| View previous topic :: View next topic |
| Author |
Message |
razixx
Tux's lil' helper
Joined: 07 Jul 2008
Posts: 75
Location: The Pas, MB
|
 Posted: Tue Jul 20, 2010 1:14 pm Post subject: configuring a xen enabled kernel - help |
 |
|
I've recently purchased a virtual machine from the net that's provisioned with Gentoo. I've never worked with this type of vm before. I'm having troubles trying to compile the hardened sources with xen support. The questions I'm running into are:
Do I need both Hardened and xen sources or is xen patched into hardened by default?
Do I need to compile hardware support or does the host take care of it?
I've done lots of searching on the web, most the tutorials out there seem to tell you how to set up a host, but don't really say too much about configuring while your working as the guest.
I don't know anything about the hardware other then it runs on an intel processor..lol lspci doesn't pump out any output, I'm guessing they've blocked it. Any help is appreciated
Thx |
|
| Back to top |
|
 |
idella4
Retired Dev
Joined: 09 Jun 2006
Posts: 1600
Location: Australia, Perth
|
| Posted: Tue Jul 20, 2010 3:43 pm Post subject: |
|
|
| Quote: |
I don't know anything about the hardware other then it runs on an intel processor..lol lspci doesn't pump out any output, I'm guessing they've blocked it. Any help is appreciated
|
ok you say you're running as a guest. So spell out your system clearly.
What is your host? post host's uname -a
Also uname -a of the gentoo guest.
| Quote: |
lspci doesn't pump out any output,
|
suggests your guest is booted as a para-virtual guest. This begs the question, what are you doing trying to configure hardware in a para-virtualised guest?
Para-virt relies upon the host to deal with the hardware.
| Quote: |
Do I need to compile hardware support or does the host take care of it?
|
As above, probably yes. Please clarify what you're working towards.
_________________
idella4@aus |
|
| Back to top |
|
|
razixx
Tux's lil' helper
Joined: 07 Jul 2008
Posts: 75
Location: The Pas, MB
|
| Posted: Tue Jul 20, 2010 10:07 pm Post subject: |
|
|
Thank you for your reply
uname -a
| Code: |
Linux webbox 2.6.34-xen-vr.org #2 SMP Mon Jul 5 20:54:35 PDT 2010 x86_64 Intel(R) Xeon(R) CPU E5504 @ 2.00GHz GenuineIntel GNU/Linux
|
This is the output I receive when I type it in assuming that I'm running as a guest.
What I am trying to do is compile and install the hardened-sources with xen support.
I get my services through www.vr.org (host virtual ) -They are the host
I've never ran gentoo in a virtualized environment so it's pretty new to me. There are lots of guides explaining how to set up to be a host but not to many on how to set up if you are the guest in someone else's domain.
eselect kernel list
| Code: |
Available kernel symlink targets:
[1] linux-2.6.18-xen-r12
[2] linux-2.6.32-hardened-r9 *
[3] linux-2.6.34-gentoo-r1
|
|
|
| Back to top |
|
|
idella4
Retired Dev
Joined: 09 Jun 2006
Posts: 1600
Location: Australia, Perth
|
| Posted: Wed Jul 21, 2010 1:50 pm Post subject: |
|
|
razixx
ok we're in business. For my own interest and assistance, how do you connect to the gentoo vm?
My guess is by ssh or some such. Is this vm on server in the service provider's server?
Before anything, let me bring one important point to you. What is your ls -l /etc/make.profile.
Are you taking a desktop or server profile gentoo and equipping it with a hardened kernel?
Before anything, should you consider recompiling your whole vm with a hardened profile to ensure a gentoo style consistency.
Otherwise, something may brake.
I've practiced with xen and I haven't any real live contacts or experience with a xen based vm provider.
What I can gather is you have selected and acquired a gentoo vm prepared by vr.org. Yes?
Well this a bit new to both of us but looks very achievable.
If not already installed, get your hardened sources. Also acquire the 2.6.34 kernel.
What you are trying to do then is to have your purchased gentoo vm boot up by your customised kernel??
That means that the kernel will have to be made available to the host to select. The host I take it is the service provider.
| Code: |
idella@genny /usr/src/linux-2.6.31-gentoo-r6 $ sudo emerge -s xen
* sys-kernel/xen-sources
Latest version available: 2.6.34
Latest version installed: 2.6.18-r12
Size of files: 67,921 kB
Homepage: http://xen.org/
Description: Full sources for a dom0/domU Linux kernel to run under Xen
License: GPL-2 !deblob? ( freedist )
|
| Quote: |
webbox 2.6.34-xen-vr.org
|
is the vm hostnamed webbox running a 2.6.34-xen kernel. This should really be easy. Follow this plan. Take your config of 2.6.34-xen-vr.org from boot.
Copy it to kernel 2.6.34 REGULAR.
