>=sys-devel/gcc-3.4 on Sparc U5 SeLinux

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

>=sys-devel/gcc-3.4 on Sparc U5 SeLinux

gentuxx
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I'm in the process of migrating my U5 system to an SELinux profile.
Thanks to Gustavo Zacarias and his excellent kernel work, I've managed
to get through the most of the migration guide (after an ugly battle
trying to get a functional hardened-sources kernel).  Now I'm sort of
at a "time to jump off the cliff" point.  I'm booted in the new
environment, with the hardened kernel, selinux profile, selinux policy
tools, and selinux base policy.  I'm about to run an `emerge -DuatvN
world' to pull in all of the remaining selinux-policy packages, and
recompile installed packages that need it with the new USE flags.
But, alas, if it were only that easy.

Emerge fails right away stating "All ebuilds that could satisfy
">=sys-devel/gcc-3.4" have been masked.".  All of the versions are
masked by profile (and missing keyword).  So my question is three-fold:

1)  If I put '<=sys-devel/gcc-4.2.0 ~sparc' in the
/etc/portage/package.keywords file, will that satisfy the masking and
allow me to install gcc-4.1.1-r1- even if it's masked by my profile?

2)  I am currently running the selinux/2005.1/sparc64 profile.  Is
there a newer one that would satisfy the above maskings?  If so, what
do I need to emerge to get it on my system?  Portage?  I'm already
running portage-2.1-r1.

3)  Finally, what are your experiences with running a newer (>=4.0)
version of gcc on sparc?  I want this system to be rock solid, so I'm
a little apprehensive about unmasking and running the
newest-greatest-fastest gcc, being such a fundamental part of a gentoo
system.

TIA

- --
gentux
echo "hfouvyyAhnbjm/dpn" | perl -pe 's/(.)/chr(ord($1)-1)/ge'

gentux's gpg fingerprint ==> 5495 0388 67FF 0B89 1239  D840 4CF0 39E2
18D3 4A9E
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFEsAZCTPA54hjTSp4RAoHVAJ97tyl+czDQi/ZX5IXeXLAxgTEdCwCdFwEQ
vfpwlkTQHYKZg1T8+o0DGt8=
=jn+D
-----END PGP SIGNATURE-----

--
[hidden email] mailing list

Reply | Threaded
Open this post in threaded view
|

Re: >=sys-devel/gcc-3.4 on Sparc U5 SeLinux

Gustavo Zacarias
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

gentuxx wrote:

> I'm in the process of migrating my U5 system to an SELinux profile.
> Thanks to Gustavo Zacarias and his excellent kernel work, I've managed
> to get through the most of the migration guide (after an ugly battle
> trying to get a functional hardened-sources kernel).  Now I'm sort of
> at a "time to jump off the cliff" point.  I'm booted in the new
> environment, with the hardened kernel, selinux profile, selinux policy
> tools, and selinux base policy.  I'm about to run an `emerge -DuatvN
> world' to pull in all of the remaining selinux-policy packages, and
> recompile installed packages that need it with the new USE flags.
> But, alas, if it were only that easy.
>
> Emerge fails right away stating "All ebuilds that could satisfy
> ">=sys-devel/gcc-3.4" have been masked.".  All of the versions are
> masked by profile (and missing keyword).  So my question is three-fold:

I'd venture to say the SELinux profile hasn't been updated/tested in
some time. It's handled by the selinux/hardened team so we can't help
much there.

> 1)  If I put '<=sys-devel/gcc-4.2.0 ~sparc' in the
> /etc/portage/package.keywords file, will that satisfy the masking and
> allow me to install gcc-4.1.1-r1- even if it's masked by my profile?
>
> 2)  I am currently running the selinux/2005.1/sparc64 profile.  Is
> there a newer one that would satisfy the above maskings?  If so, what
> do I need to emerge to get it on my system?  Portage?  I'm already
> running portage-2.1-r1.

I'd say try with the current stable toolchain for sparc rather than
venturing into higher things.

> 3)  Finally, what are your experiences with running a newer (>=4.0)
> version of gcc on sparc?  I want this system to be rock solid, so I'm
> a little apprehensive about unmasking and running the
> newest-greatest-fastest gcc, being such a fundamental part of a gentoo
> system.

The greatest and fastest gcc won't let you emerge system as it currently
stands. Mostly other ebuilds need fixing, out of the top of my head
linux-headers needs love and at least kbd will break without it.

- --
Gustavo Zacarias
Gentoo/SPARC monkey
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4-ecc0.1.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD4DBQFEsnTjV3G/IBCn/JARAo/LAJd4DOD3O+Pbr+1ZP9rLKRRWp7oVAJ9I3vgI
b5tvpLGeg/O48Se8kDvbeg==
=Q2BK
-----END PGP SIGNATURE-----
--
[hidden email] mailing list

Reply | Threaded
Open this post in threaded view
|

Re: >=sys-devel/gcc-3.4 on Sparc U5 SeLinux

gentuxx
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gustavo Zacharias wrote:

> gentuxx wrote:
>
> >> I'm in the process of migrating my U5 system to an SELinux profile.
> >> Thanks to Gustavo Zacarias and his excellent kernel work, I've
> managed
> >> to get through the most of the migration guide (after an ugly battle
> >> trying to get a functional hardened-sources kernel).  Now I'm sort of
> >> at a "time to jump off the cliff" point.  I'm booted in the new
> >> environment, with the hardened kernel, selinux profile, selinux
> policy
> >> tools, and selinux base policy.  I'm about to run an `emerge -DuatvN
> >> world' to pull in all of the remaining selinux-policy packages, and
> >> recompile installed packages that need it with the new USE flags.
> >> But, alas, if it were only that easy.
> >>
> >> Emerge fails right away stating "All ebuilds that could satisfy
> >> ">=sys-devel/gcc-3.4" have been masked.".  All of the versions are
> >> masked by profile (and missing keyword).  So my question is
> three-fold:
>
> I'd venture to say the SELinux profile hasn't been updated/tested in
> some time. It's handled by the selinux/hardened team so we can't help
> much there.
>
> >> 1)  If I put '<=sys-devel/gcc-4.2.0 ~sparc' in the
> >> /etc/portage/package.keywords file, will that satisfy the masking and
> >> allow me to install gcc-4.1.1-r1- even if it's masked by my profile?
> >>
BTW, I realized rather quickly that this wouldn't work.  I had to
modify the profile.
> >> 2)  I am currently running the selinux/2005.1/sparc64 profile.  Is
> >> there a newer one that would satisfy the above maskings?  If so, what
> >> do I need to emerge to get it on my system?  Portage?  I'm already
> >> running portage-2.1-r1.
>
> I'd say try with the current stable toolchain for sparc rather than
> venturing into higher things.
>
OK, are you suggesting that I stick with gcc-3.4.6 then?

Also, if I wanted to revert to a NON-SELinux system, would switching
my profile and running an `emerge -DuatvN world' work?  Or am I
looking at a complete reload at this point?

> >> 3)  Finally, what are your experiences with running a newer (>=4.0)
> >> version of gcc on sparc?  I want this system to be rock solid, so I'm
> >> a little apprehensive about unmasking and running the
> >> newest-greatest-fastest gcc, being such a fundamental part of a
> gentoo
> >> system.
>
> The greatest and fastest gcc won't let you emerge system as it currently
> stands. Mostly other ebuilds need fixing, out of the top of my head
> linux-headers needs love and at least kbd will break without it.

OK, that may explain the funkiness I'm getting with the keyboard under
the 2.6 kernel then, unless I'm misunderstanding you.
>
> --
> gentux
> echo "hfouvyyAhnbjm/dpn" | perl -pe 's/(.)/chr(ord($1)-1)/ge'
>
> gentux's gpg fingerprint ==> 5495 0388 67FF 0B89 1239  D840 4CF0
> 39E2 18D3 4A9E
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFEssAcTPA54hjTSp4RAj7iAJ4gwZObUNj9pDnm0vpaSUhR1xiamACfVL4F
4X0KuLxdxmLcNdCfWfhsMA8=
=c621
-----END PGP SIGNATURE-----

--
[hidden email] mailing list

Reply | Threaded
Open this post in threaded view
|

RE: >=sys-devel/gcc-3.4 on Sparc U5 SeLinux

Clonch, Christopher A (Chris)
In reply to this post by gentuxx
> Also, if I wanted to revert to a NON-SELinux system, would switching
> my profile and running an `emerge -DuatvN world' work?  Or am I
> looking at a complete reload at this point?

I would probably rebuild the toolchain, then emerge -e system, then emerge -e world.  I used the emwrap.sh script found in the forums to help with this on my Sunblade 100.  I realize the jury is still out on this (and particularly this script), but it made sense to me given how everything is linked.  I am still a little confused on the proper arguments to use (horrible documentation), but I believe emwrap.sh -Sb1 will rebuild the toolchain, then the system minus the toolchain.  Then running emwrap.sh -W takes care of the world.

Running though this exercise solved a lot of the general weirdness that was going on after I switched from 2006.0/2.4 to the 2006.0/2.6 profile.

-Chris

-----Original Message-----
From: gentuxx [mailto:[hidden email]]
Sent: Monday, July 10, 2006 5:01 PM
To: [hidden email]
Subject: Re: [gentoo-sparc] >=sys-devel/gcc-3.4 on Sparc U5 SeLinux

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gustavo Zacharias wrote:

> gentuxx wrote:
>
> >> I'm in the process of migrating my U5 system to an SELinux profile.
> >> Thanks to Gustavo Zacarias and his excellent kernel work, I've
> managed
> >> to get through the most of the migration guide (after an ugly battle
> >> trying to get a functional hardened-sources kernel).  Now I'm sort of
> >> at a "time to jump off the cliff" point.  I'm booted in the new
> >> environment, with the hardened kernel, selinux profile, selinux
> policy
> >> tools, and selinux base policy.  I'm about to run an `emerge -DuatvN
> >> world' to pull in all of the remaining selinux-policy packages, and
> >> recompile installed packages that need it with the new USE flags.
> >> But, alas, if it were only that easy.
> >>
> >> Emerge fails right away stating "All ebuilds that could satisfy
> >> ">=sys-devel/gcc-3.4" have been masked.".  All of the versions are
> >> masked by profile (and missing keyword).  So my question is
> three-fold:
>
> I'd venture to say the SELinux profile hasn't been updated/tested in
> some time. It's handled by the selinux/hardened team so we can't help
> much there.
>
> >> 1)  If I put '<=sys-devel/gcc-4.2.0 ~sparc' in the
> >> /etc/portage/package.keywords file, will that satisfy the masking and
> >> allow me to install gcc-4.1.1-r1- even if it's masked by my profile?
> >>
BTW, I realized rather quickly that this wouldn't work.  I had to
modify the profile.
> >> 2)  I am currently running the selinux/2005.1/sparc64 profile.  Is
> >> there a newer one that would satisfy the above maskings?  If so, what
> >> do I need to emerge to get it on my system?  Portage?  I'm already
> >> running portage-2.1-r1.
>
> I'd say try with the current stable toolchain for sparc rather than
> venturing into higher things.
>
OK, are you suggesting that I stick with gcc-3.4.6 then?

Also, if I wanted to revert to a NON-SELinux system, would switching
my profile and running an `emerge -DuatvN world' work?  Or am I
looking at a complete reload at this point?

