PID file path discrepancy for the clamd service in Gentoo Linux

Back in December I noticed that the OpenRC init script for clamd in Gentoo Linux reported the clamd service status as ‘crashed’, when in fact it was still running (I raised Gentoo Linux Bug Report 921088 to report this).

The issue arises because the init script (/etc/init.d/clamd) installed by the clamav ebuild specifies the PID file as /run/clamd.pid whereas the clamd.conf created by the ebuild specifies the PID file as /run/clamav/clamd.pid (it does this by uncommenting a line in the example clamd.conf file extracted from the downloaded clamav source code tarball). In the aforementioned Gentoo Linux bug report I assumed that the init script is incorrect and should be changed to specify the path /run/clamav/clamd.pid specified in the clamd.conf file. However, Gentoo Linux developer Michael Orlitzky stated that the PID file path given in the init script is secure whereas the path given in the config file is not, so the config file should be changed, not the init script. To date, the discrepancy remains in both the Gentoo stable version (1.2.2) and testing version (1.3.1) of the clamav ebuild in the Gentoo Linux ebuild repositories.

Until the ebuild is modified, to avoid the problem occurring I created a script in /etc/local.d/ for OpenRC to run at shutdown to ensure the PID file path is the same in the init script and config file, in case I forget to check this whenever a new version of clamav is installed. The script makes the PID file path in the config file match the file path in the init script, whether that be /run/clamd.pid or /run/clamav/clamd.pid. Obviously, if the former path is secure then that would be preferable, but I have no control over what the ebuild maintainer does, so the script caters for both situations. Anyway, the script I created is listed below.

root # cd /etc/local.d
root # nano 20-clamav.stop
root # chmod +x 20-clamav.stop
root # cat 20-clamav.stop
#!/bin/bash
#
# See Gentoo Bugzilla Bug 921088 for app-antivirus/clamav-1.2.1
# According to Comment 1, the content of /etc/init.d/clamd is correct as: pidfile="/run/${RC_SVCNAME}.pid"
# and the content of /etc/clamav/clamd.conf should be: PidFile /run/clamd.pid
#
# However, (~)clamav-1.3.1 has the following:
# /etc/init.d/clamd contains: pidfile="/run/${RC_SVCNAME}.pid"
# /etc/clamav/clamd.conf contains: PidFile /run/clamav/clamd.pid
#
# Therefore cater for either situation:
if `grep "pidfile=" /etc/init.d/clamd | grep -q clamav`; then
    sed -i 's|PidFile /run/clamd.pid|PidFile /run/clamav/clamd.pid|' /etc/clamav/clamd.conf
elif `grep "pidfile=" /etc/init.d/clamd | grep -q -v clamav`; then
    sed -i 's|PidFile /run/clamav/clamd.pid|PidFile /run/clamd.pid|' /etc/clamav/clamd.conf
fi

Upgrading the Portage Profile to 23.0 in Gentoo Linux (OpenRC) and merging /usr

This week I finally had some spare time to upgrade the Gentoo Linux Portage Profile from 17.1 to 23.0 (see Gentoo Linux News item of 22 March 2024 titled ‘Profile upgrade to version 23.0 available‘) in my two Gentoo Linux installations: one Stable (amd64), the other Testing (~amd64). Both installations use OpenRC and therefore they had a split /usr directory structure, as shown below for my Testing installation:

fitzcarraldo@meshedgedx ~ $ cd /
fitzcarraldo@meshedgedx ~ $ tree -L 1
.
├── bin
├── boot
├── cgroup
├── dev
├── etc
├── home
├── install-data
├── lib
├── lib64
├── lost+found
├── media
├── mnt
├── opt
├── proc
├── restartkde.sh
├── root
├── run
├── sbin
├── sys
├── tmp
├── unlock.sh
├── usr
└── var

22 directories, 2 files

(Ignore the two shell scripts shown in the output above; they are scripts I created.)

I followed the instructions in the above-mentioned Gentoo Linux News item, and had no trouble upgrading the profile in both installations, although the final step of merging the world set using the ‘--emptytree‘ option took three days (painful!) to rebuild the 1742 packages in my Testing installation and 1845 packages in my Stable installation. Both installations initially used the Portage profile ‘default/linux/amd64/17.1/desktop/plasma (stable)‘, so I needed to upgrade them to ‘default/linux/amd64/23.0/split-usr/desktop/plasma (stable)‘. The outcome of each step specified in the news item was as expected, so I will not bother to describe them here other than to mention that one non-essential application package failed to build in Step 16 (‘emerge --ask --emptytree @world‘) during the upgrade of my Stable installation. I uninstalled that package and then used the command ‘emerge --emptytree --resume --skipfirst‘ in order to complete the process.

The purpose of this post is to describe how I migrated the installations from the split /usr directory structure to the merged /usr structure after I had completed upgrading the Portage profile to 23.0. The /usr merging procedure gets rid of the separation of directories /bin and /usr/bin, /sbin and /usr/sbin, /lib and /usr/lib, and /lib64 and /usr/lib64. All the files in the directories in / (root) are merged into their respective counterparts in /usr, and symlinks for the old directories are created instead:

/bin → /usr/bin
/sbin → /usr/sbin
/lib → /usr/lib
/lib64 → /usr/lib64

It is not mandatory to have the merged /usr structure in installations that use OpenRC, therefore I could have left the two installations with the split /usr structure after I had upgraded the Portage profile. However, as Linux installations that use systemd now only support the merged /usr structure, and as packages in Linux distributions that use systemd will be coded to use the merged /usr structure and may possibly be ported to Gentoo Linux at some point, I decided to migrate my installations to use the merged /usr structure. Below I describe how I did that in my Gentoo Linux Testing installation (see also the Gentoo Linux Wiki article merge-usr). The procedure was essentially the same for my Gentoo Linux Stable installation.

1. Install the merge-usr package

meshedgedx /home/fitzcarraldo # cd /
meshedgedx / # emerge --ask sys-apps/merge-usr

These are the packages that would be merged, in order:

Calculating dependencies... done!
Dependency resolution took 15.62 s (backtrack: 0/20).

[ebuild  N     ] sys-apps/merge-usr-6  PYTHON_SINGLE_TARGET="python3_11 -python3_10 -python3_12" 

Would you like to merge these packages? [Yes/No] Yes
>>> Verifying ebuild manifests
>>> Emerging (1 of 1) sys-apps/merge-usr-6::gentoo
>>> Installing (1 of 1) sys-apps/merge-usr-6::gentoo
>>> Recording sys-apps/merge-usr in "world" favorites file...
>>> Completed (1 of 1) sys-apps/merge-usr-6::gentoo
>>> Jobs: 1 of 1 complete                           Load avg: 1.49, 1.34, 0.82

 * GNU info directory index is up-to-date.

2. Perform a dry run of the merge-usr script to check if there would be any problems migrating to the new structure

meshedgedx / # merge-usr --dryrun
INFO: Migrating files from '/bin' to '/usr/bin'
INFO: Skipping symlink '/bin/awk'; '/usr/bin/awk' already exists
INFO: No problems found for '/bin'
INFO: Migrating files from '/sbin' to '/usr/bin'
ERROR: Conflict for symlink '/sbin/lspci': [Errno 2] No such file or directory: '/sbin/lspci'
ERROR: Leaving '/sbin' as a directory due to prior errors
INFO: Migrating files from '/usr/sbin' to '/usr/bin'
INFO: No problems found for '/usr/sbin'
INFO: Migrating files from '/lib' to '/usr/lib'
ERROR: Conflict for special file '/lib/rc/init.d/exclusive/localmount': Special files are not supported
ERROR: Conflict for special file '/lib/rc/init.d/exclusive/net.lo': Special files are not supported
ERROR: Conflict for special file '/lib/rc/init.d/exclusive/checkfs': Special files are not supported
ERROR: Conflict for special file '/lib/rc/init.d/exclusive/modules': Special files are not supported
ERROR: Conflict for special file '/lib/splash/cache/.splash': Special files are not supported
ERROR: Leaving '/lib' as a directory due to prior errors
INFO: Migrating files from '/lib64' to '/usr/lib64'
INFO: No problems found for '/lib64'

The output above showed there were several problems.

3. Resolve all problems identified in the dry run

The first reported error related to /sbin/lspci, so I checked that file:

meshedgedx / # ls -la /sbin/lspci
lrwxrwxrwx 1 root root 15 Mar 30  2010 /sbin/lspci -> /usr/sbin/lspci

Both /sbin/lspci and /usr/sbin/lspci in the above output on screen were highlighted in red and flashing, indicating that /usr/sbin/lspci did not exist, so I deleted the symlink:

meshedgedx / # rm /sbin/lspci

I then re-ran the script to check that the first error had been resolved:

meshedgedx / # merge-usr --dryrun
INFO: Migrating files from '/bin' to '/usr/bin'
INFO: Skipping symlink '/bin/awk'; '/usr/bin/awk' already exists
INFO: No problems found for '/bin'
INFO: Migrating files from '/sbin' to '/usr/bin'
INFO: No problems found for '/sbin'
INFO: Migrating files from '/usr/sbin' to '/usr/bin'
INFO: No problems found for '/usr/sbin'
INFO: Migrating files from '/lib' to '/usr/lib'
ERROR: Conflict for special file '/lib/rc/init.d/exclusive/localmount': Special files are not supported
ERROR: Conflict for special file '/lib/rc/init.d/exclusive/net.lo': Special files are not supported
ERROR: Conflict for special file '/lib/rc/init.d/exclusive/checkfs': Special files are not supported
ERROR: Conflict for special file '/lib/rc/init.d/exclusive/modules': Special files are not supported
ERROR: Conflict for special file '/lib/splash/cache/.splash': Special files are not supported
ERROR: Leaving '/lib' as a directory due to prior errors
INFO: Migrating files from '/lib64' to '/usr/lib64'
INFO: No problems found for '/lib64'

Next I tackled the ‘special file’ error messages:

meshedgedx / # ls -la /lib/rc/init.d/exclusive/localmount
prw-r--r-- 1 root root 0 Dec  5  2005 /lib/rc/init.d/exclusive/localmount
meshedgedx / # ls -la /lib/rc/init.d/exclusive/net.lo
prw-r--r-- 1 root root 0 Dec  5  2005 /lib/rc/init.d/exclusive/net.lo
meshedgedx / # ls -la /lib/rc/init.d/exclusive/checkfs
prw-r--r-- 1 root root 0 Dec  5  2005 /lib/rc/init.d/exclusive/checkfs
meshedgedx / # ls -la /lib/rc/init.d/exclusive/modules
prw-r--r-- 1 root root 0 Dec  5  2005 /lib/rc/init.d/exclusive/modules
meshedgedx / # ls -la /lib/splash/cache/.splash 
prwx------ 1 root root 0 May 25  2012 /lib/splash/cache/.splash

The file /lib/splash/cache/.splash dated 2012 was associated with splashutils, which is no longer installed. The package is not in the Portage tree anymore either. So it was safe to delete it:

meshedgedx / # rm /lib/splash/cache/.splash

The other error messages all related to very old files in the /lib/rc/init.d/exclusive/ directory:

meshedgedx / # file /lib/rc/init.d/exclusive/localmount
/lib/rc/init.d/exclusive/localmount: fifo (named pipe)
meshedgedx / # file /lib/rc/init.d/exclusive/net.lo
/lib/rc/init.d/exclusive/net.lo: fifo (named pipe)
meshedgedx / # file /lib/rc/init.d/exclusive/checkfs 
/lib/rc/init.d/exclusive/checkfs: fifo (named pipe)
meshedgedx / # file /lib/rc/init.d/exclusive/modules 
/lib/rc/init.d/exclusive/modules: fifo (named pipe)

Those pipes were not used any more, so I deleted them all:

meshedgedx / # rm /lib/rc/init.d/exclusive/localmount /lib/rc/init.d/exclusive/net.lo /lib/rc/init.d/exclusive/checkfs /lib/rc/init.d/exclusive/modules

Another re-run of the script showed no problems should occur with the migration:

meshedgedx / # merge-usr --dryrun
INFO: Migrating files from '/bin' to '/usr/bin'
INFO: Skipping symlink '/bin/awk'; '/usr/bin/awk' already exists
INFO: No problems found for '/bin'
INFO: Migrating files from '/sbin' to '/usr/bin'
INFO: No problems found for '/sbin'
INFO: Migrating files from '/usr/sbin' to '/usr/bin'
INFO: No problems found for '/usr/sbin'
INFO: Migrating files from '/lib' to '/usr/lib'
INFO: No problems found for '/lib'
INFO: Migrating files from '/lib64' to '/usr/lib64'
INFO: No problems found for '/lib64'

I was therefore happy to go ahead with the migration.

4. Perform the migration

meshedgedx / # merge-usr
INFO: Migrating files from '/bin' to '/usr/bin'
INFO: Skipping symlink '/bin/awk'; '/usr/bin/awk' already exists
INFO: Replacing '/bin' with a symlink to 'usr/bin'
INFO: Migrating files from '/sbin' to '/usr/bin'
INFO: Replacing '/sbin' with a symlink to 'usr/bin'
INFO: Migrating files from '/usr/sbin' to '/usr/bin'
INFO: Replacing '/usr/sbin' with a symlink to 'bin'
INFO: Migrating files from '/lib' to '/usr/lib'
INFO: Replacing '/lib' with a symlink to 'usr/lib'
INFO: Migrating files from '/lib64' to '/usr/lib64'
INFO: Replacing '/lib64' with a symlink to 'usr/lib64'

As can be seen in the output below, the script successfully changed the directory structure to the required merged /usr structure:

meshedgedx / # tree -L 1
.
├── bin -> usr/bin
├── boot
├── cgroup
├── dev
├── etc
├── home
├── install-data
├── lib -> usr/lib
├── lib64 -> usr/lib64
├── lost+found
├── media
├── mnt
├── opt
├── proc
├── restartkde.sh
├── root
├── run
├── sbin -> usr/bin
├── sys
├── tmp
├── unlock.sh
├── usr
└── var

22 directories, 2 files

5. Change the Gentoo Linux 23.0 profile from the split-usr profile to the merged-usr profile

meshedgedx / # eselect profile show
Current /etc/portage/make.profile symlink:
  default/linux/amd64/23.0/split-usr/desktop/plasma
meshedgedx / # eselect profile list | grep plasma
  [8]   default/linux/amd64/17.1/desktop/plasma (stable)
  [9]   default/linux/amd64/17.1/desktop/plasma/systemd/merged-usr (stable)
  [27]  default/linux/amd64/23.0/desktop/plasma (stable)
  [28]  default/linux/amd64/23.0/desktop/plasma/systemd (stable)
  [48]  default/linux/amd64/23.0/split-usr/desktop/plasma (stable) *
meshedgedx / # eselect profile set 27
meshedgedx / # eselect profile show
Current /etc/portage/make.profile symlink:
  default/linux/amd64/23.0/desktop/plasma

6. Upgrade the Portage world set to take into account the new Portage profile with USE="-split-usr"

meshedgedx / # emerge -uDN @world
Calculating dependencies... done!
Dependency resolution took 153.98 s (backtrack: 0/20).

>>> Verifying ebuild manifests
>>> Emerging (1 of 12) sys-apps/baselayout-2.15::gentoo
>>> Emerging (2 of 12) dev-libs/lzo-2.10::gentoo
>>> Emerging (3 of 12) app-alternatives/bzip2-1::gentoo
>>> Emerging (4 of 12) app-alternatives/gzip-1::gentoo
>>> Emerging (5 of 12) app-alternatives/cpio-0::gentoo
>>> Installing (1 of 12) sys-apps/baselayout-2.15::gentoo
>>> Completed (1 of 12) sys-apps/baselayout-2.15::gentoo
>>> Installing (3 of 12) app-alternatives/bzip2-1::gentoo
>>> Completed (3 of 12) app-alternatives/bzip2-1::gentoo
>>> Installing (4 of 12) app-alternatives/gzip-1::gentoo
>>> Completed (4 of 12) app-alternatives/gzip-1::gentoo
>>> Installing (5 of 12) app-alternatives/cpio-0::gentoo
>>> Completed (5 of 12) app-alternatives/cpio-0::gentoo
>>> Installing (2 of 12) dev-libs/lzo-2.10::gentoo
>>> Completed (2 of 12) dev-libs/lzo-2.10::gentoo
>>> Emerging (6 of 12) app-alternatives/tar-0::gentoo
>>> Installing (6 of 12) app-alternatives/tar-0::gentoo
>>> Completed (6 of 12) app-alternatives/tar-0::gentoo
>>> Emerging (7 of 12) sys-apps/kmod-32-r1::gentoo
>>> Installing (7 of 12) sys-apps/kmod-32-r1::gentoo
>>> Completed (7 of 12) sys-apps/kmod-32-r1::gentoo
>>> Emerging (8 of 12) app-alternatives/awk-4::gentoo
>>> Installing (8 of 12) app-alternatives/awk-4::gentoo
>>> Completed (8 of 12) app-alternatives/awk-4::gentoo
>>> Emerging (9 of 12) sys-apps/coreutils-9.5::gentoo
>>> Installing (9 of 12) sys-apps/coreutils-9.5::gentoo
>>> Completed (9 of 12) sys-apps/coreutils-9.5::gentoo
>>> Emerging (10 of 12) sys-apps/systemd-utils-254.10-r1::gentoo
>>> Installing (10 of 12) sys-apps/systemd-utils-254.10-r1::gentoo
>>> Completed (10 of 12) sys-apps/systemd-utils-254.10-r1::gentoo
>>> Emerging (11 of 12) sys-libs/ncurses-6.4_p20240414::gentoo
>>> Installing (11 of 12) sys-libs/ncurses-6.4_p20240414::gentoo
>>> Completed (11 of 12) sys-libs/ncurses-6.4_p20240414::gentoo
>>> Emerging (12 of 12) sys-apps/shadow-4.14.6::gentoo
>>> Installing (12 of 12) sys-apps/shadow-4.14.6::gentoo
>>> Completed (12 of 12) sys-apps/shadow-4.14.6::gentoo
>>> Jobs: 12 of 12 complete                         Load avg: 2.01, 2.41, 2.39

 * GNU info directory index is up-to-date.
 * After world updates, it is important to remove obsolete packages with
 * emerge --depclean. Refer to `man emerge` for more information.
meshedgedx / # emerge --ask --depclean

 * Always study the list of packages to be cleaned for any obvious
 * mistakes. Packages that are part of the world set will always
 * be kept.  They can be manually added to this set with
 * `emerge --noreplace `.  Packages that are listed in
 * package.provided (see portage(5)) will be removed by
 * depclean, even if they are part of the world set.
 * 
 * As a safety measure, depclean will not remove any packages
 * unless *all* required dependencies have been resolved.  As a
 * consequence of this, it often becomes necessary to run 
 * `emerge --update --newuse --deep @world` prior to depclean.

Calculating dependencies... done!
>>> No packages selected for removal by depclean
>>> To see reverse dependencies, use --verbose
Packages installed:   1742
Packages in world:    323
Packages in system:   49
Required packages:    1742
Number removed:       0

7. Reboot to check that everything works as expected

meshedgedx / # reboot

Job complete.

The migration process in my Gentoo Linux Stable installation was essentially the same as for my Testing installation, except that the dry run of the merge-usr script did not flag any problems and therefore I was able to proceed with the migration without having to make any changes.

Installing TrueType font files in Lubuntu 22.04

Yesterday I looked through some old CDROMs with a view to disposing of them. I came across one from 2001 from a company called Focus Multimedia Limited, titled ‘4,000 fonts – A comprehensive collection of stylish and professional fonts’ for Windows 95 / 98 / Me / NT / 2000 / XP. It is still readable and contains both PostScript and TrueType font files, as well as a Windows application called BOSS Font Manager to view the fonts.

I decided to install the TTF fonts on one of my machines: the family desktop running Lubuntu 22.04. I followed one of the many articles on the Web regarding installing TTF fonts in Ubuntu, but LibreOffice did not list the new fonts in its drop-down menu of fonts. It turned out I needed one more step in order to make the new fonts accessible: I needed to change the permissions of the TTF files that I had copied to the Linux fonts directory. Anyway, below I list all the steps I followed in order to install the new TTF fonts.

1. I inserted the CDROM in the machine’s optical drive

Lubuntu mounted it automatically onto /media/fitzcarraldo/BOSSFONTS/, and a directory /media/fitzcarraldo/BOSSFONTS/Fonts/ contained two sub-directories PSFonts and TTfonts. The latter sub-directory contained sub-directories named ‘A‘ to ‘Z‘, each containing *.ttf font files.

2. I created a system-wide sub-directory for the new font files

As the fonts appear to be from a US company called Arts & Letters, and the CDROM is labelled ‘BOSSFONTS‘, I chose a sub-directory name ‘BossFonts‘ to hold the font files in the Lubuntu system, in order to keep the system directory /usr/share/fonts/ tidy and to segregate the new font files:

user $ sudo mkdir /usr/share/fonts/BossFonts

3. I copied the font files to the directory

user $ sudo cp -r /media/fitzcarraldo/BOSSFONTS/Fonts/TTfonts/*/*.ttf /usr/share/fonts/BossFonts/

4. I updated the system’s font cache

user $ sudo fc-cache -f -v

5. I checked if the fonts were installed

user $ fc-list | grep "BossFonts"

Everything seemed OK, but, when I launched LibreOffice Writer, the new fonts were not shown in Writer’s drop-down menu of fonts.

6. I checked the permissions of already-existing font files and the new font files

user $ ls -la /usr/share/fonts/truetype/noto | head -n 5
total 1132
drwxr-xr-x  2 root root   4096 Jan 10  2022 .
drwxr-xr-x 57 root root   4096 Nov 24  2021 ..
-rw-r--r--  1 root root 107848 Nov 10  2020 NotoMono-Regular.ttf
-rw-r--r--  1 root root 523412 Dec 26  2020 NotoSansMono-Bold.ttf

user $ ls -la /usr/share/fonts/BossFonts/ | head -n 5
total 129260
drwxr-xr-x 2 root root  69632 Apr 23 10:18 .
drwxr-xr-x 9 root root   4096 Apr 23 10:16 ..
-r-------- 1 root root  41868 Apr 23 10:18 ache___b.ttf
-r-------- 1 root root  40868 Apr 23 10:18 ache__cb.ttf

7. I changed the permissions of the new font files

user $ sudo chmod 644 /usr/share/fonts/BossFonts/*.ttf

user $ ls -la /usr/share/fonts/BossFonts/ | head -n 5
total 129260
drwxr-xr-x 2 root root  69632 Apr 23 10:18 .
drwxr-xr-x 9 root root   4096 Apr 23 10:16 ..
-rw-r--r-- 1 root root  41868 Apr 23 10:18 ache___b.ttf
-rw-r--r-- 1 root root  40868 Apr 23 10:18 ache__cb.ttf

Now LibreOffice Writer lists all the fonts. Job done.

Migrating the ebuild repository locations in my Gentoo Linux installations to the current defaults

I installed Gentoo Linux on my two laptops in 2010 and 2015 respectively, long before the distribution’s developers changed the default locations of the repositories for ebuilds and packages in an installation. In 2023 I modified the two installations to use an eselect module instead of the superseded Layman overlay manager (see my earlier post ‘Layman overlay manager in Gentoo Linux superseded by eselect module‘), and the installations continued to function normally. In 2019 the distribution’s developers changed the default locations for the PORTDIR, DISTDIR, REPO_NAME and REPO_BASEDIR directories, although I do not recall seeing any notifications about the change or instructions on how to migrate the repository locations in existing installations. Anyway, today I decided to bite the bullet and migrate the repository locations in my two installations to the latest defaults specified by the developers. The old and new directories are listed in Gentoo Wiki article ‘Default Gentoo ebuild repository location change‘:

Old location
CODE Location before 2019-04-29

REPO_BASEDIR="/usr"
REPO_NAME="portage"
DISTDIR="/usr/portage/distfiles"
PORTDIR="/usr/portage"
TARGET_DISTDIR="/usr/portage/distfiles"
TARGET_PKGDIR="/usr/portage/packages"

New location
CODE Location as of 2019-04-29 and later

REPO_BASEDIR="/var/db/repos"
REPO_NAME="gentoo"
DISTDIR="/var/cache/distfiles"
PORTDIR="/var/db/repos/gentoo"
TARGET_DISTDIR="/var/cache/distfiles"
TARGET_PKGDIR="/var/cache/binpkgs"

The file /etc/portage/make.conf in one of my installations contained the following pertinent variables:

root # grep DIR /etc/portage/make.conf
PORTDIR="/usr/portage"
DISTDIR="${PORTDIR}/distfiles"
PKGDIR="${PORTDIR}/packages"
PORTDIR_OVERLAY="/usr/local/portage ${PORTDIR_OVERLAY}"
PORT_LOGDIR="/var/log/portage"

The repos.conf files contained:

root # cat /etc/portage/repos.conf/eselect-repo.conf
# created by eselect-repo

[guru]
location = /var/db/repos/guru
sync-type = git
sync-uri = https://anongit.gentoo.org/git/repo/proj/guru.git

[torbrowser]
location = /var/db/repos/torbrowser
sync-type = git
sync-uri = https://github.com/gentoo-mirror/torbrowser.git

root # cat /etc/portage/repos.conf/local_overlay.conf 
[local_overlay]
location = /usr/local/portage
masters = gentoo
auto-sync = no

I set about migrating the repository directories to the new default locations using the following steps:

1. I checked what was the current profile

root # eselect profile show
Current /etc/portage/make.profile symlink:
  default/linux/amd64/17.1/desktop/plasma

2. I commented out any PORTDIR, DISTDIR, PKGDIR, PORTDIR_OVERLAY and PORT_LOGDIR entries in /etc/portage/make.conf (man make.conf(5) states that PORTDIR, PORTDIR_OVERLAY and PORT_LOGDIR are deprecated anyway).

3. The directory /var/db/repos/ already existed, so I did not need to create it (I would have created it had it not already existed)

root # ls /var/db/repos/
guru  seden  torbrowser

4. I moved /usr/portage/distfiles/ to /var/cache/distfiles/

root # mv /usr/portage/distfiles /var/cache

5. There was no directory /usr/portage/packages/ in one of the installations, so I did not need to move it to /var/cache/binpkgs/ but I created the latter directory

root # mkdir /var/cache/binpkgs

In the other installation I moved /usr/portage/packages/ to /var/cache/binpkgs/

root # mv /usr/portage/packages /var/cache/binpkgs

6. I moved /usr/portage/ to /var/db/repos/gentoo/

root # mv /usr/portage /var/db/repos/gentoo

So now /var/db/repos/ contained directories with the ebuilds for the main Portage tree and for the third-party overlays:

root # ls /var/db/repos
gentoo  guru  seden  torbrowser

7. I moved /usr/local/portage/ to /var/db/repos/local/

root # mv /usr/local/portage /var/db/repos/local

The ebuild repositories for the main tree, third-party overlays and my local overlay have now all been moved:

root # ls /var/db/repos
gentoo  guru  local  seden  torbrowser

8. I edited the location variable in /etc/portage/repos.conf/gentoo.conf to contain ‘/var/db/repos/gentoo‘

root # grep location /etc/portage/repos.conf/gentoo.conf
location = /usr/portage
root # nano /etc/portage/repos.conf/gentoo.conf
root # grep location /etc/portage/repos.conf/gentoo.conf 
location = /var/db/repos/gentoo

9. I edited the location variable in /etc/portage/repos.conf/local_overlay.conf to contain ‘/var/db/repos/local‘

root # grep location /etc/portage/repos.conf/local_overlay.conf 
location = /usr/local/portage
root # nano /etc/portage/repos.conf/local_overlay.conf 
root # grep location /etc/portage/repos.conf/local_overlay.conf 
location = /var/db/repos/local

10. The location variable in the only other files in directory /etc/portage/repos.conf/ was already set to the correct location, otherwise I would have edited that too

root # ls /etc/portage/repos.conf/
eselect-repo.conf  eselect-repo.conf~  gentoo.conf  local_overlay.conf
root # grep location /etc/portage/repos.conf/eselect-repo.conf*
/etc/portage/repos.conf/eselect-repo.conf:location = /var/db/repos/guru
/etc/portage/repos.conf/eselect-repo.conf:location = /var/db/repos/torbrowser
/etc/portage/repos.conf/eselect-repo.conf~:location = /var/db/repos/guru
/etc/portage/repos.conf/eselect-repo.conf~:location = /var/db/repos/torbrowser

11. I edited any files that I found in /etc/portage/ and in its sub-directories that referenced the old locations

root # grep DIR /etc/portage/make.conf.catalyst
PORTDIR="/usr/portage"
DISTDIR="${PORTDIR}/distfiles"
PKGDIR="${PORTDIR}/packages"
root # nano /etc/portage/make.conf.catalyst
root # grep DIR /etc/portage/make.conf.catalyst
PORTDIR="/var/db/repos/gentoo"
DISTDIR="/var/cache/distfiles"
PKGDIR="/var/cache/binpkgs"
root # grep DIR /etc/portage/make.conf
#PORTDIR="/usr/portage"
#DISTDIR="${PORTDIR}/distfiles"
#PKGDIR="${PORTDIR}/packages"
#PORTDIR_OVERLAY="/usr/local/portage ${PORTDIR_OVERLAY}"
#PORT_LOGDIR="/var/log/portage"
root # nano /etc/portage/make.conf
root # grep DIR /etc/portage/make.conf
PORTDIR="/var/db/repos/gentoo"
DISTDIR="/var/cache/distfiles"
PKGDIR="/var/cache/binpkgs"
#PORTDIR_OVERLAY=""  <<<< Deprecated (see man make.conf)
#PORT_LOGDIR=""  <<<< Deprecated (see man make.conf)

12. I reinstated the profile symlink previously ascertained in Step 1 earlier

root # eselect profile list
realpath: /etc/portage/make.profile: No such file or directory
Available profile symlink targets:
  [1]   default/linux/amd64/17.1 (stable)
  [2]   default/linux/amd64/17.1/selinux (stable)
  [3]   default/linux/amd64/17.1/hardened (stable)
  [4]   default/linux/amd64/17.1/hardened/selinux (stable)
  [5]   default/linux/amd64/17.1/desktop (stable)
  [6]   default/linux/amd64/17.1/desktop/gnome (stable)
  [7]   default/linux/amd64/17.1/desktop/gnome/systemd (stable)
  [8]   default/linux/amd64/17.1/desktop/gnome/systemd/merged-usr (stable)
  [9]   default/linux/amd64/17.1/desktop/plasma (stable)
  [10]  default/linux/amd64/17.1/desktop/plasma/systemd (stable)
  [11]  default/linux/amd64/17.1/desktop/plasma/systemd/merged-usr (stable)
  [12]  default/linux/amd64/17.1/desktop/systemd (stable)
  [13]  default/linux/amd64/17.1/desktop/systemd/merged-usr (stable)
  [14]  default/linux/amd64/17.1/developer (exp)
  [15]  default/linux/amd64/17.1/no-multilib (stable)
  [16]  default/linux/amd64/17.1/no-multilib/hardened (stable)
  [17]  default/linux/amd64/17.1/no-multilib/hardened/selinux (stable)
  [18]  default/linux/amd64/17.1/no-multilib/systemd (dev)
  [19]  default/linux/amd64/17.1/no-multilib/systemd/merged-usr (dev)
  [20]  default/linux/amd64/17.1/no-multilib/systemd/selinux (exp)
  [21]  default/linux/amd64/17.1/no-multilib/systemd/selinux/merged-usr (exp)
  [22]  default/linux/amd64/17.1/systemd (stable)
  [23]  default/linux/amd64/17.1/systemd/merged-usr (stable)
  [24]  default/linux/amd64/17.1/systemd/selinux (exp)
  [25]  default/linux/amd64/17.1/systemd/selinux/merged-usr (exp)
  [26]  default/linux/amd64/17.1/clang (exp)
  [27]  default/linux/amd64/17.1/systemd/clang (exp)
  [28]  default/linux/amd64/17.1/systemd/clang/merged-usr (exp)
  [29]  default/linux/amd64/17.0/x32 (dev)
  [30]  default/linux/amd64/17.0/x32/systemd (exp)
  [31]  default/linux/amd64/17.0/x32/systemd/merged-usr (exp)
  [32]  default/linux/amd64/17.0/musl (dev)
  [33]  default/linux/amd64/17.0/musl/clang (exp)
  [34]  default/linux/amd64/17.0/musl/hardened (exp)
  [35]  default/linux/amd64/17.0/musl/hardened/selinux (exp)
root # eselect profile set 9
root # eselect profile show
Current /etc/portage/make.profile symlink:
  default/linux/amd64/17.1/desktop/plasma

13. I reinstalled Portage for the new repository locations

root # DISTDIR=/var/cache/distfiles PKGDIR=/var/cache/binpkgs emerge -1v portage

14. That completed the migration. I then rebooted and performed the usual ebuild repository update and package upgrade as shown in an earlier post.

Investigating an OpenVPN connection problem in Gentoo Linux and Lubuntu 22.04 but not in Android 13

Back in 2020 I successfully used OpenVPN to access a remote server from my laptop and from my smartphone. Fast forward to 2023 and I needed to use OpenVPN again to access the same remote server. I could again access the remote server when connecting from my smartphone, now running Android 13, using the OpenVPN client app. However, when I tried to use OpenVPN from my laptop running Gentoo Linux, and from my desktop machine running Lubuntu 22.04, VPN connection attempts always timed out. The OpenVPN client configuration file (referred to generically as ‘client.ovpn‘ in some articles, named ‘bsf1.ovpn‘ in my case) and the OpenVPN password were both correct, so I did not understand why a connection could not be established from the laptop and desktop machine to the remote server, especially as there was not a problem connecting from my smartphone running Android 13.

I use KDE in Gentoo Linux, and Lubuntu 22.04 uses LXQt. In both those Desktop Environments I used the relevant GUI front-end to NetworkManager to import the client.ovpn file and to try to connect to the VPN server. As these connection attempts had failed, I launched the OpenVPN client from the command line in Gentoo Linux to see if there were any error messages, and the output is shown below. (For privacy reasons I have annonimised my public IP address, domain, e-mail address, country, location and organisation in all the command line output shown in this post.)

root # openvpn --config bsf1.ovpn
2023-09-30 01:07:02 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2023-09-30 01:07:02 DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher for cipher negotiations. 
2023-09-30 01:07:02 OpenVPN 2.6.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
2023-09-30 01:07:02 library versions: OpenSSL 3.0.10 1 Aug 2023, LZO 2.10
2023-09-30 01:07:02 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Enter Private Key Password:
2023-09-30 01:08:57 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2023-09-30 01:08:58 TCP/UDP: Preserving recently used remote address: [AF_INET]111.222.333.444:1194
2023-09-30 01:08:58 Socket Buffers: R=[131072->131072] S=[16384->16384]
2023-09-30 01:08:58 Attempting to establish TCP connection with [AF_INET]111.222.333.444:1194
2023-09-30 01:08:58 TCP connection established with [AF_INET]111.222.333.444:1194
2023-09-30 01:08:58 TCPv4_CLIENT link local: (not bound)
2023-09-30 01:08:58 TCPv4_CLIENT link remote: [AF_INET]111.222.333.444:1194
2023-09-30 01:08:58 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
2023-09-30 01:08:58 TLS: Initial packet from [AF_INET]111.222.333.444:1194, sid=fc150984 3a9d3b4f
2023-09-30 01:08:58 TLS error: Unsupported protocol. This typically indicates that client and server have no common TLS version enabled. This can be caused by mismatched tls-version-min and tls-version-max options on client and server. If your OpenVPN client is between v2.3.6 and v2.3.2 try adding tls-version-min 1.0 to the client configuration to use TLS 1.0+ instead of TLS 1.0 only
2023-09-30 01:08:58 OpenSSL: error:0A000102:SSL routines::unsupported protocol
2023-09-30 01:08:58 TLS_ERROR: BIO read tls_read_plaintext error
2023-09-30 01:08:58 TLS Error: TLS object -> incoming plaintext read error
2023-09-30 01:08:58 TLS Error: TLS handshake failed
2023-09-30 01:08:58 Fatal TLS error (check_tls_errors_co), restarting
2023-09-30 01:08:58 SIGUSR1[soft,tls-error] received, process restarting
2023-09-30 01:08:58 Restart pause, 1 second(s)
2023-09-30 01:08:59 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2023-09-30 01:08:59 TCP/UDP: Preserving recently used remote address: [AF_INET]111.222.333.444:1194
2023-09-30 01:08:59 Socket Buffers: R=[131072->131072] S=[16384->16384]
2023-09-30 01:08:59 Attempting to establish TCP connection with [AF_INET]111.222.333.444:1194
2023-09-30 01:08:59 TCP connection established with [AF_INET]111.222.333.444:1194
2023-09-30 01:08:59 TCPv4_CLIENT link local: (not bound)
2023-09-30 01:08:59 TCPv4_CLIENT link remote: [AF_INET]111.222.333.444:1194
2023-09-30 01:08:59 TLS: Initial packet from [AF_INET]111.222.333.444:1194, sid=00c193e4 f375c3df
2023-09-30 01:08:59 TLS error: Unsupported protocol. This typically indicates that client and server have no common TLS version enabled. This can be caused by mismatched tls-version-min and tls-version-max options on client and server. If your OpenVPN client is between v2.3.6 and v2.3.2 try adding tls-version-min 1.0 to the client configuration to use TLS 1.0+ instead of TLS 1.0 only
2023-09-30 01:08:59 OpenSSL: error:0A000102:SSL routines::unsupported protocol
2023-09-30 01:08:59 TLS_ERROR: BIO read tls_read_plaintext error
2023-09-30 01:08:59 TLS Error: TLS object -> incoming plaintext read error
2023-09-30 01:08:59 TLS Error: TLS handshake failed
2023-09-30 01:08:59 Fatal TLS error (check_tls_errors_co), restarting
2023-09-30 01:08:59 SIGUSR1[soft,tls-error] received, process restarting
2023-09-30 01:08:59 Restart pause, 1 second(s)
2023-09-30 01:09:00 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2023-09-30 01:09:00 TCP/UDP: Preserving recently used remote address: [AF_INET]111.222.333.444:1194
2023-09-30 01:09:00 Socket Buffers: R=[131072->131072] S=[16384->16384]
2023-09-30 01:09:00 Attempting to establish TCP connection with [AF_INET]111.222.333.444:1194
2023-09-30 01:09:00 TCP connection established with [AF_INET]111.222.333.444:1194
2023-09-30 01:09:00 TCPv4_CLIENT link local: (not bound)
2023-09-30 01:09:00 TCPv4_CLIENT link remote: [AF_INET]111.222.333.444:1194
2023-09-30 01:09:00 TLS: Initial packet from [AF_INET]111.222.333.444:1194, sid=415fddcd dc5faf65
2023-09-30 01:09:01 TLS error: Unsupported protocol. This typically indicates that client and server have no common TLS version enabled. This can be caused by mismatched tls-version-min and tls-version-max options on client and server. If your OpenVPN client is between v2.3.6 and v2.3.2 try adding tls-version-min 1.0 to the client configuration to use TLS 1.0+ instead of TLS 1.0 only
2023-09-30 01:09:01 OpenSSL: error:0A000102:SSL routines::unsupported protocol
2023-09-30 01:09:01 TLS_ERROR: BIO read tls_read_plaintext error
2023-09-30 01:09:01 TLS Error: TLS object -> incoming plaintext read error
2023-09-30 01:09:01 TLS Error: TLS handshake failed
2023-09-30 01:09:01 Fatal TLS error (check_tls_errors_co), restarting
2023-09-30 01:09:01 SIGUSR1[soft,tls-error] received, process restarting
2023-09-30 01:09:01 Restart pause, 1 second(s)
2023-09-30 01:09:02 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2023-09-30 01:09:02 TCP/UDP: Preserving recently used remote address: [AF_INET]111.222.333.444:1194
2023-09-30 01:09:02 Socket Buffers: R=[131072->131072] S=[16384->16384]
2023-09-30 01:09:02 Attempting to establish TCP connection with [AF_INET]111.222.333.444:1194
2023-09-30 01:09:02 TCP connection established with [AF_INET]111.222.333.444:1194
2023-09-30 01:09:02 TCPv4_CLIENT link local: (not bound)
2023-09-30 01:09:02 TCPv4_CLIENT link remote: [AF_INET]111.222.333.444:1194
2023-09-30 01:09:02 TLS: Initial packet from [AF_INET]111.222.333.444:1194, sid=1458e510 821d0c37
2023-09-30 01:09:02 TLS error: Unsupported protocol. This typically indicates that client and server have no common TLS version enabled. This can be caused by mismatched tls-version-min and tls-version-max options on client and server. If your OpenVPN client is between v2.3.6 and v2.3.2 try adding tls-version-min 1.0 to the client configuration to use TLS 1.0+ instead of TLS 1.0 only
2023-09-30 01:09:02 OpenSSL: error:0A000102:SSL routines::unsupported protocol
2023-09-30 01:09:02 TLS_ERROR: BIO read tls_read_plaintext error
2023-09-30 01:09:02 TLS Error: TLS object -> incoming plaintext read error
2023-09-30 01:09:02 TLS Error: TLS handshake failed
2023-09-30 01:09:02 Fatal TLS error (check_tls_errors_co), restarting
2023-09-30 01:09:02 SIGUSR1[soft,tls-error] received, process restarting
2023-09-30 01:09:02 Restart pause, 1 second(s)
2023-09-30 01:09:03 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2023-09-30 01:09:03 TCP/UDP: Preserving recently used remote address: [AF_INET]111.222.333.444:1194
2023-09-30 01:09:03 Socket Buffers: R=[131072->131072] S=[16384->16384]
2023-09-30 01:09:03 Attempting to establish TCP connection with [AF_INET]111.222.333.444:1194
2023-09-30 01:09:03 TCP connection established with [AF_INET]111.222.333.444:1194
2023-09-30 01:09:03 TCPv4_CLIENT link local: (not bound)
2023-09-30 01:09:03 TCPv4_CLIENT link remote: [AF_INET]111.222.333.444:1194
2023-09-30 01:09:03 TLS: Initial packet from [AF_INET]111.222.333.444:1194, sid=9ab3df76 86d3e81d
2023-09-30 01:09:03 TLS error: Unsupported protocol. This typically indicates that client and server have no common TLS version enabled. This can be caused by mismatched tls-version-min and tls-version-max options on client and server. If your OpenVPN client is between v2.3.6 and v2.3.2 try adding tls-version-min 1.0 to the client configuration to use TLS 1.0+ instead of TLS 1.0 only
2023-09-30 01:09:03 OpenSSL: error:0A000102:SSL routines::unsupported protocol
2023-09-30 01:09:03 TLS_ERROR: BIO read tls_read_plaintext error
2023-09-30 01:09:03 TLS Error: TLS object -> incoming plaintext read error
2023-09-30 01:09:03 TLS Error: TLS handshake failed
2023-09-30 01:09:03 Fatal TLS error (check_tls_errors_co), restarting
2023-09-30 01:09:03 SIGUSR1[soft,tls-error] received, process restarting
2023-09-30 01:09:03 Restart pause, 2 second(s)
2023-09-30 01:09:05 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2023-09-30 01:09:05 TCP/UDP: Preserving recently used remote address: [AF_INET]111.222.333.444:1194
2023-09-30 01:09:05 Socket Buffers: R=[131072->131072] S=[16384->16384]
2023-09-30 01:09:05 Attempting to establish TCP connection with [AF_INET]111.222.333.444:1194
2023-09-30 01:09:05 TCP connection established with [AF_INET]111.222.333.444:1194
2023-09-30 01:09:05 TCPv4_CLIENT link local: (not bound)
2023-09-30 01:09:05 TCPv4_CLIENT link remote: [AF_INET]111.222.333.444:1194
2023-09-30 01:09:05 TLS: Initial packet from [AF_INET]111.222.333.444:1194, sid=9f21e4f5 a4d9fecb
2023-09-30 01:09:05 TLS error: Unsupported protocol. This typically indicates that client and server have no common TLS version enabled. This can be caused by mismatched tls-version-min and tls-version-max options on client and server. If your OpenVPN client is between v2.3.6 and v2.3.2 try adding tls-version-min 1.0 to the client configuration to use TLS 1.0+ instead of TLS 1.0 only
2023-09-30 01:09:05 OpenSSL: error:0A000102:SSL routines::unsupported protocol
2023-09-30 01:09:05 TLS_ERROR: BIO read tls_read_plaintext error
2023-09-30 01:09:05 TLS Error: TLS object -> incoming plaintext read error
2023-09-30 01:09:05 TLS Error: TLS handshake failed
2023-09-30 01:09:05 Fatal TLS error (check_tls_errors_co), restarting
2023-09-30 01:09:05 SIGUSR1[soft,tls-error] received, process restarting
2023-09-30 01:09:05 Restart pause, 4 second(s)
2023-09-30 01:09:09 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2023-09-30 01:09:10 TCP/UDP: Preserving recently used remote address: [AF_INET]111.222.333.444:1194
2023-09-30 01:09:10 Socket Buffers: R=[131072->131072] S=[16384->16384]
2023-09-30 01:09:10 Attempting to establish TCP connection with [AF_INET]111.222.333.444:1194
2023-09-30 01:09:10 TCP connection established with [AF_INET]111.222.333.444:1194
2023-09-30 01:09:10 TCPv4_CLIENT link local: (not bound)
2023-09-30 01:09:10 TCPv4_CLIENT link remote: [AF_INET]111.222.333.444:1194
2023-09-30 01:09:10 TLS: Initial packet from [AF_INET]111.222.333.444:1194, sid=bb6d7166 52844953
2023-09-30 01:09:10 TLS error: Unsupported protocol. This typically indicates that client and server have no common TLS version enabled. This can be caused by mismatched tls-version-min and tls-version-max options on client and server. If your OpenVPN client is between v2.3.6 and v2.3.2 try adding tls-version-min 1.0 to the client configuration to use TLS 1.0+ instead of TLS 1.0 only
2023-09-30 01:09:10 OpenSSL: error:0A000102:SSL routines::unsupported protocol
2023-09-30 01:09:10 TLS_ERROR: BIO read tls_read_plaintext error
2023-09-30 01:09:10 TLS Error: TLS object -> incoming plaintext read error
2023-09-30 01:09:10 TLS Error: TLS handshake failed
2023-09-30 01:09:10 Fatal TLS error (check_tls_errors_co), restarting
2023-09-30 01:09:10 SIGUSR1[soft,tls-error] received, process restarting
2023-09-30 01:09:10 Restart pause, 8 second(s)
2023-09-30 01:09:18 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2023-09-30 01:09:18 TCP/UDP: Preserving recently used remote address: [AF_INET]111.222.333.444:1194
2023-09-30 01:09:18 Socket Buffers: R=[131072->131072] S=[16384->16384]
2023-09-30 01:09:18 Attempting to establish TCP connection with [AF_INET]111.222.333.444:1194
2023-09-30 01:09:19 TCP connection established with [AF_INET]111.222.333.444:1194
2023-09-30 01:09:19 TCPv4_CLIENT link local: (not bound)
2023-09-30 01:09:19 TCPv4_CLIENT link remote: [AF_INET]111.222.333.444:1194
2023-09-30 01:09:19 TLS: Initial packet from [AF_INET]111.222.333.444:1194, sid=099e3b11 8ddc87c1
2023-09-30 01:09:19 TLS error: Unsupported protocol. This typically indicates that client and server have no common TLS version enabled. This can be caused by mismatched tls-version-min and tls-version-max options on client and server. If your OpenVPN client is between v2.3.6 and v2.3.2 try adding tls-version-min 1.0 to the client configuration to use TLS 1.0+ instead of TLS 1.0 only
2023-09-30 01:09:19 OpenSSL: error:0A000102:SSL routines::unsupported protocol
2023-09-30 01:09:19 TLS_ERROR: BIO read tls_read_plaintext error
2023-09-30 01:09:19 TLS Error: TLS object -> incoming plaintext read error
2023-09-30 01:09:19 TLS Error: TLS handshake failed
2023-09-30 01:09:19 Fatal TLS error (check_tls_errors_co), restarting
2023-09-30 01:09:19 SIGUSR1[soft,tls-error] received, process restarting
2023-09-30 01:09:19 Restart pause, 16 second(s)
2023-09-30 01:09:35 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2023-09-30 01:09:35 TCP/UDP: Preserving recently used remote address: [AF_INET]111.222.333.444:1194
2023-09-30 01:09:35 Socket Buffers: R=[131072->131072] S=[16384->16384]
2023-09-30 01:09:35 Attempting to establish TCP connection with [AF_INET]111.222.333.444:1194
2023-09-30 01:09:35 TCP connection established with [AF_INET]111.222.333.444:1194
2023-09-30 01:09:35 TCPv4_CLIENT link local: (not bound)
2023-09-30 01:09:35 TCPv4_CLIENT link remote: [AF_INET]111.222.333.444:1194
2023-09-30 01:09:35 TLS: Initial packet from [AF_INET]111.222.333.444:1194, sid=38ffac21 50e59cc4
2023-09-30 01:09:35 TLS error: Unsupported protocol. This typically indicates that client and server have no common TLS version enabled. This can be caused by mismatched tls-version-min and tls-version-max options on client and server. If your OpenVPN client is between v2.3.6 and v2.3.2 try adding tls-version-min 1.0 to the client configuration to use TLS 1.0+ instead of TLS 1.0 only
2023-09-30 01:09:35 OpenSSL: error:0A000102:SSL routines::unsupported protocol
2023-09-30 01:09:35 TLS_ERROR: BIO read tls_read_plaintext error
2023-09-30 01:09:35 TLS Error: TLS object -> incoming plaintext read error
2023-09-30 01:09:35 TLS Error: TLS handshake failed
2023-09-30 01:09:35 Fatal TLS error (check_tls_errors_co), restarting
2023-09-30 01:09:35 SIGUSR1[soft,tls-error] received, process restarting
2023-09-30 01:09:35 Restart pause, 32 second(s)
^C

The error message ‘TLS error: Unsupported protocol. This typically indicates that client and server have no common TLS version enabled.‘ made me suspect that the version of the OpenSSL package (which also provides TLS) in Gentoo Linux on my laptop is incompatible with the version of the OpenSSL package on the remote server.

The command line output in Lubuntu 22.04 on the desktop machine also showed there was a problem with TLS when I tried to launch the VPN client:

user $ sudo openvpn --config bsf1.ovpn
[sudo] password for fitzcarraldo: 
2023-10-03 14:00:43 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2023-10-03 14:00:43 DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-128-CBC' to --data-ciphers or change --cipher 'AES-128-CBC' to --data-ciphers-fallback 'AES-128-CBC' to silence this warning.
2023-10-03 14:00:43 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 14 2022
2023-10-03 14:00:43 library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
2023-10-03 14:00:43 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
🔐 Enter Private Key Password: ************            
2023-10-03 14:00:48 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2023-10-03 14:00:48 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-10-03 14:00:48 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-10-03 14:00:48 RESOLVE: Cannot resolve host address: bsfitzgerald.ddns.net:1194 (Temporary failure in name resolution)
2023-10-03 14:00:48 RESOLVE: Cannot resolve host address: bsfitzgerald.ddns.net:1194 (Temporary failure in name resolution)
2023-10-03 14:00:48 Could not determine IPv4/IPv6 protocol
2023-10-03 14:00:48 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
2023-10-03 14:00:48 SIGUSR1[soft,init_instance] received, process restarting
2023-10-03 14:00:48 Restart pause, 5 second(s)
2023-10-03 14:00:53 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2023-10-03 14:00:53 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-10-03 14:00:53 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-10-03 14:00:55 TCP/UDP: Preserving recently used remote address: [AF_INET]111.222.333.444:1194
2023-10-03 14:00:55 Socket Buffers: R=[131072->131072] S=[16384->16384]
2023-10-03 14:00:55 Attempting to establish TCP connection with [AF_INET]111.222.333.444:1194 [nonblock]
2023-10-03 14:00:55 TCP connection established with [AF_INET]111.222.333.444:1194
2023-10-03 14:00:55 TCP_CLIENT link local: (not bound)
2023-10-03 14:00:55 TCP_CLIENT link remote: [AF_INET]111.222.333.444:1194
2023-10-03 14:00:56 TLS: Initial packet from [AF_INET]111.222.333.444:1194, sid=c3ec9433 c4139af0
2023-10-03 14:00:57 VERIFY OK: depth=1, C=PE, ST=Loreto, L=Iquitos, O=Work, OU=vpn, CN=server, name=server, emailAddress=brian@bsfitzgerald.com
2023-10-03 14:00:57 VERIFY OK: depth=0, C=PE, ST=Loreto, L=Iquitos, O=Work, OU=vpn, CN=server, name=server, emailAddress=brian@bsfitzgerald.com
2023-10-03 14:00:58 OpenSSL: error:0A0C0103:SSL routines::internal error
2023-10-03 14:00:58 TLS_ERROR: BIO read tls_read_plaintext error
2023-10-03 14:00:58 TLS Error: TLS object -> incoming plaintext read error
2023-10-03 14:00:58 TLS Error: TLS handshake failed
2023-10-03 14:00:58 Fatal TLS error (check_tls_errors_co), restarting
2023-10-03 14:00:58 SIGUSR1[soft,tls-error] received, process restarting
2023-10-03 14:00:58 Restart pause, 5 second(s)
2023-10-03 14:01:03 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2023-10-03 14:01:03 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-10-03 14:01:03 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-10-03 14:01:03 TCP/UDP: Preserving recently used remote address: [AF_INET]111.222.333.444:1194
2023-10-03 14:01:03 Socket Buffers: R=[131072->131072] S=[16384->16384]
2023-10-03 14:01:03 Attempting to establish TCP connection with [AF_INET]111.222.333.444:1194 [nonblock]
2023-10-03 14:01:03 TCP connection established with [AF_INET]111.222.333.444:1194
2023-10-03 14:01:03 TCP_CLIENT link local: (not bound)
2023-10-03 14:01:03 TCP_CLIENT link remote: [AF_INET]111.222.333.444:1194
2023-10-03 14:01:03 TLS: Initial packet from [AF_INET]111.222.333.444:1194, sid=486e45aa bbf5d0b0
2023-10-03 14:01:05 VERIFY OK: depth=1, C=GB, ST=Loreto, L=Iquitos, O=Work, OU=vpn, CN=server, name=server, emailAddress=brian@bsfitzgerald.com
2023-10-03 14:01:05 VERIFY OK: depth=0, C=GB, ST=Loreto, L=Iquitos, O=Work, OU=vpn, CN=server, name=server, emailAddress=brian@bsfitzgerald.com
2023-10-03 14:01:05 OpenSSL: error:0A0C0103:SSL routines::internal error
2023-10-03 14:01:05 TLS_ERROR: BIO read tls_read_plaintext error
2023-10-03 14:01:05 TLS Error: TLS object -> incoming plaintext read error
2023-10-03 14:01:05 TLS Error: TLS handshake failed
2023-10-03 14:01:05 Fatal TLS error (check_tls_errors_co), restarting
2023-10-03 14:01:05 SIGUSR1[soft,tls-error] received, process restarting
2023-10-03 14:01:05 Restart pause, 5 second(s)
2023-10-03 14:01:10 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2023-10-03 14:01:10 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-10-03 14:01:10 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-10-03 14:01:10 TCP/UDP: Preserving recently used remote address: [AF_INET]111.222.333.444:1194
2023-10-03 14:01:10 Socket Buffers: R=[131072->131072] S=[16384->16384]
2023-10-03 14:01:10 Attempting to establish TCP connection with [AF_INET]111.222.333.444:1194 [nonblock]
2023-10-03 14:01:10 TCP connection established with [AF_INET]111.222.333.444:1194
2023-10-03 14:01:10 TCP_CLIENT link local: (not bound)
2023-10-03 14:01:10 TCP_CLIENT link remote: [AF_INET]111.222.333.444:1194
2023-10-03 14:01:11 TLS: Initial packet from [AF_INET]111.222.333.444:1194, sid=2523066e a7169e23
2023-10-03 14:01:12 VERIFY OK: depth=1, C=GB, ST=Loreto, L=Iquitos, O=Work, OU=vpn, CN=server, name=server, emailAddress=brian@bsfitzgerald.com
2023-10-03 14:01:12 VERIFY OK: depth=0, C=GB, ST=Loreto, L=Iquitos, O=Work, OU=vpn, CN=server, name=server, emailAddress=brian@bsfitzgerald.com
2023-10-03 14:01:13 OpenSSL: error:0A0C0103:SSL routines::internal error
2023-10-03 14:01:13 TLS_ERROR: BIO read tls_read_plaintext error
2023-10-03 14:01:13 TLS Error: TLS object -> incoming plaintext read error
2023-10-03 14:01:13 TLS Error: TLS handshake failed
2023-10-03 14:01:13 Fatal TLS error (check_tls_errors_co), restarting
2023-10-03 14:01:13 SIGUSR1[soft,tls-error] received, process restarting
2023-10-03 14:01:13 Restart pause, 5 second(s)
^C

The version of OpenSSL currently running on the remote server is as follows:

user $ openssl version
OpenSSL 1.0.2l  25 May 2017

whereas the version of OpenSSL currently running in Gentoo Linux on the laptop is:

user $ openssl version
OpenSSL 3.0.10 1 Aug 2023 (Library: OpenSSL 3.0.10 1 Aug 2023)

and the version of OpenSSL currently running in Lubuntu 22.04 on the desktop machine is:

user $ openssl version
OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)

The last time I successfully used the OpenVPN client on the laptop was in 2020, when the version of OpenSSL on the laptop was 1.1.1g, so my suspicion grew that the root cause of the problem is a version difference in OpenSSL between the client machine and the remote server.

I searched the Web and found OpenVPN bug report #348: ‘2.6 client cannot connect to old 2.2 and 2.1 server‘. Therefore I tried adding the following three lines to the client.ovpn file (bsf1.ovpn) in Gentoo Linux:

tls-cert-profile insecure
providers legacy default
compat-mode 1.1.1

Now the laptop can connect to the remote VPN server via the command line in a terminal window, as shown in the output below:

root # openvpn --config bsf1.ovpn
2023-09-30 03:13:26 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2023-09-30 03:13:26 OpenVPN 2.6.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
2023-09-30 03:13:26 library versions: OpenSSL 3.0.10 1 Aug 2023, LZO 2.10
2023-09-30 03:13:26 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Enter Private Key Password:
2023-09-30 03:13:33 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2023-09-30 03:13:33 TCP/UDP: Preserving recently used remote address: [AF_INET]111.222.333.444:1194
2023-09-30 03:13:33 Socket Buffers: R=[131072->131072] S=[16384->16384]
2023-09-30 03:13:33 Attempting to establish TCP connection with [AF_INET]111.222.333.444:1194
2023-09-30 03:13:33 TCP connection established with [AF_INET]111.222.333.444:1194
2023-09-30 03:13:33 TCPv4_CLIENT link local: (not bound)
2023-09-30 03:13:33 TCPv4_CLIENT link remote: [AF_INET]111.222.333.444:1194
2023-09-30 03:13:33 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
2023-09-30 03:13:33 TLS: Initial packet from [AF_INET]111.222.333.444:1194, sid=4103e161 8493e221
2023-09-30 03:13:34 VERIFY OK: depth=1, C=PE, ST=Loreto, L=Iquitos, O=Work, OU=vpn, CN=server, name=server, emailAddress=brian@bsfitzgerald.com
2023-09-30 03:13:34 VERIFY OK: depth=0, C=PE, ST=Loreto, L=Iquitos, O=Work, OU=vpn, CN=server, name=server, emailAddress=brian@bsfitzgerald.com
2023-09-30 03:13:35 Control Channel: TLSv1, cipher SSLv3 DHE-RSA-AES256-SHA, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2023-09-30 03:13:35 [server] Peer Connection Initiated with [AF_INET]111.222.333.444:1194
2023-09-30 03:13:35 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2023-09-30 03:13:35 TLS: tls_multi_process: initial untrusted session promoted to trusted
2023-09-30 03:13:36 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
2023-09-30 03:13:36 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-options DNS 8.8.8.8,route-gateway 10.10.1.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.10.1.4 255.255.255.0'
2023-09-30 03:13:36 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:2: dhcp-options (2.6.4)
2023-09-30 03:13:36 OPTIONS IMPORT: --ifconfig/up options modified
2023-09-30 03:13:36 OPTIONS IMPORT: route options modified
2023-09-30 03:13:36 OPTIONS IMPORT: route-related options modified
2023-09-30 03:13:36 Using peer cipher 'AES-128-CBC'
2023-09-30 03:13:36 net_route_v4_best_gw query: dst 0.0.0.0
2023-09-30 03:13:36 net_route_v4_best_gw result: via 192.168.96.245 dev wlp3s0
2023-09-30 03:13:36 ROUTE_GATEWAY 192.168.96.245/255.255.255.0 IFACE=wlp3s0 HWADDR=d8:fc:93:c5:f4:6d
2023-09-30 03:13:36 TUN/TAP device tun0 opened
2023-09-30 03:13:36 net_iface_mtu_set: mtu 1500 for tun0
2023-09-30 03:13:36 net_iface_up: set tun0 up
2023-09-30 03:13:36 net_addr_v4_add: 10.10.1.4/24 dev tun0
2023-09-30 03:13:36 net_route_v4_add: 111.222.333.444/32 via 192.168.96.245 dev [NULL] table 0 metric -1
2023-09-30 03:13:36 net_route_v4_add: 0.0.0.0/1 via 10.10.1.1 dev [NULL] table 0 metric -1
2023-09-30 03:13:36 net_route_v4_add: 128.0.0.0/1 via 10.10.1.1 dev [NULL] table 0 metric -1
2023-09-30 03:13:36 UID set to nobody
2023-09-30 03:13:36 GID set to nogroup
2023-09-30 03:13:36 Capabilities retained: CAP_NET_ADMIN
2023-09-30 03:13:36 Initialization Sequence Completed
2023-09-30 03:13:36 Data Channel: cipher 'AES-128-CBC', auth 'SHA256', compression: 'lzo'
2023-09-30 03:13:36 Timers: ping 10, ping-restart 12
[...]

and I can access the SMB shares on the remote server by entering ‘smb://192.168.0.10‘ in the Dolphin file manager’s window in KDE on the laptop.

However, if I terminate the openvpn client on the command line and then import the modified bsf1.ovpn file into NetworkManager using plasma-nm (the KDE GUI front-end to NetworkManager), connection attempts to the VPN still time out. The created NetworkManager connection file /etc/NetworkManager/system-connections/bsf1.nmconnection does not contain the settings in the additional three lines that I added to the client.ovpn file, as apparently they are meaningless to NetworkManager. When I use the plasma-nm GUI to import the client.ovpn file I assume plasma-nm or NetworkManager simply ignore the additional three lines when they parse the configuration file.

In Lubuntu 22.04 I edited bsf1.ovpn to add the three lines:

tls-cert-profile insecure
providers legacy default
compat-mode 1.1.1

and launched the openvpn client from the command line, but OpenVPN objected to the compat-mode line:

user $ sudo openvpn --config wjh1.ovpn
Options error: Unrecognized option or missing or extra parameter(s) in bsf1.ovpn:93: compat-mode (2.5.5)
Use --help for more information.

For the openvpn client command to execute successfully in Lubuntu 22.04 I had to omit the line ‘compat-mode 1.1.1‘, i.e. the two manually-added lines to bsf1.ovpn in Lubuntu 22.04 are:

tls-cert-profile insecure
providers legacy default

In my situation (i.e. the client is using OpenSSL 3.x.x in Lubuntu 22.04 and the remote server is using OpenSSL 1.x.x) the VPN connection still times out when attempting to connect using the GUI front-end (nm-tray or nm-applet) to NetworkManager in LXQt, so the work-around is still to launch the OpenVPN client from the command line as already explained:

user $ openvpn --conf bsf1.ovpn

and I can access the SMB shares on the remote server by entering ‘smb://192.168.0.10‘ in the PCManFM-Qt file manager’s window in LXQt on the desktop machine.

The remaining question I had was why my Samsung Galaxy Note 20 Ultra 5G running Android 13 can connect to the remote server via OpenVPN. I suspected that Android 13 uses an earlier version of OpenSSL that is compatible with the version on the remote server. A little research online showed me that Android 13 (and a couple of previous versions of Android) uses a Google fork of OpenSSL called BoringSSL. So, to find the version of OpenSSL/BoringSSL in Android 13, I cloned the BoringSSL repository on my laptop:

user $ git clone https://android.googlesource.com/platform/external/boringssl

and then I searched for the environment variable OPENSSL_VERSION_TEXT:

user $ grep -r OPENSSL_VERSION_TEXT boringssl/*
boringssl/include/openssl/crypto.h:// OPENSSL_VERSION_TEXT contains a string the identifies the version of
boringssl/include/openssl/crypto.h:#define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1 (compatible; BoringSSL)"
boringssl/src/include/openssl/crypto.h:// OPENSSL_VERSION_TEXT contains a string the identifies the version of
boringssl/src/include/openssl/crypto.h:#define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1 (compatible; BoringSSL)"
boringssl/src/crypto/crypto_test.cc:// Test that OPENSSL_VERSION_NUMBER and OPENSSL_VERSION_TEXT are consistent.
boringssl/src/crypto/crypto_test.cc:// Node.js parses the version out of OPENSSL_VERSION_TEXT instead of using
boringssl/src/crypto/crypto_test.cc:            std::string(OPENSSL_VERSION_TEXT).substr(0, strlen(expected)));

As I had surmised, OpenSSL (well, the fork BoringSSL) in Android 13 is Version 1.1.1. That is why the original bsf1.ovpn still works with the OpenVPN client on my phone to access the OpenVPN server running on the remote server.

By the way, in order to use OpenVPN in Lubuntu 22.04, you need to install the following three Ubuntu packages:

openvpn
network-manager-openvpn
network-manager-openvpn-gnome (despite Lubuntu using LXQt rather than GNOME)

The NetworkManager GUI front-end nm-tray does not support password asking, so you need to use the NetworkManager GUI front-end nm-applet to connect to the VPN (assuming both client and server have compatible versions of OpenSSL, that is). You can either type ‘nm-applet‘ on the command line or you can switch to using nm-applet instead of nm-tray by deselecting nm-tray in LXQt ‘Application Menu’ > ‘Preferences’ > ‘LXQt Settings’ > ‘Session Settings’ > ‘Autostart’ and adding nm-applet to the Autostart list. See Lubuntu Manual Appendix G Advanced Networking for further details. As already mentioned, in my situation the client is using OpenSSL 3.x.x and the server is using OpenSSL 1.x.x so the VPN connection still times out, therefore the work-around is still to launch openvpn from the command line:

user $ openvpn --conf bsf1.ovpn

To summarise my situation:

On my smartphone running Android 13 I simply use the OpenVPN client app for Android with the original client.ovpn configuration file (named ‘bsf1.ovpn‘ in my case) in order to connect to the VPN server on the remote server running OpenSSL 1.0.2l.

In Gentoo Linux currently running OpenSSL 3.0.10, I have to edit the original client.ovpn configuration file and add three lines, then launch the openvpn client from the command line in a terminal window in order to connect to the VPN server on the remote server running OpenSSL 1.0.2l.

In Lubuntu 22.04 currently running OpenSSL 3.0.2, I have to edit the original client.ovpn configuration file and add two lines, then launch the openvpn client from the command line in a terminal window in order to connect to the VPN server on the remote server running OpenSSL 1.0.2l.

The bottom line is: To avoid problems, check you have the same version of OpenSSL installed in the client and server devices when using OpenVPN.

Layman overlay manager in Gentoo Linux superseded by eselect module

Last week, when upgrading the world packages on my machines running Gentoo Linux, I noticed that the package for the Layman overlay manager app-portage/layman is masked for removal:

root # eix -I layman
[?] app-portage/layman
     Available versions:  [M]2.4.3^t [M]**9999*l^t {cvs darcs g-sorcery +git gpg mercurial sqlite squashfs subversion sync-plugin-portage test PYTHON_TARGETS="pypy3 python3_10 python3_11"}
     Installed versions:  2.4.3^t(00:28:13 04/05/23)(git sync-plugin-portage -cvs -darcs -g-sorcery -gpg -mercurial -sqlite -squashfs -subversion -test PYTHON_TARGETS="python3_11 -pypy3 -python3_10")
     Homepage:            https://wiki.gentoo.org/wiki/Layman
     Description:         Tool to manage Gentoo overlays

The ‘eselect repository’ eselect module supersedes layman and is now the way to manage ebuild repositories. So I needed to configure my machines to use the eselect module and to remove Layman.

First I checked which third-party Portage overlays were being managed by Layman in my installations:

root # layman -l

 * guru                      [Git       ] (https://anongit.gentoo.org/git/repo/proj/guru.git                                             )
 * seden                     [Git       ] (https://anongit.gentoo.org/git/user/seden.git                                                 )

root # ls /var/lib/layman/
cache_930c3ed4a5f89f74fd810585751a06e3.timestamp  cache_ac494f50f5736be7871962c0dec7b3bb.timestamp  guru           seden
cache_930c3ed4a5f89f74fd810585751a06e3.xml        cache_ac494f50f5736be7871962c0dec7b3bb.xml        installed.xml

The repos.conf directory on my machines each had three configuration files (one for the main Portage repository; one for the Layman-managed third-party overlays; one for my local overlay on the machine):

root # ls /etc/portage/repos.conf
gentoo.conf  layman.conf  local_overlay.conf

The layman.conf file contained the information on the third-party overlays:

root # cat /etc/portage/repos.conf/layman.conf 
[guru]
priority = 50
location = /var/lib/layman/guru
layman-type = git
sync-type = laymansync
sync-uri = https://anongit.gentoo.org/git/repo/proj/guru.git
auto-sync = Yes

[seden]
priority = 50
location = /var/lib/layman/seden
layman-type = git
sync-type = laymansync
sync-uri = https://anongit.gentoo.org/git/user/seden.git
auto-sync = Yes

There was also a directory /etc/layman/ containing more Layman files:

root # ls /etc/layman/
layman.cfg  overlays

The first thing I did was to use Layman to delete the two third-party overlays:

root # layman -d guru

 * Deleting selected overlay(s)...
 * Deleting directory "/var/lib/layman/guru"
 * Successfully deleted overlay(s) guru.

root # layman -d seden

 * Deleting selected overlay(s)...
 * Deleting directory "/var/lib/layman/seden"
 * Successfully deleted overlay(s) seden.

Then I installed the eselect-repository package:

root # emerge eselect-repository
Calculating dependencies... done!
Dependency resolution took 36.59 s.


!!! The following installed packages are masked:
- app-portage/layman-2.4.3::gentoo (masked by: package.mask)
/usr/portage/profiles/package.mask:
# David Seifert  (2023-05-19)
# Abandoned, replaced by 'eselect repository', tons of open bugs.
# Removal on 2023-08-17. Bug #761199.

For more information, see the MASKED PACKAGES section in the emerge
man page or refer to the Gentoo Handbook.

>>> Verifying ebuild manifests
>>> Emerging (1 of 1) app-eselect/eselect-repository-13::gentoo
>>> Installing (1 of 1) app-eselect/eselect-repository-13::gentoo
>>> Completed (1 of 1) app-eselect/eselect-repository-13::gentoo
>>> Jobs: 1 of 1 complete                           Load avg: 1.17, 0.62, 0.34

 * GNU info directory index is up-to-date.

Then I used the ‘eselect repository‘ command to re-add the two overlays:

root # eselect repository add guru git https://anongit.gentoo.org/git/repo/proj/guru.git
--2023-06-25 14:09:31--  https://qa-reports.gentoo.org/output/repos/repositories.xml
Resolving qa-reports.gentoo.org... 151.101.61.91, 2a04:4e42:82::347
Connecting to qa-reports.gentoo.org|151.101.61.91|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 253999 (248K) [text/xml]
Saving to: ‘/root/.cache/eselect-repo/repositories.xml’

repositories.xml                               100%[====================================================================================================>] 248.05K  --.-KB/s    in 0.06s   

2023-06-25 14:09:32 (4.19 MB/s) - ‘/root/.cache/eselect-repo/repositories.xml’ saved [253999/253999]

Adding guru to /etc/portage/repos.conf/eselect-repo.conf ...
Repository guru added
root # eselect repository add seden git https://anongit.gentoo.org/git/user/seden.git
Adding seden to /etc/portage/repos.conf/eselect-repo.conf ...
Repository seden added

Then I synchronised the two overlays with their respective repository:

root # emaint sync -r guru
>>> Syncing repository 'guru' into '/var/db/repos/guru'...
/usr/bin/git clone --depth 1 https://anongit.gentoo.org/git/repo/proj/guru.git .
Cloning into '.'...
remote: Enumerating objects: 9267, done.
remote: Counting objects: 100% (9267/9267), done.
remote: Compressing objects: 100% (8162/8162), done.
remote: Total 9267 (delta 1303), reused 7128 (delta 1010), pack-reused 0
Receiving objects: 100% (9267/9267), 6.53 MiB | 3.11 MiB/s, done.
Resolving deltas: 100% (1303/1303), done.
Updating files: 100% (7445/7445), done.
=== Sync completed for guru
!!! Section 'seden' in repos.conf has location attribute set to nonexistent directory: '/var/db/repos/seden'

Performing Global Updates
(Could take a couple of minutes if you have a lot of binary packages.)
  .='update pass'  *='binary update'  #='/var/db update'  @='/var/db move'
  s='/var/db SLOT move'  %='binary move'  S='binary SLOT move'
  p='update /etc/portage/package.*'
/var/db/repos/guru/profiles/updates/3Q-2020.
/var/db/repos/guru/profiles/updates/1Q-2020.
/var/db/repos/guru/profiles/updates/1Q-2021......
/var/db/repos/guru/profiles/updates/2Q-2022.........
/var/db/repos/guru/profiles/updates/4Q-2020...
/var/db/repos/guru/profiles/updates/1Q-2022....
/var/db/repos/guru/profiles/updates/2Q-2020..
/var/db/repos/guru/profiles/updates/3Q-2022.....
/var/db/repos/guru/profiles/updates/1Q-2023......
/var/db/repos/guru/profiles/updates/2Q-2021............
/var/db/repos/guru/profiles/updates/2Q-2023.........
/var/db/repos/guru/profiles/updates/4Q-2021...........
/var/db/repos/guru/profiles/updates/4Q-2022..


!!! Section 'seden' in repos.conf has location attribute set to nonexistent directory: '/var/db/repos/seden'

Action: sync for repo: guru, returned code = 0

root # emaint sync -r seden
>>> Syncing repository 'seden' into '/var/db/repos/seden'...
/usr/bin/git clone --depth 1 https://anongit.gentoo.org/git/user/seden.git .
Cloning into '.'...
remote: Enumerating objects: 160, done.
remote: Counting objects: 100% (160/160), done.
remote: Compressing objects: 100% (143/143), done.
remote: Total 160 (delta 16), reused 29 (delta 4), pack-reused 0
Receiving objects: 100% (160/160), 78.45 KiB | 1.40 MiB/s, done.
Resolving deltas: 100% (16/16), done.
=== Sync completed for seden

Action: sync for repo: seden, returned code = 0

I checked that the repositories are listed correctly (notice that the main Gentoo Linux repository and the third-party overlays have a hash symbol after the name, and my local overlay on the machine has the ‘@‘ symbol after the name):

root # eselect repository list
Available repositories:
  [1]   4nykey (https://github.com/4nykey/4nykey)
  [2]   AlexandreFournier (https://github.com/AlexandreFournier/gentoo-overlay)
  [3]   ArchFeh (https://github.com/ArchFeh/ArchFeh-overlay)
  [4]   AstroFloyd (https://cgit.gentoo.org/user/AstroFloyd.git/)
  [5]   CachyOS-kernels (https://github.com/Szowisz/CachyOS-kernels)
  [6]   Case_Of (https://codeberg.org/Case_Of/gentoo-overlay)
  [7]   Drauthius (https://cgit.gentoo.org/repo/user/Drauthius.git/)
  [8]   EmilienMottet (https://github.com/EmilienMottet/overlay)
  [9]   FireBurn (https://github.com/FireBurn/Overlay)
  [10]  HomeAssistantRepository (https://git.edevau.net/onkelbeh/HomeAssistantRepository)
  [11]  JRG (https://github.com/john-r-graham/jrg-overlay)
  [12]  KBrown-pub (http://sandino.araico.net/)
  [13]  Miezhiko (https://github.com/Miezhiko/Overlay)
  [14]  ROKO__ (https://github.com/sandikata/ROKO__)
  [15]  R_Overlay (https://cgit.gentoo.org/proj/R_overlay.git/)
  [16]  SarahMiaOverlay (https://gitlab.com/SarahMia/sarahmiaoverlay)
  [17]  SwordArMor (https://git.grifon.fr/alarig/SwordArMor-gentoo-overlay)
  [18]  Systole (https://github.com/SystoleOS)
  [19]  ace (https://github.com/ananace/overlay)
  [20]  activehome (https://cgit.gentoo.org/user/activehome.git/)
  [21]  adasss (https://github.com/AdamGiergun/adasss)
  [22]  ag-ops (https://gitlab.com/ILMostro/ag-ops)
  [23]  ago (https://cgit.gentoo.org/dev/ago.git/)
  [24]  ahyangyi-overlay (https://github.com/ahyangyi/ahyangyi-overlay)
  [25]  akater (https://gitlab.com/akater/ebuilds)
  [26]  alatar-lay (https://github.com/alatarum/alatar-lay)
  [27]  alesharik (https://github.com/alesharik/alesharik-overlay)
  [28]  alexxy (https://cgit.gentoo.org/dev/alexxy.git/)
  [29]  alxu (https://cgit.alxu.ca/gentoo-overlay.git/)
  [30]  amano-kenji (https://codeberg.org/amano.kenji/gentoo-overlay)
  [31]  ambasta
  [32]  amedeos (https://github.com/amedeos/amedeos-overlay)
  [33]  anarchy (https://cgit.gentoo.org/dev/anarchy.git/)
  [34]  anard (https://github.com/Anard/anard-overlay)
  [35]  anaximander (https://cgit.gentoo.org/user/anaximander.git/)
  [36]  anders-larsson (https://github.com/anders-larsson/gentoo-overlay)
  [37]  andrey_utkin (https://github.com/andrey-utkin/gentoo-overlay.git)
  [38]  anomen (https://github.com/anomen-s/anomen-overlay)
  [39]  antons-matrix-overlay (https://gitlab.com/anton.molyboha.group/gentoo/overlays/matrix)
  [40]  anyc (https://github.com/anyc/anyc-overlay)
  [41]  ap-overlay (https://gitlab.com/AbhinavPraveen/ap-overlay)
  [42]  apriluwu (https://github.com/apriluwu/gentoo-overlay)
  [43]  argent-main (https://gitlab.com/argent/argent-main)
  [44]  arx-libertatis (https://github.com/arx/ArxGentoo)
  [45]  audio-overlay (https://github.com/gentoo-audio/audio-overlay)
  [46]  average (https://github.com/AnAverageHuman/average)
  [47]  awesome (https://gitlab.awesome-it.de/overlays/awesome)
  [48]  barnowl (https://github.com/wthrowe/barnowl-overlay)
  [49]  beatussum-overlay (https://github.com/beatussum/beatussum-overlay)
  [50]  bell07
  [51]  benzene-overlay (https://github.com/Universebenzene/benzene-overlay)
  [52]  bes (https://github.com/bes-internal/gentoo-overlay-bes)
  [53]  bibletime (https://cgit.gentoo.org/user/bibletime.git/)
  [54]  binaryden (https://github.com/tkemmer/binaryden)
  [55]  bircoph (https://cgit.gentoo.org/dev/bircoph.git/)
  [56]  bitcoin (https://gitlab.com/bitcoin/gentoo.git)
  [57]  blackburn29 (https://github.com/blackburn29/blackburn29-overlay)
  [58]  bobwya (https://github.com/bobwya/miscellaneous_ebuilds)
  [59]  bombo82 (https://github.com/bombo82/bombo82-overlay)
  [60]  booboo (https://github.com/l29ah/booboo)
  [61]  bratishkaerik-overlay (https://git.sr.ht/~bratishkaerik/bratishkaerik-overlay)
  [62]  brave-overlay (https://gitlab.com/jason.oliveira/brave-overlay)
  [63]  brother-overlay (https://github.com/stefan-langenmaier/brother-overlay)
  [64]  broverlay (https://github.com/BROverlay/overlay)
  [65]  bubba (https://github.com/gordonb3/bubba-overlay)
  [66]  bumblebee (https://github.com/Bumblebee-Project/bumblebee-gentoo/)
  [67]  buzden (https://github.com/buzden/buzden-overlay)
  [68]  calculate (http://www.calculate-linux.org)
  [69]  calendulish (https://github.com/calendulish/Overlays)
  [70]  canutethegreat-overlay (http://gentoo.canutethegreat.com/)
  [71]  cdlp (https://codeberg.org/phranz/cdlp)
  [72]  ceamac (https://github.com/ceamac/overlay)
  [73]  certbot-dns-plugins (https://github.com/osirisinferi/certbot-dns-plugins-overlay)
  [74]  cg (https://github.com/brothermechanic/cg)
  [75]  chymeric (https://github.com/TheChymera/overlay)
  [76]  cj-overlay (https://github.com/junghans/cj-overlay)
  [77]  cosmicmod-overlay (https://github.com/cosmicoz/cosmicmod-overlay)
  [78]  cova (https://github.com/cova-fe/cova-overlay)
  [79]  crossdev (https://github.com/alphallc/crossdev/)
  [80]  dargor (https://github.com/dargor/dargor_gentoo_overlay)
  [81]  darkelf (https://cgit.gentoo.org/repo/user/darkelf.git)
  [82]  darthgandalf-overlay (https://github.com/DarthGandalf/gentoo-overlay)
  [83]  defiance (https://github.com/d3fy/defiance-overlay.git)
  [84]  dev1990-overlay (https://github.com/dev-0x7C6/dev1990-overlay.git)
  [85]  didos (https://github.com/prototype99/didos)
  [86]  dilfridge (https://cgit.gentoo.org/dev/dilfridge.git/)
  [87]  dinolay (https://github.com/TruncatedDinosour/dinolay)
  [88]  displacer (https://cgit.gentoo.org/user/displacer.git/)
  [89]  distros (http://www.calculate-linux.org)
  [90]  djc (https://github.com/djc/djc-overlay)
  [91]  dlang (https://github.com/gentoo/dlang)
  [92]  dm9pZCAq (https://notabug.org/dm9pZCAq/dm9pZCAq-overlay)
  [93]  dwfreed (https://bitbucket.org/dwfreed/dwfreed.gentoo/)
  [94]  dwosky (https://github.com/Dwosky/Dwosky-overlay)
  [95]  earshark (https://github.com/Chemrat/overlay)
  [96]  eclipse (https://github.com/gentoo/eclipse-overlay)
  [97]  edgets (https://github.com/BlueManCZ/edgets)
  [98]  eigenlay (https://gitlab.com/eigennet/eigenlay)
  [99]  einflay (https://github.com/EinstokFair/einflay)
  [100] ejabberd (https://github.com/rion-overlay/ejabberd-overlay)
  [101] electron (https://github.com/elprans/electron-overlay)
  [102] elementary (https://github.com/pimvullers/elementary)
  [103] emacs (https://wiki.gentoo.org/wiki/Project:Emacs/Overlay)
  [104] enlightenment-live (https://github.com/rafspiny/enlightenment-live)
  [105] equaeghe (https://github.com/equaeghe/gentoo-overlay/)
  [106] eras-overlay (https://github.com/erayaslan/eras-overlay)
  [107] erayd (https://github.com/erayd/overlay)
  [108] escpr2 (https://gitlab.com/at.gentoo.repo/epson-inkjet-printer-escpr2)
  [109] eugene-bright (https://github.com/eugene-bright/eugene-bright-overlay)
  [110] ext-devlibs (https://gitlab.com/extsidvind/ext-devlibs)
  [111] farmboy0 (https://github.com/farmboy0/portage-overlay)
  [112] fem-overlay (https://gitlab.fem-net.de/gentoo/fem-overlay)
  [113] feniksa (https://github.com/feniksa/gentoo-overlay)
  [114] ferki (https://github.com/ferki/gentoo-overlay)
  [115] fictitiousexistence (https://gitlab.com/fictitiousexistence-public/gentoo)
  [116] fidonet
  [117] flammie (https://github.com/flammie/flammie-overlay)
  [118] flavour (https://github.com/wimmuskee/flavour)
  [119] flewkey-overlay (https://git.sdf.org/flewkey/flewkey-overlay)
  [120] flexibeast-s6 (https://github.com/flexibeast/gentoo-s6-overlay)
  [121] flightsim (https://github.com/rafaelmartins/flightsim-overlay)
  [122] floppym (https://github.com/floppym/floppym)
  [123] flow (https://gitlab.com/Flow/flow-s-ebuilds)
  [124] flussence (https://repo.or.cz/flussence-overlay.git)
  [125] fol4 (https://gitlab.com/madsl/fol4)
  [126] foo-overlay (https://github.com/slashbeast/foo-overlay)
  [127] fordfrog (https://cgit.gentoo.org/dev/fordfrog.git/)
  [128] fortunelay (https://github.com/Alessandro-Barbieri/fortunelay)
  [129] fowlay (https://github.com/fowlay/fowlay-overlay)
  [130] foxiverlay (https://github.com/Pekkari/foxiverlay)
  [131] fritteli (https://github.com/fritteli/gentoo-overlay)
  [132] frr-gentoo (https://frrouting.org/)
  [133] fyn-overlay (https://github.com/qwe795138426/fyn-overlay)
  [134] gamerlay (https://cgit.gentoo.org/proj/gamerlay.git)
  [135] gbrlsnchs (https://sr.ht/~gbrlsnchs/ebuilds)
  [136] gentoo # (https://gentoo.org/)
  [137] gentoo-bootstrap (https://gitlab.com/stikonas/gentoo-bootstrap)
  [138] gentoo-linux-surface-overlay (http://gentoo.canutethegreat.com/)
  [139] gentoo-zh (https://github.com/microcai/gentoo-zh)
  [140] gentoobr (https://github.com/gentoobr/overlay)
  [141] gerislay (https://cgit.gentoo.org/repo/user/gerislay.git)
  [142] gig (https://github.com/Gig-OS/gig)
  [143] gitlab (https://gitlab.awesome-it.de/overlays/gitlab)
  [144] gnome (https://cgit.gentoo.org/proj/gnome.git/)
  [145] gnu-elpa (https://github.com/houseofsuns/gnu-elpa)
  [146] gnuradio (https://github.com/hololeap/gentoo-gnuradio)
  [147] gnustep (https://cgit.gentoo.org/proj/gnustep.git/)
  [148] goduck777 (https://github.com/goduck777/gentoo-overlay)
  [149] gogooverlay (https://github.com/GoGoOtaku/GoGoOverlay)
  [150] graaff (http://moving-innovations.com/blog/)
  [151] griffon_overlay (https://github.com/windfail/griffon_overlay)
  [152] gsview-overlay (https://github.com/uleysky/gsview-overlay)
  [153] guru # (https://wiki.gentoo.org/wiki/Project:GURU)
  [154] haarp (https://cgit.gentoo.org/user/haarp.git/)
  [155] hamari (https://github.com/hamarituc/gentoo-overlay/)
  [156] hamper-overlay (https://github.com/hamper/hamper-overlay)
  [157] han (https://github.com/hanmertens/han-overlay)
  [158] haskell (https://github.com/gentoo-haskell)
  [159] hep-forge (https://gitlab.com/APN-Pucky/gentoo-hep-forge)
  [160] hering-overlay (https://github.com/internethering/hering-overlay)
  [161] holgersson-overlay (https://git.holgersson.xyz)
  [162] hossie (https://wiki.hossie.de/projekte:gentoo-overlay)
  [163] hotstoast (https://github.com/TomHotston/hotstoast-overlay)
  [164] icinga (https://github.com/antonfischl1980/icinga)
  [165] inode64-overlay (https://github.com/inode64/inode64-overlay)
  [166] ixit (https://github.com/okias/ixit)
  [167] jabuxas (https://github.com/jabuxas/overlay)
  [168] java (https://cgit.gentoo.org/proj/java.git/)
  [169] jjakob (https://github.com/jjakob/gentoo-overlay)
  [170] jkolo (https://git.kolosowscy.pl/jurek/gentoo-overlay)
  [171] jl1990 (https://github.com/jl1990/gentoo-overlay)
  [172] jm-overlay (https://github.com/Jannis234/jm-overlay)
  [173] jmbsvicetto (https://cgit.gentoo.org/repo/dev/jmbsvicetto.git)
  [174] jsteward (https://github.com/KireinaHoro/jsteward)
  [175] junkdrawer (https://github.com/doctaweeks/junkdrawer-overlay)
  [176] kaa (http://www.kaa.org.ua)
  [177] kde (https://kde.gentoo.org)
  [178] khoverlay (https://gitlab.com/khumba/khoverlay)
  [179] konsolebox (https://github.com/konsolebox/overlay)
  [180] kostas-overlay (https://github.com/KostasEreksonas/kostas-overlay)
  [181] kripton-overlay (https://github.com/kripton/kripton-overlay)
  [182] kzd (https://gitlab.com/kzdixon/kzd-ebuilds)
  [183] lab-overlay (https://github.com/positivelab/lab-overlay)
  [184] lanodanOverlay (https://hacktivis.me/git/overlay)
  [185] ledgersmb (https://github.com/ledgersmb/lsmb-overlay)
  [186] leechcraft (https://github.com/0xd34df00d/leechcraft-overlay)
  [187] librepilot (https://github.com/paul-jewell/librepilot-overlay)
  [188] libressl (https://wiki.gentoo.org/wiki/Project:LibreSSL)
  [189] liftm
  [190] lilium (https://github.com/owl4ce/lilium)
  [191] linux-be (https://gitlab.com/linux-be)
  [192] linuxunderground-overlay (https://github.com/linuxunderground/gentoo.overlay)
  [193] lisp (https://cgit.gentoo.org/proj/lisp.git)
  [194] lmiphay (https://cgit.gentoo.org/user/lmiphay.git/)
  [195] loatchi (https://github.com/Loatchi/loatchi-overlay)
  [196] local_overlay @
  [197] loongson (https://github.com/xen0n/loongson-overlay)
  [198] lto-overlay (https://github.com/InBetweenNames/gentooLTO)
  [199] luke-jr (http://luke.dashjr.org)
  [200] maekke (https://cgit.gentoo.org/dev/maekke.git)
  [201] mate-de-gentoo (https://github.com/oz123/mate-de-gentoo)
  [202] megacoffee (http://gentoo-overlay.megacoffee.net)
  [203] melpa (https://github.com/houseofsuns/melpa)
  [204] melpa-stable (https://github.com/houseofsuns/melpa-stable)
  [205] menelkir (https://gitlab.com/menelkir/gentoo-overlay)
  [206] metahax (https://github.com/metafarion/metahax)
  [207] milos-rs (https://github.com/milos-rs/gentoo-overlay)
  [208] miramir (https://github.com/miramir/miramir-layman)
  [209] moexiami (https://github.com/Xiami2012/moexiami-ovl-dev)
  [210] moltonel (https://github.com/vincentdephily/moltonel-ebuilds/)
  [211] moulay (https://gitlab.com/yemou/moulay)
  [212] mrtnvgr (https://github.com/mrtnvgr/gentoo-overlay)
  [213] mschiff (https://cgit.gentoo.org/dev/mschiff.git/)
  [214] multilib-portage (https://cgit.gentoo.org/proj/multilib-portage.git/)
  [215] musl (https://cgit.gentoo.org/proj/musl.git/)
  [216] musl-clang (https://github.com/karlguy/musl-clang/)
  [217] mv (https://cgit.gentoo.org/user/mv.git)
  [218] mva (https://github.com/msva/mva-overlay/)
  [219] myov (https://gitlab.com/xgqt/myov.git)
  [220] myrvolay (https://github.com/myrvogna/myrvolay)
  [221] mysql (https://cgit.gentoo.org/proj/mysql.git/)
  [222] natinst (https://github.com/AndrewAmmerlaan/natinst)
  [223] nelson-graca (https://github.com/nelsongraca/gentoo-overlay)
  [224] nest (https://github.com/SpiderX/portage-overlay)
  [225] nez (https://codeberg.org/nezbednik/repo)
  [226] nico (https://cgit.gentoo.org/user/nico.git/)
  [227] nightfreedom-overlay (https://github.com/night-every/nightfreedom-overlay)
  [228] nitratesky (https://github.com/VTimofeenko/nitratesky)
  [229] nongnu-elpa (https://github.com/houseofsuns/nongnu-elpa)
  [230] nordvpn (https://gitlab.com/lahouari.dc/nordvpn/)
  [231] nymphos (https://github.com/neeshy/nymphos)
  [232] oddlama (https://github.com/oddlama/overlay)
  [233] odroidc4 (https://github.com/svoop/odroidc4-overlay)
  [234] okh (https://github.com/OlexiyKhokhlov/okh-overlay)
  [235] olifre (https://github.com/olifre/olifre-portage)
  [236] openclonk (http://www.openclonk.org/)
  [237] oubliette (https://github.com/nabbi/oubliette-overlay)
  [238] overseerr-overlay (https://github.com/chriscpritchard/overseerr-overlay)
  [239] oxen-overlay (https://github.com/xutaxkamay/gentoo-oxen)
  [240] palemoon (https://github.com/deu/palemoon-overlay)
  [241] pdilung (https://github.com/pdilung/gentoo-overlay/)
  [242] pentoo (http://www.pentoo.ch)
  [243] petkovich (https://github.com/jcpetkovich/overlay-petkovich)
  [244] pf4public (https://github.com/PF4Public/gentoo-overlay)
  [245] pg_overlay (https://gitlab.com/Perfect_Gentleman/PG_Overlay)
  [246] phackerlay (https://gitlab.phys-el.ru/gentoo/phackerlay)
  [247] phoenix591 (https://github.com/Phoenix591/gentoo-overlay)
  [248] pholthaus-overlay (https://github.com/pholthau/pholthaus-overlay)
  [249] php-overlay (https://github.com/gentoo-php-overlay/php-overlay)
  [250] pica-pica (https://github.com/antonsviridenko/pica-pica-gentoo-overlay)
  [251] pigfoot (https://cgit.gentoo.org/user/pigfoot.git/)
  [252] piniverlay (https://github.com/pinicarus/gentoo-overlay)
  [253] pinkbyte (https://github.com/Pinkbyte/pinkbyte-overlay)
  [254] pixlra (https://cgit.gentoo.org/user/carreira.git/)
  [255] pkalin (https://github.com/thinrope/pkalin)
  [256] plex-overlay (https://github.com/comio/plex-overlay)
  [257] powerman (https://github.com/powerman/powerman-overlay)
  [258] ppfeufer-gentoo-overlay (https://github.com/ppfeufer/gentoo-overlay)
  [259] pross (https://github.com/Pross/pross-overlay)
  [260] pyfa (https://github.com/ZeroPointEnergy/gentoo-pyfa-overlay)
  [261] pypi-sci (https://github.com/jiegec/gentoo-pypi-sci)
  [262] qemu-init (https://cgit.gentoo.org/dev/qiaomuf.git/)
  [263] qownnotes-overlay (http://www.qownnotes.org)
  [264] qsx (https://github.com/qsuscs/gentoo-overlay)
  [265] qt (https://github.com/gentoo/qt)
  [266] quarks (https://git.zero-downtime.net/quark)
  [267] r7l (https://github.com/r7l/r7l-overlay)
  [268] racket-overlay (https://gitlab.com/gentoo-racket/gentoo-racket-overlay)
  [269] raiagent (https://github.com/leycec/raiagent)
  [270] rasdark (https://github.com/rasdark/overlay)
  [271] rich0 (https://github.com/rich0/rich0-overlay)
  [272] rimio (https://github.com/rimio/gentoo-overlay)
  [273] rion (https://github.com/rion-overlay)
  [274] riru (https://github.com/pkulev/riru)
  [275] riscv (https://github.com/gentoo/riscv)
  [276] rnp (https://www.rnpgp.org/)
  [277] robert7k (https://github.com/robert7k/gentoo-overlay)
  [278] robertgzr (https://git.sr.ht/~robertgzr/portage)
  [279] roslin (https://gitlab.com/roslin-uberlay/roslin)
  [280] ruby (https://cgit.gentoo.org/proj/ruby)
  [281] ruixi-overlay (https://github.com/Ruixi-rebirth/ruixi-overlay)
  [282] rukruk (https://github.com/Atoms/rukruk)
  [283] ryans (https://github.com/bekcpear/ryans-repos)
  [284] sage-on-gentoo (https://github.com/cschwan/sage-on-gentoo)
  [285] salfter (https://gitlab.com/salfter/portage)
  [286] sam_c (https://github.com/thesamesam/overlay)
  [287] sattvik (https://cgit.gentoo.org/user/sattvik.git/)
  [288] science (https://wiki.gentoo.org/wiki/Project:Science)
  [289] scrill (https://github.com/scrill/scrill-overlay)
  [290] seden # (https://cgit.gentoo.org/user/seden.git/)
  [291] sergiotarxz (https://gitea.sergiotarxz.freemyip.com/sergiotarxz/sergiotarxz-overlay)
  [292] serioussam (https://github.com/tx00100xt/serioussam-overlay)
  [293] setkeh (https://github.com/setkeh/Portage-Overlay)
  [294] sevz (https://gitlab.com/sevz17/sevz-overlay)
  [295] sft (https://github.com/SFTtech/gentoo-overlay)
  [296] sgs (https://github.com/blackm0re/sgs-overlay)
  [297] shnurise (https://github.com/ArsenShnurkov/shnurise)
  [298] simonvanderveldt (https://github.com/simonvanderveldt/simonvanderveldt-overlay)
  [299] sinustrom (https://github.com/zpuskas/sinustrom-gentoo-overlay)
  [300] sk-overlay (https://github.com/scriptkitties/overlay)
  [301] slonko (https://slonko.net/portage)
  [302] smaeul (https://github.com/smaeul/portage-overlay)
  [303] snapd (https://github.com/zigford/snapd)
  [304] sogo-connector (https://cgit.gentoo.org/repo/user/sogo-connector.git/)
  [305] soltys (https://github.com/soltysek/soltys-overlay)
  [306] sorrow (https://gitlab.com/eternal-sorrow/gentoo-local)
  [307] spark-overlay (https://github.com/6-6-6/spark-overlay)
  [308] spikyatlinux (https://github.com/spikyatlinux/ebuilds_for_gentoo)
  [309] sping (https://github.com/hartwork/gentoo-overlay-sping)
  [310] spring (https://github.com/spring/gentoo-overlay)
  [311] src_prepare-overlay (https://gitlab.com/src_prepare/src_prepare-overlay.git)
  [312] ssnb (https://cgit.gentoo.org/repo/user/ssnb.git/)
  [313] sspreitz (https://github.com/sspreitzer/gentoo-repo)
  [314] steam-overlay (https://github.com/anyc/steam-overlay)
  [315] stefantalpalaru (https://github.com/stefantalpalaru/gentoo-overlay)
  [316] stephdewit (https://github.com/stephdewit/gentoo-overlay)
  [317] stha09 (https://github.com/stha09/gpo-stha09)
  [318] stowe-verlay (https://github.com/mwstowe/stowe-verlay)
  [319] strohel (https://github.com/strohel/strohel-overlay)
  [320] stuff (https://github.com/istitov/stuff)
  [321] sunset-repo (https://github.com/Anonymous1157/sunset-repo)
  [322] suntar (https://github.com/suntar/suntar-overlay)
  [323] superposition (https://cgit.gentoo.org/repo/user/superposition.git/)
  [324] supertux88 (https://github.com/SuperTux88/gentoo-overlay)
  [325] swegener (https://dev.gentoo.org/~swegener/)
  [326] tamiko (https://cgit.gentoo.org/repo/dev/tamiko.git/)
  [327] tarantool (https://github.com/tarantool/gentoo-overlay)
  [328] tastytea (https://schlomp.space/tastytea/overlay)
  [329] tatsh-overlay (https://github.com/Tatsh/tatsh-overlay)
  [330] telans (https://github.com/telans/EBUILDS)
  [331] tezeta (https://github.com/tezeta/tezeta-overlay)
  [332] tgbugs-overlay (https://github.com/tgbugs/tgbugs-overlay)
  [333] thegreatmcpain (https://gitlab.com/TheGreatMcPain/thegreatmcpain-overlay)
  [334] third-party-certbot-plugins (https://github.com/osirisinferi/third-party-certbot-plugins)
  [335] tmacedo (https://github.com/tmacedo/portage)
  [336] toniz4-overlay (https://github.com/toniz4/toniz4-overlay.git/)
  [337] toolchain (https://cgit.gentoo.org/proj/toolchain.git/)
  [338] torbrowser (https://github.com/MeisterP/torbrowser-overlay)
  [339] touchfish-os (https://github.com/CHN-beta/touchfish-os)
  [340] trolltoo (https://github.com/dallenwilson/trolltoo)
  [341] tryton (http://www.tryton.org/)
  [342] turret-overlay (https://git.turret.cyou/portage-overlay.git/about/)
  [343] ukui (https://www.ukui.org/)
  [344] ulm (https://cgit.gentoo.org/repo/dev/ulm.git/)
  [345] unc3nsored (https://github.com/xxc3nsoredxx/unc3nsored)
  [346] underworld (https://github.com/DakEnviy/underworld-overlay)
  [347] unity-gentoo (https://github.com/shiznix/unity-gentoo)
  [348] usenet-overlay (https://github.com/xartin/gentoo-overlay)
  [349] vGist (https://github.com/vgist/vgist-overlay)
  [350] vaacus (https://gitlab.com/plexvola/vaacus)
  [351] vapoursynth (https://github.com/4re/vapoursynth-portage)
  [352] vayerx (https://github.com/vayerx/vayerx-gentoo/)
  [353] vespa (https://github.com/thiagovespa/vespa-overlay)
  [354] vifino-overlay (https://github.com/vifino/vifino-overlay)
  [355] violet-funk (https://github.com/MagelessMayhem/violet-funk)
  [356] vklimovs (https://github.com/vklimovs/portage-overlay)
  [357] vmacs (https://cgit.gentoo.org/user/vmacs.git/)
  [358] vortex (https://github.com/nE0sIghT/vortex-overlay)
  [359] vowstar (https://github.com/vowstar/vowstar-overlay)
  [360] voyageur (https://cafarelli.fr/cgi-bin/cgit.cgi/voyageur-overlay/)
  [361] vulkano-edge (https://github.com/thequickfixer/vulkano-edge)
  [362] waebbl (https://github.com/waebbl/waebbl-gentoo)
  [363] waffle-builds (https://github.com/FlyingWaffleDev/waffle-builds)
  [364] wayland-desktop (https://github.com/bsd-ac/wayland-desktop)
  [365] wbrana (https://cgit.gentoo.org/user/wbrana.git/)
  [366] weuxel (https://github.com/Weuxel/portage-weuxel)
  [367] what4-java (https://github.com/kwhat/gentoo-what4-java-overlay)
  [368] wichtounet (https://github.com/wichtounet/wichtounet-overlay)
  [369] without-systemd (https://github.com/KenjiBrown/without-systemd)
  [370] x0rzavi (https://github.com/x0rzavi/x0rzavi-overlay)
  [371] x11 (https://cgit.gentoo.org/proj/x11.git)
  [372] xarblu-overlay (https://github.com/xarblu/xarblu-overlay)
  [373] xdch47 (https://github.com/xdch47/gpo-xdch47)
  [374] xelnor (http://overlay.xelnor.net)
  [375] xoreos (https://github.com/xoreos/gentoo-overlay)
  [376] xwing (https://gentoo.xwing.info)
  [377] yandex (https://github.com/yandex-gentoo/overlay)
  [378] yurij-overlay (https://github.com/yurijmikhalevich/yurij-overlay)
  [379] zGentoo (https://lab.retarded.farm/zappel/zGentoo)
  [380] zeldu (https://github.com/3elDU/gentoo-repository)
  [381] zerodaysfordays (https://git.sr.ht/~jakob/zerodaysfordays)
  [382] zozx-overlay (https://github.com/zozx/zozx-overlay)
  [383] zugaina (http://gpo.zugaina.org/Overlays/zugaina/)
  [384] zyrenth (https://github.com/kabili207/zyrenth-overlay)

These are easier to see by listing only the installed repositories:

root # eselect repository list -i
Available repositories:
  [136] gentoo # (https://gentoo.org/)
  [153] guru # (https://wiki.gentoo.org/wiki/Project:GURU)
  [196] local_overlay @
  [290] seden # (https://cgit.gentoo.org/user/seden.git/)

So, as everything looked correct, I then removed Layman from the installations:

root # emerge --ask --depclean layman

Calculating dependencies... done!
>>> Calculating removal order...

>>> These are the packages that would be unmerged:

 app-portage/layman
    selected: 2.4.3 
   protected: none 
     omitted: none 

All selected packages: =app-portage/layman-2.4.3

>>> 'Selected' packages are slated for removal.
>>> 'Protected' and 'omitted' packages will not be removed.

Would you like to unmerge these packages? [Yes/No] Yes
>>> Waiting 5 seconds before starting...
>>> (Control-C to abort)...
>>> Unmerging in: 5 4 3 2 1
>>> Unmerging (1 of 1) app-portage/layman-2.4.3...
Packages installed:   1826
Packages in world:    254
Packages in system:   48
Required packages:    1826
Number removed:       1

 * GNU info directory index is up-to-date.
root # rm -rf /var/lib/layman
root # rm /etc/portage/repos.conf/layman.conf
root # rm -rf /etc/layman

Notice above that I also deleted all Layman directories and the Layman configuration file in the repos.conf directory.

For good measure I synced the main Portage tree and the two overlays again:

root # emaint sync -a
[...]
x11-misc/compose-tables/compose-tables-1.8.6.ebuild
x11-themes/Manifest.gz
x11-themes/QGnomePlatform/Manifest
x11-themes/QGnomePlatform/QGnomePlatform-0.9.1-r1.ebuild
x11-themes/QGnomePlatform/metadata.xml
x11-themes/numix-icon-theme-circle/Manifest
x11-themes/numix-icon-theme-circle/numix-icon-theme-circle-23.04.28.ebuild
x11-themes/numix-icon-theme/Manifest
x11-themes/numix-icon-theme/numix-icon-theme-23.04.26.ebuild
x11-wm/Manifest.gz
x11-wm/xpra/Manifest
x11-wm/xpra/xpra-4.4.6.ebuild

Number of files: 145,549 (reg: 118,735, dir: 26,814)
Number of created files: 600 (reg: 578, dir: 22)
Number of deleted files: 622 (reg: 600, dir: 22)
Number of regular files transferred: 5,382
Total file size: 190.75M bytes
Total transferred file size: 20.90M bytes
Literal data: 20.90M bytes
Matched data: 0 bytes
File list size: 3.70M
File list generation time: 0.001 seconds
File list transfer time: 0.000 seconds
Total bytes sent: 131.96K
Total bytes received: 16.87M

sent 131.96K bytes  received 16.87M bytes  400.04K bytes/sec
total size is 190.75M  speedup is 11.22
 * Manifest timestamp: 2023-06-25 12:39:45 UTC
 * Valid OpenPGP signature found:
 * - primary key: DCD05B71EAB94199527F44ACDB6B8C1F96D8BF6D
 * - subkey: E1D6ABB63BFCFB4BA02FDF1CEC590EEAC9189250
 * - timestamp: 2023-06-25 12:39:45 UTC
 * Verifying /usr/portage/.tmp-unverified-download-quarantine ...                                                                                                                    [ ok ]
=== Sync completed for gentoo
>>> Syncing repository 'seden' into '/var/db/repos/seden'...
>>> Syncing repository 'guru' into '/var/db/repos/guru'...
/usr/bin/git fetch origin --depth 1
/usr/bin/git fetch origin --depth 1
remote: Total 0 (delta 0), reused 0 (delta 0), pack-reused 0
/usr/bin/git reset --merge refs/remotes/origin/master
=== Sync completed for seden
remote: Total 0 (delta 0), reused 0 (delta 0), pack-reused 0
/usr/bin/git reset --merge refs/remotes/origin/master
=== Sync completed for guru

Action: sync for repo: gentoo, returned code = 0
Action: sync for repo: seden, returned code = 0
Action: sync for repo: guru, returned code = 0

And I made sure the eix and mlocate databases were up-to-date:

root # eix-update && updatedb

My installations have the elogind package installed, but the package could not be re-merged due to an error in the manifest of one of the packages in the seden overlay:

root # eix -I elogind
[U] sys-auth/elogind
     Available versions:  246.10-r3^t [M]~246.9999*l[1] ~252.9^t 252.9^t[1] **252.9999[1] {+acl audit +cgroup-hybrid debug doc efi +pam +policykit selinux test}
     Installed versions:  246.10-r3^t(02:47:54 14/05/23)(acl cgroup-hybrid doc pam policykit -audit -debug -selinux -test)
     Homepage:            https://github.com/elogind/elogind
     Description:         The systemd project's logind, extracted to a standalone package

[1] "seden" /var/db/repos/seden
root # emerge -1v elogind

These are the packages that would be merged, in order:

Calculating dependencies... done!
Dependency resolution took 38.39 s.

[ebuild     U  ] sys-auth/elogind-252.9::seden [246.10-r3::gentoo] USE="acl doc pam (policykit) -audit -debug (-selinux) -test (-cgroup-hybrid%*)" 0 KiB

Total: 1 package (1 upgrade), Size of downloads: 0 KiB

>>> Verifying ebuild manifests

!!! A file listed in the Manifest could not be found: /var/db/repos/seden/sys-auth/elogind/elogind-239.9999.ebuild

Therefore I disabled the seden overlay:

root # eselect repository disable seden
Updating repos.conf ...
1 repositories disabled
root # ls /etc/portage/repos.conf
eselect-repo.conf  eselect-repo.conf~  gentoo.conf  local_overlay.conf
root # cat /etc/portage/repos.conf/eselect-repo.conf
# created by eselect-repo

[guru]
location = /var/db/repos/guru
sync-type = git
sync-uri = https://anongit.gentoo.org/git/repo/proj/guru.git

As can be seen above, the seden overlay is indeed now disabled.

I then rechecked the available packages for elogind:

root # eix-update
root # eix -I elogind
[I] sys-auth/elogind
     Available versions:  246.10-r3^t ~252.9^t {+acl audit +cgroup-hybrid debug doc +pam +policykit selinux test}
     Installed versions:  246.10-r3^t(02:47:54 14/05/23)(acl cgroup-hybrid doc pam policykit -audit -debug -selinux -test)
     Homepage:            https://github.com/elogind/elogind
     Description:         The systemd project's logind, extracted to a standalone package

I was then able to install the latest version of elogind available in the main Portage repository:

root # emerge -1v elogind

These are the packages that would be merged, in order:

Calculating dependencies... done!
Dependency resolution took 14.27 s.

[ebuild   R    ] sys-auth/elogind-246.10-r3::gentoo  USE="acl cgroup-hybrid doc pam (policykit) -audit -debug (-selinux) -test" 0 KiB

Total: 1 package (1 reinstall), Size of downloads: 0 KiB

>>> Verifying ebuild manifests
>>> Emerging (1 of 1) sys-auth/elogind-246.10-r3::gentoo
>>> Installing (1 of 1) sys-auth/elogind-246.10-r3::gentoo
>>> Completed (1 of 1) sys-auth/elogind-246.10-r3::gentoo
>>> Jobs: 1 of 1 complete                           Load avg: 3.12, 2.63, 2.01

 * GNU info directory index is up-to-date.

There we have it. Both my machines with Gentoo Linux installations have been converted successfully from using Layman to using the ‘eselect repository’ module.

Further reading: Gentoo Linux Forums – Migrating from Layman to eselect-repository

Disabling the DebugLoggerUI service app in Android

The following notification appeared every time I switched on my Blackview Tab 10 tablet (Android 11):

DebugLoggerUI

DebugLoggerUI service is running

I cannot remember if this notification started appearing after I upgraded the tablet’s firmware last year to remove a bug in the original firmware (I had contacted Blackview and they supplied me with the updated firmware file plus a Windows 10 tool to update the tablet’s firmware). Anyway, the DebugLoggerUI notification was annoying and the log files it created were not needed either.

I enabled ‘Developer options‘ in Android and selected the settings page for DebugLoggerUI. I tapped the DebugLoggerUI’s wastebin icon to delete the existing log files, then unticked all the listed log files in order to prevent further logging.

The following notification now appeared every time I switched on the tablet, confirming that logging had ceased:

DebugLoggerUI

DebugLoggerUI service is running
Warning: All logs are stopped!!!

However the service was still running and there was no way to permanently disable or uninstall the DebugLoggerUI app from the tablet’s menus. I therefore decided to try to disable the application by using adb (Android Debug Bridge). The procedure I used is listed below.

1. Installed adb tools on the computer

In Lubuntu:

user $ sudo apt install android-tools-adb

In Gentoo Linux:

root # emerge android-tools

2. Enabled ‘Developer Options’ on the tablet

‘Settings’ > ‘About tablet’ and quickly tapped seven times on ‘Build number’.

3. Enabled ‘USB Debugging’ on the tablet

‘Settings’ > ‘System’ > Developer options’, scroll down and tap on ‘USB debugging’. Tapped ‘OK’ when prompted ‘Allow USB debugging?’.

4. Launched adb on the computer

user $ adb start-server

5. Connected the tablet to the computer with a USB cable

user $ adb devices
List of devices attached
DKTAB10EEA007074        unauthorized

A few prompts on the tablet asked whether or not to allow USB debugging. Tapped ‘Always allow from this computer’ and tapped ‘OK’.

6. Checked for a DebugLoggerUI service

user $ adb shell service list | grep -i logger

Nothing was returned.

7. Checked for a DebugLoggerUI app

user $ adb shell pm list packages | grep -i debug
package:com.debug.loggerui
package:com.mediatek.gnssdebugreport

8. Disabled the DebugLoggerUI app

user $ adb shell pm disable-user --user 0 com.debug.loggerui
Package com.debug.loggerui new state: disabled-user

9. Checked if the app is now disabled (enabled=3)

user $ adb shell dumpsys package com.debug.loggerui | grep enabled
    User 0: ceDataInode=467223 installed=true hidden=false suspended=false distractionFlags=0 stopped=false notLaunched=false enabled=3 instant=false virtual=false

N.B. If I want to re-enable the app in future, I would use the following command:

user $ adb shell pm enable --user 0 com.debug.loggerui

10. Stopped the adb server on the computer

user $ adb kill-server

11. Unplugged the phone from the computer.

12. Restarted the tablet.

Great! No more notification message about DebugLoggerUI.

Replacing the cracked screen on a Blackview Tab 10 tablet

Blackview Tab 10 (in its protective case) with original touchscreen.

In a previous post I mentioned that the LCD touchscreen of my Blackview Tab 10 tablet had partially popped out of the tablet’s plastic housing and had developed a crack when I tried to push it back in, as can be seen in the photograph below.

Crack in top right corner of screen of Blackview Tab 10 (in its protective case).

I decided to try to replace the damaged screen, so in April 2022 I contacted Blackview’s customer support department in China to ask if they sell spare parts. They pointed me to the Blackview accessories section of online retailer AliExpress. AliExpress listed a replacement screen specifically for the Tab 10, which cost me just over GBP 87 including postage in May 2022. However, when I tried to remove the tablet’s original screen I damaged the FPC (flexible printed circuit) FFC (flexible flat cable) connecting the tablet’s PCB (printed circuit board) to the screen, shown in the photographs below.

Original FPC attached to PCB of Blackview Tab 10.

Damaged original FPC of Blackview Tab 10.

Basically, I was not careful when removing the part of the FPC that was attached to the back of the screen by a double-sided self-adhesive pad, and the tiny connector socket soldered onto the FPC cable broke off, as shown in the photograph above.

In December 2022 I decided to have another go at repairing the tablet so I contacted Blackview again to ask if they would be able to supply me with a replacement FPC cable for the Tab 10, which they kindly agreed to do. Thumbs up to Blackview for great service.

By the way, when I popped out the original screen from the tablet’s housing I discovered why I had been unable to push the corner of the screen back into the tablet’s housing. There is a row of small rectangular metal blocks along the inside top edge of the original screen, as shown in the photographs below. I assume they were intended to attract a magnetic flap on a cover for the tablet. Anyway, the metal blocks are glued into recesses in the back of the plastic surround of the screen. The block in the top left corner of the screen (looking at the screen from the back) – which I have indicated with a red circle on the second photograph – had come unstuck and had fallen between the back of the screen and the tablet’s PCB. When I tried to press the corner of the screen back into the tablet’s housing, the metal block prevented the screen from being pushed back in and the pressure cracked the screen.

Back of original screen of Blackview Tab 10.

Rear view of top right of original screen of Blackview Tab 10.

To complicate things further, when I removed the original screen I discovered that the replacement screen AliExpress had listed as a Tab 10 component is not exactly the same physically as the original screen; it does not have the same plastic surround as the original screen (see above two photographs) and it could not be clipped into the tablet’s housing. Furthermore, the overall dimensions of the replacement screen are very slightly smaller than the overall dimensions of the original screen, leaving a tiny gap between the edges of the replacement screen and the inside edges of the tablet’s housing, as shown in the photographs below. My solution was to use three double-sided self-adhesive pads to affix the back of the new screen to the inside back of the tablet. Initially I thought about using a silicone sealant or a very thin nitrile rubber cord to plug the gap between the edge of the new screen and the tablet’s housing, but the lip of the protective case that came with the tablet covers some of the gap and it is not very noticeable, as shown in the photographs below. Of course, the only thing stopping the screen falling out of the tablet’s housing is the double-sided self-adhesive pads attaching the back of the screen to the inner back of the tablet, but I am confident that is adequate.

Top left corner of Blackview Tab 10 (in its protective case) with replacement screen fitted.

Bottom right corner of Blackview Tab 10 (in its protective case) with replacement screen fitted.

Blackview Tab 10 (in its protective case) with replacement screen fitted.

Flap of protective case closed on Blackview Tab 10 with replacement screen fitted.

After clumsily damaging the original FPC flat cable last year, this time I was very careful when connecting the replacement FPC cable to the tablet’s PCB and to the replacement screen, and the new screen worked perfectly as soon as I powered up the tablet. In my earlier post I mentioned that the detection of taps was a little slow for the Blackview Tab 10, however the response is now as good as the response of the touchscreen of the Blackview Tab 11. Apart from replacing the Tab 10’s screen, the only difference from the as-bought Tab 10 is that it no longer has a SIM inserted, but I cannot see how that would have any impact on tap detection. Therefore I assume the new screen itself is somehow more responsive than the original screen fitted to the Tab 10.

In conclusion, I am happy to be able to use the Blackview Tab 10 again a year later, as I do not like throwing things away if there is a chance to repair them, albeit the repair cost me about GBP 96 for the replacement screen and FPC cable. My main regret is that, if I had popped out the original screen rather than trying to push it back into the tablet’s housing, I would have noticed the loose metal block and been able to glue it back in place and thus avoided cracking the screen. Still, I suppose I learned about FPC and FFC connectors, and the improved tap response is a welcome outcome.

Continuing my familiarisation with GeckoLinux/openSUSE

In an earlier post I described how I installed and configured GeckoLinux on an old nettop. GeckoLinux is actually pre-configured openSUSE:

GeckoLinux is a set of Linux spins built from the openSUSE distribution, with a focus on polish and out-of-the-box usability on the desktop. It is available in Static (based on openSUSE Leap) and Rolling (based on openSUSE Tumbleweed) editions.

As my old nettop only has an Intel dual-core Atom 330 CPU I wanted to install a spin with a lightweight desktop environment. I opted for the LXQt spin based on openSUSE Tumbleweed (see the aforementioned earlier post for details), and am pleased with its functionality and performance.

Upgrading

Since installing GeckoLinux/openSUSE I have periodically upgraded the installation, which is easy to do using two commands as root user in a terminal window:

ion330ht:/home/fitzcarraldo # zypper refresh
ion330ht:/home/fitzcarraldo # zypper dist-upgrade

(The command ‘zypper dist-upgrade‘ can be shortened to ‘zypper dup‘.)

Rolling back to an earlier snapshot

On one occasion the above-mentioned upgrade process did not work as expected. When I rebooted the nettop, the Display Manager’s login page appeared even though I had previously configured the system to login automatically. Furthermore, nothing happened when I entered my password. Although unwelcome, this meant I could try the openSUSE rollback feature for the first time. I rebooted the nettop and, when the GRUB menu screen appeared, instead of allowing openSUSE to boot normally I selected ‘Start bootloader from a read-only snapshot’. The next screen to appear displayed a list of snapshots; I selected one that appeared to be a snapshot taken before the upgrade. The system then continued booting, logged in automatically and displayed the LXQt Desktop. Great! However, snapshots are read-only so I needed to rollback to it to make it the current installation. After doing that I could then try again to upgrade the installation. A day had passed since the problematic upgrade, so I hoped that whatever package(s) had caused the problem would have already been revised. Anyway, to rollback to the snapshot I entered the following commands as root user:

ion330ht:/home/fitzcarraldo # snapper --ambit classic rollback
ion330ht:/home/fitzcarraldo # reboot

(The simpler command ‘snapper rollback‘ was not accepted in my case; I had to enter the command shown above.)

I then entered the aforementioned two zypper commands in order to refresh the repositories’ metadata and upgrade the installation to latest. This time the upgrade was successful and the nettop rebooted to the LXQt Desktop as expected. Phew! I think the ability to rollback to an earlier snapshot is an excellent feature of openSUSE.

Adding a network management applet to the LXQt Panel

After the steps in my earlier post I did not end up with an icon on the LXQt Panel for a NetworkManager applet, so I decided to add one to the Panel. In the other distributions I have used, the GTK+ package is called ‘nm-applet‘. However in GeckoLinux/openSUSE it is called ‘NetworkManager-applet‘. The package had been installed automatically when I installed GeckoLinux but, when I right-clicked on the LXQt Panel and selected ‘Manage Widgets’, I could not see the widget in the list of available widgets (click on the ‘+’ button). It turns out that I needed to add the ‘Status Notifier’ widget. The steps I followed are listed below.

1. Right-click on the Panel, select ‘Manage Widgets’ then click on the ‘+’ button and add the ‘Status Notifier’ widget. Click on the ‘Up’ or ‘Down’ arrow buttons to move the widget icon to where you want it to be on the Panel.

2. There should now be a network icon on the Panel for NetworkManager-applet. If you right-click on it the pop-up menu should enable you to enable/disable wired and wireless networking, select individual network connections, edit connections etc.

3. On the LXQt applications menu, select ‘Preferences’ > ‘LXQt Settings’ > ‘Session Settings’. Click on ‘Autostart’. Ensure ‘Network’ is ticked in the list under ‘Global Autostart’, as shown in the screenshot below.

NetworkManager-applet selected in the Autostart section of LXQt Session Settings.

The applet’s icon on the Panel is visible in the screenshot below.

NetworkManager-applet on the LXQt Panel.

If the NetworkManager-applet package has not been installed you can use Yast2 (GUI) or zypper (command line) to install it.

If you cannot get the above to work or you would like to try a Qt-based NetworkManager applet instead of the GTK+ based NetworkManager-applet (a.k.a. nm-applet), you can install the package nm-tray using Yast2 (GUI) or zypper (command line). In my case installing the package nm-tray resulted in two new entries in the LXQt ‘Application Autostart’ list of ‘LXQt Settings’ > ‘Session Settings’: ‘nm-tray’ in the ‘Global Autostart’ section, and ‘LXQt Network Applet’ in the ‘LXQt Autostart’ section. I had to untick ‘Network’ and ‘nm-tray’, and tick ‘LXQt Network Applet’, as shown in the screenshot below.

nm-tray applet selected in the Autostart section of LXQt Session Settings.

The applet’s icon on the Panel is visible in the screenshot below.

nm-tray applet on the LXQt Panel.

Either applet works fine in my installation, but you might decide to use nm-tray in LXQt rather than NetworkManager-applet, given that the former uses Qt whereas the latter uses GTK+. I notice that LXQt-based Lubuntu has switched from nm-applet to nm-tray, for example.

Prevent Lubuntu 22.04 (SDDM and LXQt) from leaving an external drive mounted incorrectly for other users

An external USB disk drive is connected permanently to my family’s PC that currently has Lubuntu 22.04 installed. There are several user accounts on this multi-user single-seat machine. If a user does not unmount the external drive before logging out, when another user logs in, the external drive is still mounted with the priviledges of the previous user. In the days when Lubuntu used LightDM and LXDE, I devised a scheme to unmount automatically the external drive when each user logged out (see an earlier post). However, that method is no longer possible now Lubuntu no longer uses LightDM. Therefore I devised a different scheme. This time, the external drive is unmounted automatically every time a user logs in, and udisks2 automatically mounts it for the current user. Below I explain the new scheme. In the example below the external USB drive happens to be an NTFS drive and have the label ‘FREECOM HDD’. The machine actually has several user accounts but, for the sake of brevity, the commands for only two users are shown. All the steps shown below are performed by the account holder with the ability to use the sudo command to get superuser priviledges.

1. Create a root script to unmount the external USB drive

$ sudo nano /usr/local/sbin/unmount_FREECOM_HDD.sh

The file contains the following lines:

#!/bin/bash
# Unmount the external USB HDD if mounted with another username in the path:
umount /media/*/FREECOM\ HDD 2>/dev/null

2. Make sure the script has the correct priviledges

$ sudo chmod 755 /usr/local/sbin/unmount_FREECOM_HDD.sh

3. Give each user permission to use the sudo command to run the abovementioned script

$ sudo visudo -f /etc/sudoers.d/unmount_FREECOM_HDD

Add a line for each user:

fitzcarraldo ALL=NOPASSWD: /usr/local/sbin/unmount_FREECOM_HDD.sh
molly ALL=NOPASSWD: /usr/local/sbin/unmount_FREECOM_HDD.sh

4. Create an autostart Desktop Configuration File for each user

$ sudo nano "/home/fitzcarraldo/.config/autostart/Unmount FREECOM HDD.desktop"
$ sudo nano "/home/molly/.config/autostart/Unmount FREECOM HDD.desktop"

Each user’s autostart file should contain the following:

[Desktop Entry]
Exec=sudo /usr/local/sbin/unmount_FREECOM_HDD.sh
Name=Unmount FREECOM HDD
OnlyShowIn=LXQt;
Type=Application
Version=1.0

Make sure the autostart files have the correct ownership and priviledges

$ sudo chown fitzcarraldo:fitzcarraldo "/home/fitzcarraldo/.config/autostart/Unmount FREECOM HDD.desktop"
$ sudo chmod 664 "/home/fitzcarraldo/.config/autostart/Unmount FREECOM HDD.desktop"
$ sudo chown molly:molly "/home/molly/.config/autostart/Unmount FREECOM HDD.desktop"
$ sudo chmod 664 "/home/molly/.config/autostart/Unmount FREECOM HDD.desktop"

(If each user logs in to their LXQt Desktop, clicks on the Application Menu icon and selects ‘Preferences’ > ‘LXQt Settings’ > ‘Session Settings’ and clicks on Autostart’, there should be the ticked entry ‘Unmount FREECOM HDD’ in the ‘LXQt Autostart’ section.)

5. Reboot and the scheme should take effect.