1 |
This is the first draft of a news item describing a packaging change for |
2 |
OpenAFS so that we no longer require the DEBUG_RODATA be turned off. |
3 |
Given the security implications of the previous setting of having |
4 |
CONFIG_DEBUG_RODATA=n, we thought it prudent to ensure that OpenAFS |
5 |
users get notice of the change in a manner that they are not likely to |
6 |
miss (unlike a message in a phase that can be missed/hidden/squelched). |
7 |
|
8 |
|
9 |
Title: OpenAFS no longer needs kernel option DEBUG_RODATA |
10 |
Author: NP-Hardass <NP-Hardass@g.o> |
11 |
Author: Andrew Savchenko <bircoph@g.o> |
12 |
Content-Type: text/plain |
13 |
Posted: 2016-07-23 |
14 |
Revision: 1 |
15 |
News-Item-Format: 1.0 |
16 |
Display-If-Installed: <=net-fs/openafs-kernel-1.6.18.2 |
17 |
Display-If-Keyword: amd64 |
18 |
Display-If-Keyword: ~amd64-linux |
19 |
Display-If-Keyword: ~sparc |
20 |
Display-If-Keyword: x86 |
21 |
Display-If-Keyword: ~x86-linux |
22 |
|
23 |
As a result of bug #127084 [1], it was determined that OpenAFS's kernel |
24 |
module required that the kernel's data structures be read-write |
25 |
(CONFIG_DEBUG_RODATA=n). Upon reviewing the latest version of OpenAFS |
26 |
with Linux kernels 3.4-4.4, it has been determined that this condition |
27 |
is no longer necessary to ensure that OpenAFS builds and loads into the |
28 |
kernel. |
29 |
|
30 |
Starting with net-fs/openafs-kernel-1.6.18.2, this condition is no longer |
31 |
forced in the ebuild. Considering the security implications of having |
32 |
CONFIG_DEBUG_RODATA turned off, it is highly advised that you adjust your |
33 |
kernel config accordingly. Please note that the default setting for |
34 |
CONFIG_DEBUG_RODATA is "y" and unless you have another reason for keeping |
35 |
it disabled, we highly recommend that you re-enable CONFIG_DEBUG_RODATA. |
36 |
|
37 |
[1] https://bugs.gentoo.org/show_bug.cgi?id=127084 |
38 |
|
39 |
|
40 |
-- |
41 |
NP-Hardass |