn't really matter as long as there's a community to maintain it, but becomes a problem if synth ends up like portmaster which for a long time didn't have a maintainer, and therefore didn't support flavors after that feature had been rolled out.

Antigravitas
Dec 8, 2019

Outside Context Problem


Hello, the Gentoo mad man has logged on.

I'm not sure I'd recommend Gentoo on a Laptop because Laptops are insanely fiddly to begin with, not to mention a proper compile job will cripple that thing. Especially since everything seems to pull in a browser nowadays and you DO NOT want to compile qtwebkit or qtwebengine or webkit-gtk on anything.

Gentoo is, however, genuinely nice if you do any kind of dev work. Writing ebuilds is also far, far easier than writing .debs, and version bumping software is downright trivial. Some packages also exist as binary packages because gently caress compiling Firefox, so some of the worst offenders don't cripple you while compiling.

Portage is pretty cool but it takes some reading to learn to understand its dependency error messages. You should only see those if you use unstable packages though, and Gentoo has become pretty conservative.

Gentoo is absolutely amazing if you need to build a custom Linux distro for something. The tooling is almost perfect for this.

D. Ebdrup
Mar 13, 2009
Probation
Can't post for 5 hours!


Antigravitas posted:

Hello, the Gentoo mad man has logged on.

I'm not sure I'd recommend Gentoo on a Laptop because Laptops are insanely fiddly to begin with, not to mention a proper compile job will cripple that thing. Especially since everything seems to pull in a browser nowadays and you DO NOT want to compile qtwebkit or qtwebengine or webkit-gtk on anything.

Gentoo is, however, genuinely nice if you do any kind of dev work. Writing ebuilds is also far, far easier than writing .debs, and version bumping software is downright trivial. Some packages also exist as binary packages because gently caress compiling Firefox, so some of the worst offenders don't cripple you while compiling.

Portage is pretty cool but it takes some reading to learn to understand its dependency error messages. You should only see those if you use unstable packages though, and Gentoo has become pretty conservative.

Gentoo is absolutely amazing if you need to build a custom Linux distro for something. The tooling is almost perfect for this.
Hello friend Gentoo user, FreeBSD nut logging on.

That's another place where FreeBSD and poudriere has a bit of an advantage (well, until Linux users discover it, and replicate it).
Poudriere (or the development version, at least) can build the packaged base version of FreeBSD, which enables you to upgrade the base system via pkg(8), the binary package management system that's based on FreeBSD Ports.
This means it's now possible to build an image (as a DVD, memdisk, zfs snapshot, or other media), of a custom version of FreeBSD on a workstation/server, optionally with with very high thread count and oodles of memory, and then install (and later upgrade) on a low-power device like a laptop, even one that's running an ARM chip like pinebook (since both the base system as well as ~30k ports builds on aarch64).

Antigravitas
Dec 8, 2019

Outside Context Problem


You can let portage build binary packages as well, so you can have a build system prepare a binary repository for clients. Afaik it exists because some HPC environments use Gentoo for their compute nodes and if you have identical hardware running identical software you really don't need to run compile jobs on each individual node.

One great thing is that you can just drop .patch files in a folder structure and have those automatically applied during the build process without having to modify the packaging process in any way. Just put the patch into /etc/portage/patches/$CATEGORY/$PACKAGE/[ $VERSION / ] and portage will pick it up on rebuild (if the ebuild supports it, which many do).

RFC2324
Jun 7, 2012

Http 418


Antigravitas posted:

you really don't need to run compile jobs on each individual node.

But it would be an awesome feeling maxing out that compile

The first time, anyway

D. Ebdrup
Mar 13, 2009
Probation
Can't post for 5 hours!


Antigravitas posted:

You can let portage build binary packages as well, so you can have a build system prepare a binary repository for clients. Afaik it exists because some HPC environments use Gentoo for their compute nodes and if you have identical hardware running identical software you really don't need to run compile jobs on each individual node.

One great thing is that you can just drop .patch files in a folder structure and have those automatically applied during the build process without having to modify the packaging process in any way. Just put the patch into /etc/portage/patches/$CATEGORY/$PACKAGE/[ $VERSION / ] and portage will pick it up on rebuild (if the ebuild supports it, which many do).
That's.. not really the point, though. The point is using a powerful machine to target or cross-build for a tiny system, like this:


The end result is a folder that you can point nginx (optionally configured with acme.sh) at a folder, edit /usr/local/etc/pkg/repos/FreeBSD.conf, and get binary packages for your system over HTTPS for one or multiple systems, almost-independent of CPU architecture and other factors.


RFC2324 posted:

But it would be an awesome feeling maxing out that compile

The first time, anyway
Poudriere can max out the beefiest machine in the FreeBSD build cluster - which, if memory serves, has 160 threads.

Antigravitas
Dec 8, 2019

Outside Context Problem


Portage can pretty much do that as well including the cross-architecture bit. I've used it to run Gentoo on a first generation raspberry pi. Just so I could say I had done it

RFC2324
Jun 7, 2012

Http 418


portage has always maxed out the thread on whatever machine I throw at it, provided I actually tell it how many to use

I just want to do that on every node in a giant multinode HPC cluster

Antigravitas
Dec 8, 2019

Outside Context Problem


Fun fact:

Most projects default to -j1 for make. This is sane. You tell it to use more.

Meson defaults to -j $(nproc). This is insane. You have to explicitly tell it to use less.

