| View previous topic :: View next topic |
| Author |
Message |
miroR
l33t
Joined: 05 Mar 2008
Posts: 826
|
 Posted: Sun Mar 08, 2015 5:36 am Post subject: |
 |
|
| Princess Nell wrote: | | What do your packet traces say about a firefox instance where e.g. "safe browsing" is disabled completely, and the resp. about:config URLs have been emptied? What if OCSP is disabled? |
...[snip]...
I have moved this post of mine, complete with all the replies, over to the topic it much more appropriately belongs:
Google - can not open any link - malware ??
https://forums.gentoo.org/viewtopic-t-912056.html#7714186
Pls., on that topic, everybody feel free to reply there, as that is noise in this topic, now that a backdoorish compilation of dbus by the package webkit-gtk I have discovered in the meantime, for which, do read on! And there is, hopefully, much more of my stuff coming (but with a little of readers' patience for that).
Last edited by miroR on Mon Mar 09, 2015 12:48 pm; edited 1 time in total |
|
| Back to top |
|
 |
jonathan183
Guru
Joined: 13 Dec 2011
Posts: 318
|
| Posted: Sun Mar 08, 2015 11:54 am Post subject: |
|
|
| miroR wrote: | links really better than lynx? Tried links too, but not so extensively,
I so have to use Firefox for internet-banking (Javascript based), but it's always Google spying during my time online. |
I use so that it displays graphics, I thought lynx was text based only. Sometimes the pictures are an important part of the content. I emerge links with directfb and fbcon use flags so I get graphical browsing, no danger of running scripts, and no need to start X. I refuse to struggle with small text and graphics so once I start links for the first time I use the pull down menu and in html options set the text size to 32 and graphics scale to 130% ... which gives something I can easily read on most websites. ymmv but it works for me 
Ed: correct code to links -g
Last edited by jonathan183 on Sun Mar 08, 2015 3:36 pm; edited 1 time in total |
|
| Back to top |
|
|
miroR
l33t
Joined: 05 Mar 2008
Posts: 826
|
| Posted: Sun Mar 08, 2015 1:23 pm Post subject: |
|
|
| jonathan183 wrote: | | miroR wrote: | links really better than lynx? Tried links too, but not so extensively,
...[snip]... |
I use so that it displays graphics
...[snip]... |
That must be:
(just a typo). |
|
| Back to top |
|
|
miroR
l33t
Joined: 05 Mar 2008
Posts: 826
|
| Posted: Sun Mar 08, 2015 1:30 pm Post subject: |
|
|
Continuing the midori-won't-compile issue.
And the one that there was no reason for it to be blacklisted along with the poetterware, the flag previously `-introspection' allowed in with changing it to `introspection' in the `USE=' flags of /etc/portage/make.conf, that use flag called for these changes in my system:
emerge -tuDN world
| Code: |
These are the packages that would be merged, in reverse order:
Calculating dependencies . ..... done! [nomerge ]
app-office/libreoffice-4.4.1.2::gentoo USE="branding cups gstreamer gtk
(-aqua) -bluetooth -coinmp -collada -dbus -debug -eds (-firebird) -gltf -gnome
-gtk3 -java -jemalloc -kde -mysql -odk -postgres -telepathy {-test} -vlc"
LIBREOFFICE_EXTENSIONS="-nlpsolver -scripting-beanshell -scripting-javascript
-wiki-publisher" PYTHON_SINGLE_TARGET="python2_7 -python3_3 -python3_4"
PYTHON_TARGETS="python2_7 python3_3 -python3_4"
[ebuild R ] app-text/liblangtag-0.5.2::gentoo USE="introspection*
-static-libs {-test}" 0 KiB [ebuild R ]
media-libs/gst-plugins-base-1.4.5:1.0::gentoo USE="X alsa introspection* nls
ogg pango theora vorbis -ivorbis -orc" ABI_X86="(64) -32 (-x32)" 0 KiB
[nomerge ] media-gfx/imagemagick-6.9.0.3:0/6.9.0.3::gentoo USE="X bzip2
corefonts cxx djvu fftw fontconfig fpx graphviz hdri jbig jpeg jpeg2k lcms lqr
openexr openmp pango perl png postscript svg tiff truetype webp wmf xml zlib
-autotrace -lzma -opencl -q32 -q64 -q8 -raw -static-libs {-test}"
[ebuild R ] gnome-base/librsvg-2.40.7:2::gentoo USE="introspection*
-tools -vala" ABI_X86="(64) -32 (-x32)" 0 KiB [ebuild R ]
x11-libs/gdk-pixbuf-2.30.8:2::gentoo USE="X introspection* jpeg jpeg2k tiff
-debug {-test}" ABI_X86="(64) -32 (-x32)" 0 KiB [ebuild R ]
x11-libs/pango-1.36.8::gentoo USE="X introspection* -debug" ABI_X86="(64) -32
(-x32)" 0 KiB [ebuild R ] media-libs/harfbuzz-0.9.38:0/0.9.18::gentoo
USE="cairo glib graphite icu introspection* truetype -static-libs {-test}"
ABI_X86="(64) -32 (-x32)" 0 KiB
[nomerge ] media-video/ffmpeg-2.5.4:0/54.56.56::gentoo USE="X aac
aacplus alsa amr bzip2 cdio cpudetection encode faac fontconfig frei0r gnutls
gsm hardcoded-tables iconv ieee1394 jack jpeg2k libass libcaca libsoxr modplug
mp3 network opengl openssl oss pic rtmp schroedinger sdl speex theora threads
truetype twolame v4l vaapi vdpau vorbis vpx x264 xvid zlib (-altivec) -amrenc
(-armv5te) (-armv6) (-armv6t2) (-armvfp) -bluray -bs2b -celt -debug -doc
-examples -fdk -flite -fribidi -gme -iec61883 -ladspa -libv4l -lzma
(-mips32r2) (-mipsdspr1) (-mipsdspr2) (-mipsfpu) (-neon) -openal -opus
-pulseaudio -quvi -samba -ssh -static-libs {-test} -wavpack -webp -x265 -xcb
-zvbi" ABI_X86="(64) -32 (-x32)" CPU_FLAGS_X86="mmx mmxext sse sse2 sse3
-3dnow -3dnowext -avx -avx2 -fma3 -fma4 -sse4_1 -sse4_2 -ssse3 -xop"
FFTOOLS="aviocat cws2fws ffescape ffeval ffhash fourcc2pixfmt graph2dot
ismindex pktdumper qt-faststart trasher"
[nomerge ] media-plugins/frei0r-plugins-1.4::gentoo USE="facedetect
scale0tilt -doc"
[nomerge ] media-libs/opencv-2.4.9:0/2.4::gentoo USE="eigen ffmpeg
gstreamer jpeg jpeg2k opengl openmp png python tiff v4l xine -cuda -doc
-examples -gtk -ieee1394 (-ipp) -java -libav -opencl -openexr (-pch) -qt4
-testprograms -threads -vtk" PYTHON_TARGETS="python2_7"
[ebuild R ] media-libs/gst-plugins-base-0.10.36-r2:0.10::gentoo
USE="introspection* nls -orc" ABI_X86="(64) -32 (-x32)" 0 KiB
[nomerge ] www-client/firefox-36.0-r1::gentoo USE="gstreamer hardened
minimal -bindist -custom-cflags -custom-optimization -dbus -debug
(-gmp-autoupdate) -jit (-pgo) -pulseaudio (-selinux) -startup-notification
-system-cairo -system-icu -system-jpeg -system-libvpx -system-sqlite {-test}
-wifi" LINGUAS="-af -ar -as -ast -be -bg -bn_BD -bn_IN -br -bs -ca -cs -cy -da
-de -el -en_GB -en_ZA -eo -es_AR -es_CL -es_ES -es_MX -et -eu -fa -fi -fr
-fy_NL -ga_IE -gd -gl -gu_IN -he -hi_IN -hr -hu -hy_AM -id -is -it -ja -kk -km
-kn -ko -lt -lv -mai -mk -ml -mr -nb_NO -nl -nn_NO -or -pa_IN -pl -pt_BR
-pt_PT -rm -ro -ru -si -sk -sl -son -sq -sr -sv_SE -ta -te -th -tr -uk -vi -xh
-zh_CN -zh_TW"
[ebuild R ] media-libs/gstreamer-1.4.5:1.0::gentoo USE="introspection*
nls -orc {-test}" ABI_X86="(64) -32 (-x32)" 0 KiB
[nomerge ] media-libs/gst-plugins-base-0.10.36-r2:0.10::gentoo
USE="introspection* nls -orc" ABI_X86="(64) -32 (-x32)"
[ebuild R ] media-libs/gstreamer-0.10.36-r2:0.10::gentoo
USE="introspection* nls -orc {-test}" ABI_X86="(64) -32 (-x32)" 0 KiB
[ebuild R ] sys-fs/eudev-2.1.1::gentoo USE="hwdb introspection* keymap
kmod modutils rule-generator -doc -gudev (-selinux) -static-libs {-test}"
ABI_X86="(64) -32 (-x32)" 0 KiB
[nomerge ] www-client/firefox-36.0-r1::gentoo USE="gstreamer hardened
minimal -bindist -custom-cflags -custom-optimization -dbus -debug
(-gmp-autoupdate) -jit (-pgo) -pulseaudio (-selinux) -startup-notification
-system-cairo -system-icu -system-jpeg -system-libvpx -system-sqlite {-test}
-wifi" LINGUAS="-af -ar -as -ast -be -bg -bn_BD -bn_IN -br -bs -ca -cs -cy -da
-de -el -en_GB -en_ZA -eo -es_AR -es_CL -es_ES -es_MX -et -eu -fa -fi -fr
-fy_NL -ga_IE -gd -gl -gu_IN -he -hi_IN -hr -hu -hy_AM -id -is -it -ja -kk -km
-kn -ko -lt -lv -mai -mk -ml -mr -nb_NO -nl -nn_NO -or -pa_IN -pl -pt_BR
-pt_PT -rm -ro -ru -si -sk -sl -son -sq -sr -sv_SE -ta -te -th -tr -uk -vi -xh
-zh_CN -zh_TW"
[ebuild R ] dev-libs/atk-2.14.0::gentoo USE="introspection* nls
{-test}" ABI_X86="(64) -32 (-x32)" 0 KiB
[nomerge ] app-office/libreoffice-4.4.1.2::gentoo USE="branding cups
gstreamer gtk (-aqua) -bluetooth -coinmp -collada -dbus -debug -eds
(-firebird) -gltf -gnome -gtk3 -java -jemalloc -kde -mysql -odk -postgres
-telepathy {-test} -vlc" LIBREOFFICE_EXTENSIONS="-nlpsolver
-scripting-beanshell -scripting-javascript -wiki-publisher"
PYTHON_SINGLE_TARGET="python2_7 -python3_3 -python3_4"
PYTHON_TARGETS="python2_7 python3_3 -python3_4"
[ebuild R ] app-text/poppler-0.31.0:0/50::gentoo USE="cxx
introspection* jpeg jpeg2k lcms png qt4 tiff utils -cairo -cjk -curl -debug
-doc -qt5" 0 KiB
Total: 12 packages (12 reinstalls), Size of downloads: 0 KiB
WARNING: One or more updates/rebuilds have been skipped due to a dependency conflict:
dev-ruby/rake:0
(dev-ruby/rake-10.4.2:0/0::gentoo, ebuild scheduled for merge) conflicts with
dev-ruby/rake[ruby_targets_ruby21] required by (dev-ruby/racc-1.4.12:0/0::gentoo, installed)
^^^^^^^^^^^^^^^^^^^
>=dev-ruby/rake-0.9.6[ruby_targets_ruby21] required by (dev-lang/ruby-2.1.5:2.1/2.1::gentoo, installed)
^^^^^^^^^^^^^^^^^^^
dev-ruby/rake[ruby_targets_ruby21] required by (dev-ruby/json-1.8.2-r1:0/0::gentoo, installed)
^^^^^^^^^^^^^^^^^^^
dev-ruby/rdoc:0
(dev-ruby/rdoc-4.1.2-r1:0/0::gentoo, ebuild scheduled for merge) conflicts with
>=dev-ruby/rdoc-4.0.1[ruby_targets_ruby21] required by (dev-lang/ruby-2.1.5:2.1/2.1::gentoo, installed)
^^^^^^^^^^^^^^^^^^^
dev-ruby/racc:0
(dev-ruby/racc-1.4.12:0/0::gentoo, ebuild scheduled for merge) conflicts with
dev-ruby/racc[ruby_targets_ruby21] required by (dev-ruby/rdoc-4.1.2-r1:0/0::gentoo, installed)
^^^^^^^^^^^^^^^^^^^
dev-ruby/json:0
(dev-ruby/json-1.8.2-r1:0/0::gentoo, ebuild scheduled for merge) conflicts with
=dev-ruby/json-1*[ruby_targets_ruby21] required by (dev-ruby/rdoc-4.1.2-r1:0/0::gentoo, installed)
^^^^^^^^^^^^^^^^^^^
>=dev-ruby/json-1.4[ruby_targets_ruby21] required by (dev-ruby/rdoc-4.1.2-r1:0/0::gentoo, installed)
^^^^^^^^^^^^^^^^^^^
>=dev-ruby/json-1.8.1[ruby_targets_ruby21] required by (dev-lang/ruby-2.1.5:2.1/2.1::gentoo, installed)
^^^^^^^^^^^^^^^^^^^
Would you like to merge these packages? [Yes/No]
>>> Verifying ebuild manifests
>>> Running pre-merge checks for sys-fs/eudev-2.1.1
|
I don't talk ruby, but I hope the above various ruby packages complaining is nothing serious.
