Odi's astoundingly incomplete notes

If you think that root has universal privilege on the filesystem, then you may need to update your opinion.

Consider an NFS share for example that is exported from the server as:

/var/nfs 10.1.2.3(rw)

and the permissions on that directory are:

drwxrws---.  2 foo bar    6 Apr 15 17:33 nfs

On the client where that NFS share is mounted the directory looks innocuous (same as above). But when root tries to enter it

# cd /var/nfs
bash: cd: /var/nfs: Permission denied

What happens here? The NFS share uses root squashing, which will map the client's root user to the local anonymous user.
As the man page for exports explains:
Very often, it is not desirable that the root user on a client machine is also treated as root when accessing files on the NFS server. To this end, uid 0 is normally mapped to a different id: the so-called anonymous or nobody uid. This mode of operation (called 'root squashing') is the default, and can be turned off with no_root_squash.

So root being able to access almost everything is only true for "normal" filesystems, but a network filesystem or any other form of mount (fuse!) may behave differently althogether.
Beware of that fact when doing backups. Running backup as root may not be sufficient.

posted on 2021-04-16 08:39 CEST in Code | 0 comments | permalink

With this change Gentoo replaces the current Python 3.7 with 3.8. Unfortunately this makes your next emerge session a bit more interesting.

emerge -uvD world may complain that it wants python 3.7 USE flags

# required by @world (argument)
>=dev-python/setuptools-50.3.0 python_targets_python3_7

and that there are conflicts

dev-python/pygobject:3
  (dev-python/pygobject-3.36.1-r1:3/3::gentoo, installed) USE="cairo -examples -test" ABI_X86="(64)" PYTHON_TARGETS="python3_7 -python3_6 -python3_8 -python3_9"
  pulled in by ...

  (dev-python/pygobject-3.36.1-r1:3/3::gentoo, ebuild scheduled for merge) USE="cairo -examples -test" ABI_X86="(64)" PYTHON_TARGETS="python3_8 -python3_6 -python3_7 -python3_9"
  pulled in by...

In that case first rebuild packages with new USE flags:
emerge -N1avD world

Or try changed USE flags only, which may give better results:
emerge -U1avD world

This will switch existing packages to use 3.8 instead of 3.7. After that tell the system that it should prefer 3.8:
eselect python set --python3 python3.8
Update: eselect-python is now gone. Directly edit /etc/python-exec/python-exec.conf

If the world update still complains about conflicts then there are installed packages that have no python 3.8 support. Uninstalling them and depclean may be an option, or ignoring the dependency.

To find remaining packages that still have a python3_7 useflag that prevents depcleaning 3.7:
find /var/db/pkg -name USE | xargs grep python3_7



posted on 2020-12-04 10:05 CET in Code | 0 comments | permalink

For a long time Gentoo had this exotic layout (same for /usr/lib32):

lrwxrwxrwx   1 root root     5 Aug 31 09:59 lib -> lib64
drwxr-xr-x   2 root root  4096 Aug 31 09:59 lib32
drwxr-xr-x  15 root root 12288 Oct 15 18:06 lib64

This is now changing to what most other distros are doing:

drwxr-xr-x  14 root root       4096 Nov  9 11:45 lib
drwxr-xr-x  10 root root      12288 Nov 11 09:28 lib64

/lib32 becomes the new /lib and /lib64 hold only 64bit specific files. All generic files now go into /lib (and no longer /lib64). Nobody hard-wires /lib32 anymore.

The migration is pretty smooth with the app-portage/unsymlink-lib utility. On all my systems it was enough to do this:

emerge -1v app-portage/unsymlink-lib
unsymlink-lib --analyze
# check the output for orphaned files and clean up, run analyze again
unsymlink-lib --migrate
unsymlink-lib --finish
eselect profile set 1  (or whatever you chose)
emerge -1av gcc
emerge -1av libtool binutils
source /etc/profile
emerge -1av glibc sandbox
# check for remaining packages
emerge -1pvD /lib32 /usr/lib32 /usr/lib/llvm/*/lib32

I encountered only some small catches:

1. If you maintain a binhost (one that builds and serves binary packages for others), make sure to also rebuild sys-apps/baselayout.
2. If you install from a binhost, make sure that the binhost is migrated first, and that all clients migrate away from /lib32 immediately. Never let a new client (no /lib32) update from an old binhost (with /lib32).
3. The ancient app-emulation/emul-linux-x86-compat has /lib32 and /usr/lib32 files but is not available anymore. This forced me to keep the symlink /lib32 -> /lib on these servers (they run old Oracle versions).
4. nagios-core's CGI binaries move from /usr/lib to /usr/lib64 and their path is referenced in the Apache configuration.


posted on 2020-11-13 14:32 CET in Code | 0 comments | permalink

Here is a simple shell script to kill terminals that have been idle for a long time. You can identify such sessions in the IDLE column of the Linux w command. This corresponds to the last modified date of the respective TTY device file.

