Gentoo metadata support for CPE
by Sven Vermeulen, post on Fri 10 May 2013Recently, the metadata.xml file syntax definition (the DTD for those
that know a bit of XML) has been updated to support CPE definitions. A
CPE (Common Platform Enumeration) is an
identifier that
describes an
application, operating system or hardware device using its vendor,
product name, version, update, edition and …
Added "predictable network interface" info into the handbook
by Sven Vermeulen, post on Tue 07 May 2013Being long overdue - like many of our documentation-reported bugs :-( I worked on bug 466262 to update the Gentoo Handbook with information about Network Interface Naming. Of course, the installation instructions have also seen the necessary updates to refer to this change.
With some luck (read: time) I might be able …
Gentoo protip: using buildpkgonly
by Sven Vermeulen, post on Thu 25 April 2013If you don't want to have the majority of builds run in the background while you are busy on the system, but you don't want to automatically install software in the background when you are not behind your desk, then perhaps you can settle for using binary packages. I'm not …
SLOT'ing the old swig-1
by Sven Vermeulen, post on Tue 23 April 2013The SWIG tool helps developers in building interfaces/libraries that can be accessed from many other languages than the ones the library is initially written in or for. The SELinux userland utility setools uses it to provide Python and Ruby interfaces even though the application itself is written in C …
Introducing selocal for small SELinux policy enhancements
by Sven Vermeulen, post on Sun 21 April 2013When working with a SELinux-enabled system, administrators will eventually need to make small updates to the existing policy. Instead of building their own full policy (always an option, but most likely not maintainable in the long term) one or more SELinux policy modules are created (most distributions use a modular …
Transforming GuideXML to DocBook
by Sven Vermeulen, post on Sat 20 April 2013I recently committed an XSL stylesheet that allows us to transform the GuideXML documents (both guides and handbooks) to DocBook. This isn't part of a more elaborate move to try and push DocBook instead of GuideXML for the Gentoo Documentation though (I'd rather direct documentation development more to the Gentoo …
Another Gentoo Hardened month has passed
by Sven Vermeulen, post on Thu 18 April 2013Another month has passed, so time to mention again what we have all been doing lately ;-)
Toolchain
Version 4.8 of GCC is available in the tree, but currently masked. The package contains a fix needed to build hardened-sources, and a fix for the asan (address sanitizer). asan support in …
Not needing run_init for password-less service management
by Sven Vermeulen, post on Tue 09 April 2013One of the things that has been bugging me was why, even with having
pam_rootok.so set in /etc/pam.d/run_init, I cannot enjoy
passwordless service management without using run_init directly:
# rc-service postgresql-9.2 status
Authenticating root.
Password:
# run_init rc-service postgresql-9.2 status
Authenticating root.
* status: started
So I …
Separate puppet provider for Gentoo/SELinux?
by Sven Vermeulen, post on Sun 07 April 2013While slowly transitioning my playground infrastructure towards Puppet, I already am in process of creating a custom provider for things such as services. Puppet uses providers as "implementations" for the functions Puppet needs. For instance, for the service type (which handles init script services), there are providers for RedHat, Debian …
SELinux tutorial series
by Sven Vermeulen, post on Fri 15 March 2013As we get a growing number of SELinux users within Gentoo Hardened and because the SELinux usage at the firm I work at is most likely going to grow as well, I decided to join the bunch of documents on SELinux that are "out there" and start a series of …