Re: [gentoo-user] python 3.6
Am Donnerstag, 28. Juni 2018, 00:36:57 CEST schrieb Bill Kenworthy: > On 28/06/18 06:16, John Covici wrote: > > On Wed, 27 Jun 2018 17:04:57 -0400, > > > > Ralph Seichter wrote: > >> On 27.06.18 22:43, Bill Kenworthy wrote: > >>> After installing python 3.6, I now have multiple systems wanting to > >>> depclean it! Have I missed something? Should I be uninstalling 3.4 > >>> and 3.5 which are also present? > >> > >> After you have recompiled all packages that were built with Python 3.4 > >> and 3.5 support and verified that these versions are no longer required, > >> you can delete them. > > > > This is not working for me -- after doing a world update, there are > > still packages which apparently need both 3.4 and 3.5, so I cannot > > remove them. I wonder why this would be happening? > > Just found that by re-emergeing 3.6.5 it stops trying to remove it - I > can remove 3.4 but not 3.5.5 as its "still in use as the primary python > vrsion" despite 3.6 being [1] in eselect. > > > BillK That sounds to me like you merely added 3.6.5 to the world file (by not passing --oneshot to emerge). For the rest, see Neil's reply. -- Marc Joliet -- "People who think they know everything really annoy those of us who know we don't" - Bjarne Stroustrup signature.asc Description: This is a digitally signed message part.
[gentoo-user] avahi/mdns-nss and ipv4/ipv6 while pinging
Hi, I am "dicovering" (what a great word :) the IP address of my Raspberry Pi now via ahavi/nss-mdns. When pinging my PC on my Raspberry Pi I get the IPv4-address (good!) - when pinging my Raspberry I only get the IPv6-address(wierd-looking) . The commands are identical. ifconfig on my Raspberry shows me, that the interface gets a ip4 and a ipv6 address. What do I need where to tweak to get ipv4 address shown when pinging? Thanks a lot for any help in advance! Cheers Meino
Re: [gentoo-user] avahi/mdns-nss and ipv4/ipv6 while pinging
On Thursday, 28 June 2018 17:55:12 BST tu...@posteo.de wrote: > Hi, > > I am "dicovering" (what a great word :) the IP address of my Raspberry > Pi now via ahavi/nss-mdns. > > When pinging my PC on my Raspberry Pi I get the IPv4-address (good!) - > when pinging my Raspberry I only get the IPv6-address(wierd-looking) . The > commands are identical. > > ifconfig on my Raspberry shows me, that the interface gets a ip4 and a > ipv6 address. > > What do I need where to tweak to get ipv4 address shown when pinging? > > Thanks a lot for any help in advance! > Cheers > Meino ping -4 -c 3 -- Regards, Mick signature.asc Description: This is a digitally signed message part.
[gentoo-user] Hostile takeover of our github mirror. Don't use ebuild from there until new warning!
Hi! I just want to notify that an attacker has taken control of the Gentoo organization in Github and has among other things replaced the portage and musl-dev trees with malicious versions of the ebuilds intended to try removing all of your files. Whilst the malicious code shouldn't work as is and GitHub has now removed the organization, please don't use any ebuild from the GitHub mirror ontained before 28/06/2018, 18:00 GMT until new warning. Sincerely, Francisco Blas Izquierdo Riera (klondike) Gentoo developer. signature.asc Description: OpenPGP digital signature
[gentoo-user] Re: Hostile takeover of our github mirror. Don't use ebuild from there until new warning!
El 28/06/18 a las 23:15, Francisco Blas Izquierdo Riera (klondike) escribió: > Hi! > > I just want to notify that an attacker has taken control of the Gentoo > organization in Github and has among other things replaced the portage > and musl-dev trees with malicious versions of the ebuilds intended to > try removing all of your files. > > Whilst the malicious code shouldn't work as is and GitHub has now > removed the organization, please don't use any ebuild from the GitHub > mirror ontained before 28/06/2018, 18:00 GMT until new warning. > > Sincerely, > Francisco Blas Izquierdo Riera (klondike) > Gentoo developer. > > Just to keep up with it. There is a more complete article published at https://www.gentoo.org/news/2018/06/28/Github-gentoo-org-hacked.html signature.asc Description: OpenPGP digital signature
Re: [gentoo-user] avahi/mdns-nss and ipv4/ipv6 while pinging
On 06/28 09:04, Mick wrote: > On Thursday, 28 June 2018 17:55:12 BST tu...@posteo.de wrote: > > Hi, > > > > I am "dicovering" (what a great word :) the IP address of my Raspberry > > Pi now via ahavi/nss-mdns. > > > > When pinging my PC on my Raspberry Pi I get the IPv4-address (good!) - > > when pinging my Raspberry I only get the IPv6-address(wierd-looking) . The > > commands are identical. > > > > ifconfig on my Raspberry shows me, that the interface gets a ip4 and a > > ipv6 address. > > > > What do I need where to tweak to get ipv4 address shown when pinging? > > > > Thanks a lot for any help in advance! > > Cheers > > Meino > > ping -4 -c 3 > > -- > Regards, > Mick Hi Mick, thanks for your help! :) But...sorry I asked not exactly enough (no native speaker). I dont want to change the ping options...I am searching for a global setting, which seems to different on both machines, since the output of an unaltered ping call on each of them produces different output... What config should I modify? Thanks a lot in advance for any help! Cheers Meino
Re: [gentoo-user] Re: Hostile takeover of our github mirror. Don't use ebuild from there until new warning!
On Thursday, 28 June 2018 22:54:45 BST Francisco Blas Izquierdo Riera (klondike) wrote: > El 28/06/18 a las 23:15, Francisco Blas Izquierdo Riera (klondike) escribió: > > Hi! > > > > I just want to notify that an attacker has taken control of the Gentoo > > organization in Github and has among other things replaced the portage > > and musl-dev trees with malicious versions of the ebuilds intended to > > try removing all of your files. > > > > Whilst the malicious code shouldn't work as is and GitHub has now > > removed the organization, please don't use any ebuild from the GitHub > > mirror ontained before 28/06/2018, 18:00 GMT until new warning. > > > > Sincerely, > > Francisco Blas Izquierdo Riera (klondike) > > Gentoo developer. > > Just to keep up with it. There is a more complete article published at > https://www.gentoo.org/news/2018/06/28/Github-gentoo-org-hacked.html Thanks for letting us know, but how did this happen? -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] avahi/mdns-nss and ipv4/ipv6 while pinging
On Fri, Jun 29, 2018 at 12:13:39AM +0200, tu...@posteo.de wrote: > On 06/28 09:04, Mick wrote: > > On Thursday, 28 June 2018 17:55:12 BST tu...@posteo.de wrote: > > > Hi, > > > > > > I am "dicovering" (what a great word :) the IP address of my Raspberry > > > Pi now via ahavi/nss-mdns. > > > > > > When pinging my PC on my Raspberry Pi I get the IPv4-address (good!) - > > > when pinging my Raspberry I only get the IPv6-address(wierd-looking) . The > > > commands are identical. > > > > > > ifconfig on my Raspberry shows me, that the interface gets a ip4 and a > > > ipv6 address. > > > > > > What do I need where to tweak to get ipv4 address shown when pinging? > > > > > > Thanks a lot for any help in advance! > > > Cheers > > > Meino > > > > ping -4 -c 3 > > > > -- > > Regards, > > Mick > > > Hi Mick, > > thanks for your help! :) > > But...sorry I asked not exactly enough (no native speaker). > > I dont want to change the ping options...I am searching for > a global setting, which seems to different on both machines, > since the output of an unaltered ping call on each of them > produces different output... > > What config should I modify? > /etc/nsswitch.conf, the line that starts with 'host:'. Mine looks like this: hosts: files mdns_minimal [NOTFOUND=return] dns mdns you can specify mdns4_minimal/mdns4 instead of mdns_minimal/mdns to only get ipv4 results. With mdns either ipv4 or ipv6 will be returned, but apparently ipv6 is preferred.
