* [gentoo-hardened] Unofficial hardened-sources ebuilds?
@ 2017-08-15 19:13 Alex Efros
2017-08-15 20:39 ` philipp.ammann
0 siblings, 1 reply; 3+ messages in thread
From: Alex Efros @ 2017-08-15 19:13 UTC (permalink / raw
To: gentoo-hardened
Hi!
Quoting news item:
> As an alternative, for users happy keeping themselves on the stable
> 4.9 branch of the kernel minipli, another Grsec user, is forward
> porting the patches on [3].
>
> Strcat from Copperhead OS is making his own version of the patches
> forward ported to the latest version of the Linux tree at [4].
>
> The Gentoo Hardened team can't make any statement regarding the
> security, reliability or update availability of either those patches
> as we aren't providing them and can't therefore make any
> recommendation regarding their use.
>
> We'd like to note that all the userspace hardening and MAC support
> for SELinux provided by Gentoo Hardened will still remain there and
> is unaffected by this removal.
>
> [3] https://github.com/minipli/linux-unofficial_grsec
> [4] https://github.com/copperhead/linux-hardened
Sounds cool, but is anyone is going to provide ebuilds for these kernels?
Not official, but having these in some overlay is better than nothing.
--
WBR, Alex.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [gentoo-hardened] Unofficial hardened-sources ebuilds?
2017-08-15 19:13 [gentoo-hardened] Unofficial hardened-sources ebuilds? Alex Efros
@ 2017-08-15 20:39 ` philipp.ammann
2017-08-15 21:33 ` Alex Efros
0 siblings, 1 reply; 3+ messages in thread
From: philipp.ammann @ 2017-08-15 20:39 UTC (permalink / raw
To: gentoo-hardened
Am 15.08.2017 21:13 schrieb Alex Efros:
> [...]
>>
>> [3] https://github.com/minipli/linux-unofficial_grsec
>> [4] https://github.com/copperhead/linux-hardened
>
> Sounds cool, but is anyone is going to provide ebuilds for these
> kernels?
> Not official, but having these in some overlay is better than nothing.
You don't really need an ebuild. What I do is manually install
sys-devel/bc and then:
cd /usr/src
git clone --single-branch --branch=linux-4.9.x-unofficial_grsec
git://github.com/minipli/linux-unofficial_grsec.git grsec
ln -s grsec linux
(You 'need' the linux symlink for ebuilds to be able to check .config
options)
Whenever there is a new release simply run 'git pull'.
Cheers
Philipp
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [gentoo-hardened] Unofficial hardened-sources ebuilds?
2017-08-15 20:39 ` philipp.ammann
@ 2017-08-15 21:33 ` Alex Efros
0 siblings, 0 replies; 3+ messages in thread
From: Alex Efros @ 2017-08-15 21:33 UTC (permalink / raw
To: gentoo-hardened
Hi!
On Tue, Aug 15, 2017 at 10:39:30PM +0200, philipp.ammann@posteo.de wrote:
> You don't really need an ebuild. What I do is manually install
> sys-devel/bc and then:
...
> Whenever there is a new release simply run 'git pull'.
Ebuild is anyway useful - if it's not -9999 then it let me control which
version (tag) will be installed at all my servers using standard
portage-way (/etc/portage/package.*). With git I'll have to do manual `git
checkout TAG` on every server to get same (tested) version everywhere.
--
WBR, Alex.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2017-08-15 21:33 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-08-15 19:13 [gentoo-hardened] Unofficial hardened-sources ebuilds? Alex Efros
2017-08-15 20:39 ` philipp.ammann
2017-08-15 21:33 ` Alex Efros
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox