1 |
udev and udev-trigger will be added to your sysinit runlevel, but not |
2 |
udev-settle. udev-settle should not be added to a runlevel. Instead, if |
3 |
a service needs this, it should add "need udev-settle" to its |
4 |
dependencies. |
5 |
|
6 |
|
7 |
2015-07-25-python-targets |
8 |
Title Python 3.4 enabled by default |
9 |
Author Mike Gilbert <floppym@g.o> |
10 |
Posted 2015-07-25 |
11 |
Revision 1 |
12 |
|
13 |
Python 3.4 is now enabled by default, replacing Python 3.3 as the |
14 |
default Python 3 interpreter. |
15 |
|
16 |
PYTHON_TARGETS will be adjusted to contain python2_7 and python3_4 by |
17 |
default via your profile. |
18 |
|
19 |
PYTHON_SINGLE_TARGET will remain set to python2_7 by default. |
20 |
|
21 |
If you have PYTHON_TARGETS set in make.conf, that setting will still be |
22 |
respected. You may want to adjust this setting manually. |
23 |
|
24 |
Once the changes have taken place, a world update should take care of |
25 |
reinstalling any python libraries you have installed. You should also |
26 |
switch your default python3 interpreter using eselect python. |
27 |
|
28 |
For example: |
29 |
|
30 |
eselect python set --python3 python3.4 |
31 |
emerge -uDv --changed-use @world |
32 |
|
33 |
2015-08-13-openssh-weak-keys |
34 |
Title OpenSSH 7.0 disables ssh-dss keys by default |
35 |
Author Mike Frysinger <vapier@g.o> |
36 |
Posted 2015-08-13 |
37 |
Revision 1 |
38 |
|
39 |
Starting with the 7.0 release of OpenSSH, support for ssh-dss keys has |
40 |
been disabled by default at runtime due to their inherit weakness. If |
41 |
you rely on these key types, you will have to take corrective action or |
42 |
risk being locked out. |
43 |
|
44 |
Your best option is to generate new keys using strong algos such as rsa |
45 |
or ecdsa or ed25519. RSA keys will give you the greatest portability |
46 |
with other clients/servers while ed25519 will get you the best security |
47 |
with OpenSSH (but requires recent versions of client & server). |
48 |
|
49 |
If you are stuck with DSA keys, you can re-enable support locally by |
50 |
updating your sshd_config and ~/.ssh/config files with lines like so: |
51 |
PubkeyAcceptedKeyTypes=+ssh-dss |
52 |
|
53 |
Be aware though that eventually OpenSSH will drop support for DSA keys |
54 |
entirely, so this is only a stop gap solution. |
55 |
|
56 |
More details can be found on OpenSSH's website: |
57 |
http://www.openssh.com/legacy.html |
58 |
|
59 |
2015-10-21-future-support-of-hardened-sources-kernel |
60 |
Title Future Support of hardened-sources Kernel |
61 |
Author Anthony G. Basile <blueness@g.o> |
62 |
Posted 2015-10-21 |
63 |
Revision 3 |
64 |
|
65 |
For many years, the Grsecurity team [1] has been supporting two versions of |
66 |
their security patches against the Linux kernel, a stable and a testing |
67 |
version, and Gentoo has made both of these available to our users through the |
68 |
hardened-sources package. However, on August 26 of this year, the team |
69 |
announced they would no longer be making the stable version publicly |
70 |
available, citing trademark infringement by a major embedded systems company |
71 |
as the reason. [2] The stable patches are now only available to sponsors of |
72 |
Grsecurity and can no longer be distributed in Gentoo. However, the team did |
73 |
assure us that they would continue to release and support the testing version |
74 |
as they have in the past. |
75 |
|
76 |
What does this means for users of hardened-sources? Gentoo will continue to |
77 |
make the testing version available through our hardened-sources package but we |
78 |
will have to drop support for the 3.x series. In a few days, those ebuilds |
79 |
will be removed from the tree and you will be required to upgrade to a 4.x |
80 |
series kernel. Since the hardened-sources package only installs the kernel |
81 |
source tree, you can continue using a currently built 3.x series kernel but |
82 |
bear in mind that we cannot support you, nor will upstream. Also keep in mind |
83 |
that the 4.x series will not be as reliable as the 3.x series was, so |
84 |
reporting bugs promptly will be even more important. Gentoo will continue to |
85 |
work closely with upstream to stay on top of any problems, but be prepared for |
86 |
the occasional "bad" kernel. The more reporting we receive from our users, |
87 |
the better we will be able to decide which hardened-sources kernels to mark |
88 |
stable and which to drop. |
89 |
|
90 |
Refs. |
91 |
[1] https://grsecurity.net |
92 |
[2] https://grsecurity.net/announce.php |
93 |
|
94 |
2016-01-08-some-dhcpcd-hooks-are-now-examples |
95 |
Title Some dhcpcd hooks are now examples |
96 |
Author William Hubbs <williamh@g.o> |
97 |
Posted 2016-01-08 |
98 |
Revision 2 |
99 |
|
100 |
In dhcpcd-6.10.0, the following hooks are no longer installed in |
101 |
/lib/dhcpcd/dhcpcd-hooks by default: |
102 |
|
103 |
10-wpa_supplicant |
104 |
15-timezone |
105 |
29-lookup-hostname |
106 |
|
107 |
These are now installed in /usr/share/dhcpcd/hooks, which is an example |
108 |
directory. |
109 |
|
110 |
If you were using these hooks before you upgrade to 6.10.0, you will |
111 |
need to copy them back to the /lib/dhcpcd/dhcpcd-hooks directory after the |
112 |
upgrade. |
113 |
|
114 |
>>> Building file list for distfiles cleaning... |
115 |
>>> Cleaning distfiles... |
116 |
[ 1.0 M ] LVM2.2.02.88.tgz |
117 |
[ 119.7 K ] MAKEDEV-3.23-1.tar.gz |
118 |
[ 2.1 M ] busybox-1.20.2.tar.bz2 |
119 |
[ 994.6 K ] cpio-2.11.tar.bz2 |
120 |
[ 227.3 K ] dmraid-1.0.0.rc16-3.tar.bz2 |
121 |
[ 493.5 K ] fuse-2.8.6.tar.gz |
122 |
[ 276.3 K ] genkernel-3.4.52.3.tar.xz |
123 |
[ 3.2 M ] gnupg-1.4.11.tar.bz2 |
124 |
[ 285.8 K ] mdadm-3.1.5.tar.bz2 |
125 |
[ 1.8 M ] nano-2.4.3.tar.gz |
126 |
[ 879.0 K ] open-iscsi-2.0-872.tar.gz |
127 |
[ 29.7 K ] unionfs-fuse-0.24.tar.bz2 |
128 |
=========== |
129 |
[ 11.3 M ] Total space from 12 files were freed in the distfiles directory |
130 |
passwd: password expiry information changed. |
131 |
passwd: password expiry information changed. |
132 |
removing /release/buildroot/amd64-dev/tmp/hardened/stage4-amd64-hardened+cloud-nomultilib-20160114//tmp/cloud-prep.sh from the chroot |
133 |
removing /release/buildroot/amd64-dev/tmp/hardened/stage4-amd64-hardened+cloud-nomultilib-20160114//tmp/chroot-functions.sh from the chroot |
134 |
--- Running action sequence: preclean |
135 |
Copying stage4-preclean-chroot.sh to //tmp |
136 |
copying stage4-preclean-chroot.sh to /release/buildroot/amd64-dev/tmp/hardened/stage4-amd64-hardened+cloud-nomultilib-20160114///tmp |
137 |
copying chroot-functions.sh to /release/buildroot/amd64-dev/tmp/hardened/stage4-amd64-hardened+cloud-nomultilib-20160114///tmp |
138 |
Ensure the file has the executable bit set |
139 |
Running stage4-preclean-chroot.sh in chroot /release/buildroot/amd64-dev/tmp/hardened/stage4-amd64-hardened+cloud-nomultilib-20160114// |
140 |
>>> Regenerating /etc/ld.so.cache... |
141 |
removing /release/buildroot/amd64-dev/tmp/hardened/stage4-amd64-hardened+cloud-nomultilib-20160114///tmp/stage4-preclean-chroot.sh from the chroot |
142 |
removing /release/buildroot/amd64-dev/tmp/hardened/stage4-amd64-hardened+cloud-nomultilib-20160114///tmp/chroot-functions.sh from the chroot |
143 |
--- Running action sequence: rcupdate |
144 |
Copying rc-update.sh to /tmp |
145 |
copying rc-update.sh to /release/buildroot/amd64-dev/tmp/hardened/stage4-amd64-hardened+cloud-nomultilib-20160114//tmp |
146 |
copying chroot-functions.sh to /release/buildroot/amd64-dev/tmp/hardened/stage4-amd64-hardened+cloud-nomultilib-20160114//tmp |
147 |
Ensure the file has the executable bit set |
148 |
Running rc-update.sh in chroot /release/buildroot/amd64-dev/tmp/hardened/stage4-amd64-hardened+cloud-nomultilib-20160114/ |
149 |
Adding acpid to default |
150 |
* service acpid added to runlevel default |
151 |
Adding cloud-config to default |
152 |
* service cloud-config added to runlevel default |
153 |
Adding cloud-final to default |
154 |
* service cloud-final added to runlevel default |
155 |
Adding cloud-init-local to default |
156 |
* service cloud-init-local added to runlevel default |
157 |
Adding cloud-init to default |
158 |
* service cloud-init added to runlevel default |
159 |
Adding cronie to default |
160 |
* service cronie added to runlevel default |
161 |
Adding dhcpcd to default |
162 |
* service dhcpcd added to runlevel default |
163 |
Adding net.lo to default |
164 |
* service net.lo added to runlevel default |
165 |
Adding netmount to default |
166 |
* rc-update: netmount already installed in runlevel `default'; skipping |
167 |
Adding sshd to default |
168 |
* service sshd added to runlevel default |
169 |
Adding syslog-ng to default |
170 |
* service syslog-ng added to runlevel default |
171 |
removing /release/buildroot/amd64-dev/tmp/hardened/stage4-amd64-hardened+cloud-nomultilib-20160114//tmp/rc-update.sh from the chroot |
172 |
removing /release/buildroot/amd64-dev/tmp/hardened/stage4-amd64-hardened+cloud-nomultilib-20160114//tmp/chroot-functions.sh from the chroot |
173 |
--- Running action sequence: unmerge |
174 |
Copying unmerge.sh to /tmp |
175 |
copying unmerge.sh to /release/buildroot/amd64-dev/tmp/hardened/stage4-amd64-hardened+cloud-nomultilib-20160114//tmp |
176 |
copying chroot-functions.sh to /release/buildroot/amd64-dev/tmp/hardened/stage4-amd64-hardened+cloud-nomultilib-20160114//tmp |
177 |
Ensure the file has the executable bit set |
178 |
Running unmerge.sh in chroot /release/buildroot/amd64-dev/tmp/hardened/stage4-amd64-hardened+cloud-nomultilib-20160114/ |
179 |
>>> Regenerating /etc/ld.so.cache... |
180 |
emerge --quiet --usepkg --buildpkg --newuse -C sys-kernel/genkernel sys-kernel/gentoo-sources |
181 |
|
182 |
--- Couldn't find 'sys-kernel/genkernel' to unmerge. |
183 |
|
184 |
--- Couldn't find 'sys-kernel/gentoo-sources' to unmerge. |
185 |
|
186 |
!!! catalyst: Unmerge script failed. |
187 |
|
188 |
Traceback (most recent call last): |
189 |
File "/usr/lib64/catalyst/catalyst", line 218, in build_target |
190 |
mytarget.run() |
191 |
File "modules/generic_stage_target.py", line 1304, in run |
192 |
apply(getattr(self,x)) |
193 |
File "modules/generic_stage_target.py", line 1336, in unmerge |
194 |
env=self.env) |
195 |
File "/usr/lib64/catalyst//modules/catalyst_support.py", line 541, in cmd |
196 |
raise CatalystError,myexc |
197 |
CatalystError |
198 |
!!! catalyst: Error encountered during run of target stage4 |
199 |
Catalyst aborting.... |
200 |
lockfile does not exist '/release/buildroot/amd64-dev/tmp/hardened/stage4-amd64-hardened+cloud-nomultilib-20160114/.catalyst_lock' |
201 |
|
202 |
|
203 |
|
204 |
Full build log at /release/tmp/run/catalyst-auto.B7rM4z/log/hardened_stage4-nomultilib-cloud.log |