| 1 |
On 170113-23:50+0100, Miroslav Rovis wrote: |
| 2 |
> I made it! |
| 3 |
> |
| 4 |
> See: |
| 5 |
> http://www.croatiafidelis.hr/foss/cap/cap-170113_tails/ |
| 6 |
> or open: |
| 7 |
> $ <your-browser> \ |
| 8 |
> http://www.croatiafidelis.hr/foss/cap/cap-170113_tails/Screen_170113_2102_g0n_1.webm |
| 9 |
> |
| 10 |
> (and also Screen_170113_2102_g0n_2.webm and Screen_170113_2102_g0n_3.webm ) |
| 11 |
> |
| 12 |
|
| 13 |
Just the end result of how it worked, you can see at, not much there, at this time. |
| 14 |
|
| 15 |
> But there are stories to tell, along with patches to share, and a place |
| 16 |
> for a nice bug report, coming. |
| 17 |
> |
| 18 |
|
| 19 |
Main story, or tip, that I hope might be useful to others, in this |
| 20 |
email. |
| 21 |
--- |
| 22 |
|
| 23 |
This was the successful command that started the domain "tails" (pls. note |
| 24 |
that I will be converting any commands in this email to fit withing 72 |
| 25 |
char lines, but they were without those "\" at end, and were one long line |
| 26 |
each; I'll also be wrapping pastes such as from /var/log/messages): |
| 27 |
|
| 28 |
[So this was the successful command that started the domain "tails"]: |
| 29 |
|
| 30 |
$ virt-install --name tails --disk tails.img --graphics spice --memory 1024 \ |
| 31 |
--cdrom tails-i386-2.9.1.iso --livecd --debug |& tee \ |
| 32 |
virt-install_$(date +%y%m%d_%H%M)_g0n |
| 33 |
|
| 34 |
Also note that the |& tee virt-install_$(date +%y%m%d_%H%M)_g0n is not needed, |
| 35 |
but allows me to reconstruct the procedure, to find it in the logs, and of course |
| 36 |
that redirection (along with the --debug of course) produced the |
| 37 |
debugging log named: |
| 38 |
|
| 39 |
virt-install_170113_0701_g0n |
| 40 |
|
| 41 |
(find it gunzip'ed in the attachment) |
| 42 |
|
| 43 |
However, that command didn't start any GUI, since the no-dbus virt-manager has |
| 44 |
no GUI whatsoever. |
| 45 |
|
| 46 |
But, as you can see from that log virt-install_170113_0701_g0n: |
| 47 |
|
| 48 |
[Fri, 13 Jan 2017 07:01:37 virt-install 5357] DEBUG (virt-install:732) Domain |
| 49 |
state after install: 1 |
| 50 |
|
| 51 |
was there made notice of in bottom, and I take it that it means the domain was |
| 52 |
created and started. |
| 53 |
|
| 54 |
And it also gave advice as to what can be done about it (on a previous line): |
| 55 |
|
| 56 |
[Fri, 13 Jan 2017 07:01:36 virt-install 5357] WARNING (cli:487) Unable to |
| 57 |
connect to graphical console: virt-viewer not installed. Please install the |
| 58 |
'virt-viewer' package. |
| 59 |
|
| 60 |
Which I went about installing, which wasn't easy at all, as you can read below. |
| 61 |
|
| 62 |
During all those 14 hours the VM was running, pretty quietly, it didn't leave |
| 63 |
much in the logs... |
| 64 |
|
| 65 |
During most of which time thereof I made many unsuccessful attempts at |
| 66 |
installing virt-viewer, and eventually I made it to install it, and ran: |
| 67 |
|
| 68 |
$ virt-viewer tails |
| 69 |
|
| 70 |
which shows in the syslog as: |
| 71 |
|
| 72 |
Jan 13 21:02:53 g0n kernel: [270966.343875] grsec: exec of |
| 73 |
/usr/bin/virt-viewer (virt-viewer tails ) by /usr/bin/virt-viewer[bash:30436] |
| 74 |
uid/euid:1000/1000 gid/egid:1000/1000, parent /bin/bash[bash:19756] |
| 75 |
uid/euid:1000/1000 gid/egid:1000/1000 |
| 76 |
|
| 77 |
which is what you can see the screencasts of at: |
| 78 |
|
| 79 |
http://www.croatiafidelis.hr/foss/cap/cap-170113_tails/ |
| 80 |
(the link already given above) |
| 81 |
|
| 82 |
To be honest, it's not at all so easy to track down exactly how I did it. But |
| 83 |
there are a few reasons why I want to do it, the most important being, that I |
| 84 |
need to replicate the entire procedure, patches and all, because I completed |
| 85 |
this installation in my clone machine, which I also use for test-installs |
| 86 |
like this, but the more permanent install I want to do in Air-Gapped [1] |
