Re: [gentoo-user] Issue with new hardened profiles 23.0
On Thursday, 28 March 2024 12:01:54 CET Michael wrote: > On Thursday, 28 March 2024 10:23:29 GMT Matthias Hanft wrote: > > J. Roeleveld wrote: > > > Do you use the binary packages supplied by Gentoo? > > > Or all local-compiled? > > > > All local-compiled, with the exemption of "monster-packages" which > > would take hours or even days to compile (e.g. rust - here I use > > "dev-lang/rust-bin" instead). > > > > I don't even have any of /etc/portage/binrepos.conf or /var/cache/binpkgs/ > > (and "emerge --getbinpkg ..." displays a warning that it won't work). > > > > -Matt > > You mentioned you have created your custom profile with hardened and desktop > - could this action have inadvertently mixed merged with split /usr > profiles in your system? No, because the server uses hardened and the desktop uses a desktop profile. These are 2 different systems. > What does 'tree -L 1 /' show on your server? After the migration, no symlinks for /bin, /sbin or /lib. I have just migrated to merge-usr to make sure this particular issue won't occur again. Hope this does warn others using gentoo-provided binary packages that some weird issues can happen: - desktop profile: prevent the use of binaries for "libtool" - hardened profile: prevent the use of binaries for "libtool" + make symlinks for /usr/sbin/openrc* in /sbin/ The symlinks will be handled correctly when doing the usr-merge afterwards. -- Joost
Re: [gentoo-user] Issue with new hardened profiles 23.0
On Thursday, 28 March 2024 11:23:29 CET Matthias Hanft wrote: > J. Roeleveld wrote: > > Do you use the binary packages supplied by Gentoo? > > Or all local-compiled? > > All local-compiled, with the exemption of "monster-packages" which > would take hours or even days to compile (e.g. rust - here I use > "dev-lang/rust-bin" instead). > > I don't even have any of /etc/portage/binrepos.conf or /var/cache/binpkgs/ > (and "emerge --getbinpkg ..." displays a warning that it won't work). > > -Matt Then I assume the issue is caused by the packages Gentoo supplies. I'll work around it :) -- Joost
Re: [gentoo-user] Issue with new hardened profiles 23.0
On Thursday, 28 March 2024 10:23:29 GMT Matthias Hanft wrote: > J. Roeleveld wrote: > > Do you use the binary packages supplied by Gentoo? > > Or all local-compiled? > > All local-compiled, with the exemption of "monster-packages" which > would take hours or even days to compile (e.g. rust - here I use > "dev-lang/rust-bin" instead). > > I don't even have any of /etc/portage/binrepos.conf or /var/cache/binpkgs/ > (and "emerge --getbinpkg ..." displays a warning that it won't work). > > -Matt You mentioned you have created your custom profile with hardened and desktop - could this action have inadvertently mixed merged with split /usr profiles in your system? What does 'tree -L 1 /' show on your server? signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] Issue with new hardened profiles 23.0
J. Roeleveld wrote: > > Do you use the binary packages supplied by Gentoo? > Or all local-compiled? All local-compiled, with the exemption of "monster-packages" which would take hours or even days to compile (e.g. rust - here I use "dev-lang/rust-bin" instead). I don't even have any of /etc/portage/binrepos.conf or /var/cache/binpkgs/ (and "emerge --getbinpkg ..." displays a warning that it won't work). -Matt
Re: [gentoo-user] Issue with new hardened profiles 23.0
On Thursday, 28 March 2024 08:42:57 CET Matthias Hanft wrote: > J. Roeleveld wrote: > > When rebooting, I noticed the "openrc" program was moved from > > "/sbin/openrc" to "/usr/sbin/openrc". I understand this is related to the > > merge-usr stuff, but I am planning on doing this change later. > > The profile I selected has the "split-usr" in the name (just as > > described). > > > > Has anyone else seen this as well? > > Not here. Moved from > > [3] default/linux/amd64/17.1/hardened (exp) > > to > > [58] default/linux/amd64/23.0/split-usr/hardened (stable) * > > and openrc still remains in /sbin: > > gentoo64 ~ # which openrc > /sbin/openrc > gentoo64 ~ # > > So if your openrc has been moved, there must have been a reason > for this other than simply changing the profile... Do you use the binary packages supplied by Gentoo? Or all local-compiled? If you don't use them, then that explains it. (As I had to prevent the libtool one to be used to avoid issues later with my desktop) -- Joost
Re: [gentoo-user] Issue with new hardened profiles 23.0
J. Roeleveld wrote: > > When rebooting, I noticed the "openrc" program was moved from "/sbin/openrc" > to "/usr/sbin/openrc". I understand this is related to the merge-usr stuff, > but > I am planning on doing this change later. > The profile I selected has the "split-usr" in the name (just as described). > > Has anyone else seen this as well? Not here. Moved from [3] default/linux/amd64/17.1/hardened (exp) to [58] default/linux/amd64/23.0/split-usr/hardened (stable) * and openrc still remains in /sbin: gentoo64 ~ # which openrc /sbin/openrc gentoo64 ~ # So if your openrc has been moved, there must have been a reason for this other than simply changing the profile... -Matt
[gentoo-user] Issue with new hardened profiles 23.0
Hi all, After succesfully migrating my desktop to 23.0, I decided to do the same for my server. The only difference is that the server uses a hardened profile. When rebooting, I noticed the "openrc" program was moved from "/sbin/openrc" to "/usr/sbin/openrc". I understand this is related to the merge-usr stuff, but I am planning on doing this change later. The profile I selected has the "split-usr" in the name (just as described). Has anyone else seen this as well? Thanks, Joost