Thanks to the hard work of quark and cardoe, nvidia drivers can now compile against hardened-sources again. https://bugs.gentoo.org/show_bug.cgi?id=385837 I'd like very much to unmask it on the hardened profile. I use my dual video card (intel/nvidia) optimus laptop every day, and really enjoy using the added compute power of my gpu to crack hashes and other vileness that makes my job much better. At this point, all of this stuff seems to be working properly in hardened so all users of nvidia-drivers who want cuda/opencl support can have it right now EXCEPT for the masks on the drivers and use flags. Please consider dropping the mask so that all users can enjoy what I enjoy. I realize that using the video card for, well, video, may not be ready for prime time, but you seem to have specifically gone after the things that actually work fine (masking cuda use flag) despite that having nothing to do with video difficulty. Please give this serious consideration, I have already unmasked all this in my profile and it's working great.
Pasted from my irc away.log 06:51 #gentoo-hardened: <@blueness> sorry to Zero_Chaos but I need to see it work, and if getting it to work is complicated then we need to see doucmentation 06:55 #gentoo-hardened: <@blueness> or if Zero_Chaos wants to give me "steps to reproduce" i might pass that to a student to try 07:07 #gentoo-hardened: <@Zorry> Zero_Chaos: test all stuff (video, media, all desktop bling bling) and document it Right now I do NOT expect video, media, bling, to function. Nor do I personally care at all about this (not saying I won't work on it in the future, just saying I don't care now). I want this unmasked because I can confirm cuda/opencl works with the nvidia-drivers and this is what I need for my use case. I am happy to work on video bling next, but right now, let's walk before we run?
new versions of nvidia-drivers now have an X use flag which controls the X requirement and what not. perhaps masking the X use flag for now would make our intent clear that this is for cuda/opencl only at this time? It seems like a sane middle ground, at least to me.
Starting from the current state of the tree, can you tell me: 1) what to mask or unmask in the profiles 2) what to emerge in userland, want to not have emerges, 3) what to configure in a kernel, what not to configure. I will attempt to reproduce. I do have one other concern though. nvidia does not have a good track record with linux, and even more so with hardened gentoo. It would be good to know what changed to "fix" the nvidia drivers so it doesn't become a maintainers nightmare every time nvidia decides to change something upstream.
According to Zero Chaos it works, but I would best ask him on what to test and how he'd like to proceed.
(In reply to comment #4) > According to Zero Chaos it works, but I would best ask him on what to test > and how he'd like to proceed. As I suggested long ago, masking the X use flag works pretty well (if you don't want to have to pax-mark X). Other than that I'm not sure what to say. Here is a recent kernel config if it helps... https://code.google.com/p/pentoo/source/browse/livecd/trunk/amd64/kernel/config-3.5.4
Have unmasked it on amd64 but only newer ones (>=300.00) and will have use X masked. Will mask it if any problems.
After unmasking X, the following is basically a working system. nshulman@nvshp:~ $ uname -a Linux nvshp 3.7.0-hardened #4 SMP Wed Jan 9 12:01:45 EST 2013 x86_64 Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz GenuineIntel GNU/Linux nshulman@nvshp:~ $ gcc --version gcc (Gentoo Hardened 4.6.3 p1.9, pie-0.5.2) 4.6.3 nshulman@nvshp:~ $ cat /etc/gentoo-release Gentoo Base System release 2.1 nshulman@nvshp:~ $ equery -q l nvidia-drivers x11-drivers/nvidia-drivers-310.19 nshulman@nvshp:~ $ equery -q l xorg-server x11-base/xorg-server-1.13.1 nshulman@nvshp:~ $ equery -q l xfce4-meta xfce-base/xfce4-meta-4.10nshulman@nvshp:~ Had to disable mprotect on chromium-browser, and there are still some minor problems, but it's usable.
I can also report a working system. (I disabled the X and tool masks on nvidia-drivers) reddragon-PC reddragon # uname -a Linux reddragon-PC 3.7.6-hardened #1 SMP Wed Feb 13 14:14:49 CET 2013 x86_64 AMD Phenom(tm) 9950 Quad-Core Processor AuthenticAMD GNU/Linux reddragon-PC reddragon # gcc --version gcc (Gentoo Hardened 4.6.3 p1.11, pie-0.5.2) 4.6.3 reddragon-PC reddragon # equery -q l nvidia-drivers x11-drivers/nvidia-drivers-313.18 reddragon-PC reddragon # equery -q l xorg-server x11-base/xorg-server-1.13.1 reddragon-PC reddragon # equery -q l kdebase-startkde kde-base/kdebase-startkde-4.9.5 Should I watch out for any problems?
I checked it before, and got always RWX mem protect error. So I disabled memory protection in hardened sources, and since that time the driver works well even with kde, and opengl.
*** Bug 511168 has been marked as a duplicate of this bug. ***
fixed in commit bc56bc58360645770bbdb2cef5bf09cf3e70a19d