View previous topic :: View next topic |
Author |
Message |
chawkinsuf n00b
Joined: 09 Feb 2012 Posts: 5
|
Posted: Thu Oct 03, 2013 2:54 am Post subject: Masked Kernel Versions |
|
|
Can someone explain why all the versions of the kernel prior to 3.10 are masked?
I have some systems that haven't had their kernels updated in a while and it is time to give the kernels an update. However, I am running some software that requires 3.6 or earlier. Even the version that I have been running without incident for over a year is now masked.
Is it safe to unmask and use an older kernel version? Is there a resource that can describe why a package is masked? Thanks. |
|
Back to top |
|
|
eyoung100 Veteran
Joined: 23 Jan 2004 Posts: 1428
|
Posted: Thu Oct 03, 2013 5:22 pm Post subject: |
|
|
Taken from: Online Repository: /profiles/package.mask
Quote: | 275 # Tom Wijsman <TomWij@gentoo.org> (28 Aug 2013)
276 # =sys-kernel/gentoo-sources-3.8.13 is masked due to multiple security bugs:
277 #
278 # 1. Security Bug #475618: CVE-2013-1059:
279 # Linux Kernel: Ceph: NULL Pointer Dereference Denial of Service Vulnerability
280 #
281 # 2. Security Bug #480200: CVE-2013-4205:
282 # Linux Kernel: CLONE_NEWUSER local DoS
283 #
284 # 3. Security Bug #482896: From CVE-2013-2888 to CVE-2013-2899:
285 # Linux Kernel: HID security flaws (Memory writes and leaks, NULL DoS, etc...)
286 #
287 # This kernel also contains other security bugs due to its old age (May 11).
288 #
289 # We advice users to upgrade to the new stable kernel 3.10.7; alternatively, if
290 # necessary, users can also choose to accept keywords and accept a kernel from
291 # the earlier long term stable branches (3.0.X or 3.4.Y), this might be the case
292 # if you have older hardware or an unfortunate stability bug on 3.10.7.
293 #
294 # You can accept keywords by adding sys-kernel/gentoo-sources to the file
295 # /etc/portage/package.accept_keywords after which you can run
296 # `emerge sys-kernel/gentoo-sources:X.Y.Z` to select a specific LTS kernel.
297 # When you choose to turn back to stable later, don't forget to remove that.
298 #
299 # For proprietary NVIDIA drivers users, we temporarily keep 3.9.11-r1 around
300 # as some of them experience problems with the new stable kernel 3.10.7; we aim
301 # to mask it in one of the next weeks when the time is right.
302 #
303 # References:
304 #
305 # - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1059
306 # - https://secunia.com/advisories/54042/
307 # - https://bugs.gentoo.org/show_bug.cgi?id=475618
308 # - https://bugs.gentoo.org/show_bug.cgi?id=480200
309 # - https://bugs.gentoo.org/show_bug.cgi?id=482896
310 # - https://bugs.gentoo.org/buglist.cgi?quicksearch=assignee%3Asecurity%20kernel
311 #
312 =sys-kernel/gentoo-sources-3.8.13
|
Of Special notice:
Quote: | 289 # We advice users to upgrade to the new stable kernel 3.10.7; alternatively, if
290 # necessary, users can also choose to accept keywords and accept a kernel from
291 # the earlier long term stable branches (3.0.X or 3.4.Y), this might be the case
292 # if you have older hardware or an unfortunate stability bug on 3.10.7.
293 #
294 # You can accept keywords by adding sys-kernel/gentoo-sources to the file
295 # /etc/portage/package.accept_keywords after which you can run
296 # `emerge sys-kernel/gentoo-sources:X.Y.Z` to select a specific LTS kernel.
297 # When you choose to turn back to stable later, don't forget to remove that. |
This approach allows Gentoo to have Slotted Kernels, while maintaining the approach of every other distro(one kernel fits all) Slotting kernels is not for everyone, hence the above comment. _________________ The Birth and Growth of Science is the Death and Atrophy of Art -- Unknown
Registerd Linux User #363735
Adopt a Post | Strip Comments| Emerge Wrapper |
|
Back to top |
|
|
chawkinsuf n00b
Joined: 09 Feb 2012 Posts: 5
|
Posted: Thu Oct 03, 2013 6:49 pm Post subject: |
|
|
That answers my question. Thanks for the help and pointing me where to look next time I have a similar question.
If I'm reading that correctly it means that 3.4.x is still considered stable, but it's masked to encourage people to upgrade to 3.10.x unless they have a specific reason to do otherwise. |
|
Back to top |
|
|
eyoung100 Veteran
Joined: 23 Jan 2004 Posts: 1428
|
|
Back to top |
|
|
TomWij Retired Dev
Joined: 04 Jul 2012 Posts: 1553
|
Posted: Fri Oct 04, 2013 7:34 am Post subject: |
|
|
Well, they aren't masked; you just only need to accept keywords for them. Just add ~sys-kernel/gentoo-sources-3.4.64 or so to /etc/portage/package.accept_keywords and you will be fine.
If they are indeed masked, like only 3.8.13; you'll need to add it to /etc/portage/package.unmask as well. |
|
Back to top |
|
|
eyoung100 Veteran
Joined: 23 Jan 2004 Posts: 1428
|
Posted: Fri Oct 04, 2013 2:13 pm Post subject: |
|
|
TomWij wrote: | Well, they aren't masked; you just only need to accept keywords for them. Just add ~sys-kernel/gentoo-sources-3.4.64 or so to /etc/portage/package.accept_keywords and you will be fine.
If they are indeed masked, like only 3.8.13; you'll need to add it to /etc/portage/package.unmask as well. |
You can trust what he says as he is the one who wrote the section I quoted _________________ The Birth and Growth of Science is the Death and Atrophy of Art -- Unknown
Registerd Linux User #363735
Adopt a Post | Strip Comments| Emerge Wrapper |
|
Back to top |
|
|
chawkinsuf n00b
Joined: 09 Feb 2012 Posts: 5
|
Posted: Fri Oct 04, 2013 2:45 pm Post subject: |
|
|
I guess I am a little confused about the terminology then. This is the emerge response when I try to install this package before adding it to accept_keywords. Is this something specific to the way the kernel sources are handled?
Code: |
emerge -uav =sys-kernel/gentoo-sources-3.4.63
These are the packages that would be merged, in order:
Calculating dependencies... done!
!!! All ebuilds that could satisfy "=sys-kernel/gentoo-sources-3.4.63" have been masked.
!!! One of the following masked packages is required to complete your request:
- sys-kernel/gentoo-sources-3.4.63::gentoo (masked by: ~amd64 keyword)
For more information, see the MASKED PACKAGES section in the emerge
man page or refer to the Gentoo Handbook.
|
Also, the package info lists the version as unstable, so it is a little unclear that the version is actually stable. |
|
Back to top |
|
|
figueroa Advocate
Joined: 14 Aug 2005 Posts: 2963 Location: Edge of marsh USA
|
Posted: Fri Oct 04, 2013 3:08 pm Post subject: |
|
|
Quote: | Of Special notice:
Quote:
289 # We advice users to upgrade to the new stable kernel 3.10.7; alternatively, if
290 # necessary, users can also choose to accept keywords and accept a kernel from
291 # the earlier long term stable branches (3.0.X or 3.4.Y), this might be the case
292 # if you have older hardware or an unfortunate stability bug on 3.10.7.
293 #
294 # You can accept keywords by adding sys-kernel/gentoo-sources to the file
295 # /etc/portage/package.accept_keywords after which you can run
296 # `emerge sys-kernel/gentoo-sources:X.Y.Z` to select a specific LTS kernel.
297 # When you choose to turn back to stable later, don't forget to remove that. |
Best explanation I've ever seen. Unfortunately, ordinary users don't usually come across these jewels of wisdom. I would recommend the message above be included in gentoo-sources elog message.
I've just completed upgrading 2 machines to 3.10.7-r1 from 3.5.7 (and will deploy to all others) which has served me well for many months on about a dozen machines, desktops, laptops, and servers. Installing 3.10.7-r1 was the most trouble free installation ever. _________________ Andy Figueroa
hp pavilion hpe h8-1260t/2AB5; spinning rust x3
i7-2600 @ 3.40GHz; 16 gb; Radeon HD 7570
amd64/23.0/split-usr/desktop (stable), OpenRC, -systemd -pulseaudio -uefi |
|
Back to top |
|
|
chawkinsuf n00b
Joined: 09 Feb 2012 Posts: 5
|
Posted: Fri Oct 04, 2013 3:18 pm Post subject: |
|
|
Yeah, that explanation is good. Now that I've seen it I understand, but i didn't come across it until I made this post. More visibility might help. |
|
Back to top |
|
|
eyoung100 Veteran
Joined: 23 Jan 2004 Posts: 1428
|
Posted: Fri Oct 04, 2013 3:30 pm Post subject: |
|
|
chawkinsuf wrote: | I guess I am a little confused about the terminology then. This is the emerge response when I try to install this package before adding it to accept_keywords. Is this something specific to the way the kernel sources are handled?
Code: |
emerge -uav =sys-kernel/gentoo-sources-3.4.63
These are the packages that would be merged, in order:
Calculating dependencies... done!
!!! All ebuilds that could satisfy "=sys-kernel/gentoo-sources-3.4.63" have been masked.
!!! One of the following masked packages is required to complete your request:
- sys-kernel/gentoo-sources-3.4.63::gentoo (masked by: ~amd64 keyword)
For more information, see the MASKED PACKAGES section in the emerge
man page or refer to the Gentoo Handbook.
|
Also, the package info lists the version as unstable, so it is a little unclear that the version is actually stable. |
/etc/portage/package.accept_keywords
sys-kernel/gentoo-sources ~amd64
Code: | emerge gentoo-sources:3.4.63 |
In this case the colon represents the SLOT Number _________________ The Birth and Growth of Science is the Death and Atrophy of Art -- Unknown
Registerd Linux User #363735
Adopt a Post | Strip Comments| Emerge Wrapper
Last edited by eyoung100 on Tue Oct 08, 2013 1:39 am; edited 1 time in total |
|
Back to top |
|
|
TomWij Retired Dev
Joined: 04 Jul 2012 Posts: 1553
|
Posted: Fri Oct 04, 2013 4:18 pm Post subject: |
|
|
chawkinsuf wrote: | I guess I am a little confused about the terminology then. |
Not specific to the kernel sources, but the "(masked by: ~amd64 keyword)" bit explains it; saying "something is masked" is kind of ambigiuous on its own.
What I meant to say is that we haven't explicitly put the other versions it in package.mask; so, the only thing that makes it not visible is that keyword.
figueroa wrote: | Best explanation I've ever seen. Unfortunately, ordinary users don't usually come across these jewels of wisdom. I would recommend the message above be included in gentoo-sources elog message. |
We'll consider to maybe add a more generic form, or maybe instead consider to put it clearly visible in the kernel and kernel upgrade guides; etc... |
|
Back to top |
|
|
eyoung100 Veteran
Joined: 23 Jan 2004 Posts: 1428
|
Posted: Fri Oct 04, 2013 4:56 pm Post subject: |
|
|
TomWij wrote: |
Not specific to the kernel sources, but the "(masked by: ~amd64 keyword)" bit explains it; saying "something is masked" is kind of ambigiuous on its own.
What I meant to say is that we haven't explicitly put the other versions it in package.mask; so, the only thing that makes it not visible is that keyword. |
@chawkinsuf: Remember to unmask the slot, not a particular package. _________________ The Birth and Growth of Science is the Death and Atrophy of Art -- Unknown
Registerd Linux User #363735
Adopt a Post | Strip Comments| Emerge Wrapper |
|
Back to top |
|
|
|