Steven Elling | 1 Sep 01:31 2003

Re: Portage through SSH

On Sunday 31 August 2003 13:14, John Nilsson wrote:
> Some requirement thoughts:
> A network of gentoo hosts should have only one portage processing server
> and any number of installation leafs.
>
> First of all portage needs to easily handle more than one installation.
> Second the "leaf-installations" should have a very strict minimum
> requiremnts.
> Third redundancy is probably important. The information to restore a
> lost "leaf" should be availible on booth the portage host and on the
> leaf it self.

I'm not familar with cfengine but can it be adapted to perform this or 
something similar?

--
gentoo-dev <at> gentoo.org mailing list

oom | 1 Sep 07:53 2003
Picon

Re: Portage through SSH

Pardon me if i'm missing the point.. but would something like:
[1]dsh -a emerge -ku sendmail

be usefull in this type of situation?

Assuming of course you had a server with the binarys (i486 or whatever
is most suitable) avaialble by ftp or something 

You could prolly do this over ssh forwarding, or stunnel too so all
transactions were secure.

[1]  dsh (1)  - Distributed shell, or dancer's shell

On Mon, 2003-09-01 at 11:31, Steven Elling wrote:
> On Sunday 31 August 2003 13:14, John Nilsson wrote:
> > Some requirement thoughts:
> > A network of gentoo hosts should have only one portage processing server
> > and any number of installation leafs.
> >
> > First of all portage needs to easily handle more than one installation.
> > Second the "leaf-installations" should have a very strict minimum
> > requiremnts.
> > Third redundancy is probably important. The information to restore a
> > lost "leaf" should be availible on booth the portage host and on the
> > leaf it self.
> 
> I'm not familar with cfengine but can it be adapted to perform this or 
> something similar?
> 
> 
(Continue reading)

Seemant Kulleen | 1 Sep 07:57 2003
Picon

Re: Portage through SSH

Just a thought, but what about shfs?

--

-- 
Seemant Kulleen
Developer and Project Co-ordinator,
Gentoo Linux					http://dev.gentoo.org/~seemant

Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x3458780E
Key fingerprint = 23A9 7CB5 9BBB 4F8D 549B 6593 EDA2 65D8 3458 780E
Steven Elling | 1 Sep 09:04 2003

Re: Portage through SSH

On Sunday 31 August 2003 13:14, John Nilsson wrote:
> Some requirement thoughts:
> A network of gentoo hosts should have only one portage processing server
> and any number of installation leafs.
>
> First of all portage needs to easily handle more than one installation.
> Second the "leaf-installations" should have a very strict minimum
> requiremnts.
> Third redundancy is probably important. The information to restore a
> lost "leaf" should be availible on booth the portage host and on the
> leaf it self.

I think this is something sorely needed.  I'm reading some books on securing 
Linux servers and on a bastion host (or any host in a DMZ for that matter) 
there should not be a compiler or any include files.  The reason why is if 
the system were compromised it would limit the cracker from compiling and 
installing a root kit.  As it stands right now, a Gentoo based system 
requires gcc, includes, and all their friends to operate and be managable 
(Note: Gentoo alone does not have this problem. RedHat, Debian, and every 
kitchen sink distro does the same).

I like Gentoo, but it is not a viable option to the security concious and 
enterprises because it does not support such a feature in addition to 
central package management.  Gentoo is no alone however.

For reference, the book I am reading is "Building Secure Servers with Linux" 
(ISBN: 0-596-00217-3).  The book is written by Michael D. Bauer and 
published by O'Reilly.

--
(Continue reading)

Brian Harring | 1 Sep 09:51 2003
Picon

Re: Portage through SSH


On Monday, September 1, 2003, at 02:04 AM, Steven Elling wrote:

> On Sunday 31 August 2003 13:14, John Nilsson wrote:
>> Some requirement thoughts:
>> A network of gentoo hosts should have only one portage processing 
>> server
>> and any number of installation leafs.
>>
>> First of all portage needs to easily handle more than one 
>> installation.
>> Second the "leaf-installations" should have a very strict minimum
>> requiremnts.
>> Third redundancy is probably important. The information to restore a
>> lost "leaf" should be availible on booth the portage host and on the
>> leaf it self.
>
> I think this is something sorely needed.  I'm reading some books on 
> securing
> Linux servers and on a bastion host (or any host in a DMZ for that 
> matter)
> there should not be a compiler or any include files.  The reason why 
> is if
> the system were compromised it would limit the cracker from compiling 
> and
> installing a root kit.
It would limit them to having to install a root kit, or install a 
compiler (and needed headers).  Kind of pointless though, since if 
they've managed to elevate their rights to the level of installing a 
root kit, lack of a compiler is merely an annoyance to them at that 
(Continue reading)

Stuart Herbert | 1 Sep 12:43 2003
Picon

Re: Portage through SSH

On Monday 01 September 2003 6:57 am, Seemant Kulleen wrote:
> Just a thought, but what about shfs?