$ w
 10:56:54 up 10 days, 23:54,  7 users,  load average: 1.17, 1.10, 1.16
USER     TTY        LOGIN@   IDLE   JCPU   PCPU WHAT
aron     pts/0     10:56    1.00s  0.01s  0.01s w
betty    pts/4      Mi10   22:25m  0.02s  0.00s tail -F error.log
cher     pts/5     06:32    4:16m  0.04s  0.04s -bash
dave     pts/8     09:56   41:02   0.06s  0.05s vim config
erin     pts/9     08:26    2:26m  0.03s  0.03s -bash
fritz    pts/12    09:30    1:25m  0.03s  0.02s git server
greg     pts/13    10:47    9:26   0.32s  0.32s less +F -S --follow-name /var/log/messages

kill-idle:

#!/bin/bash
# Sends SIGHUP to TTYs which are idle for a defined time.
# Default is 8 hours. 
# Syntax: kill-idle [idle-hours]
LIMIT=${1:-8}
T=$(mktemp)
NOW=$(stat -t "${T}" | awk '{ print $12}')
[ -z ${NOW} ] && exit 1
cd /dev
for TTY in pts/*; do
  if [ "${TTY}" = "pts/ptmx" ]; then
    continue
  fi
  # field 12 is "last access" which is the time of last write to the tty (last keypress)
  MOD=$(stat -t "${TTY}" | awk '{ print $12}')
  let AGO=$((NOW - MOD))
  if [ ${AGO} -gt $((LIMIT*3600)) ]; then
    pkill -HUP -t "${TTY}"
  fi
done
rm "${T}"

posted on 2020-06-18 11:01 CEST in Code | 0 comments | permalink

If fonts in Eclipse and other GTK UI on Linux look too wide or too high or have too much padding around them, then check your GTK font settings! Using a different font may give you a much better layout.

Especially DejaVu Sans and Liberation Sans have a much lower height than Noto Sans for example.

~/.config/gtk-3.0/settings.ini:

gtk-font-name=Liberation Sans, 10

posted on 2020-05-29 16:59 CEST in Code | 0 comments | permalink

A default installation of Oracle on Linux will use synchronous IO. You have to explicitly enable asynchronous IO by setting a parameter (sic!):
ALTER SYSTEM SET FILESYSTEMIO_OPTIONS=SETALL SCOPE=SPFILE;
and restart Oracle. If you don't do that then synchronous IO during logfile switches / checkpoints will cause unnecessary waits: log file switch (checkpoint incomplete). At the same time Oracle DBW process will not saturate IO. Your DB will become barely usable during those times.

As this also enables direct writes (which circumvent the OS page cache) you must also ensure that the SGA size is close to the RAM size (70-80%). Do not enable the parameter above for small SGAs (< 4GB).
posted on 2020-03-04 13:52 CET in Code | 0 comments | permalink

As of sys-apps/portage-2.3.89 Gentoo installations must rename /etc/portage/package.keywords to /etc/portage/package.accept_keywords.

posted on 2020-03-03 15:56 CET in Code | 0 comments | permalink

Here is a bash function (plus test program) that correctly relays important signals to child processes. So that pressing Ctrl-C reliably terminates both all child processes and the parent process.

• Delivers interrrupt signals also to parent process again (after removing signal handler)
• SIGPIPE is only sent to children
• Works for any number of child processes
• Does not work for SIGKILL (no signal is delivered to app in that case)

#!/bin/bash

relay() {
 PIDS=""
 for PID in $(pgrep -P $$); do
  PIDS="${PIDS} ${PID}"
 done
 trap "kill -PIPE ${PIDS}" PIPE
 PIDS="${PIDS} $$"
 #echo "setting up traps to ${PIDS}"
 trap "trap - HUP; kill -HUP  ${PIDS}" HUP
 trap "trap - INT; kill -INT  ${PIDS}" INT
 trap "trap - QUIT; kill -QUIT ${PIDS}" QUIT
 trap "trap - TERM; kill -TERM ${PIDS}" TERM
}

(sleep 10; echo '1st subshell was not killed')&
relay $!

(sleep 10; echo '2nd subshell was not killed')&
relay $!

echo 'please hit Ctrl-C within 10s'
sleep 10
wait
echo 'main shell was not killed'

posted on 2020-01-09 10:32 CET in Code | 0 comments | permalink

My tests with the upcoming Linux kernel are looking very promising. For me memory management issue has been improved a lot. In recent 5.x kernels the mm would trigger a lot of reclaim scans even with low memory pressure. For example  on a 2GB laptop the Normal zone is quite small. Most memory is in the DMA32 zone. And those kernels would trigger reclaim and even swap when opening a browser or using gitk on the kernel repo. Even though there is still plenty of usable RAM.
With 5.5 this is resolved. Reclaim scans are rare again and swap is not used in these situations.

posted on 2020-01-01 14:29 CET in Code | 0 comments | permalink

When Gentoo updates gcc together with mpfr and mpc the normal emerge procedure will cause building of gcc twice. Because mpfr and mpc cause automatic rebuild of the (existing) gcc. But if you are going to update gcc anyway then this is utterly pointless waste of energy.

Instead you can emerge --ignore-built-slot-operator-deps=y -1uav mpfr mpc first without doing the rebuild. This leaves you with a broken gcc maybe (but actually probably not because portage preserves the old library versions), but next you simply emerge -1uav gcc anyway.

After gcc update don't forget to switch to the new compiler with gcc-config and rebuild libtool.


posted on 2019-11-28 09:09 CET in Code | 0 comments | permalink