> >> 3)  Finally, what are your experiences with running a newer (>=4.0)
> >> version of gcc on sparc?  I want this system to be rock solid, so I'm
> >> a little apprehensive about unmasking and running the
> >> newest-greatest-fastest gcc, being such a fundamental part of a
> gentoo
> >> system.
>
> The greatest and fastest gcc won't let you emerge system as it currently
> stands. Mostly other ebuilds need fixing, out of the top of my head
> linux-headers needs love and at least kbd will break without it.

OK, that may explain the funkiness I'm getting with the keyboard under
the 2.6 kernel then, unless I'm misunderstanding you.
>
> --
> gentux
> echo "hfouvyyAhnbjm/dpn" | perl -pe 's/(.)/chr(ord($1)-1)/ge'
>
> gentux's gpg fingerprint ==> 5495 0388 67FF 0B89 1239  D840 4CF0
> 39E2 18D3 4A9E
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFEssAcTPA54hjTSp4RAj7iAJ4gwZObUNj9pDnm0vpaSUhR1xiamACfVL4F
4X0KuLxdxmLcNdCfWfhsMA8=
=c621
-----END PGP SIGNATURE-----

--
[hidden email] mailing list
--
[hidden email] mailing list

Reply | Threaded
Open this post in threaded view
|

Re: >=sys-devel/gcc-3.4 on Sparc U5 SeLinux

gentuxx
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Clonch, Christopher A (Chris) wrote:
>> Also, if I wanted to revert to a NON-SELinux system, would switching
>> my profile and running an `emerge -DuatvN world' work?  Or am I
>> looking at a complete reload at this point?
>
> I would probably rebuild the toolchain, then emerge -e system, then
emerge -e world.  I used the emwrap.sh script found in the forums to
help with this on my Sunblade 100.  I realize the jury is still out on
this (and particularly this script), but it made sense to me given how
everything is linked.  I am still a little confused on the proper
arguments to use (horrible documentation), but I believe emwrap.sh -Sb1
will rebuild the toolchain, then the system minus the toolchain.  Then
running emwrap.sh -W takes care of the world.
>

I'll play around with the tool.  It looks like, if I want to revert to
non-SELinux, I'm going to have several days of recompiling and or
reloading anyway, so messing with this script might be fun while I
have a "disposable" system.  ;-)

Thanks for the tip.  I don't usually visit the forum, so I would like
not have caught this.

> Running though this exercise solved a lot of the general weirdness that
was going on after I switched from 2006.0/2.4 to the 2006.0/2.6 profile.

>
> -Chris
>
> -----Original Message-----
> From: gentuxx [mailto:[hidden email]]
> Sent: Monday, July 10, 2006 5:01 PM
> To: [hidden email]
> Subject: Re: [gentoo-sparc] >=sys-devel/gcc-3.4 on Sparc U5 SeLinux
>
> Gustavo Zacharias wrote:
> >> gentuxx wrote:
> >>
> >>>> I'm in the process of migrating my U5 system to an SELinux profile.
> >>>> Thanks to Gustavo Zacarias and his excellent kernel work, I've
> >> managed
> >>>> to get through the most of the migration guide (after an ugly
> battle
> >>>> trying to get a functional hardened-sources kernel).  Now I'm
> sort of
> >>>> at a "time to jump off the cliff" point.  I'm booted in the new
> >>>> environment, with the hardened kernel, selinux profile, selinux
> >> policy
> >>>> tools, and selinux base policy.  I'm about to run an `emerge
> -DuatvN
> >>>> world' to pull in all of the remaining selinux-policy packages, and
> >>>> recompile installed packages that need it with the new USE flags.
> >>>> But, alas, if it were only that easy.
> >>>>
> >>>> Emerge fails right away stating "All ebuilds that could satisfy
> >>>> ">=sys-devel/gcc-3.4" have been masked.".  All of the versions are
> >>>> masked by profile (and missing keyword).  So my question is
> >> three-fold:
> >>
> >> I'd venture to say the SELinux profile hasn't been updated/tested in
> >> some time. It's handled by the selinux/hardened team so we can't help
> >> much there.
> >>
> >>>> 1)  If I put '<=sys-devel/gcc-4.2.0 ~sparc' in the
> >>>> /etc/portage/package.keywords file, will that satisfy the
> masking and
> >>>> allow me to install gcc-4.1.1-r1- even if it's masked by my
> profile?
> >>>>
> BTW, I realized rather quickly that this wouldn't work.  I had to
> modify the profile.
> >>>> 2)  I am currently running the selinux/2005.1/sparc64 profile.  Is
> >>>> there a newer one that would satisfy the above maskings?  If
> so, what
> >>>> do I need to emerge to get it on my system?  Portage?  I'm already
> >>>> running portage-2.1-r1.
> >> I'd say try with the current stable toolchain for sparc rather than
> >> venturing into higher things.
> >>
> OK, are you suggesting that I stick with gcc-3.4.6 then?
>
> Also, if I wanted to revert to a NON-SELinux system, would switching
> my profile and running an `emerge -DuatvN world' work?  Or am I
> looking at a complete reload at this point?
> >>>> 3)  Finally, what are your experiences with running a newer (>=4.0)
> >>>> version of gcc on sparc?  I want this system to be rock solid,
> so I'm
> >>>> a little apprehensive about unmasking and running the
> >>>> newest-greatest-fastest gcc, being such a fundamental part of a
> >> gentoo
> >>>> system.
> >> The greatest and fastest gcc won't let you emerge system as it
> currently
> >> stands. Mostly other ebuilds need fixing, out of the top of my head
> >> linux-headers needs love and at least kbd will break without it.
>
> OK, that may explain the funkiness I'm getting with the keyboard under
> the 2.6 kernel then, unless I'm misunderstanding you.
> >> --
> >> gentux
> >> echo "hfouvyyAhnbjm/dpn" | perl -pe 's/(.)/chr(ord($1)-1)/ge'
> >>
> >> gentux's gpg fingerprint ==> 5495 0388 67FF 0B89 1239  D840 4CF0
> >> 39E2 18D3 4A9E
>
> --
> gentux
> echo "hfouvyyAhnbjm/dpn" | perl -pe 's/(.)/chr(ord($1)-1)/ge'
>
> gentux's gpg fingerprint ==> 5495 0388 67FF 0B89 1239  D840 4CF0
> 39E2 18D3 4A9E
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFEssukTPA54hjTSp4RAhkkAKCJ8yDat4UholHje5p2359h+Q5cxQCfRZ0U
+zlwkp3wnYt1uaCFNvoI9i4=
=pO0k
-----END PGP SIGNATURE-----

--
[hidden email] mailing list

Reply | Threaded
Open this post in threaded view
|

Re: >=sys-devel/gcc-3.4 on Sparc U5 SeLinux

Gustavo Zacarias
In reply to this post by gentuxx
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

gentuxx wrote:

>>> The greatest and fastest gcc won't let you emerge system as it currently
>>> stands. Mostly other ebuilds need fixing, out of the top of my head
>>> linux-headers needs love and at least kbd will break without it.
>
> OK, that may explain the funkiness I'm getting with the keyboard under
> the 2.6 kernel then, unless I'm misunderstanding you.

Not really, the keyboard funkiness is more likely a result of the
2.4->2.6 keyboard map changes that happened in kernel-land.
In 2.4 sparc used sparc-specific keymaps whereas in 2.6 it makes them
look like standard x86 keyboards, thus you have to change the KEYMAP
entry from "sunkeymap" in /etc/conf.d/keymap to just "us" (or country
your keyboard layout is).

- --
Gustavo Zacarias
Gentoo/SPARC monkey
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4-ecc0.1.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFEss6NV3G/IBCn/JARArlQAJ9vqd86mclF3CASTXZZGR1PssYqCwCfZ6o0
6sj2psFsq/QrrveYVht4BSk=
=NmlA
-----END PGP SIGNATURE-----
--
[hidden email] mailing list