Language Selection

English French German Italian Portuguese Spanish

Kororaa - Close but no cigar...

Filed under

The Kororaa* project released beta 2 of their 2005 Gentoo binary distribution installer this past week and we thought we'd give it a test run. This is a wonderful project and I think it has its niche. I love the idea of getting a gentoo install in a matter of minutes instead of days and in a manner more familiar or comfortable to folks. Kororaa is here fill the desire to install gentoo quickly and then later rebuild packages to your machine. In other words, the best of both worlds.

Also before I forget I should mention that the developers also offer a sister product called "Gororaa" that features a gnome desktop as opposed to KDE. They also offer versions for the 64-bit architecture as well.

The site states, "Other new features include lightweight window manager options, international keyboard language support, package selection, updated setup menus, as well as various new tools and configuration scripts and a prettier installer with progress bars Smile KDE 3.4.3, Gnome 2.12, OpenOffice 2.0 and other carefully selected apps for everyday use are among the goodies that are included."

For those who are going to try this distro, I found these "handy tools" listed in the documentation:

systemconfig (the main configuration menu you see when you first boot)
genuser --simple (this command adds a user to your system)
genpass (generates a decent Linux password ? good!)
gensetpass (reset a user's password)
chooseres (set your preferred resolutions in X)
choosekeymap (set your keyboard language)

Also while I'm stalling waiting for my cdrs to burn, I found this nice page that lists many of the packages included in the packages iso. HERE a changelog of sorts as well.


The installer boots up a nice "sorta" graphical environment, what I like to call ascii-graphical. Smile It walks you through the install process with relative ease.

It begins at a prompt with the text message giving you instructions to type one of several options. I recall seeing:
*Don't forget to play a little moon-buggy if you get bored! Wink

I chose kororaa and it began. First choose a keyboard map, Configure drives, and begin install. In configure drives, one can repartition, set mount points, and format. Begin install extracts the now default gentoo stage 3 tarball. Then one is asked to change to the "packages-cd."

At the next screen one can:

  1. Set date

  2. Set timezone
  3. Hostname & domainname
  4. Package selection
  5. Install packages
  6. Configure boot services
  7. Configure boot loader
  8. Setup Users
  9. Finished!

The package selection might be somewhat sparse in some folks' options, but not too bad in mine. It lists many useful applications under all the major categories. It seems to install and finish up.

Then it's time to do some configuration. Under the configure boot services, one checks the services they will need to start upon boot. Grub is the only choice for the bootloader. Finally one is prompted to set the root password and set up a user(s).

One is given two choices when setting up their user accounts. One option is simple, that allows one to input username and password. The other option is complex, where one can set up all the options, including the uid, groups, home and shell.

When one clicks Finish!, I assume it'd be time to setup X. Instead I got the error: can't find mkxfsetup.


Upon reboot, one is presented with a configuration dialog that again has some options that don't work (or didn't for me). The layout is similar to the following:

  1. Setup Sound

  2. Setup Sensors
  3. Resolution setup
  4. Network
  5. Portage Mirror
  6. Sync Portage Tree
  7. Update Locate database
  8. Prelink System
  9. Finished!

The setup sound and sensors didn't work here complaining it couldn't find the config files. Resolution worked as did network, portage mirror & sync, and Update Locate database. Prelinking said it worked, but I'm sure it didn't.

It turns out the problems I was experiencing were the result of the package installation step bombing out at an early point. I did several burns and new installations in an attempt to get the system to install as the developers intended, however in each instance the package installation just stops at about 18 of 269. This leaves one with a very crippled desktop. In fact, no desktop and very little applications were installed at all.

At this point one does have a basic base system with users and root privileges. Portage is functional and a make.conf is in place. The graphical setups that do work can help the newcomer get that base system installed much easier than downloading the stage-3 tarball and starting there.

So, although your system is not what it was advertised to be, one could finish their installation after boot through portage. emerge mkxfsetup gets one the utility to set up X, and emerge kde-meta would probably grind away for hours eventually leading to a kde desktop. However, that's not the promise or purpose of kororaa.

Kororaa was said to be a binary distribution with a kde desktop from which one could re-build their customized source based system. One can accomplish a complete system, just not at leisure from the luxury of kde.

This is a beta product at this time and the installer shows great promise. Perhaps my experience is isolated, but it appears at this time we need to let Kororaa simmer a bit more before it's done.

So, close but no cigar folks.

UPDATE: Please see my updated article concerning Kororaa Linux.

Try default install?

Hey cool Smile I just saw this review on distrowatch and thought I'd check it out.

I'm sorry it didn't work out for you - something has gone wrong in the package install, which is strange. I would really love to see the output of /var/log/emerge.log to see what failed. Maybe there is a bug in the package selection that I hadn't found.

Kororaa should definately give you a full KDE install. Obviously with the install failing at package 19 you have 250 packages that never got to be installed, hence it is rather lacking.

I would really love to see how the install goes without changing the default packages. Keen to give that a try? Wink


re: Try default install?

I de-selected the wifi drivers, ipw2200, synaptics, wpa supplicant, and kwifimanager.

Yeah, I can try the default install tomorrow. I can email you the emerge.log from the unsuccessful install tonight.

You talk the talk, but do you waddle the waddle?

re: Try default install?

Sorry. It still won't go here. I had to re-download the files, so I started with fresh download, fresh burns and formatted the partition using reiserfs (3). I didn't change any default package settings, in fact I didn't even open the subcatagories.

It made it to 103 of 337. Sad I'm sorry. Perhaps it's something up with my machine.

You talk the talk, but do you waddle the waddle?

Something's not right..

Something is definately not right there Thinking perhaps it's a flakey CD drive, I'm not sure. Some tests might be in order Wink One thought though, one cannot run other emerge commands from the system while the packages are installing. The percentage bar uses the emerge.log, and if you run other emerge commands (even queries) it will add these to the emerge.log and hence interfere with the bar. The packages will still be installing, but most likely it will say "finished installing packages" because it looks for the "Finished" from the log. But as discussed on email, the system should install just fine and you should get a pretty KDM login screen waiting for you after your initial boot Smile

re: Something's not right...

>One cannot run other emerge commands from the system while the packages are installing. The percentage bar uses the emerge.log, and if you run other emerge commands (even queries) it will add these to the emerge.log.

I didn't touch anything. In fact, I walked away and watched tv until I heard the "drums" stop. Smile

Yeah, I'm sure it would do fine on other's machines. I wish my other test machine wasn't down. Sad Although the first failure was using my dvd rom and the rest were using my cdrw. So I know that don't rule out the drives completely, but it does make it less likely it's that. And I used different media brands each burn too.

Anyway, wonderful project! And good work, the installer looks great.
You talk the talk, but do you waddle the waddle?

re: install requirements?

When I test a new distribution I usually, and in this case, only define a /. I don't even tell them about my /boot partition. That's mainly to protect my data, but it also simplifies things. I don't even use separate /opt or /usr whatever on my main system.

As far as installing some script to take screenshots - hey point me to that huh? Big Grin Seriously, if I get any, it's been thru an emulator either before or after the actual review from my main system. I've looked and asked around, but never did get a good answer on how to get screenshots like some do of the actual install and such. I knew there had to be a way, I just hadn't found it yet.

You talk the talk, but do you waddle the waddle?

no requirements :) apart from a computer!

hey atang1, there are no restrictions on hard drive setup or anything under Kororaa (that I'm aware of). The installer just detects what you have and presents it for you to do what you will Smile
I used vmware to take all the screenshots from beta2 at the screenshots section of the website Smile

Re: Two questions for the distro architect ?

Hey atang1, I'm not sure how you mean to get the distro to fall back to compatible drivers. The X detection script (based on knoppix) will detect vesa if it doesn't know the chipset of the video card. As for modems and parallel ports etc, Kororaa has support forn whatever the 2.6.13 kernel supports, and for sound the alsaconf script should also detect them. I guess what you are suggesting is that is no sound is detected, then it should default to sbpro, but if the card is sbpro compatible is should already be set up. Perhaps I'm missing the mark here, if so, please enlighten me Wink In short it should work on any computer (provided it has full sse instruction set support) Smile Cheers

This is rather interesting an

This is rather interesting and something I don't have much clue about! Thinking It is probably something the Gentoo devs can look into. Kororaa itself is really a customised Gentoo install with our own installer, configuration scripts and pre-built packages, etc. This stuff is a little over my head! Do you have more info on this subject? Cheers.

Re: We need you and other distro developers ?

atang1 wrote:

As you can tell is the place for distro developers to gether and discuss the future of Linux operating system. You are welcome to do your own review here of your own distro.

I'm gonna have to put you on the payroll atang! Big Grin well, ...if I had a payroll...

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Leftovers: BSD

Security Leftovers

  • Stop using SHA1 encryption: It’s now completely unsafe, Google proves
    Security researchers have achieved the first real-world collision attack against the SHA-1 hash function, producing two different PDF files with the same SHA-1 signature. This shows that the algorithm's use for security-sensitive functions should be discontinued as soon as possible. SHA-1 (Secure Hash Algorithm 1) dates back to 1995 and has been known to be vulnerable to theoretical attacks since 2005. The U.S. National Institute of Standards and Technology has banned the use of SHA-1 by U.S. federal agencies since 2010, and digital certificate authorities have not been allowed to issue SHA-1-signed certificates since Jan. 1, 2016, although some exemptions have been made. However, despite these efforts to phase out the use of SHA-1 in some areas, the algorithm is still fairly widely used to validate credit card transactions, electronic documents, email PGP/GPG signatures, open-source software repositories, backups and software updates.
  • on pgp
    First and foremost I have to pay respect to PGP, it was an important weapon in the first cryptowar. It has helped many whistleblowers and dissidents. It is software with quite interesting history, if all the cryptograms could tell... PGP is also deeply misunderstood, it is a highly successful political tool. It was essential in getting crypto out to the people. In my view PGP is not dead, it's just old and misunderstood and needs to be retired in honor. However the world has changed from the internet happy times of the '90s, from a passive adversary to many active ones - with cheap commercially available malware as turn-key-solutions, intrusive apps, malware, NSLs, gag orders, etc.
  • Cloudflare’s Cloudbleed is the worst privacy leak in recent Internet history
    Cloudflare revealed today that, for months, all of its protected websites were potentially leaking private information across the Internet. Specifically, Cloudflare’s reverse proxies were dumping uninitialized memory; that is to say, bleeding private data. The issue, termed Cloudbleed by some (but not its discoverer Tavis Ormandy of Google Project Zero), is the greatest privacy leak of 2017 and the year has just started. For months, since 2016-09-22 by their own admission, CloudFlare has been leaking private information through Cloudbleed. Basically, random data from random sites (again, it’s worth mentioning that every site that used CloudFlare in the last half year should be considered to having fallen victim to this) would be randomly distributed across the open Internet, and then indefinitely cached along the way.
  • Serious Cloudflare bug exposed a potpourri of secret customer data
    Cloudflare, a service that helps optimize the security and performance of more than 5.5 million websites, warned customers today that a recently fixed software bug exposed a range of sensitive information that could have included passwords and cookies and tokens used to authenticate users. A combination of factors made the bug particularly severe. First, the leakage may have been active since September 22, nearly five months before it was discovered, although the greatest period of impact was from February 13 and February 18. Second, some of the highly sensitive data that was leaked was cached by Google and other search engines. The result was that for the entire time the bug was active, hackers had the ability to access the data in real-time by making Web requests to affected websites and to access some of the leaked data later by crafting queries on search engines. "The bug was serious because the leaked memory could contain private information and because it had been cached by search engines," Cloudflare CTO John Graham-Cumming wrote in a blog post published Thursday. "We are disclosing this problem now as we are satisfied that search engine caches have now been cleared of sensitive information. We have also not discovered any evidence of malicious exploits of the bug or other reports of its existence."

Security Leftovers

  • Change all the passwords (again)
    Looks like it is time to change all the passwords again. There’s a tiny little flaw in a CDN used … everywhere, it seems.
  • Today's leading causes of DDoS attacks [Ed: The so-called 'Internet of things' (crappy devices with identical passwords) is a mess; programmers to blame, not Linux]
    Of the most recent mega 100Gbps attacks in the last quarter, most of them were directly attributed to the Mirai botnet. The Mirai botnet works by exploiting the weak security on many Internet of Things (IoT) devices. The program finds its victims by constantly scanning the internet for IoT devices, which use factory default or hard-coded usernames and passwords.
  • How to Set Up An SSL Certificate on Your Website [via "Steps To Secure Your Website With An SSL Certificate"]
  • SHA-1 is dead, long live SHA-1!
    Unless you’ve been living under a rock, you heard that some researchers managed to create a SHA-1 collision. The short story as to why this matters is the whole purpose of a hashing algorithm is to make it impossible to generate collisions on purpose. Unfortunately though impossible things are usually also impossible so in reality we just make sure it’s really really hard to generate a collision. Thanks to Moore’s Law, hard things don’t stay hard forever. This is why MD5 had to go live on a farm out in the country, and we’re not allowed to see it anymore … because it’s having too much fun. SHA-1 will get to join it soon.
  • SHA1 collision via ASCII art
    Happy SHA1 collision day everybody! If you extract the differences between the good.pdf and bad.pdf attached to the paper, you'll find it all comes down to a small ~128 byte chunk of random-looking binary data that varies between the files.
  • PayThink Knowledge is power in fighting new Android attack bot
    Android users and apps have become a major part of payments and financial services, carrying an increased risk for web crime. It is estimated that there are 107.7 million Android Smartphone users in the U.S. who have downloaded more than 65 million apps from the Google App Store, and each one of them represents a smorgasbord of opportunity for hackers to steal user credentials and other information.
  • Red Hat: 'use after free' vulnerability found in Linux kernel's DCCP protocol IPV6 implementation
    Red Hat Product Security has published details of an "important" security vulnerability in the Linux kernel. The IPv6 implementation of the DCCP protocol means that it is possible for a local, unprivileged user to alter kernel memory and escalate their privileges. Known as the "use-after-free" flaw, CVE-2017-6074 affects a number of Red Hat products including Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7 and Red Hat Openshift Online v2. Mitigating factors include the requirement for a potential attacker to have access to a local account on a machine, and for IPV6 to be enabled, but it is still something that will be of concern to Linux users. Describing the vulnerability, Red Hat says: "This flaw allows an attacker with an account on the local system to potentially elevate privileges. This class of flaw is commonly referred to as UAF (Use After Free.) Flaws of this nature are generally exploited by exercising a code path that accesses memory via a pointer that no longer references an in use allocation due to an earlier free() operation. In this specific issue, the flaw exists in the DCCP networking code and can be reached by a malicious actor with sufficient access to initiate a DCCP network connection on any local interface. Successful exploitation may result in crashing of the host kernel, potential execution of code in the context of the host kernel or other escalation of privilege by modifying kernel memory structures."

Android Leftovers