| 87 |
machine, which never goes online, and which installation I can then clone [2] |
| 88 |
onto this contacting-with-the-dangerous-and-dirty-internet machine (and other |
| 89 |
machines of mine sometimes). |
| 90 |
|
| 91 |
Air-Gapping is complex of course, yes, but it so clean and peaceful. |
| 92 |
Especially the updating the Air-Gapped from my local Gentoo mirror with the |
| 93 |
portage snapshots signed by the Releng Team. My Air-Gapped is pretty reliably |
| 94 |
non-compromised, or at least has been, and continues to be, very difficult to |
| 95 |
compromise. And there'll be some strange things to show from this clone, |
| 96 |
introduced wih this installation, which don't let me calm and peaceful, there |
| 97 |
will be! |
| 98 |
|
| 99 |
Another reason which looke very important to me when I was getting confused if |
| 100 |
no-dbus gtk2 virt-manager, along with virt-viewer, was at all possible, is, I |
| 101 |
even thought for those hard long hours that it looked impossible, that already |
| 102 |
the time was running out to fix |
| 103 |
it for everybody, from older packages that would work... |
| 104 |
|
| 105 |
Because there really ended up being no way that I could do it, pls. look it |
| 106 |
up: |
| 107 |
|
| 108 |
https://packages.gentoo.org/packages/app-emulation/virt-viewer |
| 109 |
|
| 110 |
with, say, what is currently in testing: |
| 111 |
|
| 112 |
https://gitweb.gentoo.org/repo/gentoo.git/tree/app-emulation/virt-viewer/virt-viewer-5.0.ebuild |
| 113 |
|
| 114 |
While I tried patching quite a few files in the virt-viewer-5.0 source, it |
| 115 |
could never anymore be done without making gtk+-2.0 into more of a gtk+-3.0 |
| 116 |
just without the dbus dependency, which I am not apt to accomplishing. |
| 117 |
|
| 118 |
Instead, I had to bump into my local portage repo this one: |
| 119 |
|
| 120 |
https://gitweb.gentoo.org/repo/gentoo.git/tree/app-emulation/virt-viewer/virt-viewer-3.1.ebuild |
| 121 |
|
| 122 |
(of course for both of those --and other packages that I needed to patch--, I |
| 123 |
used the local /usr/portage/app-emulation/virt-viewer to get those ebuilds) |
| 124 |
|
| 125 |
and I was only then able to get that 3.1, patched to 3.1-r1 in my local |
| 126 |
overlay, working, and only after bumping spice-gtk-0.31 to local overlay, and |
| 127 |
recompiling spice-gtk. |
| 128 |
|
| 129 |
Along with the correct changes in /etc/packages{.use/,.mask/} or whatever |
| 130 |
anybody has. |
| 131 |
|
| 132 |
For package.use, add: |
| 133 |
=net-misc/spice-gtk-0.31-r1 gtk2 |
| 134 |
app-emulation/virt-viewer -vnc |
| 135 |
|
| 136 |
For package.mask, add: |
| 137 |
>net-misc/spice-gtk-0.31-r1 |
| 138 |
>app-emulation/virt-viewer-3.1-r1 |
| 139 |
|
| 140 |
Pls. find the two ebuilds gzip'ed in the attachment: |
| 141 |
|
| 142 |
spice-gtk-0.31-r1.ebuild.gz |
| 143 |
virt-viewer-3.1-r1.ebuild.gz |
| 144 |
|
| 145 |
Since this is a user list, here's how the parts relavant to this |
| 146 |
discussion, in my local overlay |
| 147 |
( |
| 148 |
https://wiki.gentoo.org/wiki/Overlay/Local_overlay |
| 149 |
) |
| 150 |
look like: |
| 151 |
|
| 152 |
# ls -lR /usr/local/portage/net-misc/ |
| 153 |
/usr/local/portage/net-misc/: |
| 154 |
total 4 |
| 155 |
drwxr-xr-x 3 root root 4096 2017-01-13 10:02 spice-gtk |
| 156 |
|
| 157 |
/usr/local/portage/net-misc/spice-gtk: |
| 158 |
total 20 |
| 159 |
drwxr-xr-x 2 portage portage 4096 2016-08-25 17:32 files |
| 160 |
-rw-r--r-- 1 root root 2277 2017-01-13 10:02 Manifest |
| 161 |
-rw-r--r-- 1 portage portage 1052 2017-01-13 09:20 metadata.xml |
| 162 |
-rw-r--r-- 1 portage portage 4618 2017-01-13 10:02 spice-gtk-0.31-r1.ebuild |
| 163 |
|
| 164 |
/usr/local/portage/net-misc/spice-gtk/files: |
| 165 |
total 12 |
| 166 |
-rw-r--r-- 1 portage portage 527 2016-08-17 08:36 README.gentoo |
| 167 |
-rw-r--r-- 1 portage portage 1141 2016-08-17 22:13 spice-gtk-0.31-x11-libs.patch |
| 168 |
-rw-r--r-- 1 portage portage 881 2016-08-17 22:13 spice-gtk-0.32-x11-libs.patch |
| 169 |
# ls -lR /usr/local/portage/app-emulation/ |
| 170 |
/usr/local/portage/app-emulation/: |
| 171 |
total 4 |
| 172 |
drwxr-xr-x 2 root root 4096 2017-01-13 20:19 virt-viewer |
| 173 |
|
| 174 |
/usr/local/portage/app-emulation/virt-viewer: |
| 175 |
total 16 |
| 176 |
-rw-r--r-- 1 root root 1902 2017-01-13 20:19 Manifest |
| 177 |
-rw-r--r-- 1 portage portage 452 2016-01-25 00:06 metadata.xml |
| 178 |
-rw-r--r-- 1 portage portage 1047 2017-01-13 20:19 virt-viewer-3.1-r1.ebuild |
| 179 |
-rw-r--r-- 1 portage portage 922 2017-01-13 09:22 virt-viewer-5.0-r1.ebuild |
| 180 |
# |
| 181 |
|
| 182 |
The files that I didn't mention further above, are simply copied over from |
| 183 |
|
| 184 |
/usr/portage/net-misc/spice-gtk |
| 185 |
and |
| 186 |
/usr/portage/app-emulation/virt-viewer |
| 187 |
|
| 188 |
respectively (without the /local/). |
| 189 |
|
| 190 |
The (gzip'ed) virt-viewer-5.0-r1.ebuild is included for completeness, and to |
| 191 |
demonstrate the issue awaiting Gentoo, and any other distro with a |
| 192 |
non-poetterware offer, in the future. |
| 193 |
|
| 194 |
I patched it by placing the patch: |
| 195 |
|
| 196 |
gtk+-2_revert.patch |
| 197 |
|
| 198 |
like this: |
| 199 |
|
| 200 |
# ls -lRa /etc/portage/patches/app-emulation/ |
| 201 |
/etc/portage/patches/app-emulation/: |
| 202 |
total 12 |
| 203 |
drwxr-xr-x 3 portage portage 4096 2017-01-13 10:24 . |
| 204 |
drwxr-xr-x 7 portage portage 4096 2017-01-13 10:24 .. |
| 205 |
drwxr-xr-x 2 portage portage 4096 2017-01-14 09:21 virt-viewer |
| 206 |
|
| 207 |
/etc/portage/patches/app-emulation/virt-viewer: |
| 208 |
total 20 |
| 209 |
drwxr-xr-x 2 portage portage 4096 2017-01-14 09:21 . |
| 210 |
drwxr-xr-x 3 portage portage 4096 2017-01-13 10:24 .. |
| 211 |
-rw-r--r-- 1 portage portage 12189 2017-01-13 17:33 gtk+-2_revert.patch |
| 212 |
# |
| 213 |
|
| 214 |
(as you can see also I ran chown portage:portage on the whole of |
| 215 |
/etc/portage/patches/ dir) |
| 216 |
|
| 217 |
That patch finally got all these properly substituted: |
| 218 |
|
| 219 |
:%s/gtk+-3.0/gtk+-2.0/gc |
| 220 |
:%s/3\.10/2\.24\.31/gc |
| 221 |
:%s/0\.12\.7/0\.12\.12/gc |
| 222 |
:%s/0\.33/0\.31/gc |
| 223 |
:%s/3_10/2_24_31/gc |
| 224 |
:%s/spice-client-gtk-3.0/spice-client-gtk-2.0/gc |
| 225 |
|
| 226 |
(those are commands with my Vim on the four files that this patch patches, |
| 227 |
pls. see the patch), |
| 228 |
|
| 229 |
but it was still to no avail, because they are starting to implement the new |
| 230 |
API of GTK3, and the GTK2, which in Gentoo and in some other distros is kept |
| 231 |
so dbus is not a dependency, don't have those new calls, functions et cetera. |
| 232 |
|
| 233 |
If anybody is interested, I attach the install log: |
| 234 |
|
| 235 |
app-emulation_virt-viewer-5.0-r1_20170113-164725.log.gz |
| 236 |
(that's from /var/log/portage, just I replaced the : with _) |
| 237 |
|
| 238 |
where it's easy to spot lines like: |
| 239 |
|
| 240 |
virt-viewer-app.h:47:5: error: unknown type name 'GtkApplicationClass' |
| 241 |
|
| 242 |
because the new API is missing in GTK2. And the package virt-viewer cannot |
| 243 |
possibly compile. |
| 244 |
|
| 245 |
I will next check this in my Air-Gapped, and post errata if any in the next |
| 246 |
email to this, in slow time. |
| 247 |
|
| 248 |
I hope my experience is useful to other users with dbus-free Gentoo machines |
| 249 |
who want to be able to run Tails via virt-manager in their machines. |
| 250 |
|
| 251 |
Regards! |
| 252 |
--- |
| 253 |
[1] Air-Gapped Gentoo Install, Tentative |
| 254 |
https://forums.gentoo.org/viewtopic-t-987268.html |
| 255 |
[2] Postfix smtp/TLS, Bkp/Cloning Mthd, Censorship/Intrusion |
| 256 |
https://forums.gentoo.org/viewtopic-t-999436.html#7613044 |
| 257 |
|
| 258 |
-- |
| 259 |
Miroslav Rovis |
| 260 |
Zagreb, Croatia |
| 261 |
http://www.CroatiaFidelis.hr |
Archives