[gentoo-dev] Why is my news item not showing up.

[gentoo-dev] Why is my news item not showing up.

[Anthony G. Basile]

Hi everyone,

I pushed out my news item and it landed in /usr/portage/metadata on my 
hardened servers, but its not showing up with eselect news.  Does anyone 
know why?  I don't know how to debug this.  I pushed it to 
git.gentoo.org/data/gentoo-news.git in a directory called 
2015-10-21-future-support-of-hardened-sources-kernel.  I have two files 
in there:

2015-10-21-future-support-of-hardened-sources-kernel.en.txt
2015-10-21-future-support-of-hardened-sources-kernel.en.txt.asc

Here' it is again just so you don't have to go digging:

Title: Future Support of hardened-sources Kernel
Content-Type: text/plain
Posted: 2015-10-21
Revision: 1
News-Item-Format: 1.0
Display-If-Installed: sys-kernel/hardened-sources
Display-If-Keyword: hardened
Display-If-Keyword: pax_kernel
Display-If-Profile: hardened/linux/amd64
Display-If-Profile: hardened/linux/amd64/no-multilib
Display-If-Profile: hardened/linux/amd64/no-multilib/selinux
Display-If-Profile: hardened/linux/amd64/selinux
Display-If-Profile: hardened/linux/amd64/x32
Display-If-Profile: hardened/linux/arm/armv6j
Display-If-Profile: hardened/linux/arm/armv7a
Display-If-Profile: hardened/linux/ia64
Display-If-Profile: hardened/linux/musl/amd64
Display-If-Profile: hardened/linux/musl/amd64/x32
Display-If-Profile: hardened/linux/musl/arm/armv7a
Display-If-Profile: hardened/linux/musl/mips
Display-If-Profile: hardened/linux/musl/mips/mipsel
Display-If-Profile: hardened/linux/musl/ppc
Display-If-Profile: hardened/linux/musl/x86
Display-If-Profile: hardened/linux/powerpc/ppc32
Display-If-Profile: hardened/linux/powerpc/ppc64/32bit-userland
Display-If-Profile: hardened/linux/powerpc/ppc64/64bit-userland
Display-If-Profile: hardened/linux/uclibc/amd64
Display-If-Profile: hardened/linux/uclibc/arm/armv7a
Display-If-Profile: hardened/linux/uclibc/mips
Display-If-Profile: hardened/linux/uclibc/mips/mipsel
Display-If-Profile: hardened/linux/uclibc/ppc
Display-If-Profile: hardened/linux/uclibc/x86
Display-If-Profile: hardened/linux/x86
Display-If-Profile: hardened/linux/x86/selinux

For many years, the Grsecurity team [1] has been supporting two versions of
their security patches against the Linux kernel, a stable and a testing
version, and Gentoo has made both of these available to our users 
through the
hardened-sources package.  However, on August 26 of this year, the team
announced they would no longer be making the stable version publicly
available, citing trademark infringement by a major embedded systems company
as the reason. [2]  The stable patches are now only available to sponsors of
Grsecurity and can no longer be distributed in Gentoo.  However, the 
team did
assure us that they would continue to release and support the testing 
version
as they have in the past.

What does this means for users of hardened-sources?  Gentoo will continue to
make the testing version available through our hardened-sources package 
but we
will have to drop support for the 3.x series.  In a few days, those ebuilds
will be removed from the tree and you will be required to upgrade to a 4.x
series kernel.  Since the hardened-sources package only installs the kernel
source tree, you can continue using a currently built 3.x series kernel but
bear in mind that we cannot support you, nor will upstream.  Also keep 
in mind
that the 4.x series will not be as reliable as the 3.x series was, so
reporting bugs promptly will be even more important.  Gentoo will 
continue to
work closely with upstream to stay on top of any problems, but be 
prepared for
the occasional "bad" kernel.  The more reporting we receive from our users,
the better we will be able to decide which hardened-sources kernels to mark
stable and which to drop.

Refs.
[1] https://grsecurity.net
[2] https://grsecurity.net/announce.php


-- 
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail    : blueness@gentoo.org
GnuPG FP  : 1FED FAD9 D82C 52A5 3BAB  DC79 9384 FA6E F52D 4BBA
GnuPG ID  : F52D4BBA

Re: [gentoo-dev] Why is my news item not showing up.

[Rich Freeman]

On Wed, Oct 21, 2015 at 4:44 AM, Anthony G. Basile <blueness@gentoo.org> wrote:
>
> I pushed out my news item and it landed in /usr/portage/metadata on my
> hardened servers, but its not showing up with eselect news.  Does anyone
> know why?

1.  Do you have hardend-sources installed?
2.  Do you have either hardened or pax_kernel in your ACCEPT_KEYWORDS?
3.  Do you have one of the listed profiles selected?

If the answer to any of those questions is no, then that's your
problem - according to glep 42 the individual checks are ORs, and
they're combined by AND.

-- 
Rich

Re: [gentoo-dev] Why is my news item not showing up.

[Anthony G. Basile]

On 10/21/15 6:05 AM, Rich Freeman wrote:
> On Wed, Oct 21, 2015 at 4:44 AM, Anthony G. Basile <blueness@gentoo.org> wrote:
>> I pushed out my news item and it landed in /usr/portage/metadata on my
>> hardened servers, but its not showing up with eselect news.  Does anyone
>> know why?
> 1.  Do you have hardend-sources installed?
> 2.  Do you have either hardened or pax_kernel in your ACCEPT_KEYWORDS?
> 3.  Do you have one of the listed profiles selected?
>
> If the answer to any of those questions is no, then that's your
> problem - according to glep 42 the individual checks are ORs, and
> they're combined by AND.
>
Wow, am I every blind.  2 is for keywords not use flags.  Thanks.

-- 
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail    : blueness@gentoo.org
GnuPG FP  : 1FED FAD9 D82C 52A5 3BAB  DC79 9384 FA6E F52D 4BBA
GnuPG ID  : F52D4BBA