All the above packages have been compiled.
And another one compilation, webkit-gtk takes much longer:
| Code: |
# emerge webkit-gtk |& tee /Cmn/BAK_/emerge.d/emerge_webkit-gtk_`date +%s`
These are the packages that would be merged, in order:
Calculating dependencies ..... done!
[ebuild N ] net-libs/webkit-gtk-2.4.8-r200:2::gentoo USE="X egl gstreamer introspection opengl webgl (-aqua)
-coverage -debug -geoloc -gles2 -jit -libsecret -spell {-test}" 0 KiB
Total: 1 package (1 new), Size of downloads: 0 KiB
Would you like to merge these packages? [Yes/No]
>>> Verifying ebuild manifests
>>> Running pre-merge checks for net-libs/webkit-gtk-2.4.8-r200
...
|
And it ended with, I think the same errors as the compilation of webkit-gtk previous to the introspection change and the world-update.
But there are differences!
It may take me a while to explain, as it is not trivial, but I'll, not re-post the previous webkit-gtk compilation, but post what I got in the standard output, with that previous compilation, along with this new webkit-gtk compilation, both ending in the same error, but differing more than in just a few lines.
---
Just a digression, and you'll see the reason for it warranted, most of the readers. I have:
| Code: | ukrainian # grep -r posix-long-iso /etc/
/etc/profile.env:export TIME_STYLE='posix-long-iso'
/etc/env.d/02locale:TIME_STYLE="posix-long-iso"
/etc/csh.env:setenv TIME_STYLE 'posix-long-iso'
ukrainian #
|
And that frees me from having to have the Americanized time on me, you know, the Jan 13, Feb 2, Sep 20... which you probably have, as it is, it's always been since a while back, the default, and which is wrong. Had I had that Americanized time in the `ls -l' file listing, I would've had different string to search for below. ISO is the International Standards Organization, and surely mine is the better choice.
---
As you can see in my portage, I have:
| Code: |
PORT_LOGDIR="/var/log/portage_logs"
|
and that is unnecessary but no-consequences change from the default.
I want to present the lines representing yesterday's compiles in that dir first,
gotten with
[b]ls -ltr /var/log/portage_logs/ | grep 2015-03-07 >> This_file_you_are_reading.txt:
| Code: |
-rw-rw---- 1 portage portage 13661 2015-03-07 06:57 media-libs:freetype-2.5.5:20150307-055744.log
-rw-rw---- 1 portage portage 131143 2015-03-07 06:57 media-libs:freetype-2.5.5:20150307-055715.log
-rw-rw---- 1 portage portage 112064 2015-03-07 07:01 dev-libs:openssl-1.0.2-r2:20150307-060100.log
-rw-rw---- 1 portage portage 934971 2015-03-07 07:01 dev-libs:openssl-1.0.2-r2:20150307-055748.log
-rw-rw---- 1 portage portage 7963 2015-03-07 07:02 net-misc:openssh-6.7_p1-r4:20150307-060235.log
-rw-rw---- 1 portage portage 220139 2015-03-07 07:02 net-misc:openssh-6.7_p1-r4:20150307-060112.log
-rw-rw---- 1 portage portage 13797 2015-03-07 16:17 sys-apps:busybox-1.23.1-r1:20150307-151741.log
-rw-rw---- 1 portage portage 488963 2015-03-07 16:17 sys-apps:busybox-1.23.1-r1:20150307-151631.log
-rw-rw---- 1 portage portage 6459 2015-03-07 16:18 media-sound:sox-14.4.1:20150307-151854.log
-rw-rw---- 1 portage portage 132832 2015-03-07 16:18 media-sound:sox-14.4.1:20150307-151746.log
-rw-rw---- 1 portage portage 271 2015-03-07 20:15 net-libs:webkit-gtk-2.4.8-r200:20150307-191544.log
-rw-rw-r-- 1 portage portage 13016110 2015-03-07 20:15 wget-fetch.log
-rw-rw---- 1 portage portage 183395 2015-03-07 20:16 dev-libs:gobject-introspection-1.42.0-r1:20150307-191545.log
-rw-rw---- 1 portage portage 29968 2015-03-07 20:16 net-libs:libproxy-0.4.11-r2:20150307-191635.log
-rw-rw---- 1 portage portage 79673 2015-03-07 20:17 net-libs:glib-networking-2.42.1:20150307-191652.log
-rw-rw---- 1 portage portage 211818 2015-03-07 20:18 net-libs:libsoup-2.48.1:20150307-191729.log
-rw-rw---- 1 portage portage 46969424 2015-03-07 21:21 net-libs:webkit-gtk-2.4.8-r200:20150307-191806.log
-rw-rw---- 1 portage portage 271 2015-03-07 22:17 sys-fs:eudev-2.1.1:20150307-211719.log
-rw-rw---- 1 portage portage 20457 2015-03-07 22:18 app-text:poppler-0.31.0:20150307-211811.log
-rw-rw---- 1 portage portage 294849 2015-03-07 22:18 app-text:poppler-0.31.0:20150307-211720.log
-rw-rw---- 1 portage portage 26646 2015-03-07 22:18 dev-libs:atk-2.14.0:20150307-211843.log
-rw-rw---- 1 portage portage 148029 2015-03-07 22:18 dev-libs:atk-2.14.0:20150307-211816.log
-rw-rw---- 1 portage portage 11651 2015-03-07 22:19 sys-fs:eudev-2.1.1:20150307-211947.log
-rw-rw---- 1 portage portage 154164 2015-03-07 22:19 sys-fs:eudev-2.1.1:20150307-211849.log
-rw-rw---- 1 portage portage 32110 2015-03-07 22:21 media-libs:gstreamer-0.10.36-r2:20150307-212107.log
-rw-rw---- 1 portage portage 582366 2015-03-07 22:21 media-libs:gstreamer-0.10.36-r2:20150307-211952.log
-rw-rw---- 1 portage portage 33977 2015-03-07 22:22 media-libs:gstreamer-1.4.5:20150307-212226.log
-rw-rw---- 1 portage portage 562821 2015-03-07 22:22 media-libs:gstreamer-1.4.5:20150307-212112.log
-rw-rw---- 1 portage portage 43979 2015-03-07 22:24 media-libs:gst-plugins-base-0.10.36-r2:20150307-212402.log
-rw-rw---- 1 portage portage 927103 2015-03-07 22:24 media-libs:gst-plugins-base-0.10.36-r2:20150307-212231.log
-rw-rw---- 1 portage portage 10384 2015-03-07 22:24 media-libs:harfbuzz-0.9.38:20150307-212446.log
-rw-rw---- 1 portage portage 138629 2015-03-07 22:24 media-libs:harfbuzz-0.9.38:20150307-212406.log
-rw-rw---- 1 portage portage 14221 2015-03-07 22:25 x11-libs:pango-1.36.8:20150307-212534.log
-rw-rw---- 1 portage portage 272005 2015-03-07 22:25 x11-libs:pango-1.36.8:20150307-212450.log
-rw-rw---- 1 portage portage 25436 2015-03-07 22:26 x11-libs:gdk-pixbuf-2.30.8:20150307-212623.log
-rw-rw---- 1 portage portage 241363 2015-03-07 22:26 x11-libs:gdk-pixbuf-2.30.8:20150307-212539.log
-rw-rw---- 1 portage portage 8833 2015-03-07 22:27 gnome-base:librsvg-2.40.7:20150307-212706.log
-rw-rw---- 1 portage portage 108398 2015-03-07 22:27 gnome-base:librsvg-2.40.7:20150307-212629.log
-rw-rw---- 1 portage portage 43338 2015-03-07 22:28 media-libs:gst-plugins-base-1.4.5:20150307-212851.log
-rw-rw---- 1 portage portage 1073008 2015-03-07 22:28 media-libs:gst-plugins-base-1.4.5:20150307-212712.log
-rw-rw---- 1 portage portage 8640 2015-03-07 22:29 app-text:liblangtag-0.5.2:20150307-212931.log
-rw-rw---- 1 portage portage 151522 2015-03-07 22:29 app-text:liblangtag-0.5.2:20150307-212856.log
-rw-rw---- 1 portage portage 271 2015-03-07 22:32 net-libs:webkit-gtk-2.4.8-r200:20150307-213258.log
-rw-rw---- 1 portage portage 14839547 2015-03-07 22:49 net-libs:webkit-gtk-2.4.8-r200:20150307-213259.log
-rw-rw---- 1 portage portage 271 2015-03-07 22:50 net-libs:webkit-gtk-2.4.8-r200:20150307-215052.log
-rw-rw---- 1 portage portage 49741554 2015-03-07 23:55 net-libs:webkit-gtk-2.4.8-r200:20150307-215054.log
drwxrwsr-x 2 portage portage 331776 2015-03-07 23:55 elog
|
And these are just a few lines (5) extra than what I dealt with so far, and presented, in this topic.
And the two compiles, in that my portage_logs dir that ended with same error, of webkit-gtk, are:
| Code: |
net-libs:webkit-gtk-2.4.8-r200:20150307-191806.log
net-libs:webkit-gtk-2.4.8-r200:20150307-215054.log
|
The:
| Code: |
net-libs:webkit-gtk-2.4.8-r200:20150307-213259.log
|
is a failed attempt at compilation, where I was simultaneously to the compilation editing a copy of /etc/grsec/policy which is the RBAC policy file, so that, dear non-advanced user, and it's the majority of you... (
Surely the teachers like steveL, no he can't have grsec easily, I think, in KDE; he fixes what he can from what he gets of KDE from upstream, and KDE has dbus, and can't be installed without dbus (but he said to PaX Team over here he don't use grsec)...
but surely the teacher NeddySeagoon and others could tell you more and better about it then me
), [but that] was a failed webkit-gtk compilation, which I performed, as it is done, all the emerging, with grsec-hardened, in grsec admin role, and it failed after I, having edited the /etc/grsec/policy, ran:
| Code: |
gradm -D
gradm -C
gradm -E
|
to disable the running RBAC, check it, and, after I found there were no errors in the new /etc/grsec/policy that I just replaced with the copy I worked on, enabled it, [and it failed after] I was dropped from the admin role (logically, every disable drops all the admin roles, and the enabling find the processes running from previously are not anymore `RBAC:admin:S:/' run), so [I was dropped from the admin role] in the other terminal where I was compiling webkit-gtk and I straight got permission errors, and got stranded. Only a little time lost, no serious consequences.
(Did I wet any newbie's/other's appetite for grsecurity-hardened? I wish... The systems of mine are now soooo much securer!...)
So the only two relevant compilations are:
| Code: |
net-libs:webkit-gtk-2.4.8-r200:20150307-191806.log
net-libs:webkit-gtk-2.4.8-r200:20150307-215054.log
|
But,
| Code: |
-rw-rw---- 1 portage portage 46969424 2015-03-07 21:21 net-libs:webkit-gtk-2.4.8-r200:20150307-191806.log
|
differs somewhat from my stout/stderr capture, which I sometimes cut off from my pastes to not bother with details (look up the `|& tee /Cmn/BAK_/emerge.d/emerge ...' strings in my command lines in my pastes).
So, this is my logs outside of the system, for lack of more correct explanation, the paste gotten with
ls -ltr /Cmn/BAK_/emerge.d/ | grep 2015-03-07 >> This_file_you_are_reading.txt:
| Code: |
-rw-r--r-- 1 root root 1287744 2015-03-07 07:02 emerge-tuDN_openssh_1425707759
-rw-r--r-- 1 root root 1653 2015-03-07 07:13 emerge-tuDN_world_1425708744
-rw-r--r-- 1 root root 933 2015-03-07 07:15 emerge-tuDN_world_1425708909
-rw-r--r-- 1 root root 2379 2015-03-07 16:14 emerge-tuDN_world_1425741257
-rw-r--r-- 1 root root 624400 2015-03-07 16:18 emerge-tuDN_world_1425741341
-rw-r--r-- 1 root root 852 2015-03-07 18:13 emerge-tuDN_midori_1425748413
-rw-r--r-- 1 root root 606 2015-03-07 18:33 emerge-p_webkit-gtk_1425749592
-rw-r--r-- 1 root root 818 2015-03-07 18:39 emerge-p_webkit-gtk_1425749979
-rw-r--r-- 1 root root 611 2015-03-07 18:41 emerge_midori_1425750097
-rw-r--r-- 1 root root 612 2015-03-07 19:52 emerge_midori_1425754318
-rw-r--r-- 1 root root 611 2015-03-07 19:54 emerge_midori_1425754454
-rw-r--r-- 1 root root 352 2015-03-07 19:56 emerge_midori_1425754565
-rw-r--r-- 1 root root 1190 2015-03-07 20:01 emerge_webkit-gtk_1425754892_STUB
-rw-r--r-- 1 root root 47475645 2015-03-07 21:21 emerge_webkit-gtk_1425755707
-rw-r--r-- 1 root root 4661580 2015-03-07 22:29 emerge-tuDN_world_1425762970
-rw-r--r-- 1 root root 14844045 2015-03-07 22:49 emerge_webkit-gtk_1425763844_RBAC_logged_out
-rw-r--r-- 1 root root 49742285 2015-03-07 23:55 emerge_webkit-gtk_1425765037
|
These two lines from portage_logs:
| Code: |
-rw-rw---- 1 portage portage 46969424 2015-03-07 21:21 net-libs:webkit-gtk-2.4.8-r200:20150307-191806.log
-rw-rw---- 1 portage portage 49741554 2015-03-07 23:55 net-libs:webkit-gtk-2.4.8-r200:20150307-215054.log
adn these two line from my /Cmn/BAK_/emerge.d:
|
-rw-r--r-- 1 root root 47475645 2015-03-07 21:21 emerge_webkit-gtk_1425755707
-rw-r--r-- 1 root root 49742285 2015-03-07 23:55 emerge_webkit-gtk_1425765037
[/code]
correspond very well, at first sight.
But how come I find a snippet of DBus compilation in:
| Code: |
gbn ~ # grep DBus /Cmn/BAK_/emerge.d/emerge_webkit-gtk_1425755707
env
PATH=".libs:/var/tmp/portage/dev-libs/gobject-introspection-1.42.0-r1/temp/python2.7/bin:/usr/lib/portage/python2.7/ebuild-helpers/xattr:
/usr/lib/portage/python2.7/ebuild-helpers:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin:/usr/x86_64-pc-linux-gnu/gcc-bin/4.8.4"
./g-ir-compiler --includedir=. --includedir=./gir --includedir=.
--includedir=. --includedir=. gir/DBus-1.0.gir -o gir/DBus-1.0.typelib
env
PATH=".libs:/var/tmp/portage/dev-libs/gobject-introspection-1.42.0-r1/temp/python2.7/bin:/usr/lib/portage/python2.7/ebuild-helpers/xattr:
/usr/lib/portage/python2.7/ebuild-helpers:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin:/usr/x86_64-pc-linux-gnu/gcc-bin/4.8.4"
./g-ir-compiler --includedir=. --includedir=./gir --includedir=.
--includedir=. --includedir=. gir/DBusGLib-1.0.gir -o gir/DBusGLib-1.0.typelib
/usr/lib/portage/python2.7/ebuild-helpers/xattr/install -c -m 644
gir/DBus-1.0.gir gir/DBusGLib-1.0.gir gir/fontconfig-2.0.gir
gir/freetype2-2.0.gir gir/GL-1.0.gir gir/libxml2-2.0.gir gir/xft-2.0.gir
gir/xlib-2.0.gir gir/xfixes-4.0.gir gir/xrandr-1.3.gir gir/win32-1.0.gir
gir/cairo-1.0.gir GLib-2.0.gir GObject-2.0.gir GModule-2.0.gir Gio-2.0.gir
GIRepository-2.0.gir
'/var/tmp/portage/dev-libs/gobject-introspection-1.42.0-r1/image//usr/share/gir-1.0'
/usr/lib/portage/python2.7/ebuild-helpers/xattr/install -c -m 644
gir/DBus-1.0.typelib gir/DBusGLib-1.0.typelib gir/fontconfig-2.0.typelib
gir/freetype2-2.0.typelib gir/GL-1.0.typelib gir/libxml2-2.0.typelib
gir/xft-2.0.typelib gir/xlib-2.0.typelib gir/xfixes-4.0.typelib
gir/xrandr-1.3.typelib gir/win32-1.0.typelib gir/cairo-1.0.typelib
GLib-2.0.typelib GObject-2.0.typelib GModule-2.0.typelib Gio-2.0.typelib
GIRepository-2.0.typelib
'/var/tmp/portage/dev-libs/gobject-introspection-1.42.0-r1/image//usr/lib64/girepository-1.0'
>>> /usr/lib64/girepository-1.0/DBusGLib-1.0.typelib
>>> /usr/lib64/girepository-1.0/DBus-1.0.typelib
>>> /usr/share/gir-1.0/DBusGLib-1.0.gir
>>> /usr/share/gir-1.0/DBus-1.0.gir
gbn ~ #
|
while I find none in (it need to be entered with the soft quotes):
| Code: |
grep DBus "/var/log/portage_logs/net-libs:webkit-gtk-2.4.8-r200:20150307-191806.log"
|
and if, the curser being at end of the line, Tab is entered, it will change to:
| Code: |
gbn ~ # grep DBus /var/log/portage_logs/net-libs\:webkit-gtk-2.4.8-r200\:20150307-191806.log
gbn ~ #
|
(that's an empty string, nothing was found)
This is a scoop, in my eyes. I have to post this for everybody to see. And think, and especially conclude, about it later.
Last edited by miroR on Tue Mar 10, 2015 3:52 pm; edited 1 time in total |
|
| Back to top |
|
|
miroR
l33t
Joined: 05 Mar 2008
Posts: 826
|
| Posted: Sun Mar 08, 2015 3:56 pm Post subject: |
|
|
And I know what happened here, thanks to the good leadership of Gentoo Foundation (
but I have to say: pls. inventor of Gentoo, Daniel Robbins, come back, not to rule, but to contribute, esp. by merging Funtoo with Gentoo, back to where that grand knowledge from both belongs: together; but haven't studied that issue, so I have to express reserve for my wish here, in case things are out of hand for that to become true
), [thanks to the good leadership of Gentoo Foundation] that gives us grsecurity-hardened kernel and such great hardened toolchain to compile all packages for hardened, the Gentoo Foundation that gives grsecurity-hardened to the lean but mean numbers of FOSS Linux users worldwide (Gentoo is probably the hardest to learn for a FOSS Linux newbie),
and thanks to grsecurity developers, Bradley spender Spengler and PaX Team (he remains anonymous; has a Hungarian email), who fix what [the little god of the Linux kernel] (read now the continuation in the quote)
| message 20150307.123301.ba61f388.en.html on the Devuan mailing list wrote: |
RBAC or Role Base Access Control is the layer that finalizes what does grsecurity --which includes PaX-- and which [the grsecurity] is a collection of patches that, to explain it in lay terms: fix what Linus Torvalds, the little god of the Linux kernel, since he is its inventor and remains its main programmer, or more exactly the decider-programmer, may have even deliberately introduced (first the Linux Security Model or LSM and, later, the linux capabilities; read in the links in my signature below)...
...[snip]...
|
And I use the same two links in the signature, on Gentoo Forums, also used it on Debian Forums (Debian I am abandoning now), and alos will use it in Devuan Forums (yet to be set up), and am using them already since that message, in the Devauan mailing list. Those are two among the most important events in the world of free computing up until today.
Free in the full sense of the world, free only you get if have privacy. No privacy, no freedom, but control of you (and even against you). And privacy only if secure, obviously.
Read the rest there, please.
I'll post my theory of what happened now. Everybody feel free to defeat my theory and prove me wrong, by means of valid arguments.
What happened here, is a compilation of dbus, or DBus, against what the user (that's not the main problem, but let's first be clear on it), me in this case, set in their USE flags in /etc/portage/make.conf, and it is plain for everybody to see that I haven't dbus in my USE= flags in the emerge --info, (emerge --info don't list the negative flags, so I'll give here the relevant entry from my
/etc/portage/make.conf:
| Code: |
...[snip]...
# These are the USE flags that were used in addition to what is provided by the
# profile used for building.
USE="a52 alsa apache2 audit bash-completion berkdb bzip2 caps cdr crypt \
cscope css -dbus dri dvb dvdr fam ffmpeg fontconfig gdbm \
-geoip gif git -gnome gnutls gpm gstreamer gzip hardened \
imagemagick -introspection jack jpeg jpeg2k -kde lame libcaca -libav mad \
maildir mhash mng mplayer ncurses nls ogg gles2 -pam png readline \
sasl sdl -selinux sysvipc smp sound sox sqlite sqlite3 \
ssl subversion svg tiff truetype -udev unicode v4l vim-syntax vorbis \
X x264 xattr xine xv xvid zlib -pulseaudio"
...[snip]...
|
But how come the DBus compilation showed in the standard output plus standard error log outside the system (for want of better expression), that I take of emerging (the `|&' is equivalent of `2>&1', see `man bash', and see also `man tee'), but it did not show in the system logging, id est (it is part of the system logging, IIUC), in /var/log/portage/logs (I think that is the default, skewed in my case, unncecessarily, but inconsequentially to: /var/log/portage/portage_logs), how come?
My theory is that it happened because the developer who set this up, decided to use the linux capabilities, and in this case, the CAP_SYSLOG.
The relevant excerpts from `man capabilities':
| Code: |
CAP_SYS_ADMIN
...[snip]...
* perform privileged syslog(2) operations (since Linux 2.6.37,
CAP_SYSLOG should be used to permit such operations);
...[snip]...
CAP_SYSLOG (since Linux 2.6.37)
* Perform privileged syslog(2) operations. See syslog(2) for
information on which operations require privilege.
|
The relevant excerpts from `man syslog' (the `man 2 syslog'), not in the order they appear in the manual:
| Code: |
...[snip]...
All commands except 3 and 10 require privilege. In Linux kernels before 2.6.37, command types 3 and 10 are allowed to unprivileged processes; since Linux 2.6.37, these commands are allowed to unprivileged processes only if /proc/sys/kernel/dmesg_restrict has the value 0. Before Linux 2.6.37, "privileged" means that the caller has the CAP_SYS_ADMIN capability. Since Linux 2.6.37, "privileged" means that the caller has either the CAP_SYS_ADMIN capability (now deprecated for this purpose) or the (new) CAP_SYSLOG capability.
...[snip]...
|
And (previously in the manual), the commands that could have been deployed here to, essentially, compile dbus against the user's decision, and (this is the main problem:) hide that the compilation has taken place, could have been (I'm studying this manual for the first time):
More of the relevant excerpts from `man syslog' (the `man 2 syslog'):
| Code: |
SYSLOG(2) Linux Programmer's Manual SYSLOG(2)
NAME
syslog, klogctl - read and/or clear kernel message ring buffer; set console_loglevel
SYNOPSIS
int syslog(int type, char *bufp, int len);
/* No wrapper provided in glibc */
/* The glibc interface */
#include <sys/klog.h>
int klogctl(int type, char *bufp, int len);
DESCRIPTION
...[snip]...
This page describes the kernel syslog() system call, which is used to control the kernel printk() buffer; the glibc wrapper function for the system call is called klogctl().
The kernel log buffer
The kernel has a cyclic buffer of length LOG_BUF_LEN in which messages given as arguments to the kernel function printk() are stored (regardless of their log level). In early kernels, LOG_BUF_LEN had the value 4096; from kernel 1.3.54, it was 8192; from kernel 2.1.113, it was 16384; since kernel 2.4.23/2.6, the value is a kernel configuration option (CONFIG_LOG_BUF_SHIFT, default value dependent on the architecture). Since Linux 2.6.6, the size can be queried with command type 10 (see below).
Commands
The type argument determines the action taken by this function. The list below specifies the values for type. The symbolic names are defined in the kernel source, but are not exported to user space; you will either need to use the numbers, or define the names yourself.
SYSLOG_ACTION_CLOSE (0)
Close the log. Currently a NOP.
SYSLOG_ACTION_OPEN (1)
Open the log. Currently a NOP.
SYSLOG_ACTION_READ (2)
Read from the log. The call waits until the kernel log buffer is nonempty, and then reads at most len bytes into the buffer pointed to by bufp. The call returns the number of bytes read. Bytes read from the log disappear from the log buffer: the information can be read only once. This is the function executed by the kernel when a user program reads /proc/kmsg.
SYSLOG_ACTION_READ_ALL (3)
Read all messages remaining in the ring buffer, placing them in the buffer pointed to by bufp. The call reads the last len bytes from the log buffer (nondestructively), but will not read more than was written into the buffer since the last "clear ring buffer" command (see command 5 below)). The call returns the number of bytes read.
SYSLOG_ACTION_READ_CLEAR (4)
Read and clear all messages remaining in the ring buffer. The call does precisely the same as for a type of 3, but also executes the "clear ring buffer" command.
SYSLOG_ACTION_CLEAR (5)
The call executes just the "clear ring buffer" command. The bufp and len arguments are ignored.
This command does not really clear the ring buffer. Rather, it sets a kernel bookkeeping variable that determines the results returned by commands 3 (SYSLOG_ACTION_READ_ALL) and 4 (SYSLOG_ACTION_READ_CLEAR). This command has no effect on commands 2 (SYSLOG_ACTION_READ) and 9 (SYSLOG_ACTION_SIZE_UNREAD).
SYSLOG_ACTION_CONSOLE_OFF (6)
The command saves the current value of console_loglevel and then sets console_loglevel to minimum_console_loglevel, so that no messages are printed to the console. Before Linux 2.6.32, the command simply sets console_loglevel to minimum_console_loglevel. See the discussion of /proc/sys/kernel/printk, below.
The bufp and len arguments are ignored.
SYSLOG_ACTION_CONSOLE_ON (7)
If a previous SYSLOG_ACTION_CONSOLE_OFF command has been performed, this command restores console_loglevel to the value that was saved by that command. Before Linux 2.6.32, this command simply sets console_loglevel to default_console_loglevel. See the discussion of /proc/sys/kernel/printk, below.
The bufp and len arguments are ignored.
SYSLOG_ACTION_CONSOLE_LEVEL (8)
The call sets console_loglevel to the value given in len, which must be an integer between 1 and 8 (inclusive). The kernel silently enforces a minimum value of minimum_console_loglevel for len. See the log level section for details. The bufp argument is ignored.
SYSLOG_ACTION_SIZE_UNREAD (9) (since Linux 2.4.10)
The call returns the number of bytes currently available to be read from the kernel log buffer via command 2 (SYSLOG_ACTION_READ). The bufp and len arguments are ignored.
,
|
Now, I couldn't do, myself, such a thing as the developer(s) in question, for some reason, decided to do. I don't have a firm grasp on what I cited above, I'm a fraction of programmer only.
But what I do know, dear sisters and brothers in *nix, is it is only grsecurity-hardened kernel that couldn't be messed up with in this story about this, I hope, well-documented episode that just happened on my system.
Obviously, had I not been running a grsec-hardened kernel, I can't find time to try and read the code, but I could bet on it, had I not been running a grsecurity-hardened kernel, the tools are there and the developer(s) in question probably used them, and it can probably be found in the source in which fashion exactly they used those tools above, to clear those logs from the console.
In other words, I know, and you now know, about this underhanded attempt at installing of dbus in my system, only because there is no way, or hardly there is a way to circumvent grsecurity's protection of a well hardened system, and hide what is going on from grsecurity.
And grsecurity does not hide from users what is happening.
grsecurity defends users. And so does Gentoo. (If you learn how to use the latter with the former.)
Thank you, Gentoo Foundation, and thank you spender and PaX Team! |
|
| Back to top |
|
|
miroR
l33t
Joined: 05 Mar 2008
Posts: 826
|
| Posted: Sun Mar 08, 2015 5:37 pm Post subject: |
|
|
I have also notified the grsecurity devs. So we can have a fine confirmation on this.
I want to add, that I am willing to provide further info on this matter, to Gentoo higer ranking members, just, I would like it to be openly discussed further, and not, if this is what I think it is, attempted to hide under the rug.
([openly discussed further], such as: give us here the lines from the source of that webkit-gtk that hide the code from the syslog, thanks in advance!)
Don't disenpower us, poor users!
However, probably not much more information is needed. It's net-libs/webkit-gtk-2.4.8-r200 which is in everybody's portage, and esp. in those who use, like I do, signed portage snapshots.
(But I'd almost bet that the package will very soon be disappearing from mirrors! --just my guess though--.... )
And all the procedure to replicate what happened on my system, has been described in my posts above.
If anybody has any suggestion what might be missing, do tell.
Also, in circumstances like this, I don't like neither correcting my typoes nor improving my wordage used, other then one thing...
Other then one thing. dillo, which I used, has a little problem with cache, that can be easily circumvented, but the user needs to remember to refresh the page, and I inadvertently lost a little text...
EDIT START Tue 10 Mar 17:04:35 CET 2015:
Couldn't find it, screencasts are much harder to search then electronic text, but I corrected/completed most of the text, many of the more than dozen of my posts of this topic.
(While I could, very probably, find exactly what I typed and lost, just a sentence or two, because I always run my uncenz-1st from the:
https://github.com/miroR/uncenz when online, the detailed research of it I spare for scoops such as the linked previously in this topic, Google and Yahoo intrusions and such, or other important cases; wasn't so much lost here.)
EDIT END
Last edited by miroR on Tue Mar 10, 2015 4:14 pm; edited 3 times in total |
|
| Back to top |
|
|
miroR
l33t
Joined: 05 Mar 2008
Posts: 826
|
| Posted: Sun Mar 08, 2015 8:06 pm Post subject: |
|
|
I kindly ask everybody, if I may, to try and understand, that some customs and promises of FOSS behavior, of the OSI, of GNU/Linux generally, I believe have been grossly harmed, and not just neglected here, in this secret compilation that the user wasn't supposed to ever know about, as I explained above, pretty completely, and everybody can find out, and if they reproduce if with that webkit-gtk package on a grsec-hardened kernel, they can figure out all the details.
So I hereby kindly ask that contributors to topic on what has too little to do with non-poetterized Gentoo, id est too little to do with this topic, such as technical details about the googleized Firefox, let's move that discussion over to the topic where I already posted a lot:
Google - can not open any link - malware ??
https://forums.gentoo.org/viewtopic-t-912056.html#7714186
And I'll move this content, which was here, now to the new post in bottom.
Last edited by miroR on Tue Mar 10, 2015 3:53 pm; edited 2 times in total |
|
| Back to top |
|
|
Princess Nell
l33t
Joined: 15 Apr 2005
Posts: 916
|
|
| Back to top |
|
|
Princess Nell
l33t
Joined: 15 Apr 2005
Posts: 916
|
| Posted: Sun Mar 08, 2015 11:59 pm Post subject: |
|
|
I've run a little experiment here.
Set up a test user with a completely new firefox profile. Just change it so that the home page points to www.gentoo.org. Disable all daemons that listen to or create network traffic (ntp, ssh etc.). Then run a network dump and start firefox, close it when the page has loaded completely. Result is around 3.5k packets.
Now run the same experiment again with my normal browser settings, ie. about:config variables relating to OCSP, safe-browsing etc. disabled, and all add-ons disabled. The result is some 150 packets. Enabling add-ons adds some 70 more packets, but I didn't check in detail which add-on causes which traffic. More importantly, other than DNS and certain multicast stuff, I see no traffic not relating to the loading of www.gentoo.org.
This is sobering. The vast majority of the difference is traffic going into Google. But it also shows that a good configuration can go a long way to protect your privacy. This is quite different from e.g. https://en.wikipedia.org/wiki/Google_Chrome#User_tracking.
If you just want to know what's going on, looking at the DNS queries seems to be quite sufficient. In my case, 50% of all the recorded DNS packets were related to safebrowsing.google.com (and varieties). |
|
| Back to top |
|
|
miroR
l33t
Joined: 05 Mar 2008
Posts: 826
|
| Posted: Mon Mar 09, 2015 1:48 pm Post subject: |
|
|
This post was in the place of my previous post to this one in this topic, posted originally when that post, that is now there instead of this one, has the timestamp for. I've only cut'n'pasted it over here, and added this in the top, and the NOTE in the bottom
---
I certainly hope that higher ranking Gentoo members, particularly Moderators and Administrators, will hold to the:
http://www.gentoo.org/main/en/contract.xml
wherefrom I take opportunity to cite in particular this line:
| Code: |
We will not hide problems
|
I will very probably be off for a number of hours or half a day or even a day, now.
I've done what I could. Dear Gentoo folks, if this is what I think it is, a very backdoorish behavior on the part of whoever is responsible for this webkit-gtk program behaving as presented so far in this topic of mine...
[Dear Gentoo folks], prove that you uphold the Gentoo Social Contract to the full extent!
IMO, nothing short of a presentation (and that is how I read the Social Contract) for the reading audience, here or elsewhere in Gentoo virtual world-wide accessible web premises... (But not hidden in any way, outright or indirectly, from readers of this topic, of course, notify publically the readers here if you do that elsewhere, via a post here, please!)
[IMO, nothing short of a] a full [presentation], likely with pastes of the code from those concrete files from the webkit-gtk sources in question, nothing short of that, IMO, can prove your full allegiance to the "We will not hide problems" clause of the above linked Gentoo Social Contract.
Something along the lines of, or similar to, what PaX Team gave, here:
PAX terminating task on /usr/bin/gdb
https://forums.grsecurity.net/viewtopic.php?f=3&t=4137#p14962
(I don't read nor use much of programming languages to be able to do that myself.)
I understand that such a work may take a while. I hope we won't be waiting many days for the reply.
Thank you!
---
NOTE: I'm still busy with other things. And I really wonder how long will it take for people to check if this is or is not a:
backdoor compilation against what user asked for, and that in regular compilation nobody would notice, via system logging because it is hidden by means of linux capabilities, it does not show in /var/portage/logs/.
Last edited by miroR on Tue Mar 10, 2015 3:56 pm; edited 1 time in total |
|
| Back to top |
|
|
steveL
Watchman
Joined: 13 Sep 2006
Posts: 5153
Location: The Peanut Gallery
|
| Posted: Mon Mar 09, 2015 3:10 pm Post subject: |
|
|
I hope you are aware that there are a myriad of logging settings for portage.
So just because everything that appears in a 2>&1 output does not appear in your portage logfile, or heaven forfend, your syslog, does not mean that you've been cracked. |
|
| Back to top |
|
|
miroR
l33t
Joined: 05 Mar 2008
Posts: 826
|
| Posted: Tue Mar 10, 2015 8:41 am Post subject: |
|
|
| steveL wrote: | I hope you are aware that there are a myriad of logging settings for portage.
So just because everything that appears in a 2>&1 output does not appear in your portage logfile, or heaven forfend, your syslog, does not mean that you've been cracked. |
Thanx for kind and mild words, by which you express your minimization of what shows in my ample report above.
But I stand by my claim: that there is backdoorish compilation. You can not chack it unless you install grsec-hardenened (which you said you haven't done as of yet, IIUC).
I think this is a fine uncovering from my part of a fishy behaviour, and I believe I should try filing a bug, before the new version of the webkit-gtk program makes an attempt to send all of this into oblivion.  ...(If only I weren't so slow at this work)
Last edited by miroR on Tue Mar 10, 2015 4:00 pm; edited 1 time in total |
|
| Back to top |
|
|
steveL
Watchman
Joined: 13 Sep 2006
Posts: 5153
Location: The Peanut Gallery
|
| Posted: Tue Mar 10, 2015 9:56 am Post subject: |
|
|
| steveL wrote: | I hope you are aware that there are a myriad of logging settings for portage.
So just because everything that appears in a 2>&1 output does not appear in your portage logfile, or heaven forfend, your syslog, does not mean that you've been cracked. |
| miroR wrote: | | Thanx for kind and mild words, by which you express your minimization of what shows in my ample report above. |
Lul; is that a roundabout way of telling me I'd normally be much more dismissive? Thanks for the backhanded-compliment, not ;p
It's not minimisation: that was literally the only thing I could find amidst the morass of text above, as in where the problem stemmed from. I simply could not follow a great deal of the rest of it, nor dig out the nugget where you actually pointed to the clear issue, as in "this line from the log shows that X has happened, and this is wrong because Y (see this upstream bug-report.)"
| Quote: | | If only I weren't so slow at this work |
Trust me, it would go a lot quicker if you deleted 90% of your posts before you hit submit, and stopped needless duplication by quoting everything in large chunks. It's not keeping records: this isn't paper, and you're not duping (or "saving") anything. The existing posts can simply be linked to, instead.
Still the real issue, for my part, is the inordinate length, wherein you explain every in and out of what you did, and what happened on the web somewhere else, and oh look this happened with my ISP, see these three links, etc. It's insanely difficult to follow, ime.
Which is a shame as I've found some interesting things by following up some of your posts.
I just wish you'd give us the good stuff and cut the chaff.
"Write for your audience," or at least know your audience (and their tolerance levels), would be my advice.
==
Let the blog-roll continue.. ;) |
|
| Back to top |
|
|
miroR
l33t
Joined: 05 Mar 2008
Posts: 826
|
| Posted: Tue Mar 10, 2015 2:35 pm Post subject: |
|
|
I did not write my post previous to this one with even a shade of malicious intent, steveL.
Be so kind and tell, me and the readers; this:
( this same topic we are at )
https://forums.gentoo.org/viewtopic-t-1012022.html#7713038
is a typo, is it? And it should be corrected to:
should it?
I've been cleaning the text (all of it, contrary to previously thought I wouldn't) since about 1500 views in not many days. And then I'll more easily, hopefully, post to Bugzilla. |
|
| Back to top |
|
|
miroR
l33t
Joined: 05 Mar 2008
Posts: 826
|
| Posted: Tue Mar 10, 2015 5:41 pm Post subject: |
|
|
So, for almost two days, (see the timestamp of my `backdoorish behavior of webkit-gtk discovery', which to me shows:
Posted: Sun Mar 08, 2015 2:30 pm
), I believed I found a huge inconsistency.
But now, upon studying what I posted, while cleaning the text as I in the end decided to do...
But now, I realize there isn't anything wrong, in this cas, not with the system logging, and there is no discrepancy btwn what the system logged in /var/log/portage nor what I logged outside the system. Those logs actually correspond.
It is also obvious from what I posted, of course, if one takes care to look into it more carefully.
I must first post this, so that no confusion remain as to the existence of the `backdoorish behavior' that I described above.
There is none. Sadly, it took me more than two days to understand those logs... and realize that I was wrong.
In what I posted since the abovementioned post of, what appears to me timestamped: Sun Mar 08, 2015 2:30 pm
(For comparison, this one has just been timestamped, in this timezone of the worldk, the CET:
Posted: Tue Mar 10, 2015 6:41 pm
)
Then I will explain.
Really sorry about that. |
|
| Back to top |
|
|
steveL
Watchman
Joined: 13 Sep 2006
Posts: 5153
Location: The Peanut Gallery
|
| Posted: Tue Mar 10, 2015 6:36 pm Post subject: |
|
|
No worries; at least you admit the mistake and apologise, so we can all just move on. Everybody else makes mistakes too.
No, gdbus was not a typo; IDK what thread I got the info from, but that was starting to pull in gtk-3, which was the real concern, that I recall.
Welcome to the wonderful world of "gentle" persuasion via self-inflicted dependency-hell.
Still, no one will ever be able to take package.mask away, as it's essential for any sort of distro, or any build setup to make stages etc.
At some point, things have to get done, even when that's obfuscated for political purpose. |
|
| Back to top |
|
|
miroR
l33t
Joined: 05 Mar 2008
Posts: 826
|
| Posted: Tue Mar 10, 2015 8:30 pm Post subject: |
|
|
Thank you, steveL, this last post of yours is a real relief in this ugly
situation I'm in.
But I prepared the explanaion.
---
Explanation.
From:
( this same topic you are at )
https://forums.gentoo.org/viewtopic-t-1012022.html#7713452
Posted: Sat Mar 07, 2015 8:29 pm
( while double-checking and posting this, I see the same post timestamped: Posted: Sat Mar 07, 2015 7:29 pm, and understanding that is beyond me; same page in dillo, viewed offline 8:29, now new instance of dillo open that same page: 7:29, Explaining that too, just in case, and not changing my prepared text.)
( All timespamps show to me in Central European Time, my time zone )
| Quote: | What I know sometimes happens, is, if something won't get installed right away such as midori won't, maybe if will after I install some of the packages that it needs.
I'll try (since no advice from any Elders), and install the webkit-gtk, and see if midori will be more condescending then.
And, with this `introspection' flag there (and `-jit' reverted to), now it wants to install it this way:
| Code: |
ukrainian # emerge webkit-gtk |& tee /Cmn/BAK_/emerge.d/emerge_webkit-gtk_`date +%s`
These are the packages that would be merged, in order:
Calculating dependencies ..... done!
[ebuild N ] dev-libs/gobject-introspection-1.42.0-r1::gentoo USE="-cairo -doctool {-test}" PYTHON_TARGETS="python2_7" 0 KiB
[ebuild N ] net-libs/libproxy-0.4.11-r2::gentoo USE="-gnome -kde -mono -networkmanager -perl -python -spidermonkey {-test} -webkit" ABI_X86="(64) -32 (-x32)" PYTHON_TARGETS="python2_7" 92 KiB
[ebuild N ] net-libs/glib-networking-2.42.1::gentoo USE="libproxy ssl -gnome -smartcard {-test}" ABI_X86="(64) -32 (-x32)" 366 KiB
[ebuild N ] net-libs/libsoup-2.48.1:2.4::gentoo USE="introspection ssl -debug -samba {-test}" ABI_X86="(64) -32 (-x32)" 1,668 KiB
[ebuild N ] net-libs/webkit-gtk-2.4.8-r200:2::gentoo USE="X egl gstreamer introspection opengl webgl (-aqua) -coverage -debug -geoloc -gles2 -jit -libsecret -spell {-test}" 9,598 KiB
Total: 5 packages (5 new), Size of downloads: 11,723 KiB
The following USE changes are necessary to proceed:
(see "package.use" in the portage(5) man page for more details)
# required by net-libs/webkit-gtk-2.4.8-r200::gentoo
# required by webkit-gtk (argument)
>=net-libs/libsoup-2.48.1 introspection
^Cukrainian #
|
Canceled. |
Here I looked into the packages that would be installed as well as I here thought I understood from the gobject-introspection ebuild what introspection was... See there for that.
I here also (see there), figured out that they won't pull dbus, and decided for the installation.
Take notice of the line above in my outside-of-system logging:
| Code: |
ukrainian # emerge webkit-gtk |& tee /Cmn/BAK_/emerge.d/emerge_webkit-gtk_`date +%s`
|
That line produced:
( I'll next, in this explanation, be using what I posted on
-- this same topic --
https://forums.gentoo.org/viewtopic-t-1012022-start-25.html#7713722
)
| Code: |
-rw-r--r-- 1 root root 1190 2015-03-07 20:01 emerge_webkit-gtk_1425754892
|
The fact that you see `emerge_webkit-gtk_1425754892_STUB' in the listing, is because I later renamed it so.
That out-of-system logging of mine correcponds with this line in the system logging (where it has the timestamp in GMa, IIUC, one smaller value than CET during winter):
| Code: |
-rw-rw---- 1 portage portage 271 2015-03-07 20:15 net-libs:webkit-gtk-2.4.8-r200:20150307-191544.log
|
That one, from the portage system logging, is a real stub, it doesn't reveal to you much, far less then my logging. Go and try for yourself with whichever package, but cancel instead of install and see what it gets you.
OK. After I decided to go for the install of those five packages of which the last to install will be webkit-gtk, I repeated the same command. For clarity, so less advanced readers can more easily follow, I repeated this same command:
| Code: |
ukrainian # emerge webkit-gtk |& tee /Cmn/BAK_/emerge.d/emerge_webkit-gtk_`date +%s`
|
(regardless that I left out the ` |& tee /Cmn/BAK_/emerge.d/emerge_webkit-gtk_`date +%s`' from the paste.
| Quote: | So trying (but not repeating the same output as above, for:
| Code: |
ukrainian # emerge webkit-gtk
...
|
Just this time I didn't cancel it. but accepted it. There wouldn't be any
in bottom of the output (the paste) as it was then. I'm not pasting it, because that would be the sole difference from the canceled paste above.
It's churning on. It already is at the 5th package, the webkit-gtk. I'll post this while I wait.
|
And the line from out-of-system:
| Code: |
-rw-r--r-- 1 root root 47475645 2015-03-07 21:21 emerge_webkit-gtk_1425755707
|
but, here's the point: it includes the compilation of the first 4 small packages! And the DBus grepped out in that out of system build log, belongs to the :
| Code: |
/var/tmp/portage/dev-libs/gobject-introspection
|
dev-libs/gobject-introspection package, not the webkit-gtk package!
The corresponding line from system:
| Code: |
-rw-rw---- 1 portage portage 46969424 2015-03-07 21:21 net-libs:webkit-gtk-2.4.8-r200:20150307-191806.log
|
I checked, corresponds fine with the out-of-system emerge_webkit-gtk_1425755707, if I cut out the build of the first 4 packages.
The problem that remain is the DBus of the dev-libs/gobject-introspection package, and which seems to have caused some panick in my feelings that ended up with the wrong conlusioon, for two days and 4 hours.
That DBus remains to be solved, how it can be installed, if it is dbus, when I have the -dbus stuck in the /etc/portage/make.conf's `USE=' flags.
So, while the bug of `hidden compilation' is non-existent, and there is no scoop like I thought for really long, the dbus problem remains. |
|
| Back to top |
|
|
NeddySeagoon
Administrator
Joined: 05 Jul 2003
Posts: 54237
Location: 56N 3W
|
| Posted: Tue Mar 10, 2015 8:40 pm Post subject: |
|
|
miroR,
| miroR wrote: | | That DBus remains to be solved, how it can be installed, if it is dbus, when I have the -dbus stuck in the /etc/portage/make.conf's `USE=' flags. |
USE flags only control optional support. If a package hard depends on dbus (or whatever) USE=-dbus will not prevent it being installed.
You need to package mask dbus, (or whatever) so that hard dependencies are not installed.
Then portage will complain about masked packages. How you resolve it is then up to you.
a) don't install the package that needs dbus
b) give in and install dbus
c) fix the ebuild to see what happens if you remove de dbus dependency in the ebuild.
In the case of c), if it breaks you can keep the pieces :)
Run | Code: | | $ equery depends dbus |
| Code: | | app-text/ghostscript-gpl-9.15-r1 (dbus ? sys-apps/dbus) |
says that if USE=dbus, then any version will do.
| Code: | | dev-libs/glib-2.42.2 (>=sys-apps/dbus-1.2.14) |
says dbus is required as there is no USE flag test.
if you want gtib, you have to have dbus too.
_________________
Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
| Back to top |
|
|
steveL
Watchman
Joined: 13 Sep 2006
Posts: 5153
Location: The Peanut Gallery
|
| Posted: Wed Mar 11, 2015 3:36 am Post subject: |
|
|
| NeddySeagoon wrote: | | if you want glib, you have to have dbus too. |
That is so arse about tit.
I know, I know, "upstream, what can you do?" but the answer to that is patch it out til upstream gets the message.
That's what distros are for. |
|
| Back to top |
|
|
miroR
l33t
Joined: 05 Mar 2008
Posts: 826
|
| Posted: Wed Mar 11, 2015 3:47 pm Post subject: |
|
|
| NeddySeagoon wrote: | miroR,
| miroR wrote: | | That DBus remains to be solved, how it can be installed, if it is dbus, when I have the -dbus stuck in the /etc/portage/make.conf's `USE=' flags. |
USE flags only control optional support. If a package hard depends on dbus (or whatever) USE=-dbus will not prevent it being installed.
You need to package mask dbus, (or whatever) so that hard dependencies are not installed.
Then portage will complain about masked packages. How you resolve it is then up to you.
a) don't install the package that needs dbus
b) give in and install dbus
c) fix the ebuild to see what happens if you remove de dbus dependency in the ebuild.
In the case of c), if it breaks you can keep the pieces |
So, the DBus from gobject-introspection is either a dbus like any other, or is of a kind of a dbus family...
But however, if you look it up:
( 1st page of this same topic )
https://forums.gentoo.org/viewtopic-t-1012022.html#7712694
`sys-apps/dbus' is in my package.mask. But... this gobject-introspection seems to serve us some different kind of DBus than the sys-apps/dbus (as it says: DBus), which is... what...?
And then, to use what failed to install in webkit-gtk with that, is with a component which that gobject-introspection compiled, webkit-gtk couldn't work out some `WebKit-1.0.gir' component for itself, as in:
( 1st page of this same topic )
https://forums.gentoo.org/viewtopic-t-1012022.html#7713488
from webkit-gtk's configuration:
| Code: | --output=WebKit-1.0.gir \
|
and then:
| Code: |
1.0', '/usr/share/gir-1.0', '/usr/share/gir-1.0', '/usr/share/gir-1.0'])
GNUmakefile:82212: recipe for target 'WebKit-1.0.gir' failed
make[1]: *** [WebKit-1.0.gir] Error 1
|
which this DBus provider gobject-introspection prepared and installed for it:
( this 2nd page of this same topic )
https://forums.gentoo.org/viewtopic-t-1012022-start-25.html#7713722
where stings containing `gir' such as
are plenty.
I'll go into more datail yet on this next part of your kind and comforting message (comforting: see the circumstances, and another, the last, amount of ashes that I strew on my head, below).
| Quote: | Run | Code: | | $ equery depends dbus |
| Code: | | app-text/ghostscript-gpl-9.15-r1 (dbus ? sys-apps/dbus) |
says that if USE=dbus, then any version will do.
| Code: | | dev-libs/glib-2.42.2 (>=sys-apps/dbus-1.2.14) |
says dbus is required as there is no USE flag test.
if you want gtib, you have to have dbus too. |
Neddy, and steveL, thank you.
I've been a little despondent since I discovered I was infatuated with my having found this non-existent bug above (but the use of linux capabilities would be similar to what I supposed there).
Thanks for the tolerance of my errors. OK, no more ashes about this non-existent-bug-infatuation episode from now.
I now have to revert to `-introspection' like it was before. I think `introspection' pulls in some kind of dbus through gobject-introspection.
And midori is non-appealing to me with these dependencies of its.
This pursuit of a non-dbus browser (dbus being what poetterware plugs into like a plug in a socket, so a non-poetterware browser, if we view the term more widely) is not over.
And I owe Princess Nell a packet and screeen capture of SchmoogleFox and data-harvesting-to-cloud-on-first connection, in the other topic on Schmoog. If I make it. That's a lot of work.
(
What I'll go into more datail about is also connected with what steveL wrote:
| steveL wrote: | | NeddySeagoon wrote: | | if you want glib, you have to have dbus too. |
That is so arse about tit.
I know, I know, "upstream, what can you do?" but the answer to that is patch it out til upstream gets the message.
That's what distros are for. |
) |
|
| Back to top |
|
|
miroR
l33t
Joined: 05 Mar 2008
Posts: 826
|
| Posted: Wed Mar 11, 2015 5:14 pm Post subject: |
|
|
| NeddySeagoon wrote: |
Run | Code: | | $ equery depends dbus |
| Code: | | app-text/ghostscript-gpl-9.15-r1 (dbus ? sys-apps/dbus) |
says that if USE=dbus, then any version will do.
| Code: | | dev-libs/glib-2.42.2 (>=sys-apps/dbus-1.2.14) |
says dbus is required as there is no USE flag test.
if you want glib, you have to have dbus too. |
I'll post the full run of it:
| Code: |
ukrainian ~ # equery d dbus
* These packages depend on dbus:
app-text/ghostscript-gpl-9.15-r1 (dbus ? sys-apps/dbus)
dev-libs/glib-2.42.2 (>=sys-apps/dbus-1.2.14)
dev-vcs/subversion-1.8.11 (gnome-keyring ? sys-apps/dbus)
(kde ? sys-apps/dbus)
media-video/vlc-2.2.0 (dbus ? >=sys-apps/dbus-1.6:0)
net-libs/glib-networking-2.42.1 (test ? sys-apps/dbus[X])
net-libs/libpcap-1.6.2-r1 (dbus ? sys-apps/dbus[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?])
net-libs/libproxy-0.4.11-r2 (networkmanager ? >=sys-apps/dbus-1.6.18-r1[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?])
net-print/cups-2.0.2-r1 (dbus ? >=sys-apps/dbus-1.6.18-r1[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?])
net-print/cups-filters-1.0.66 (dbus ? sys-apps/dbus)
www-client/firefox-36.0.1 (dbus ? >=sys-apps/dbus-0.60)
(wifi ? >=sys-apps/dbus-0.60)
x11-base/xorg-server-1.17.1-r1 (systemd ? sys-apps/dbus)
ukrainian ~ #
|
And I'll now post just those that do not contain the string `dbus ?' (which means, in my own lay terms: if the dbus flag is on, than it depends on the version of dbus after the `?', IIUC), from among that run:
| Code: |
dev-libs/glib-2.42.2 (>=sys-apps/dbus-1.2.14)
dev-vcs/subversion-1.8.11 (gnome-keyring ? sys-apps/dbus)
(kde ? sys-apps/dbus)
net-libs/glib-networking-2.42.1 (test ? sys-apps/dbus[X])
net-libs/libproxy-0.4.11-r2 (networkmanager ? >=sys-apps/dbus-1.6.18-r1[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?])
(wifi ? >=sys-apps/dbus-0.60)
x11-base/xorg-server-1.17.1-r1 (systemd ? sys-apps/dbus)
|
And, since there are not any flags of these: `gnome-keyring kde networkmanager wifi systemd' in my system (my latest `emerge --info' link [*], then, it appears to me, the sole dependancy for my system remains:
| Code: |
dev-libs/glib-2.42.2 (>=sys-apps/dbus-1.2.14)
|
And here we go and get into unclarities. Just see this:
| Code: |
ukrainian ~ # emerge -s '%^dbus'
[ Results for search key : %^dbus ]
Searching...
* dev-dotnet/dbus-sharp
Latest version available: 0.7.0-r1
Latest version installed: [ Not Installed ]
Size of files: 125 KiB
Homepage: https://github.com/mono/dbus-sharp
Description: D-Bus for .NET
License: MIT
* dev-dotnet/dbus-sharp-glib
Latest version available: 0.5.0
Latest version installed: [ Not Installed ]
Size of files: 94 KiB
Homepage: https://github.com/mono/dbus-sharp
Description: D-Bus for .NET: GLib integration module
License: MIT
* dev-haskell/dbus
Latest version available: 0.10.9.2
Latest version installed: [ Not Installed ]
Size of files: 72 KiB
Homepage: https://john-millikin.com/software/haskell-dbus/
Description: A client library for the D-Bus IPC system
License: GPL-3
* dev-haskell/dbus-core
Latest version available: 0.9.3-r3
Latest version installed: [ Not Installed ]
Size of files: 212 KiB
Homepage: https://john-millikin.com/software/dbus-core/
Description: Low-level D-Bus protocol implementation
License: GPL-3
* dev-java/dbus-java
Latest version available: 2.7-r1
Latest version installed: [ Not Installed ]
Size of files: 143 KiB
Homepage: http://dbus.freedesktop.org/
Description: Java bindings for the D-Bus messagebus
License: || ( GPL-2 AFL-2.1 )
* dev-libs/dbus-c++
Latest version available: 0.9.0-r1
Latest version installed: [ Not Installed ]
Size of files: 456 KiB
Homepage: http://sourceforge.net/projects/dbus-cplusplus/ http://sourceforge.net/apps/mediawiki/dbus-cplusplus/index.php?title=Main_Page
Description: provide a C++ API for D-BUS
License: GPL-2
* dev-libs/dbus-glib
Latest version available: 0.102
Latest version installed: [ Not Installed ]
Size of files: 766 KiB
Homepage: http://dbus.freedesktop.org/
Description: D-Bus bindings for glib
License: || ( GPL-2 AFL-2.1 )
* dev-python/dbus-python
Latest version available: 1.2.0-r1
Latest version installed: [ Not Installed ]
Size of files: 589 KiB
Homepage: http://www.freedesktop.org/wiki/Software/DBusBindings http://dbus.freedesktop.org/doc/dbus-python/
Description: Python bindings for the D-Bus messagebus
License: MIT
* dev-util/dbus-test-runner
Latest version available: 12.10.1
Latest version installed: [ Not Installed ]
Size of files: 374 KiB
Homepage: https://launchpad.net/dbus-test-runner
Description: Run executables under a new DBus session for testing
License: GPL-3
* gnustep-libs/dbuskit
Latest version available: 0.1.1
Latest version installed: [ Not Installed ]
Size of files: 691 KiB
Homepage: http://www.gnustep.org
Description: framework that interfaces Objective-C applications with the D-Bus IPC service
License: LGPL-2.1
* sys-apps/dbus [ Masked ]
Latest version available: 1.8.16
Latest version installed: [ Not Installed ]
Size of files: 1,823 KiB
Homepage: http://dbus.freedesktop.org/
Description: A message bus system, a simple way for applications to talk to each other
License: || ( AFL-2.1 GPL-2 )
[ Applications found : 11 ]
ukrainian ~ #
|
In short no such package that contains [some-family]/dbus[-whatever] is installed in my system, since every and all of these packages listed above contains:
| Code: |
Latest version installed: [ Not Installed ]
|
Hmmmhhh, that's how I like it.
(I was reluctant to post the entire list, but completeness of my posts allows for relatively easy references later; for midori dependency webkit-gtk it was easy for me to point to what calls for DBus, because I posted it all previously... And this is about dbus. So let that list be there.)
And, notwithstanding my not having sys-apps/dbus installed, I do have dev-libs/glib installed (let's see it with its flags, and do notice the `-dbus' flag if flaunts, hmmmh, that's how I like it!):
| Code: |
ukrainian ~ # emerge -p dev-libs/glib
These are the packages that would be merged, in order:
Calculating dependencies ... done!
[ebuild R ] dev-libs/glib-2.42.2:2::gentoo USE="mime xattr -dbus -debug (-fam) (-selinux) -static-libs -systemtap {-test} -utils" ABI_X86="(64) -32 (-x32)" PYTHON_TARGETS="python2_7" 0 KiB
Total: 1 package (1 reinstall), Size of downloads: 0 KiB
ukrainian ~ #
|
So either equery got it wrong, or something else, but what, is here missing in our understanding of it?
---
[*] I found only the `kde' flag:
| Code: | | media-libs/mlt xml ffmpeg python gtk melt frei0r sdl kde qt4 |
in my package.use
(but the `media-libs/mlt' is not installed in my system; anyway that line now purged out from my package.use) |
|
| Back to top |
|
|
Princess Nell
l33t
Joined: 15 Apr 2005
Posts: 916
|
| Posted: Wed Mar 11, 2015 10:02 pm Post subject: |
|
|
| Quote: | | And I owe Princess Nell a packet and screeen capture of SchmoogleFox and data-harvesting-to-cloud-on-first connection, in the other topic on Schmoog. If I make it. That's a lot of work. |
And I would think I have solved this problem comprehensively. Just make sure stuff like health report and safe browsing are disabled. If you start from scratch with a new profile, you can run firefox in ProfileManager mode only, to cut out all those transmissions even on first invocation, then copy user.js with all customizations into place. That file is quite small, maybe 20-30 lines, or about 50 if you're paranoid |
|
| Back to top |
|
|
Fitzcarraldo
Advocate
Joined: 30 Aug 2008
Posts: 2034
Location: United Kingdom
|
| Posted: Wed Mar 11, 2015 10:29 pm Post subject: Automate the editing of Firefox user preferences |
|
|
Using about:config or directly editing prefs.js to change the user preferences in Firefox is laborious, so I created a Bash script edit_firefox.sh to toggle the relevant user preferences I am interested in making secure:
| Code: | #!/bin/bash
# Script to change Firefox user preferences rather than
# using about:config from within Firefox.
# Make sure you only run this script when Firefox is not running.
#
FILE="/home/fitzcarraldo/.mozilla/firefox/fm8q09x0.default/prefs.js"
#
#
STATE=$(grep media.peerconnection.enabled $FILE | cut -c 43- | cut -d')' -f1)
if ! grep -q media.peerconnection.enabled $FILE ; then
echo 'user_pref("media.peerconnection.enabled", false);' >> $FILE
echo 'Added media.peerconnection.enabled false (secure) to prefs.js'
elif [ $STATE = "true" ]; then
sed -i s/^.*media.peerconnection.enabled.*$/'user_pref("media.peerconnection.enabled", false);'/ $FILE
echo 'media.peerconnection.enabled changed to false (secure) in prefs.js'
else
sed -i s/^.*media.peerconnection.enabled.*$/'user_pref("media.peerconnection.enabled", true);'/ $FILE
echo 'media.peerconnection.enabled changed to true (not secure) in prefs.js'
fi
#
STATE=$(grep browser.safebrowsing.malware.enabled $FILE | cut -c 51- | cut -d')' -f1)
if ! grep -q browser.safebrowsing.malware.enabled $FILE ; then
echo 'user_pref("browser.safebrowsing.malware.enabled", false);' >> $FILE
echo 'Added browser.safebrowsing.malware.enabled false (secure) to prefs.js'
elif [ $STATE = "true" ]; then
sed -i s/^.*browser.safebrowsing.malware.enabled.*$/'user_pref("browser.safebrowsing.malware.enabled", false);'/ $FILE
echo 'browser.safebrowsing.malware.enabled changed to false (secure) in prefs.js'
else
sed -i s/^.*browser.safebrowsing.malware.enabled.*$/'user_pref("browser.safebrowsing.malware.enabled", true);'/ $FILE
echo 'browser.safebrowsing.malware.enabled changed to true (not secure) in prefs.js'
fi
#
STATE=$(grep browser.safebrowsing.enabled $FILE | cut -c 43- | cut -d')' -f1)
if ! grep -q browser.safebrowsing.enabled $FILE ; then
echo 'user_pref("browser.safebrowsing.enabled", false);' >> $FILE
echo 'Added browser.safebrowsing.enabled false (secure) to prefs.js'
elif [ $STATE = "true" ]; then
sed -i s/^.*browser.safebrowsing.enabled.*$/'user_pref("browser.safebrowsing.enabled", false);'/ $FILE
echo 'browser.safebrowsing.enabled changed to false (secure) in prefs.js'
else
sed -i s/^.*browser.safebrowsing.enabled.*$/'user_pref("browser.safebrowsing.enabled", true);'/ $FILE
echo 'browser.safebrowsing.enabled changed to true (not secure) in prefs.js'
fi
#
STATE=$(grep network.proxy.socks_remote_dns $FILE | cut -c 45- | cut -d')' -f1)
if ! grep -q network.proxy.socks_remote_dns $FILE ; then
echo 'user_pref("network.proxy.socks_remote_dns", true);' >> $FILE
echo 'Added network.proxy.socks_remote_dns true (secure) to prefs.js'
elif [ $STATE = "true" ]; then
sed -i s/^.*network.proxy.socks_remote_dns.*$/'user_pref("network.proxy.socks_remote_dns", false);'/ $FILE
echo 'network.proxy.socks_remote_dns changed to false (not secure) in prefs.js'
else
sed -i s/^.*network.proxy.socks_remote_dns.*$/'user_pref("network.proxy.socks_remote_dns", true);'/ $FILE
echo 'network.proxy.socks_remote_dns changed to true (secure) in prefs.js'
fi
#
STATE=$(grep network.dns.disablePrefetch $FILE | cut -c 42- | cut -d')' -f1)
if ! grep -q network.dns.disablePrefetch $FILE ; then
echo 'user_pref("network.dns.disablePrefetch", true);' >> $FILE
echo 'Added network.dns.disablePrefetch true (secure) to prefs.js'
elif [ $STATE = "true" ]; then
sed -i s/^.*network.dns.disablePrefetch.*$/'user_pref("network.dns.disablePrefetch", false);'/ $FILE
echo 'network.dns.disablePrefetch changed to false (not secure) in prefs.js'
else
sed -i s/^.*network.dns.disablePrefetch.*$/'user_pref("network.dns.disablePrefetch", true);'/ $FILE
echo 'network.dns.disablePrefetch changed to true (secure) in prefs.js'
fi
#
STATE=$(grep network.dns.disableIPv6 $FILE | cut -c 38- | cut -d')' -f1)
if ! grep -q network.dns.disableIPv6 $FILE ; then
echo 'user_pref("network.dns.disableIPv6", true);' >> $FILE
echo 'Added network.dns.disableIPv6 true (secure) to prefs.js'
elif [ $STATE = "true" ]; then
sed -i s/^.*network.dns.disableIPv6.*$/'user_pref("network.dns.disableIPv6", false);'/ $FILE
echo 'network.dns.disableIPv6 changed to false (not secure) in prefs.js'
else
sed -i s/^.*network.dns.disableIPv6.*$/'user_pref("network.dns.disableIPv6", true);'/ $FILE
echo 'network.dns.disableIPv6 changed to true (secure) in prefs.js'
fi |
You will need to change the path to the Firefox prefs.js file in the sixth line of the script, to suit your installation. If you have the utility mlocate installed you can find the file easily by using the command:
| Code: | | $ locate prefs.js | grep firefox |
You can see below how the script works:
| Code: | $ ./edit_firefox.sh
media.peerconnection.enabled changed to false (secure) in prefs.js
browser.safebrowsing.malware.enabled changed to false (secure) in prefs.js
browser.safebrowsing.enabled changed to false (secure) in prefs.js
network.proxy.socks_remote_dns changed to true (secure) in prefs.js
network.dns.disablePrefetch changed to true (secure) in prefs.js
network.dns.disableIPv6 changed to true (secure) in prefs.js
$ ./edit_firefox.sh
media.peerconnection.enabled changed to true (not secure) in prefs.js
browser.safebrowsing.malware.enabled changed to true (not secure) in prefs.js
browser.safebrowsing.enabled changed to true (not secure) in prefs.js
network.proxy.socks_remote_dns changed to false (not secure) in prefs.js
network.dns.disablePrefetch changed to false (not secure) in prefs.js
network.dns.disableIPv6 changed to false (not secure) in prefs.js
$ |
Changing the above-mentioned Firefox user preferences will help prevent DNS leakage and WebRTC leakage when using Firefox.
Bibliography
What is a DNS leak and why should I care?
Transparent DNS proxies
Proxy Test
IP/DNS Detect
New Browser Based Flaw Leaks VPN Users' IP Addresses
Preventing a DNS Leak and WebRTC Leak when using Tor in Linux
_________________
Clevo W230SS: amd64, VIDEO_CARDS="intel modesetting nvidia".
Compal NBLB2: ~amd64, xf86-video-ati. Dual boot Win 7 Pro 64-bit.
OpenRC udev elogind & KDE on both.
Fitzcarraldo's blog |
|
| Back to top |
|
|
miroR
l33t
Joined: 05 Mar 2008
Posts: 826
|
| Posted: Wed Mar 11, 2015 11:58 pm Post subject: |
|
|
While I like to see you in my topics, Fitzcarraldo, and Princess Nell...
I really do... But I begged so kindly to put what relates Firefox and Google, in this other topic:
Google - can not open any link - malware ??
https://forums.gentoo.org/viewtopic-t-912056-start-25.html#7715646
as you are now completely out of topic with this...
Can I reply to you there? And, can you say your advice, or your script (saying upfront, will eat my hat if it does)
rid me of that harvesting,
which I sure hope you can find there?
I'd really like this topic to be about what I meant it for.
Please! Thank you! |
|
| Back to top |
|
|
miroR
l33t
Joined: 05 Mar 2008
Posts: 826
|
| Posted: Thu Mar 12, 2015 10:05 am Post subject: |
|
|
Princess Nell, especially you, and Fitzcarraldo (but he might have posted here without enough consideration of the topic),
we're at an enpasse here, as I explain in:
Google - can not open any link - malware ??
https://forums.gentoo.org/viewtopic-t-912056-start-25.html#7715894
and I will not be to blame if some of you really decide and fully hijack this topic of mine which is meant to be about:
Updating and keeping your Gentoo non-poetterized
If you feel my contribution with the demonstration over there might be of some use, as I feel your possible solutions might be worthy, pls I'll invest more of my time, as you did, but not here.
Thank you.
---
To this:
steveL replied without quoting:
| steveL wrote: |
No, gdbus was not a typo; IDK what thread I got the info from, but that was starting to pull in gtk-3, which was the real concern, that I recall.
|
Tried, but didn't get for sure from ddg.gg what IDK means: Integration Developmnet Kit? I Don't Kare? the latter probably. Yes. It adds up.
But I think I've traced what that gdbus is too, in my system.
---
I'll use this post of mine, where I quoted the previous conversation relevant to the issue, but I'll cut it to what is needed for my explanation of what I think I figured out.
| NeddySeagoon wrote: |
Run | Code: | | $ equery depends dbus |
| Code: | | app-text/ghostscript-gpl-9.15-r1 (dbus ? sys-apps/dbus) |
says that if USE=dbus, then any version will do.
| Code: | | dev-libs/glib-2.42.2 (>=sys-apps/dbus-1.2.14) |
says dbus is required as there is no USE flag test.
if you want glib, you have to have dbus too. |
...[snip -- a lot skipped here]...
In short no such package that contains [some-family]/dbus[-whatever] is installed in my system, since every and all of these packages listed above contains:
| Code: |
Latest version installed: [ Not Installed ]
|
Hmmmhhh, that's how I like it.
...[snip]...
And, notwithstanding my not having sys-apps/dbus installed, I do have dev-libs/glib installed (let's see it with its flags, and do notice the `-dbus' flag if flaunts, hmmmh, that's how I like it!):
| Code: |
ukrainian ~ # emerge -p dev-libs/glib
These are the packages that would be merged, in order:
Calculating dependencies ... done!
[ebuild R ] dev-libs/glib-2.42.2:2::gentoo USE="mime xattr -dbus -debug (-fam) (-selinux) -static-libs -systemtap {-test} -utils" ABI_X86="(64) -32 (-x32)" PYTHON_TARGETS="python2_7" 0 KiB
Total: 1 package (1 reinstall), Size of downloads: 0 KiB
ukrainian ~ #
|
I decided to see what my install of dev-libs/glib contains (notice the /usr/bin/gdbus).
equery f dev-libs/glib
| Code: |
/usr
/usr/bin
/usr/bin/gapplication
/usr/bin/gdbus
/usr/bin/gio-querymodules
/usr/bin/glib-compile-resources
/usr/bin/glib-compile-schemas
/usr/bin/glib-genmarshal
/usr/bin/glib-gettextize
/usr/bin/glib-mkenums
/usr/bin/gobject-query
/usr/bin/gresource
/usr/bin/gsettings
/usr/bin/gtester
/usr/include
...[snip]...
|
And gdbus is:
| Code: |
GDBUS(1) User Commands GDBUS(1)
NAME
gdbus - Tool for working with D-Bus objects
SYNOPSIS
gdbus introspect [--system | --session | --address address] --dest bus_name
--object-path /path/to/object [--xml] [--recurse] [--only-properties]
gdbus monitor [--system | --session | --address address] --dest bus_name
[--object-path /path/to/object]
gdbus call [--system | --session | --address address] --dest bus_name
--object-path /path/to/object --method org.project.InterfaceName.MethodName
[--timeout seconds] ARG1 ARG2...
gdbus emit [--system | --session | --address address] --object-path /path/to/object
--signal org.project.InterfaceName.SignalName [--dest unique_bus_name] ARG1 ARG2...
gdbus help
DESCRIPTION
gdbus is a simple tool for working with D-Bus objects.
COMMANDS
introspect
Prints out interfaces and property values for a remote object. For this to work, the owner
of the object needs to implement the org.freedesktop.DBus.Introspectable interface. If the
--xml option is used, the returned introspection XML is printed, otherwise a parsed pretty
representation is printed. The --recurse option can be used to introspect children (and
their children and so on) and the --only-properties option can be used to only print the
interfaces with properties.
monitor
Monitors one or all objects owned by the owner of bus_name.
call
Invokes a method on a remote object. Each argument to pass to the method must be specified
as a serialized GVariant except that strings do not need explicit quotes. The return values
are printed out as serialized GVariant values.
emit
Emits a signal. Each argument to include in the signal must be specified as a serialized
GVariant except that strings do not need explicit quotes.
|
I think this needs posting, because gdbus is, apparently, just a binary, of, I hope, inconsequencial presence, if dbus is not installed.
But also, my chasing of what introspection is, has come to some sensible end. It's part of dbus architecture.
It's also in the listing of glib listed just the head of above.
| Code: |
...[snip]...
/usr/include/glib-2.0/gio/gdbusintrospection.h
...[snip]...
|
Now I need to revert (still haven't done it) to the state previous to the attempted install of webkit-gtk that midori needed. And I don't think I'd recommend midori to anybody. It's a dbus dependent package.
And I think that is an error, the , steveL, not a typo, but a mistake. I'm not sure completely though, TBH (if TBH means to be honest; but I don't like to many acronyms, I like that people less skilled in English be fine with my texts). |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Desktop Environments