SHFS is a lovely idea, but even with the cache disabled I've found it too 
buggy to rely on :(

Best regards,
Stu
--

-- 
Stuart Herbert                                              stuart <at> gentoo.org
Gentoo Developer                                       http://www.gentoo.org/
Beta packages for download            http://dev.gentoo.org/~stuart/packages/
Come and meet me in March 2004                 http://www.phparch.com/cruise/

GnuGP key id# F9AFC57C available from http://pgp.mit.edu
Key fingerprint = 31FB 50D4 1F88 E227 F319  C549 0C2F 80BA F9AF C57C
--
Chris Gianelloni | 1 Sep 14:40 2003
Picon

Re: linux-2.4.21_rc8-gss problem in kernel/sched.c

On Sun, 2003-08-31 at 13:25, Jason Cooper wrote:
> If this has been mentioned before, please ignore.  I emerged
> linux-2.4.21_rc8-gss a week or so ago and finally got around to
> compiling it (need crypto to access old HD).  Found the following error:
> 
> on line 922 of kernel/sched.c there is a redefinition of
> set_cpus_allowed().  It would appear to be the result of a ill-behaved
> patch as it is an exact copy of the definition below it.  All that was
> necessary was to delete the offending function (including 
> #if CONFIG_SMP 
> #endif /* CONFIG_SMP */
> 
> I would submit a patch, but it doesn't seem right to patch over a 
> patch? :)
> 
> Again, if this is known, please ignore.  If you need more info, please
> let me know.
> 
> Thanks for putting out an awsome distro.

The best way to take care fo this would be to file a bug on
bugs.gentoo.org and assign it to x86-kernel <at> gentoo.org.  That way the
kernel team will get the bug and have tracking information on it and
also an easy way to contact you and collaborate on the problem.

--

-- 
Chris Gianelloni
Developer, Gentoo Linux
Games Team

(Continue reading)

Martin, Stephen | 1 Sep 17:55 2003

putting apache / apache2 on 'need' line

Hi all,
I'm finishing up an ebuild that starts a daemon and depends on apache.  The
problem is that it can use either apache or apache2.  How do I handle this
in the need line of the init script, since apache and apache2 have separate
flags?  I'm thinking I need to do something like 'need apache || apache2'.
What's the correct way to handle this?  Or should I just say it depends on
apache2 and be done with it?

Thanks.

--
gentoo-dev <at> gentoo.org mailing list

John Nilsson | 1 Sep 18:51 2003
Picon

Re: Portage through SSH

How about the ability to install a gentoo system on a 20MB partition?
The ability make a profile not containing gcc, glibc and portage would 
be nice.

-John

Brian Harring wrote:
> 
> On Monday, September 1, 2003, at 02:04 AM, Steven Elling wrote:
> 
>> On Sunday 31 August 2003 13:14, John Nilsson wrote:
>>
>>> Some requirement thoughts:
>>> A network of gentoo hosts should have only one portage processing server
>>> and any number of installation leafs.
>>>
>>> First of all portage needs to easily handle more than one installation.
>>> Second the "leaf-installations" should have a very strict minimum
>>> requiremnts.
>>> Third redundancy is probably important. The information to restore a
>>> lost "leaf" should be availible on booth the portage host and on the
>>> leaf it self.
>>
>>
>> I think this is something sorely needed.  I'm reading some books on 
>> securing
>> Linux servers and on a bastion host (or any host in a DMZ for that 
>> matter)
>> there should not be a compiler or any include files.  The reason why 
>> is if
(Continue reading)

John Nilsson | 1 Sep 18:55 2003
Picon

Re: Portage through SSH

Or rather use gentoo to manage a number of lfs-systems. =)

-John

John Nilsson wrote:

> How about the ability to install a gentoo system on a 20MB partition?
> The ability make a profile not containing gcc, glibc and portage would 
> be nice.
> 
> -John
> 
> 
> Brian Harring wrote:
> 
>>
>> On Monday, September 1, 2003, at 02:04 AM, Steven Elling wrote:
>>
>>> On Sunday 31 August 2003 13:14, John Nilsson wrote:
>>>
>>>> Some requirement thoughts:
>>>> A network of gentoo hosts should have only one portage processing 
>>>> server
>>>> and any number of installation leafs.
>>>>
>>>> First of all portage needs to easily handle more than one installation.
>>>> Second the "leaf-installations" should have a very strict minimum
>>>> requiremnts.
>>>> Third redundancy is probably important. The information to restore a
>>>> lost "leaf" should be availible on booth the portage host and on the
(Continue reading)


Gmane