Compiling qtwebengine with jumbo-headers consumes more than 2GB of RAM (!!!!111cos(0)) per compile thread.

On an 8-core Ryzen with SMT that's 16*2GB of memory.

Until the Gentoo people managed to reign it in that build was basically impossible on my machine with jumbo headers enabledÖand without it takes EVEN LONGER.


Webshit is an embarassment at all levels, it's crazy.

xtal
Jan 9, 2011



Try running it with nice? I would expect a build tool for a huge program to use all my CPUs and RAM, otherwise what is it there for?

Antigravitas
Dec 8, 2019

Outside Context Problem


That doesn't do anything, it'll just use less CPU while exhausting all your RAM until OOM kills it.

Lorem ipsum
Sep 25, 2007
IF I REPORT SOMETHING, BAN ME.

This is why you use the -l option with make

The Gunslinger
Jul 24, 2004

Do not forget the face of your father.

Fun Shoe

Running into an issue in Pop!_OS with X11 and dual monitors. I have a 4k monitor that desperately needs scaling enabled and a 1440p monitor that I game on. If I enable 200% scaling it enables it for both of them, I can't just set one individually. I'm running an Nvidia card so Wayland isn't an option, X11 only. I've tried gsettings set org.gnome.mutter experimental-features "['x11-randr-fractional-scaling']" but it doesn't seem to do anything. Any way to get this working? I guess I could set font scaling in Firefox so I can actually read on here but I would prefer to scale everything up on just the 4k and leave the 1440p monitor alone.

excellent bird guy
Jan 1, 2020
Probation
Can't post for 41 hours!


I got a little minor issue. I thought it would just werk to create a PDF on the OSX laptop I own, but the thing saved as .pages, my company can't open it, then I exported pages to .pdf, and it won't open for me or the company now. So I will use one of my Linux builds for PDF because no way am I paying money to make a PDF file. What is a good one that is available, GNU/Linux? Doesn't matter which distro or repository I have, I'll be able to get ahold of it.

Volguus
Mar 3, 2009


excellent bird guy posted:

I got a little minor issue. I thought it would just werk to create a PDF on the OSX laptop I own, but the thing saved as .pages, my company can't open it, then I exported pages to .pdf, and it won't open for me or the company now. So I will use one of my Linux builds for PDF because no way am I paying money to make a PDF file. What is a good one that is available, GNU/Linux? Doesn't matter which distro or repository I have, I'll be able to get ahold of it.

LibreOffice can export to PDF, the question is if your document can be opened by it (no idea what .pages is). I usually just "print" to PDF in linux. Every program that has a print dialog has that option for me, no idea what package exactly brings in that feature.

effika
Jun 19, 2005
Birds do not want you to know any more than you already do.

excellent bird guy posted:

I got a little minor issue. I thought it would just werk to create a PDF on the OSX laptop I own, but the thing saved as .pages, my company can't open it, then I exported pages to .pdf, and it won't open for me or the company now. So I will use one of my Linux builds for PDF because no way am I paying money to make a PDF file. What is a good one that is available, GNU/Linux? Doesn't matter which distro or repository I have, I'll be able to get ahold of it.

The LibreOffice Draw thing is fine for creating PDFs from scratch or from a Word file or whatever. Does forms too. It seems to be openable by Adobe Arcobat Reader DC.

If you need to manipulate pages a lot I like PDF Arranger. PDFs it creates are definitely openable by Acrobat Reader DC.

Or yeah just use the Print to PDF for easiest option.

excellent bird guy
Jan 1, 2020
Probation
Can't post for 41 hours!


Perfect thanks. Well since I'm here I'll go ahead and complain a little. I've had so much trouble with Debian 10 these past few days. I got it in the first place for stability, which is good, nothing essential has broken. These past few days code that works on my Arch build doesn't work on Debian. This includes python3 certification stuff which I don't know much about to say specifically. Also installing nodejs per nvm, the npm seg faults. The nodejs/npm builds from apt repo are not even compatible. Everything just bothers me and I am going to go all out and say Debian 10 would be nice of course for servers but I don't want these problems anymore. Had no problem with sbcl environment though, so that's what I have to work on tonight until I can find a thumb drive somewhere (it's lost) and install something else, not sure but I have to have i3wm.

CarForumPoster
Jun 26, 2013


I want to do browser based (selenium) web scraping with AWS Lambda functions but the only headless chrome binary is being fucky.

My lambda has a file system at /mnt/efs so my next thought is to install chrome or Firefox in a specific folder on that file system. Is this possible in Linux?

waffle iron
Jan 16, 2004


You should be able to find tar.gz files of Firefox or Chromium that can be extracted and run anywhere.

CarForumPoster
Jun 26, 2013


waffle iron posted:

You should be able to find tar.gz files of Firefox or Chromium that can be extracted and run anywhere.

I tried to find Firefox portable for Linux to no avail. Iíll try Chromium

Canít try it until work tomorrow but it looks like maybe there may be chromium binaries I can download.

CarForumPoster fucked around with this message at 01:14 on Sep 4, 2020

astral
Apr 26, 2004



CarForumPoster posted:

I tried to find Firefox portable for Linux to no avail. Iíll try Chromium

Canít try it until work tomorrow but it looks like maybe there may be chromium binaries I can download.

https://ftp.mozilla.org/pub/firefox...x-x86_64/en-US/

Adbot
ADBOT LOVES YOU

CarForumPoster
Jun 26, 2013



Youíre cool and good. Iíll give this a try tomorrow.

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply