View previous topic :: View next topic |
Author |
Message |
audiodef Watchman
Joined: 06 Jul 2005 Posts: 6639 Location: The soundosphere
|
|
Back to top |
|
|
audiodef Watchman
Joined: 06 Jul 2005 Posts: 6639 Location: The soundosphere
|
|
Back to top |
|
|
audiodef Watchman
Joined: 06 Jul 2005 Posts: 6639 Location: The soundosphere
|
|
Back to top |
|
|
Hu Moderator
Joined: 06 Mar 2007 Posts: 21602
|
Posted: Sat Aug 26, 2017 5:12 pm Post subject: |
|
|
What problem does wget encounter if you make https mandatory? Does it not trust Let's Encrypt certificates during the early install stage? |
|
Back to top |
|
|
audiodef Watchman
Joined: 06 Jul 2005 Posts: 6639 Location: The soundosphere
|
|
Back to top |
|
|
szatox Advocate
Joined: 27 Aug 2013 Posts: 3131
|
Posted: Sun Aug 27, 2017 9:58 am Post subject: |
|
|
SSL itself _should_ be fine as long as as you provide CA chain along with your own certificate. My curl trusts it, so I guess it is. Regular browsers cache chains, so they are not really good for testing this part.
Still, confidentiality is not critical in this case, so there is no harm in leaving it on http as well.
Something could be wrong with the encrypted version though, since my browser reported unauthenticated content there. |
|
Back to top |
|
|
audiodef Watchman
Joined: 06 Jul 2005 Posts: 6639 Location: The soundosphere
|
|
Back to top |
|
|
Hu Moderator
Joined: 06 Mar 2007 Posts: 21602
|
Posted: Sun Aug 27, 2017 4:22 pm Post subject: |
|
|
Browsers may flag mixed content pages, where the main page was served over https, but resolving resources in the page (or resources to support resources in the page, recursively) requires using unencrypted http. If you have any absolute references in the site back to the site itself, these references would refer to the protocol in the reference, not the protocol used to serve it. For example: Code: | $ curl https://mixed-content.example.com/ | grep http://
<img src="http://mixed-content.example.com/a.png"> <!-- This is a security error (mixed content) even though the domain matches, since curl fetched over https, but the image is always over http. Fix it by using src="a.png" or src="/a.png", if you must use an absolute path. -->
<img src="http://sibling-mixed-content.example.com/b.png"> <!-- This is a security error (mixed content). Fix it by using src="//sibling-mixed-content.example.com/a.png", which tells the browser to reuse the protocol it used before, but use the new hostname+path. -->
| Mixed passive content is mildly annoying (particularly when the browser is configured to filter all insecure content, causing mixed passive content to be omitted entirely), but not dangerous. Mixed active content is more of a concern, and recent browsers already refuse to use insecure scripts referenced in a secure page, so if you rely on mixed active content, your site will tend to break. (Fortunately, relying on active content at all is bad practice.)
Confidentiality is probably not a big issue here. Data integrity might be, if you want users to paste in commands. Malicious tampering is unlikely, but accidental tampering (particularly truncated documents) is quite possible.
szatox: what pages reported problems for you? |
|
Back to top |
|
|
szatox Advocate
Joined: 27 Aug 2013 Posts: 3131
|
Posted: Sun Aug 27, 2017 5:37 pm Post subject: |
|
|
Why, homepage.
I had a quick look at the source, there is a bunch of images linked with http:// I don't know if this is the only reason, but it is enough of a reason for that warning.
BTW, It feels like a high time to split this thread (moving stuff related to website somewhere else), and only leave things related to the project here. Just sayin'. |
|
Back to top |
|
|
audiodef Watchman
Joined: 06 Jul 2005 Posts: 6639 Location: The soundosphere
|
Posted: Sun Aug 27, 2017 7:17 pm Post subject: |
|
|
szatox wrote: |
BTW, It feels like a high time to split this thread (moving stuff related to website somewhere else), and only leave things related to the project here. Just sayin'. |
I would rather not. I'm just one guy and it's so much easier for me to keep track of all things Gentoo Studio in one thread. I totally don't mind posts about the site's appearance, functionality, etc. My life is complicated enough with multiple threads involving what is for me the same topic. There is a good chance I am going to overlook feedback provided elsewhere. I wish someone had checked with me first. _________________ decibel Linux: https://decibellinux.org
Github: https://github.com/Gentoo-Music-and-Audio-Technology
Facebook: https://www.facebook.com/decibellinux
Discord: https://discord.gg/73XV24dNPN |
|
Back to top |
|
|
audiodef Watchman
Joined: 06 Jul 2005 Posts: 6639 Location: The soundosphere
|
|
Back to top |
|
|
audiodef Watchman
Joined: 06 Jul 2005 Posts: 6639 Location: The soundosphere
|
Posted: Wed Aug 30, 2017 9:14 pm Post subject: |
|
|
Code: |
a2jmidid -e
JACK MIDI <-> ALSA sequencer MIDI bridge, version 8 (7383d268c4bfe85df9f10df6351677659211d1ca) built on Wed Dec 31 19:00:00 1969
Copyright 2006,2007 Dmitry S. Baikov
Copyright 2007,2008,2009,2011,2012 Nedko Arnaudov
Bridge starting...
Using JACK server 'default'
Hardware ports will be exported.
ALSA lib /var/tmp/portage/media-libs/alsa-lib-1.1.4.1/work/alsa-lib-1.1.4.1/src/seq/seq_hw.c:466:(snd_seq_hw_open) open /dev/snd/seq failed: No such file or directory
|
If you get this, you need to modprobe snd_seq and add this module to /etc/conf.d/modules. It should be auto-loaded, not sure why it wasn't. _________________ decibel Linux: https://decibellinux.org
Github: https://github.com/Gentoo-Music-and-Audio-Technology
Facebook: https://www.facebook.com/decibellinux
Discord: https://discord.gg/73XV24dNPN |
|
Back to top |
|
|
Hu Moderator
Joined: 06 Mar 2007 Posts: 21602
|
Posted: Thu Aug 31, 2017 1:12 am Post subject: |
|
|
External links do not cause a mixed content warning, regardless of where they point or what protocol they use. Only resources used within the page can cause such a warning. |
|
Back to top |
|
|
audiodef Watchman
Joined: 06 Jul 2005 Posts: 6639 Location: The soundosphere
|
|
Back to top |
|
|
szatox Advocate
Joined: 27 Aug 2013 Posts: 3131
|
Posted: Thu Aug 31, 2017 7:55 pm Post subject: |
|
|
Hint: Use relative paths. Without domain name, without protocol. Just the regular ../../directory_with_my_static_stuff sort of thing.
This way even a plain, HTML-only (static: no server-side scripts required) website will work over http as well as https, moved to another domain, and even without any server at all if you just make a local copy. All this without changing a single character over the whole document tree. |
|
Back to top |
|
|
audiodef Watchman
Joined: 06 Jul 2005 Posts: 6639 Location: The soundosphere
|
|
Back to top |
|
|
audiodef Watchman
Joined: 06 Jul 2005 Posts: 6639 Location: The soundosphere
|
|
Back to top |
|
|
arnvidr l33t
Joined: 19 Aug 2004 Posts: 629 Location: Oslo, Norway
|
Posted: Thu Sep 07, 2017 8:12 pm Post subject: |
|
|
audiodef wrote: | arnvidr,
As long as you know how to make sure your computer's UEFI works, you should not need to do a regular Gentoo install. But if you try a Gentoo Studio install and run into UEFI trouble, and subsequently have no trouble following the Gentoo handbook for a regular Gentoo install, then please let me know so I can try to fix it. | Finally got around to trying this, sorry for the delay (sick, hardware trouble, etc).
Tried the automatic script first, but that was a no go (might have worked if I edited it though), since /dev/sda pointed to my live usb stick. My main drive on this machine is a NVMe type, so replace /dev/sda with /dev/nvme0n1 and something like /dev/sda3 with /dev/nvme0n1p3 in the manual install and I finished it without any problems that I can recall. The only difference I remember is that /boot/grub/grub.cfg did already exist, contrary to the instructions.
After reboot, it seems like the EFI stuff itself was a success, but the initramfs failed. I have never used an initramfs before, so I didn't know how to troubleshoot in the unfamiliar shell, but the error was "ROOT not found" or similar, pointing to a UUID. Could it be that support for NVMe drives are not available in the initramfs? Anyway, showed tux images at the top of the screen, and generally giving the impression that the EFI step was successful, which was what you wanted tested, right?
I'll be going away this weekend, and hence I won't be starting the actual system install on this machine yet, so if there's anything else you want me to try out before I do, I'll be happy to help _________________
|
|
Back to top |
|
|
pjp Administrator
Joined: 16 Apr 2002 Posts: 20067
|
Posted: Thu Sep 07, 2017 8:38 pm Post subject: |
|
|
Have you configured package sets as an option as an alternative to the stage4? _________________ Quis separabit? Quo animo? |
|
Back to top |
|
|
audiodef Watchman
Joined: 06 Jul 2005 Posts: 6639 Location: The soundosphere
|
|
Back to top |
|
|
audiodef Watchman
Joined: 06 Jul 2005 Posts: 6639 Location: The soundosphere
|
|
Back to top |
|
|
pjp Administrator
Joined: 16 Apr 2002 Posts: 20067
|
Posted: Mon Sep 11, 2017 11:20 pm Post subject: |
|
|
I was just curious. It wasn't immediately apparent whether or not something necessitated the stage4 other than convenience for those less inclined to tinker with the OS. _________________ Quis separabit? Quo animo? |
|
Back to top |
|
|
arnvidr l33t
Joined: 19 Aug 2004 Posts: 629 Location: Oslo, Norway
|
Posted: Tue Sep 12, 2017 10:24 am Post subject: |
|
|
audiodef wrote: | arnvidr,
Thank you! I already knew I should make the script do something other than default to /dev/sda - I just need to figure out the best way to do that.
I don't know anything about initramfs and driver issues, but I will add that to the pile.
Really appreciate the feedback. | I think I saw that you used genkernel for the kernels? I assume it is then responsible for the initramfs. I don't have any experience with genkernel, but it might be as easy as adding this to your kernel config: https://wiki.gentoo.org/wiki/NVMe
Notice that it mentions the device showing up under /dev/nvme* like I used during the install, but nothing like it exists if I on encountering the error exit to a shell and does ls dev
For reference, in case it might be useful, here's what I see when booting: https://imgur.com/a/LeamS _________________
|
|
Back to top |
|
|
audiodef Watchman
Joined: 06 Jul 2005 Posts: 6639 Location: The soundosphere
|
|
Back to top |
|
|
audiodef Watchman
Joined: 06 Jul 2005 Posts: 6639 Location: The soundosphere
|
Posted: Tue Sep 12, 2017 9:41 pm Post subject: |
|
|
Spent the day haxxing with catalyst. Now I'm stalled with a /usr/src/linux doesn't exist for my stage2 spec. I resolved this for my stage4 spec by doing the entire kernel build in fsscript, but apparently, the kernel build is required for a livecd stage2 spec.
spec:
Code: |
subarch: amd64
version_stamp: latest
target: livecd-stage2
rel_type: default
profile: default/linux/amd64/13.0
snapshot: latest
source_subpath: default/livecd-stage1-amd64-latest
portage_confdir: /etc/portage
portage_overlay: /usr/local/portage
livecd/fstype: zisofs
livecd/cdtar: /usr/lib/catalyst/livecd/cdtar/isolinux-3.72-memtest86+-cdtar.tar.bz2
livecd/iso: default/livecd-amd64-latest.iso
livecd/bootargs: dokeymap
livecd/gk_mainargs: --lvm --dmraid
livecd/type: generic-livecd
livecd/xdm: lightdm
livecd/xsession: xfce4-session
livecd/volid: Gentoo Studio 2017 AMD64
boot/kernel: gentoo
boot/kernel/gentoo/sources: gentoo-sources
# boot/kernel/gentoo/config:
# boot/kernel/gentoo/gk_kernargs:
boot/kernel/gentoo/use: pcmcia usb
boot/kernel/gentoo/packages:
pcmcia-cs
speedtouch
slmodem
globespan-adsl
hostap-driver
hostap-utils
ipw2100
ipw2200
fritzcapi
fcdsl
cryptsetup
livecd/empty:
/var/tmp
/var/cache
/var/db
/var/empty
/var/lock
/var/log
/var/run
/var/spool
/var/state
/tmp
/usr/portage
/usr/share/man
/usr/share/info
/usr/share/unimaps
/usr/include
/usr/share/zoneinfo
/usr/share/dict
/usr/share/doc
/usr/share/ss
/usr/share/state
/usr/share/texinfo
/usr/lib/python2.2
/usr/lib/portage
/usr/share/gettext
/usr/share/i18n
/usr/share/rfc
/usr/lib/X11/config
/usr/lib/X11/etc
/usr/lib/X11/doc
/usr/src
/usr/share/doc
/usr/share/man
/root/.ccache
/etc/cron.daily
/etc/cron.hourly
/etc/cron.monthly
/etc/cron.weekly
/etc/logrotate.d
/etc/rsync
/usr/lib/awk
/usr/lib/ccache
/usr/lib/gcc-config
/usr/lib/nfs
/usr/local
/usr/diet/include
/usr/diet/man
/usr/share/consolefonts/partialfonts /usr/share/consoletrans /usr/share/emacs /usr/share/gcc-data /usr/share/genkernel /etc/bootsplash/gentoo /etc/bootsplash/gentoo-highquality /etc/splash/gentoo /etc/splash/emergence /usr/share/gnuconfig /usr/share/lcms /usr/share/locale /etc/skel
|
_________________ decibel Linux: https://decibellinux.org
Github: https://github.com/Gentoo-Music-and-Audio-Technology
Facebook: https://www.facebook.com/decibellinux
Discord: https://discord.gg/73XV24dNPN |
|
Back to top |
|
|
|