Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 673276

Summary: Deprecate hardened/linux/* profiles
Product: Gentoo Linux Reporter: Sergei Trofimovich (RETIRED) <slyfox>
Component: ProfilesAssignee: The Gentoo Linux Hardened Team <hardened>
Status: RESOLVED FIXED    
Severity: normal CC: alexander, gentoo, matoro_bugzilla_gentoo
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 672960    

Description Sergei Trofimovich (RETIRED) gentoo-dev 2018-12-16 19:35:50 UTC 
Gentoo eventually plans to remove 13.0 profiles (bug #672960).

Please deprecate existing profiles as they depends on 'releases/13.0' directly or indirectly.

Affected hardened profiles (identified with [1]):

$ ./is-deprecated-profile.sh $(./expand-all-profiles.sh | fgrep releases/13.0 | awk '{ print $1 }') | fgrep -v DEPRECATED

hardened/linux/arm/armv6j ACTIVE
hardened/linux/arm/armv7a ACTIVE
hardened/linux/ia64 ACTIVE
hardened/linux/mips/mipsel/multilib/n32 ACTIVE
hardened/linux/mips/mipsel/multilib/n64 ACTIVE
hardened/linux/mips/mipsel/n32 ACTIVE
hardened/linux/mips/mipsel/n64 ACTIVE
hardened/linux/mips/multilib/n32 ACTIVE
hardened/linux/mips/multilib/n64 ACTIVE
hardened/linux/mips/n32 ACTIVE
hardened/linux/mips/n64 ACTIVE
hardened/linux/powerpc/ppc32 ACTIVE
hardened/linux/powerpc/ppc64/32bit-userland ACTIVE
hardened/linux/powerpc/ppc64/64bit-userland ACTIVE

[1]: https://github.com/trofi/gentoo-qa/blob/master/profiles/is-deprecated-profile.sh
Comment 1 Larry the Git Cow gentoo-dev 2019-02-19 22:37:59 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=553a5d05aa3c3cbace4809893d555a3f890f87d1

commit 553a5d05aa3c3cbace4809893d555a3f890f87d1
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2019-02-19 22:35:54 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2019-02-19 22:35:54 +0000

    profiles/hardened/linux/ia64: deprecate in favour of 17.0 profiles
    
    Use default/linux/ia64/17.0 instead.
    Bug: https://bugs.gentoo.org/673276
    Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>

 profiles/hardened/linux/ia64/deprecated | 1 +
 1 file changed, 1 insertion(+)
Comment 2 Sergei Trofimovich (RETIRED) gentoo-dev 2019-02-19 22:40:14 UTC 
Hey hardened@, is it fine to redirect arm, mips and powerpc64 to their vanilla 17.0 counterparts?
Comment 3 Francisco Blas Izquierdo Riera (RETIRED) gentoo-dev 2019-02-20 00:40:05 UTC 
Hi slyfox, @hardened!

Just wanted to raise that when migrating profiles I found out that the urandom USE flag was disabled when migrating the profiles. This means that they aren't equivalent. Please consider this before automatically redirecting profiles.
Comment 4 Larry the Git Cow gentoo-dev 2019-02-20 22:35:22 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8f1090e880e1ae850f538ec388d08c352e5e5354

commit 8f1090e880e1ae850f538ec388d08c352e5e5354
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2019-02-20 22:32:19 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2019-02-20 22:32:19 +0000

    profiles/hardened/linux/arm: deprecate in favour of 17.0 profiles
    
    Use
      default/linux/arm/17.0/armv6j
      default/linux/arm/17.0/armv7a
    instead.
    
    Note: these are vanilla profiles and thus have a few
    hardened-specific USE-flags disabled.
    
    Bug: https://bugs.gentoo.org/673276
    Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>

 profiles/hardened/linux/arm/armv6j/deprecated | 1 +
 profiles/hardened/linux/arm/armv7a/deprecated | 1 +
 2 files changed, 2 insertions(+)
Comment 5 Larry the Git Cow gentoo-dev 2019-02-20 22:46:17 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cb39bd5a42d7ec60c07cda5a79023a774713e9f9

commit cb39bd5a42d7ec60c07cda5a79023a774713e9f9
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2019-02-20 22:45:21 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2019-02-20 22:45:21 +0000

    profiles/hardened/linux/powerpc: deprecate in favour of 17.0 profiles
    
    Use
      default/linux/powerpc/ppc32/17.0
      default/linux/powerpc/ppc64/17.0/32bit-userland
      default/linux/powerpc/ppc64/17.0/64bit-userland
    instead.
    
    Note: these are vanilla profiles and thus have a few
    hardened-specific USE-flags disabled.
    
    Bug: https://bugs.gentoo.org/673276
    Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>

 profiles/hardened/linux/powerpc/ppc32/deprecated                | 1 +
 profiles/hardened/linux/powerpc/ppc64/32bit-userland/deprecated | 1 +
 profiles/hardened/linux/powerpc/ppc64/64bit-userland/deprecated | 1 +
 3 files changed, 3 insertions(+)
Comment 6 Larry the Git Cow gentoo-dev 2019-02-20 22:58:01 UTC 
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=df82390f4eca9af00d6514f27604f7c80946de07

commit df82390f4eca9af00d6514f27604f7c80946de07
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2019-02-20 22:55:30 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2019-02-20 22:55:30 +0000

    profiles/hardened/linux/mips: deprecate in favour of 17.0 profiles
    
    Use default/linux/mips/17.0/* equivalent instead.
    
    Note: these are vanilla profiles and thus have a few
    hardened-specific USE-flags disabled.
    
    Closes: https://bugs.gentoo.org/673276
    Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>

 profiles/hardened/linux/mips/mipsel/multilib/n32/deprecated | 1 +
 profiles/hardened/linux/mips/mipsel/multilib/n64/deprecated | 1 +
 profiles/hardened/linux/mips/mipsel/n32/deprecated          | 1 +
 profiles/hardened/linux/mips/mipsel/n64/deprecated          | 1 +
 profiles/hardened/linux/mips/multilib/n32/deprecated        | 1 +
 profiles/hardened/linux/mips/multilib/n64/deprecated        | 1 +
 profiles/hardened/linux/mips/n32/deprecated                 | 1 +
 profiles/hardened/linux/mips/n64/deprecated                 | 1 +
 8 files changed, 8 insertions(+)
Comment 7 matoro archtester 2019-02-21 21:56:49 UTC 
Could I ask what the recommended action is for users who would like to keep hardened configurations on arm devices?  Does this change mean that the Hardened Project no longer supports the entire architecture?