Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Hardened profiles on arm
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
elko
n00b
n00b


Joined: 02 Feb 2010
Posts: 52

PostPosted: Sat Mar 16, 2019 6:34 am    Post subject: Hardened profiles on arm Reply with quote

Hello, I am using hardened profile on arm: hardened/linux/arm/armv7a but portage started to complain:

Code:

!!! Your current profile is deprecated and not supported anymore.
!!! Use eselect profile to update your profile.
!!! Please upgrade to the following profile if possible:

        default/linux/arm/17.0/armv7a

You may use the following command to upgrade:

        eselect profile set default/linux/arm/17.0/armv7a


However, the suggested profile does not contain the hardened use flag. On amd64, there is default/linux/amd64/17.0/hardened but I do not see similar profile for arm:

Code:

eselect  profile list | grep hardened
  [65]  hardened/linux/arm/armv6j (dev)
  [66]  hardened/linux/arm/armv7a (dev) *
  [68]  hardened/linux/musl/arm/armv7a (exp)
  [70]  default/linux/arm/17.0/musl/armv6j/hardened (exp)
  [72]  default/linux/arm/17.0/musl/armv7a/hardened (exp)
  [74]  hardened/linux/uclibc/arm/armv7a (exp)
  [76]  default/linux/arm/17.0/uclibc/armv6j/hardened (exp)
  [78]  default/linux/arm/17.0/uclibc/armv7a/hardened (exp)


I guess I can change to default/linux/arm/17.0/musl/armv7a/hardened but I am not sure what changing the C library could mean. Do I recompile all software? Are there any problems that I might encounter running server (Apache, Dovecot, Bind, Postfix) without X?
Back to top
View user's profile Send private message
g2g591
Tux's lil' helper
Tux's lil' helper


Joined: 17 Sep 2007
Posts: 135

PostPosted: Tue Mar 19, 2019 4:32 am    Post subject: Reply with quote

a c library change is no small thing. You can mix and match your own profile without too much trouble though, check out https://wiki.gentoo.org/wiki/Profile_(Portage)#Combining_profiles (copy and paste because the forum hates the parenthesis in the link) . Setup a local repo/overlay and make your own profile with parents like
Code:
gentoo:default/linux/17.0/armv7a
gentoo:features/hardened

( you could pick any of the more specific profiles inside default/linux/17.0/armv7a to base your custom hardened profile on, like default/linux/17.0/armv7a/desktop/gnome for example)
If you wanted, you could even add selinux (features/selinux) by adding it to the bottom of the list the same way (lower on the list means higher priority, so you'd want your base gentoo:default/linux/17.0/armv7a on top then other useflags then override things with hardened and selinux as the bottom two )

[Moderator edit: fixed URL. Forum auto-linking does not work when the URL contains parentheses; the target must be set explicitly. -Hu]
(I tried explictly setting the target, turns out the key is changing the parenthesis to the %28 and %29, definately wish I could remeber that for next time, but I doubt it)


Last edited by g2g591 on Wed Mar 20, 2019 9:15 am; edited 1 time in total
Back to top
View user's profile Send private message
g2g591
Tux's lil' helper
Tux's lil' helper


Joined: 17 Sep 2007
Posts: 135

PostPosted: Tue Mar 19, 2019 9:03 pm    Post subject: Reply with quote

Oh yeah, I forgot, here's the migration steps to run switching to your new 17.0 based profile, Arm specific 17.0 news/steps

other 17.0 profile news.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum