Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 673276 - Deprecate hardened/linux/* profiles
Summary: Deprecate hardened/linux/* profiles
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Profiles (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: The Gentoo Linux Hardened Team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks: 13.0-deprecation
  Show dependency tree
 
Reported: 2018-12-16 19:35 UTC by Sergei Trofimovich (RETIRED)
Modified: 2019-02-21 21:56 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sergei Trofimovich (RETIRED) gentoo-dev 2018-12-16 19:35:50 UTC
Gentoo eventually plans to remove 13.0 profiles (bug #672960).

Please deprecate existing profiles as they depends on 'releases/13.0' directly or indirectly.

Affected hardened profiles (identified with [1]):

$ ./is-deprecated-profile.sh $(./expand-all-profiles.sh | fgrep releases/13.0 | awk '{ print $1 }') | fgrep -v DEPRECATED

hardened/linux/arm/armv6j ACTIVE
hardened/linux/arm/armv7a ACTIVE
hardened/linux/ia64 ACTIVE
hardened/linux/mips/mipsel/multilib/n32 ACTIVE
hardened/linux/mips/mipsel/multilib/n64 ACTIVE
hardened/linux/mips/mipsel/n32 ACTIVE
hardened/linux/mips/mipsel/n64 ACTIVE
hardened/linux/mips/multilib/n32 ACTIVE
hardened/linux/mips/multilib/n64 ACTIVE
hardened/linux/mips/n32 ACTIVE
hardened/linux/mips/n64 ACTIVE
hardened/linux/powerpc/ppc32 ACTIVE
hardened/linux/powerpc/ppc64/32bit-userland ACTIVE
hardened/linux/powerpc/ppc64/64bit-userland ACTIVE

[1]: https://github.com/trofi/gentoo-qa/blob/master/profiles/is-deprecated-profile.sh
Comment 1 Larry the Git Cow gentoo-dev 2019-02-19 22:37:59 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=553a5d05aa3c3cbace4809893d555a3f890f87d1

commit 553a5d05aa3c3cbace4809893d555a3f890f87d1
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2019-02-19 22:35:54 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2019-02-19 22:35:54 +0000

    profiles/hardened/linux/ia64: deprecate in favour of 17.0 profiles
    
    Use default/linux/ia64/17.0 instead.
    Bug: https://bugs.gentoo.org/673276
    Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>

 profiles/hardened/linux/ia64/deprecated | 1 +
 1 file changed, 1 insertion(+)
Comment 2 Sergei Trofimovich (RETIRED) gentoo-dev 2019-02-19 22:40:14 UTC
Hey hardened@, is it fine to redirect arm, mips and powerpc64 to their vanilla 17.0 counterparts?
Comment 3 Francisco Blas Izquierdo Riera gentoo-dev 2019-02-20 00:40:05 UTC
Hi slyfox, @hardened!

Just wanted to raise that when migrating profiles I found out that the urandom USE flag was disabled when migrating the profiles. This means that they aren't equivalent. Please consider this before automatically redirecting profiles.
Comment 4 Larry the Git Cow gentoo-dev 2019-02-20 22:35:22 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8f1090e880e1ae850f538ec388d08c352e5e5354

commit 8f1090e880e1ae850f538ec388d08c352e5e5354
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2019-02-20 22:32:19 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2019-02-20 22:32:19 +0000

    profiles/hardened/linux/arm: deprecate in favour of 17.0 profiles
    
    Use
      default/linux/arm/17.0/armv6j
      default/linux/arm/17.0/armv7a
    instead.
    
    Note: these are vanilla profiles and thus have a few
    hardened-specific USE-flags disabled.
    
    Bug: https://bugs.gentoo.org/673276
    Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>

 profiles/hardened/linux/arm/armv6j/deprecated | 1 +
 profiles/hardened/linux/arm/armv7a/deprecated | 1 +
 2 files changed, 2 insertions(+)
Comment 5 Larry the Git Cow gentoo-dev 2019-02-20 22:46:17 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cb39bd5a42d7ec60c07cda5a79023a774713e9f9

commit cb39bd5a42d7ec60c07cda5a79023a774713e9f9
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2019-02-20 22:45:21 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2019-02-20 22:45:21 +0000

    profiles/hardened/linux/powerpc: deprecate in favour of 17.0 profiles
    
    Use
      default/linux/powerpc/ppc32/17.0
      default/linux/powerpc/ppc64/17.0/32bit-userland
      default/linux/powerpc/ppc64/17.0/64bit-userland
    instead.
    
    Note: these are vanilla profiles and thus have a few
    hardened-specific USE-flags disabled.
    
    Bug: https://bugs.gentoo.org/673276
    Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>

 profiles/hardened/linux/powerpc/ppc32/deprecated                | 1 +
 profiles/hardened/linux/powerpc/ppc64/32bit-userland/deprecated | 1 +
 profiles/hardened/linux/powerpc/ppc64/64bit-userland/deprecated | 1 +
 3 files changed, 3 insertions(+)
Comment 6 Larry the Git Cow gentoo-dev 2019-02-20 22:58:01 UTC
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=df82390f4eca9af00d6514f27604f7c80946de07

commit df82390f4eca9af00d6514f27604f7c80946de07
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2019-02-20 22:55:30 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2019-02-20 22:55:30 +0000

    profiles/hardened/linux/mips: deprecate in favour of 17.0 profiles
    
    Use default/linux/mips/17.0/* equivalent instead.
    
    Note: these are vanilla profiles and thus have a few
    hardened-specific USE-flags disabled.
    
    Closes: https://bugs.gentoo.org/673276
    Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>

 profiles/hardened/linux/mips/mipsel/multilib/n32/deprecated | 1 +
 profiles/hardened/linux/mips/mipsel/multilib/n64/deprecated | 1 +
 profiles/hardened/linux/mips/mipsel/n32/deprecated          | 1 +
 profiles/hardened/linux/mips/mipsel/n64/deprecated          | 1 +
 profiles/hardened/linux/mips/multilib/n32/deprecated        | 1 +
 profiles/hardened/linux/mips/multilib/n64/deprecated        | 1 +
 profiles/hardened/linux/mips/n32/deprecated                 | 1 +
 profiles/hardened/linux/mips/n64/deprecated                 | 1 +
 8 files changed, 8 insertions(+)
Comment 7 matoro 2019-02-21 21:56:49 UTC
Could I ask what the recommended action is for users who would like to keep hardened configurations on arm devices?  Does this change mean that the Hardened Project no longer supports the entire architecture?