Acquire a guide from the gentoo wiki re compiling xen kernels. Easy to find. Just bring up the gentoo wiki, follow the lists, do a search. google gentoo xen. Also similar here
Now, a peek into what you're looking for. Here is an important selection page of gentoo kernel xen 2.6.32
| Quote: |
.config - Linux Kernel v2.6.32-xen-r1 Configuration
──────────────────────────────────────────────────────────────────────────────────────────────
┌────────────────────────────── Processor type and features ──────────────────────────────┐
│ Arrow keys navigate the menu. <Enter> selects submenus --->. Highlighted letters are │
│ hotkeys. Pressing <Y> includes, <N> excludes, <M> modularizes features. Press │
│ <Esc><Esc> to exit, <?> for Help, </> for Search. Legend: [*] built-in [ ] excluded │
│ <M> module < > module capable │
│ ┌─────────────────────────────────────────────────────────────────────────────────────┐ │
│ │ [*] Symmetric multi-processing support │ │
│ │ [ ] Support sparse irq numbering │ │
│ │ [*] Enable MPS table │ │
│ │ [*] Xen-compatible │ │
│ │ [*] Single-depth WCHAN output │ │
│ │ Processor family (Core 2/newer Xeon) ---> │ │
│ │ [ ] Generic x86 support (NEW) │ │
│ │ (2) Maximum number of CPUs │ │
│ │ Preemption Model (Voluntary Kernel Preemption (Desktop)) ---> │ │
│ │ [ ] Machine Check / overheating reporting │ │
│ │ < > Toshiba Laptop support (NEW) │ │
│ │ < > Dell laptop support │ │
│ │ < > /dev/cpu/microcode - microcode support │ │
│ │ <*> /dev/cpu/*/msr - Model-specific register support │ │
│ │ <*> /dev/cpu/*/cpuid - CPU information support │ │
│ │ High Memory Support (4GB) ---> │ │
│ │ Memory model (Flat Memory) ---> │ │
│ │ [*] Enable KSM for page merging │
|
Note Xen-compatible is checked. This is for a host. Unchecked for a guest. Now it will be interesting to observe the settings of your 2.6.34-xen-vr.org. I should follow the pattern of the xen guest. You 99% chance or being booted para-virtual. That means you require a xen para-virt compatible guest kernel.
So, bring up a console, make two tabs. In one, enter /usr/src/linux-2.6.32-hardened. In the other, the regular 2.6.34.
[By rights, this could be either the regular or xen 2.6.34 kernel, but go with regular.]
make menuconfig in both. Track and observe the xen features in the regular 2.6.34.
Enter them into the 2.6.32-hardened kernel.
there you are. Compile and test it and re-post and tell me it works 
I have a backup if you're not getting there.
a little demo:
the gentoo host
| Code: |
idella@gentoo64 ~ $ uname -a
Linux gentoo64 2.6.32-xen-r1-AMD-64 #9 SMP Wed May 12 12:24:18 Local time zone must be set--see zic x86_64 Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz GenuineIntel GNU/Linux
|
here is a xen guest lenny [debian]
| Code: |
idella@Lenny:~$ ifconfig
-bash: ifconfig: command not found
idella@Lenny:~$ /sbin/ifconfig
eth0 Link encap:Ethernet HWaddr 00:16:3e:59:c4:6e
inet addr:192.168.0.61 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::216:3eff:fe59:c46e/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:93 errors:0 dropped:0 overruns:0 frame:0
TX packets:80 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:34499 (33.6 KiB) TX bytes:14021 (13.6 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:4 errors:0 dropped:0 overruns:0 frame:0
TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:280 (280.0 B) TX bytes:280 (280.0 B)
idella@Lenny:~$ which lspci
/usr/bin/lspci
idella@Lenny:~$ lspci
idella@Lenny:~$ lspci -k
idella@Lenny:~$ lspci
idella@Lenny:~$
idella@Lenny:~$ lspci -k
idella@Lenny:~$
|
So you see lspci is not blocked. It's the nature of para-virt guests. I have a gentoo guest, it's just the same as the lenny for this demo.
Your service provider host is booting your gentoo by pygrub or PV-grub. For our lenny above;
| Code: |
idella@Lenny:~$ ls /boot
idella@Lenny:~$
|
empty. There is a xen method pygrub that boots a guest with its kernel in place.
| Code: |
idella@gentoo64 ~ $ ls /usr/lib64/xen/boot
hvmloader ioemu-stubdom.gz pv-grub-x86_32.gz pv-grub-x86_64.gz pygrub
|
These boot a guest with a vm guest that supports xen guest para-virt. I can't tell offhand what type the kernel is that came with your vm because it has been renamed. Anyway; follow the above re-post
You'll get there.
_________________
idella4@aus |
|
| Back to top |
|
|
razixx
Tux's lil' helper
Joined: 07 Jul 2008
Posts: 75
Location: The Pas, MB
|
| Posted: Thu Jul 22, 2010 4:37 pm Post subject: |
|
|
Hi sorry,
Thanks again for all the great info, I would have got back to you sooner, but I'm still running into problems... lol This time while doing emerge -e world --quiet
| Code: |
>>> Installing (43 of 133) app-admin/perl-cleaner-1.05
>>> Emerging (44 of 133) sys-devel/binutils-config-1.9-r4
>>> Installing (44 of 133) sys-devel/binutils-config-1.9-r4
>>> Emerging (45 of 133) sys-apps/man-pages-posix-2003a
>>> Installing (45 of 133) sys-apps/man-pages-posix-2003a
>>> Emerging (46 of 133) virtual/init-0
>>> Installing (46 of 133) virtual/init-0
>>> Emerging (47 of 133) app-admin/eselect-vi-1.1.5
>>> Installing (47 of 133) app-admin/eselect-vi-1.1.5
>>> Emerging (48 of 133) app-admin/eselect-ctags-1.13
>>> Installing (48 of 133) app-admin/eselect-ctags-1.13
>>> Emerging (49 of 133) dev-util/ctags-5.7
>>> Installing (49 of 133) dev-util/ctags-5.7
>>> Emerging (50 of 133) net-mail/mailbase-1
>>> Installing (50 of 133) net-mail/mailbase-1
>>> Emerging (51 of 133) sys-devel/gettext-0.17-r1
Write failed: Broken pipe
chris@chris-laptop:~$
|
Happens every time but not necessarily on the same package. It shuts down the ssh connection as well. User should be root@webbox.
I don't know if this is a problem with ssh or not.
Here is my emerge --info
[url]
http://paste.pocoo.org/show/240473/
[/url]
ls -l /etc/make.profile
| Code: |
webbox ~ # ls -l /etc/make.profile
lrwxrwxrwx 1 root root 58 Jul 21 10:55 /etc/make.profile -> ../usr/portage/profiles/selinux/v2refpolicy/amd64/hardened
|
I also removed -pipe from my cflags just to test it out and see what happens, thinking the two might be related. At the time of emerging I was nearly using all the systems ram. But this setting definately didn't make a difference. |
|
| Back to top |
|
|
idella4
Retired Dev
Joined: 09 Jun 2006
Posts: 1600
Location: Australia, Perth
|
| Posted: Thu Jul 22, 2010 5:22 pm Post subject: |
|
|
razixx,
ok, a few things different; You need double check this; having emerge pull up like you describe suggests your settings aren't quite right in /etc/make.conf
mine, a few key entries selected;
| Code: |
idella@genny /mnt/images/genny $ cat /mnt/gentoo64/etc/make.conf
# These settings were set by the catalyst build script that automatically built this stage
# Please consult /etc/make.conf.example for a more detailed example
CFLAGS="-march=core2 -fomit-frame-pointer -pipe -O2 -mno-tls-direct-seg-refs -ggdb"
CHOST="x86_64-pc-linux-gnu"
CXXFLAGS="${CFLAGS}"
MAKEOPTS="-j4"
|
CFLAGS; forget about ggdb, not needed. Question is, did these settings come with the purchased / rented vm?
For xen related, include -mno-tls-direct-seg-refs. The most important is march. I can't remember it's too long ago when it was set.
I think native is a setting for 32 bit; go to the amd64 nstall manual and check.
The other is your USE flags. I won't paste mine, but it's much larger. But I have things like xen and kde4 and a few others installed.
Yours is a vm, I guess it's without a window manager, you haven't clarified.
I would suggest to backtrack with emerge -pv world and get a listing by emerge of what USE flags you need,\
I think your current settings is under done.
I take it the kernel is on the back burner.
re-post
_________________
idella4@aus |
|
| Back to top |
|
|
razixx
Tux's lil' helper
Joined: 07 Jul 2008
Posts: 75
Location: The Pas, MB
|
| Posted: Thu Jul 22, 2010 8:15 pm Post subject: |
|
|
There's definately no windows manager. The only access I have is through ssh.
Here is my /proc/cpuinfo
http://paste.pocoo.org/show/240550/
For -march should I be using nocona?
Eventually I want to be able to use this vm as a email/webserver for my own personal use.
The Default settings were "CFLAGS= -O2 -pipe" and was set to the server profile. They used there own custom xen kernel, no config file included.
My revised make.conf
| Code: |
# These settings were set by the catalyst build script that automatically
# built this stage.
# Please consult /usr/share/portage/config/make.conf.example for a more
# detailed example.
CFLAGS="-march=nocona -O2 -pipe -mno-tls-direct-seg-refs"
CXXFLAGS="${CFLAGS}"
# WARNING: Changing your CHOST is not something that should be done lightly.
# Please consult http://www.gentoo.org/doc/en/change-chost.xml before changing.
CHOST="x86_64-pc-linux-gnu"
# These are the USE flags that were used in addition to what is provided by the
# profile used for building.
USE="mmx sse sse2"
PORTDIR_OVERLAY=/usr/local/portage
MAKEOPTS="-j3"
GENTOO_MIRRORS="http://gentoo.mirrors.tera-byte.com/ http://mirror.datapipe.net/gentoo http://www.gtlib.gatech.edu/pub/gentoo"
SYNC="rsync://rsync.ca.gentoo.org/gentoo-portage"
|
Gonna try build world and see how it goes.
-=EDIT=-
I'm back in business, it appears it was a problem with the ssh in ubuntu, I've since switched to putty, and it hasn't kicked up a broken pipe error once. I'll look at that issue another time though. I finally got all my packages switched over to the new profile. Now on to the kernel |
|
| Back to top |
|
|
idella4
Retired Dev
Joined: 09 Jun 2006
Posts: 1600
Location: Australia, Perth
|
| Posted: Fri Jul 23, 2010 8:45 am Post subject: |
|
|
razixx
| Quote: |
The Default settings were "CFLAGS= -O2 -pipe" and was set to the server profile. They used there own custom xen kernel, no config file included.
For -march should I be using nocona?
|
ok, CFLAGS= -O2 -pipe is very standard. So you've changed it from a server profile to hardened. Fair enough. Usually a config is included in boot, but I suppose they are entitled to with hold it. It's no problem. I've given you a few alternatives.
You have probably already got onto these two.
| Code: |
CFLAGS="-march=nocona
|
Without re-reading the amd64 install manual, I'm not sure. From memory, nocona is what I used when I had an older amd 32 bit single cpu.
Yours is a single. I would have stayed with their setting -march=native. However, you say you've finished re-compiling. So I take it nothing has broken.
??? really? You've gone from http://paste.pocoo.org/show/240473/ to above?? That is confusing.
Anyway, awaiting you next post. If your kernel isn't quite there, I have an option waiting.
_________________
idella4@aus |
|
| Back to top |
|
|
razixx
Tux's lil' helper
Joined: 07 Jul 2008
Posts: 75
Location: The Pas, MB
|
| Posted: Fri Jul 23, 2010 4:26 pm Post subject: |
|
|
Hi idella,
I've broke things pretty bad on my vm. Since switching over to the hardened vm, emerging world, and rebooting the vm, I can no longer ssh in...lol.. Go figure. Looking at the logs it seems like a missing module issue. I'm probably biting off a little more then I can handle at this moment so I'm going to go back a few steps and test things out on a local machine, learn a little more about vm's and amd64 before I implement things on a remote one.
Thank you so much for all the help. |
|
| Back to top |
|
|
idella4
Retired Dev
Joined: 09 Jun 2006
Posts: 1600
Location: Australia, Perth
|
| Posted: Fri Jul 23, 2010 4:53 pm Post subject: |
|
|
razixx;
I must say I'm not surprised. From your previous post, you've made substantial changes to your vm mid-stream recompiling.
looks like you need to recompile like I guided and establish a linux xen host on your local machine and re-post your issues.
In your position it appears you need continued support.
_________________
idella4@aus |
|
| Back to top |
|
|
razixx
Tux's lil' helper
Joined: 07 Jul 2008
Posts: 75
Location: The Pas, MB
|
| Posted: Fri Jul 23, 2010 9:29 pm Post subject: |
|
|
Ok I think I've found many of my big pitfalls *cough nocona...
I read the wrong cpu section of the safe cflags on gentoo-wiki.
Here is my revised make.conf.
| Code: |
# These settings were set by the catalyst build script that automatically
# built this stage.
# Please consult /usr/share/portage/config/make.conf.example for a more
# detailed example.
CFLAGS="-march=core2 mtune=generic -O2 -pipe -fomit-frame-pointer -mno-tls-direct-seg-refs" #intel xeron e5501
CXXFLAGS="${CFLAGS}"
MAKEOPTS="-j3" #vr provisioned me with 2 cpu's
# WARNING: Changing your CHOST is not something that should be done lightly.
# Please consult http://www.gentoo.org/doc/en/change-chost.xml before changing.
CHOST="x86_64-pc-linux-gnu"
# These are the USE flags that were used in addition to what is provided by the
# profile used for building.
USE="mmx sse sse2" #these were pre-configured
PORTDIR_OVERLAY=/usr/local/portage #And so was this
|
http://en.gentoo-wiki.com/wiki/Safe_Cflags/Intel#Core_2_Duo.2FQuad.2C_Xeon_51xx.2F53xx.2F54xx.2C_Pentium_Dual-Core_T23xx.2B.2FExxxx.2C_Celeron_Dual-Core
Also I was able to get their kernel config file using zcat /proc/config.gz
http://paste.pocoo.org/show/241001/
I currently have gentoo-sources installed and I am set to the hardened profile.
Before I go any further, I'm going to see what you say about my CFLAGS first. Hopefully things look a little more sane.
Chris
Again thanks for being patient with me. |
|
| Back to top |
|
|
idella4
Retired Dev
Joined: 09 Jun 2006
Posts: 1600
Location: Australia, Perth
|
| Posted: Sat Jul 24, 2010 7:33 am Post subject: |
|
|
razixx
| Quote: |
Before I go any further, I'm going to see what you say about my CFLAGS first
|
a good idea. The below is from your emerge --info
| Code: |
Portage 2.1.8.3 (selinux/v2refpolicy/amd64/hardened, gcc-4.3.4, glibc-2.11.2-r0, 2.6.34-xen-vr.org x86_64)
=================================================================
System uname: Linux-2.6.34-xen-vr.org-x86_64-Intel-R-_Xeon-R-_CPU_E5504_@_2.00GHz-with-gentoo-1.12.13
|
This is mine
| Code: |
idella@genny /mnt/suse/boot/grub $ emerge --info
Portage 2.1.8.3 (default/linux/x86/10.0/desktop, gcc-4.3.4, glibc-2.11.2-r0, 2.6.32-xen-r1 i686)
=================================================================
System uname: Linux-2.6.32-xen-r1-i686-Intel-R-_Core-TM-2_Duo_CPU_E6550_@_2.33GHz-with-gentoo-2.0.1
|
You've clearly selected the Dual core settings from the wiki, so as long as you have 2 cpus listed, then that's fine.
I think nocona is for 32 bit, and native I'm not sure. You've read the manual just recently.
Just remember that the vm came with march=native, so any problems you can always try reverting to what worked first.
Speaking of what worked first, initiallt your USE flags were
| Code: |
USE="amd64 berkdb cli cracklib crypt cxx dri fortran hardened iconv ipv6 mmx modules mudflap ncurses nls openmp pam pcre perl pic pppd python readline reflection selinux session spl sse sse2 ssl tcpd xorg zlib" ="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="fbdev glint intel mach64 mga neomagic nv r128 radeon savage sis tdfx trident vesa via vmware voodoo" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
|
Well, ALSA_CARDS & ALSA_PCM_PLUGINS & LCD_DEVICES & VIDEO_CARDS & XTABLES_ADDONS can certainly be cut down / refined, your current setting is
| Code: |
USE="mmx sse sse2" #these were pre-configured
|
Here is mine
| Code: |
USE="x86 acl alsa aio apm -archive* -adns% arts audiofile avi bash-completion berkdb bluetooth bmp -branding cdparanoia cdr consolekit crypt ctype cups dba dbmaker -debug -doc dga dv dvd dvdread esd encode ethereal -examples extras fam fbcon -fbcondor ffmpeg firefox flac ftp gdbm gif gnome gnutls gphoto gpm gstreamer gtk2 -hardened imagemagick inifile ipv6 java jpeg kde ladcca ldap libg++ lm_sensors mbox mime mp3 mpeg mozilla mono mmap mng msn mysql ncurses nptlonly ogg openal opengl oss pam perl png pnp posix python qdbm qt quicktime readline ruby samba scanner shared sdl slp sndfile sockets source ssl svg svga theora truetype -unicode usb v4l videos vorbis wifi win32codecs X xine xinerama xml xml2 xv zlib libvirtd lxc network -avahi -caps -iscsi -lvm -nfs -numa -one -openvz -parted -phyp -policykit -qemu -sasl (-selinux) -udev -uml -virtualbox -xen -gnome-keyring -curl -fdt -hardened -kvm-trace -pulseaudio -sasl -vde arm cris i386 m68k microblaze mips mips64 mips64el mipsel ppc ppc64 ppcemb sh4 sh4eb sparc sparc64 x86_64 alpha arm armeb ppc64abi32 sparc32plus -libffi -test -lapack fortran openmp sse sse2 threads (-altivec) -extra-tools -ipv6 hal udev -archive -glade -nautilus -kerberos -minimal -tdbtest ldap netapi smbclient -addns -ads -caps -cluster -examples -ldb -samba4 -smbsharemodes -syslog -tools -winbind bzip2 corefonts fftw jpeg perl png svg tiff truetype xml zlib -autotrace -djvu -doc -fontconfig -fpx -graphviz -gs -hdri -jbig -jpeg2k -lcms -lqr -nocxx -openexr -q32 -q8 -raw -wmf gstreamer websockets -coverage -pango -optimized-qmake% handbook semantic-desktop (-aqua) (-kdeprefix) -gdu% -python3% gtk%* -thumbnail% udev%* -gdu% -libnotify -lcms% mudflap nls nptl (-altivec) -bootstrap -build -doc (-fixed-point) -gcj -graphite (-hardened) (-libffi) (-multilib) -multislot (-n32) (-n64) cxx -objc -objc++ -objc-gc -test -vanilla -optimized-qmake% client%* server%* gdbm (wide-unicode) xml -sqlite -tk -wininst -multimedia% -SECURITY_HAZARD% -idn% (-libsigsegv%) -quota -swat -zeroconf -static% xcb* (-gallium) (-ps3) fftw* -lcms% png%* -gd -latex -postgres -vim-syntax -modperl -vhosts -jabber urandom -animgif -acm -custom-cflags -flask -pae -xsm sql webkit lcms dbus qt4 -eap-sim -fast-eap -madwifi -wps gtk pm-utils ioctl -macvtap% -pcap% -qemu* -xen* (-one%) -static-libs% (-gold%) -glibc-omitfp -profile -ada -trace net -afs -bashlogger -mem-scramble -plugins -gmp -static -xattr pcre -pic -multitarget -nopie% -nossp% -loop-aes -old-linux -slang (-uclibc) -emacs (-devfs-compat%*) -lzma mdev%* -ipv6% -make-symlinks -savedconfig cracklib -audit -skey tcpd -X509 -hpn -libedit (-pkcs11%) (-smartcard%)"
|
Mind you I probably have quite a bit of dead wood in there, settings of packages that have long been outdated and replaced.
I have in fact just updated system which made for the addition of the last 2 - 3 dozen.
| Code: |
idella@genny /mnt/suse/boot/grub $ sudo emerge -pv system
Password:
These are the packages that would be merged, in order:
Calculating dependencies... done!
[ebuild R ] sys-devel/gnuconfig-20100403 0 kB
[ebuild R ] sys-libs/zlib-1.2.5-r2 0 kB
[ebuild R ] sys-devel/patch-2.6.1 USE="-static -test" 0 kB
[ebuild R ] app-arch/bzip2-1.0.5-r1 USE="-static" 0 kB
[ebuild R ] app-arch/cpio-2.11 USE="nls" 0 kB
[ebuild R ] sys-apps/which-2.20 0 kB
[ebuild R ] sys-libs/ncurses-5.7-r5 USE="cxx gpm -ada -debug -doc -minimal -profile -static-libs -trace -unicode" 0 kB
[ebuild R ] sys-kernel/linux-headers-2.6.34 0 kB
[ebuild R ] sys-devel/m4-1.4.14-r1 USE="-examples" 0 kB
[ebuild R ] sys-apps/baselayout-2.0.1 USE="-build" 0 kB
[ebuild R ] sys-apps/man-1.6f-r4 USE="nls -lzma" 0 kB
[ebuild R ] sys-devel/flex-2.5.35 USE="nls -static" 0 kB
[ebuild R ] sys-apps/shadow-4.1.4.2-r4 [color=darkblue] USE[/color]="cracklib nls pam -audit (-selinux) -skey" 0 kB
[ebuild R ] sys-apps/grep-2.6.3 USE="nls pcre" 0 kB
[ebuild R ] app-arch/gzip-1.4 USE="nls -pic -static" 0 kB
[ebuild R ] sys-apps/kbd-1.15.2-r1 USE="nls" 0 kB
[ebuild R ] sys-apps/busybox-1.16.0 [color=darkblue]USE[/color]="mdev pam -debug -ipv6 -make-symlinks -savedconfig (-selinux) -static" 0 kB
[ebuild R ] sys-apps/net-tools-1.60_p20100101055920 USE="nls -static" 0 kB
[ebuild R ] sys-apps/gawk-3.1.8 USE="nls" 0 kB
[ebuild R ] app-arch/tar-1.23-r4 USE="nls -static" 0 kB
[ebuild R ] sys-apps/file-5.04 USE="python" 0 kB
[ebuild R ] sys-devel/make-3.81-r2 USE="nls -static" 0 kB
[ebuild R ] virtual/editor-0 0 kB
[ebuild R ] sys-apps/findutils-4.5.8 USE="nls (-selinux) -static" 0 kB
[ebuild R ] net-misc/wget-1.12-r1 [color=darkblue]USE[/color]="nls ssl -debug -idn -ipv6 -ntlm -static" 0 kB
[ebuild R ] virtual/pager-0 0 kB
[ebuild R ] sys-apps/diffutils-3.0 USE="nls -static" 0 kB
[ebuild R ] sys-apps/texinfo-4.13 USE="nls -static" 0 kB
[ebuild R ] sys-devel/binutils-2.20.1-r1 USE="nls -multislot -multitarget -test -vanilla" 0 kB
[ebuild R ] sys-apps/util-linux-2.18-r1 USE="crypt nls perl -loop-aes -old-linux (-selinux) -slang (-uclibc) -unicode" 0 kB
[ebuild R ] sys-apps/sed-4.2.1 USE="acl nls (-selinux) -static" 0 kB
[ebuild R ] app-shells/bash-4.1_p7 USE="net nls -afs -bashlogger -examples -mem-scramble -plugins -vanilla" 0 kB
[ebuild R ] sys-devel/bison-2.4.2 USE="nls -static" 0 kB
[ebuild R ] net-misc/rsync-3.0.7 USE="acl iconv -ipv6 -static -xattr" 0 kB
[ebuild R ] sys-apps/coreutils-8.5-r1 USE="acl nls -caps -gmp (-selinux) -static -unicode -vanilla -xattr" 0 kB
[ebuild R ] sys-apps/man-pages-3.25 USE="nls" LINGUAS="-cs -da -de -fr -it -ja -nl -pl -ro -ru -zh_CN" 0 kB
[ebuild R ] sys-apps/module-init-tools-3.12 USE="-static" 0 kB
[ebuild R ] net-misc/iputils-20071127-r2 USE="-SECURITY_HAZARD -doc -idn -ipv6 -static" 0 kB
[ebuild R ] sys-process/procps-3.2.8-r1 USE="(-n32) -unicode" 0 kB
[ebuild R ] sys-devel/autoconf-2.65-r1 USE="-emacs" 0 kB
[ebuild R ] sys-fs/e2fsprogs-1.41.12 USE="nls" 0 kB
[ebuild R ] sys-apps/portage-2.1.8.3 USE="-build -doc -epydoc (-python3) (-selinux)" LINGUAS="-pl" 0 kB
[ebuild R ] sys-devel/automake-1.11.1 0 kB
[ebuild R ] sys-devel/libtool-2.2.10 USE="-vanilla" 0 kB
[ebuild R ] sys-process/psmisc-22.11 USE="X nls -ipv6 (-selinux)" 0 kB
[ebuild R ] sys-libs/readline-6.1_p2 0 kB
[ebuild R ] net-misc/openssh-5.5_p1-r2 USE="X ldap pam tcpd -X509 -hpn -kerberos -libedit (-selinux) -skey -static" 0 kB
[ebuild R ] sys-libs/glibc-2.11.2 USE="nls -debug -gd -glibc-omitfp (-hardened) (-multilib) -profile (-selinux) -vanilla" 0 kB
