1 |
Hi everyone, |
2 |
|
3 |
I pushed out my news item and it landed in /usr/portage/metadata on my |
4 |
hardened servers, but its not showing up with eselect news. Does anyone |
5 |
know why? I don't know how to debug this. I pushed it to |
6 |
git.gentoo.org/data/gentoo-news.git in a directory called |
7 |
2015-10-21-future-support-of-hardened-sources-kernel. I have two files |
8 |
in there: |
9 |
|
10 |
2015-10-21-future-support-of-hardened-sources-kernel.en.txt |
11 |
2015-10-21-future-support-of-hardened-sources-kernel.en.txt.asc |
12 |
|
13 |
Here' it is again just so you don't have to go digging: |
14 |
|
15 |
Title: Future Support of hardened-sources Kernel |
16 |
Content-Type: text/plain |
17 |
Posted: 2015-10-21 |
18 |
Revision: 1 |
19 |
News-Item-Format: 1.0 |
20 |
Display-If-Installed: sys-kernel/hardened-sources |
21 |
Display-If-Keyword: hardened |
22 |
Display-If-Keyword: pax_kernel |
23 |
Display-If-Profile: hardened/linux/amd64 |
24 |
Display-If-Profile: hardened/linux/amd64/no-multilib |
25 |
Display-If-Profile: hardened/linux/amd64/no-multilib/selinux |
26 |
Display-If-Profile: hardened/linux/amd64/selinux |
27 |
Display-If-Profile: hardened/linux/amd64/x32 |
28 |
Display-If-Profile: hardened/linux/arm/armv6j |
29 |
Display-If-Profile: hardened/linux/arm/armv7a |
30 |
Display-If-Profile: hardened/linux/ia64 |
31 |
Display-If-Profile: hardened/linux/musl/amd64 |
32 |
Display-If-Profile: hardened/linux/musl/amd64/x32 |
33 |
Display-If-Profile: hardened/linux/musl/arm/armv7a |
34 |
Display-If-Profile: hardened/linux/musl/mips |
35 |
Display-If-Profile: hardened/linux/musl/mips/mipsel |
36 |
Display-If-Profile: hardened/linux/musl/ppc |
37 |
Display-If-Profile: hardened/linux/musl/x86 |
38 |
Display-If-Profile: hardened/linux/powerpc/ppc32 |
39 |
Display-If-Profile: hardened/linux/powerpc/ppc64/32bit-userland |
40 |
Display-If-Profile: hardened/linux/powerpc/ppc64/64bit-userland |
41 |
Display-If-Profile: hardened/linux/uclibc/amd64 |
42 |
Display-If-Profile: hardened/linux/uclibc/arm/armv7a |
43 |
Display-If-Profile: hardened/linux/uclibc/mips |
44 |
Display-If-Profile: hardened/linux/uclibc/mips/mipsel |
45 |
Display-If-Profile: hardened/linux/uclibc/ppc |
46 |
Display-If-Profile: hardened/linux/uclibc/x86 |
47 |
Display-If-Profile: hardened/linux/x86 |
48 |
Display-If-Profile: hardened/linux/x86/selinux |
49 |
|
50 |
For many years, the Grsecurity team [1] has been supporting two versions of |
51 |
their security patches against the Linux kernel, a stable and a testing |
52 |
version, and Gentoo has made both of these available to our users |
53 |
through the |
54 |
hardened-sources package. However, on August 26 of this year, the team |
55 |
announced they would no longer be making the stable version publicly |
56 |
available, citing trademark infringement by a major embedded systems company |
57 |
as the reason. [2] The stable patches are now only available to sponsors of |
58 |
Grsecurity and can no longer be distributed in Gentoo. However, the |
59 |
team did |
60 |
assure us that they would continue to release and support the testing |
61 |
version |
62 |
as they have in the past. |
63 |
|
64 |
What does this means for users of hardened-sources? Gentoo will continue to |
65 |
make the testing version available through our hardened-sources package |
66 |
but we |
67 |
will have to drop support for the 3.x series. In a few days, those ebuilds |
68 |
will be removed from the tree and you will be required to upgrade to a 4.x |
69 |
series kernel. Since the hardened-sources package only installs the kernel |
70 |
source tree, you can continue using a currently built 3.x series kernel but |
71 |
bear in mind that we cannot support you, nor will upstream. Also keep |
72 |
in mind |
73 |
that the 4.x series will not be as reliable as the 3.x series was, so |
74 |
reporting bugs promptly will be even more important. Gentoo will |
75 |
continue to |
76 |
work closely with upstream to stay on top of any problems, but be |
77 |
prepared for |
78 |
the occasional "bad" kernel. The more reporting we receive from our users, |
79 |
the better we will be able to decide which hardened-sources kernels to mark |
80 |
stable and which to drop. |
81 |
|
82 |
Refs. |
83 |
[1] https://grsecurity.net |
84 |
[2] https://grsecurity.net/announce.php |
85 |
|
86 |
|
87 |
-- |
88 |
Anthony G. Basile, Ph.D. |
89 |
Gentoo Linux Developer [Hardened] |
90 |
E-Mail : blueness@g.o |
91 |
GnuPG FP : 1FED FAD9 D82C 52A5 3BAB DC79 9384 FA6E F52D 4BBA |
92 |
GnuPG ID : F52D4BBA |