btcinfo  

Hic inserere motto

Spring projects I: Gentoo distfiles mirror.

February 03, 2021 — shinohai

One of the more useful items I had not gotten around to mirroring is asciilifeform's historic Gentoo distfiles which is, as far as I can tell, possibly one of the only places on the internet to get these. These will now live here: http://btc.info.gf/devel/gentoo/distfiles/.

The Gentoo section of this www has suffered from a bit of neglect over the past year, and this is something I hope to remedy by this Summer. Possible upgrades will include a collection of guides for various boards, mirrors of historic .iso's (which also are getting harder to locate) and addition of various musl patches I have scattered about from past experiments.

Tags: News, Gentoo, Linux

Essential kit items: Building SBCL on Gentoo with musl

November 08, 2019 — shinohai

Steel Bank Common Lisp is another must-have tool in my kit, since I use it to run my hybrid irc/Telegram bot and many other daily use items. In my previous post I documented how I managed to get gcc-4.9.4 massaged into shape, so this post will serve as a reference on how to do the same for SBCL so in the future I don't have to spend the day researching fixes and locating obscure patchsets.

When building many things using musl, one will often run into "undefined reference to `memcpy@GLIBC_*'" type errors, since glibc uses versioned symbols and musl does not. SBCL is no different, but fortunately a little digging turned up a working patchset on the SBCL mailing list which works beautifully, so I didn't have to spend the better part of a day cobbling one together as I did for gcc. I have preserved a copy of the patchset here and will definitely do my best to maintain these into the future should any major changes occur.

Much like Ada, SBCL requires itself or another ANSI common lisp to build. I decided to use CLISP (version 2.49.92) to perform this task, as it can be quickly built from sources using gcc only (and I didn't want to use a pre-built sbcl binary of unknown provenance). After getting clisp in place, building SBCL is mostly painless using the following steps:

I downloaded the 1.5.7 sources from my site and verified the checksums:

curl -O http://btc.info.gf/devel/gentoo/distfiles/dev-lisp/sbcl/1.5.7/sbcl-1.5.7-source.tar.bz2
curl -O http://btc.info.gf/devel/gentoo/distfiles/dev-lisp/sbcl/1.5.7/Manifest.sha512

Unpack the sources and enter the directory:

tar xjf sbcl-1.5.7-source.tar.bz2 && cd sbcl-1.5.7

Get the musl patchset and apply them:

wget -q -r -nd -N --no-parent -R "index.html*" http://btc.info.gf/devel/gentoo/distfiles/dev-lisp/sbcl/patches/
for i in *.patch; do patch -p1 < $i; done

Build using CLISP and install:

./make.sh "clisp" --fancy
./install.sh

The above recipe has so far worked quite nicely, having been tested by running the above mentioned irc bot and a few other essential lisp programs. I will update this post if/when any bugs are found or if any changes are made.

Tags: News, Linux, Lisp

Building gcc 4.9.4 with musl on Gentoo

November 05, 2019 — shinohai

Lately I have been experimenting a lot more with musl as a replacement for the continually shitty glibc. While musl was a standard part of cuntoo, it appears that particular project is mostly abandoned by it's author and I want to be more responsible for my own toolkit anyway. So starting with the most recent vanilla musl gentoo stage3, I decided getting my preferred compiler working would be first order of business. I tried the portage route with a simple `emerge -av =sys-devel/gcc-4.9.4-r1` which sang along happily for a while until hitting "configure: error: cannot run C compiled programs." and a few other errors.

After spending some time researching the errors and trying various fixes, I managed to produce a patch that will allow me to manually perform the ebuild steps and get a working gcc for musl. I used the following steps:

Download the sources:

ebuild /var/db/repos/gentoo/sys-devel/gcc/gcc-4.9.4-r1.ebuild fetch

Configure:

ebuild /var/db/repos/gentoo/sys-devel/gcc/gcc-4.9.4-r1.ebuild configure

Go to the source work directory (located at /var/tmp/portage/sys-devel/gcc-4.9.4-r1/work/gcc-4.9.4) and download this patch (sig) and verify, then patch:

patch -p1 < gcc-4.9.4-musl.patch

After patching, complete the manual ebuild steps:

ebuild /var/db/repos/gentoo/sys-devel/gcc/gcc-4.9.4-r1.ebuild compile

ebuild /var/db/repos/gentoo/sys-devel/gcc/gcc-4.9.4-r1.ebuild install

ebuild /var/db/repos/gentoo/sys-devel/gcc/gcc-4.9.4-r1.ebuild merge

Enjoy your shiny new compiler.

(chroot) shinohai ~ # gcc-config -l
 [1] x86_64-gentoo-linux-musl-4.9.4 *
 [2] x86_64-gentoo-linux-musl-8.3.0

Next order of business will be trying a fellow named ave1's Ada build for musl and making a POST1 on the results, in addition to publishing the steps I used to get SBCL working in this environment as well.

Read more...

Zerodium offering increased rewards for UNIX 0day exploits

June 29, 2018 — shinohai

Zerodium, a company that brokers exploits to governments and "law enforcement" is now offering rewards of up to one half million USD for zero days in UNIX operating systems. The company's website states that payments can be processed in Bitcoin and other "cryptocurrencies".

ZERODIUM evaluates and verifies all submitted research within one week or less. Payments are made in one or multiple installments by wire transfer or using crypto-currencies e.g. Bitcoin.

Zerodium only accepts submissions encrypted with their GPG KEY and claims to take one's privacy "very seriously", though they require a researchers personal information that they promise not to share with anyone, ever.

Tags: News, Bitcoin, Insecurity, Linux

Defeating adblock detectors: popularmechanics.com

June 23, 2018 — shinohai

While viewing websites in a graphical web browser, occasionally I find a site that hates when one uses adblock plus and prevents viewing unless it is turned off or the user pays for an "ad-free" pass. popularmechanics.com is one such website, and the nag screen remained despite the fact I was also running NoScript. What do?

As it turns out, the solution was baby simple. PopularMechanics uses a 3rd-party site to detect users running adblock, so all I had to do was add the following to /etc/hosts:

127.0.0.1 hearstapps.com

I was then able to smugly continue my research without sharing the page with hundreds of crappy ads, or being forced to pay for a pass on a website that I visit at most twice a year.

Feliz Sabado, mis amigos.

Tags: Linux, Webshit