[ebuild R ] sys-devel/gcc-4.4.4-r1 USE="fortran gtk mudflap nls nptl openmp (-altivec) -bootstrap -build -doc (-fixed-point) -gcj -graphite (-hardened) (-libffi) (-multilib) -multislot (-n32) (-n64) -nocxx -nopie -nossp -objc -objc++ -objc-gc -test -vanilla" 0 kB
[ebuild R ] sys-fs/udev-160 USE="extras (-selinux) -test" 0 kB
Total: 50 packages (50 reinstalls), Size of downloads: 0 kB
|
Maybe
| Quote: |
# These are the USE flags that were used in addition to what is provided by the
# profile used for building.
|
this means you've got the rest listed but not showing me. If not, add them
Oh, add this to your plan.
| Code: |
#emerge -pv python-updater gentoolkit
[Observe and add USE flags if any]
#emerge python-updater gentoolkit
#python-updater
#revdep-rebuild
|
and tell me they completed and reported everything is good.
| Quote: |
Again thanks for being patient with me.
|
YOU'RE QUITE WELCOME. I've had the same done for me in the gentoo forum by experienced voluntary helpers.
_________________
idella4@aus |
|
| Back to top |
|
|
razixx
Tux's lil' helper
Joined: 07 Jul 2008
Posts: 75
Location: The Pas, MB
|
| Posted: Sat Jul 24, 2010 5:34 pm Post subject: |
|
|
ok here's my python-updater
| Code: |
webbox ~ # python-updater
* Starting Python Updater...
* Main active version of Python: 2.6
* Active version of Python 2: 2.6
* Active version of Python 3: 3.1
* No packages need to be reinstalled.
|
and revdep-rebuild
| Code: |
revdep-rebuild
* Configuring search environment for revdep-rebuild
* Checking reverse dependencies
* Packages containing binaries and libraries broken by a package update
* will be emerged.
* Collecting system binaries and libraries
* Generated new 1_files.rr
* Collecting complete LD_LIBRARY_PATH
* Generated new 2_ldpath.rr
* Checking dynamic linking consistency
[ 100% ]
* Dynamic linking on your system is consistent... All done.
|
Everything emerged fine and ran with no errors. |
|
| Back to top |
|
|
idella4
Retired Dev
Joined: 09 Jun 2006
Posts: 1600
Location: Australia, Perth
|
| Posted: Sat Jul 24, 2010 5:42 pm Post subject: |
|
|
excellent. You are on track.
Now, the kernel 
_________________
idella4@aus |
|
| Back to top |
|
|
razixx
Tux's lil' helper
Joined: 07 Jul 2008
Posts: 75
Location: The Pas, MB
|
| Posted: Sat Jul 24, 2010 6:10 pm Post subject: |
|
|
OK so I've done as you said earlier and emerged the gentoo-sources.
Replaced .config with the old .config and performed the following
make oldconfig
make menuconfig
make && make modules_install
Here is my kernel config http://paste.pocoo.org/show/241315/
I'm still waiting for it to compile and I will post the results after it's finished. This is for just in case I break it again. lol |
|
| Back to top |
|
|
idella4
Retired Dev
Joined: 09 Jun 2006
Posts: 1600
Location: Australia, Perth
|
| Posted: Sat Jul 24, 2010 6:40 pm Post subject: |
|
|
razixx
ok looking good. I'm overdue to turn this off and retire in this end of the world.
make oldconfig
make menuconfig
isn't quite as I suggested, but we'll see. If it doesn't work the first, no problem. Don't panic
That's part of the territory in getting kernels right. I'd suggest to re-read my previous posts re the kernel.
I ended up giving you some links to guest kernel preparing sites that should give you all the required config.
I have a config in reserve if you get stuck. I'll catch you tomorrow.
_________________
idella4@aus |
|
| Back to top |
|
|
razixx
Tux's lil' helper
Joined: 07 Jul 2008
Posts: 75
Location: The Pas, MB
|
| Posted: Sun Jul 25, 2010 3:02 pm Post subject: |
|
|
I'm starting to make some headway...