Re: [gentoo-user] Re: Hostile takeover of our github mirror. Don't use ebuild from there until new warning!
El 29/06/18 a las 00:27, Mick escribió: > On Thursday, 28 June 2018 22:54:45 BST Francisco Blas Izquierdo Riera > (klondike) wrote: >> El 28/06/18 a las 23:15, Francisco Blas Izquierdo Riera (klondike) escribió: >>> Hi! >>> >>> I just want to notify that an attacker has taken control of the Gentoo >>> organization in Github and has among other things replaced the portage >>> and musl-dev trees with malicious versions of the ebuilds intended to >>> try removing all of your files. >>> >>> Whilst the malicious code shouldn't work as is and GitHub has now >>> removed the organization, please don't use any ebuild from the GitHub >>> mirror ontained before 28/06/2018, 18:00 GMT until new warning. >>> >>> Sincerely, >>> Francisco Blas Izquierdo Riera (klondike) >>> Gentoo developer. >> Just to keep up with it. There is a more complete article published at >> https://www.gentoo.org/news/2018/06/28/Github-gentoo-org-hacked.html > Thanks for letting us know, but how did this happen? I don't think there is an official timeline yet. We suspect the github account of an administrator was compromissed. I just brought up the heads up when I noticed that the protage tree had been modified to contain harmful code. signature.asc Description: OpenPGP digital signature
[gentoo-user] Re: Hostile takeover of our github mirror. Don't use ebuild from there until new warning!
On Thu, 28 Jun 2018 23:15:36 +0200 "Francisco Blas Izquierdo Riera (klondike)" wrote: > Hi! > > I just want to notify that an attacker has taken control of the Gentoo > organization in Github and has among other things replaced the portage > and musl-dev trees with malicious versions of the ebuilds intended to > try removing all of your files. > > Whilst the malicious code shouldn't work as is and GitHub has now > removed the organization, please don't use any ebuild from the GitHub > mirror ontained before 28/06/2018, 18:00 GMT until new warning. > > Sincerely, > Francisco Blas Izquierdo Riera (klondike) > Gentoo developer. > > Is it at all likely that any signing keys have been compromised? I can't think of how that would happen, but I don't know much about the situation.
Re: [gentoo-user] Re: Hostile takeover of our github mirror. Don't use ebuild from there until new warning!
On Thu, Jun 28, 2018 at 8:55 PM, Duane Robertson wrote: > On Thu, 28 Jun 2018 23:15:36 +0200 > "Francisco Blas Izquierdo Riera (klondike)" wrote: > >> Hi! >> >> I just want to notify that an attacker has taken control of the Gentoo >> organization in Github and has among other things replaced the portage >> and musl-dev trees with malicious versions of the ebuilds intended to >> try removing all of your files. >> >> Whilst the malicious code shouldn't work as is and GitHub has now >> removed the organization, please don't use any ebuild from the GitHub >> mirror ontained before 28/06/2018, 18:00 GMT until new warning. >> >> Sincerely, >> Francisco Blas Izquierdo Riera (klondike) >> Gentoo developer. >> >> > > Is it at all likely that any signing keys have been compromised? I > can't think of how that would happen, but I don't know much about the > situation. > It is my understanding release engineering maintains separate keys explicitly to prevent situations like this from getting worse. But, the same machine which was compromised (if a machine was compromised) likely had commit signing keys. Considering the size of Gentoo I think GitHub would respond to a request for information on who added the malicious account to the project if that information is not already available. Considering what was done it could be assumed that no access to the master repository was available. If so, any change pushed to the mirror might have been far easier to notice and the attacker could have considered their GitHub access worthless. I'm not sure the above is a reasonable assessment; someone likely just burned access easily worth multiple millions of dollars in CPU time. Other infrastructure should be under scrutiny for past exploitation. Cheers, R0b0t1