I've got the latest gentoo sources and copied vr's config file into it. Paravitualized guest is turned off.
There are no frontend drivers enabled so I'm not to sure what that means. I'm going to test out the configuration before I mirror it in the hardened sources.
Sorry I didn't do this earlier, there were a few things I didn't know at the time when you suggested this option. I assumed there was no way to get the .config file of vr's configuration. Then I found out about /proc/config.gz. I'll let you know how it goes, I got good feeling cause every kernel I've compiled up untill now was paravirt enabled.
Chris |
|
| Back to top |
|
|
idella4
Retired Dev
Joined: 09 Jun 2006
Posts: 1600
Location: Australia, Perth
|
| Posted: Sun Jul 25, 2010 5:13 pm Post subject: |
|
|
razixx
ok looking good. front end drivers are for the guest. Backend for the host.
Remember the config from your vr kernel was booting your gentoo vm.
It should not need much adjustment.
Here are front end drivers
| Quote: |
│ <M> Block-device frontend driver │ │
│ │ <M> Network-device frontend driver │ │
│ │ <M> Network-device frontend driver acceleration for Solarflare NICs │ │
│ │ <M> SCSI frontend driver │ │
│ │ <M> USB frontend driver │ │
│ │ [*] Taking the HCD statistics (for debug) │ │
│ │ [ ] HCD suspend/resume support (DO NOT USE) │ │
│ │ <M> User-space granted page access driver │ │
│ │ <M> Framebuffer-device frontend driver │ │
│ │ <M> Keyboard-device frontend driver │ │
│ │ [ ] Disable serial port drivers │ │
│ │ <*> Export Xen attributes in sysfs │ │
│ │ (256) Number of guest devices │ │
│ │ Xen version compatibility (3.3.0 and later) ---> │ │
│ │ [*] Place shared vCPU info in per-CPU storage │ │
│ └───────────────────────────────────────────────────────────
|
I actually wonder why you really NEED a hardened kernel. Is it essential for your goals?
The above is not a regular kernel, it's a xen kernel. It's sensible to use a xen kernel for a xen guest, all is provided.
You just select for the paravirt guest options and deselect host's options.
Just a week ahead of you, look here
re-post
_________________
idella4@aus |
|
| Back to top |
|
|
razixx
Tux's lil' helper
Joined: 07 Jul 2008
Posts: 75
Location: The Pas, MB
|
| Posted: Mon Jul 26, 2010 6:56 pm Post subject: |
|
|
| Quote: |
I actually wonder why you really NEED a hardened kernel. Is it essential for your goals?
|
I've been pondering the same thing and have come to the conclusion that an selinux enabled kernel should be more then sufficient for my needs. I think it was more of a matter of being able to just say that I can.
The company that provides the image uses a newer xen-sources-2.6.34 hence the PORTDIR_OVERLAY in the make.conf file. I put in a trouble ticket to extract this info.
| Quote: |
Hi Chris,
We use xen-sources with a newer version that requires a portage overlay and the following (although using standard gentoo sources and the xen frontend drivers should work just fine..)
Here are the steps:
emerge --sync
mkdir -p /usr/local/portage/sys-kernel/xen-sources
cd /usr/local/portage/sys-kernel/xen-sources
wget http://gentoo-xen-kernel.googlecode.com/files/xen-sources-2.6.34.ebuild
ebuild xen-sources-2.6.34.ebuild digest
echo "PORTDIR_OVERLAY=/usr/local/portage" >> /etc/make.conf
ACCEPT_KEYWORDS="~amd64" emerge xen-sources
cd /usr/src
rm -rf linux
ln -s linux-2.6.34-xen linux
cd linux
At this point, you can enable xen frontend drivers/make the normal kernel etc. I've also attached our .config here, although you can get it from the running kernel the way that you have.
Thanks,
Mark
|
It would be nice to use the regular Gentoo Sources at least, because I'm most familiar with the menus, but I will settle with this for now, providing I can get selinux up and going. Thank you for the link as well. I will definately bookmark it and reference it later when I go and make a gentoo-sources kernel. I finally booted up a successful xen kernel with some of the options in it that I need and using their overlay and config file.
Thank you for all your help,
Chris |
|
| Back to top |
|
|
idella4
Retired Dev
Joined: 09 Jun 2006
Posts: 1600
Location: Australia, Perth
|
| Posted: Mon Jul 26, 2010 7:17 pm Post subject: |
|
|
razixx aka Chris
I thought you got lost!!! Fell into a canyon or something. welcome back
| Quote: |
I finally booted up a successful xen kernel with some of the options in it that I need and using their overlay and config file.
|
 success! A xen kernel is just a kernel, a regular plus xen kernel requirements. I'd suggest to think of it as a modified capable ++ kernel.
| Quote: |
Thank you for the link as well.
|
which one??
That's good support from them. You definitely have all you need. Question, have you finished with the thread? If so, please mark [solved] in the title.
You got there
_________________
idella4@aus |
|
| Back to top |
|
|
|
Kernel & Hardware
