2014-11-07-udev-upgrade Title Upgrade to udev >= 217 or e

1. 2014-11-07-udev-upgrade
2. Title Upgrade to udev >= 217 or eudev >= 2.1
3. Author Samuli Suominen <ssuominen@gentoo.org>
4. Posted 2014-11-07
5. Revision 1
6.  
7. sys-fs/udev-217 and sys-fs/eudev-2.1 no longer provide a userspace
8. firmware loader. If you require firmware loading support, you must use
9. kernel 3.7 or greater with CONFIG_FW_LOADER_USER_HELPER=n. No action is
10. required if none of your kernel modules need firmware. See [1] for more
11. information on the upgrade.
12.  
13. [1] https://wiki.gentoo.org/wiki/Udev/upgrade#udev_216_to_217
14.  
15. 2015-01-28-cpu_flags_x86-introduction
16. Title CPU_FLAGS_X86 introduction
17. Author Michał Górny <mgorny@gentoo.org>
18. Posted 2015-01-28
19. Revision 2
20.  
21. The USE flags corresponding to the instruction sets and other features
22. specific to the x86 (amd64) architecture are being moved into a separate
23. USE flag group called CPU_FLAGS_X86.
24.  
25. In order not to lose CPU-specific optimizations, users will be required
26. to update their make.conf (and package.use) file. For example, if
27. the following USE flags were present:
28.  
29. USE="mmx mmxext sse sse2 sse3"
30.  
31. Those flags need to be copied into:
32.  
33. CPU_FLAGS_X86="mmx mmxext sse sse2 sse3"
34.  
35. Please note that the same CPU_FLAGS_X86 variable is used both on x86
36. and amd64 systems.
37.  
38. When in doubt, you can consult the flag descriptions using one of
39. the commonly available tools, e.g. `equery uses` from gentoolkit:
40.  
41. $ equery uses media-video/ffmpeg
42.  
43. Most of the flag names match /proc/cpuinfo names, with the notable
44. exception of SSE3 which is called 'pni' in /proc/cpuinfo (please also
45. do not confuse it with distinct SSSE3).
46.  
47. To help users enable the correct USE flags, we are providing a Python
48. script that generates the correct value using /proc/cpuinfo. It can be
49. found in the app-portage/cpuinfo2cpuflags package:
50.  
51. $ emerge -1v app-portage/cpuinfo2cpuflags
52. $ cpuinfo2cpuflags-x86
53.  
54. In order to ensure safe migration and maintain compatibility with
55. external repositories, it is recommended to preserve the old USE
56. settings for a period of one year or until no package of interest is
57. still using them.
58.  
59. 2015-02-04-portage-sync-changes
60. Title New portage plug-in sync system
61. Author Brian Dolbec <dolsen@gentoo.org>
62. Posted 2015-02-02
63. Revision 1
64.  
65. There is a new plug-in sync system in >=sys-apps/portage-2.2.16.
66. This system will allow third party modules to be easily installed. Look
67. for a new layman plug-in sync module in layman's next release. Next is
68. a brief look at the changes. See the url [1] listed below for detailed
69. descriptions and usage.
70.  
71. Changes: /etc/portage/repos.conf/*
72. New setting for all repository types (needed):
73. auto-sync = yes/no, true/false # default if absent: yes/true
74.  
75. New for git sync-type: (applies to clone only)
76. sync-depth = n where n = {0,1,2,3,...} (optional, default = 1)
77. 0 -- full history
78. 1 -- shallow clone, only current state (default)
79. 2,3,... number of history changes to download
80.  
81. New sync-type modules:
82. sync-type = svn # sync a subversion repository
83. sync-type = websync # Perform an emerge-webrsync operation
84. sync-type = laymanator # (if installed) runs a layman -s action
85.  
86. New native portage postsync hooks
87. /etc/portage/postsync.d/*
88. Runs hooks once, only after all repos have been synced.
89. /etc/portage/repo.postsync.d/*
90. Runs each script with three arguments:
91. repo name, sync-uri, location
92. Each script is run at the completion of every repo synced.
93.  
94. Migration:
95. Edit /etc/portage/repos.conf/*.conf files, add the auto-sync option
96. to each repository definition. Edit sync-type option to one of the
97. supported types {rsync, git, cvs, svn, websync, laymanator}.
98. [some-repo]
99. ...
100. sync-type = rsync
101. auto-sync = yes
102.  
103. For an existing /etc/portage/repos.conf/layman.conf file:
104. 1) change/add the sync-type
105. sync-type = laymanator
106. 2) Ensure you have the correct layman version installed with
107. it's laymanator module also installed.
108. Alternate method:
109. Please see the wiki page url [1] for detailed instructions.
110.  
111. Primary control of all sync operations has been moved from emerge to
112. emaint. "emerge --sync" now just calls the emaint sync module with the
113. --auto option. The --auto option performs a sync on only those
114. repositories with the auto-sync setting not set to 'no' or 'false'. If
115. it is absent, then it will default to yes and "emerge --sync" will sync
116. the repository.
117.  
118. NOTE: As a result of the default auto-sync = True/Yes setting, commands
119. like "eix-sync", "esync -l", "emerge --sync && layman -S" will cause
120. many repositories to be synced multiple times in a row. Please edit
121. your configs or scripts to adjust for the new operation.
122.  
123. WARNING:
124. Due to the above default. For any repos that you EXPLICITLY do not
125. want to be synced. You MUST set "auto-sync = no"
126.  
127. The 'emaint sync' module operates similar to layman. It can sync
128. single or multiple repos. See "emaint --help" or for more details and
129. examples see the wiki page listed below [1].
130.  
131. Additional help and project API documentation can be found at:
132.  
133. [1] https://wiki.gentoo.org/wiki/Project:Portage/Sync
134.  
135. 2015-03-28-true-multilib
136. Title True multilib support on amd64
137. Author Michał Górny <mgorny@gentoo.org>
138. Posted 2015-03-28
139. Revision 1
140.  
141. Starting on 2015-03-29, we are enabling true multilib support on amd64
142. and masking the old emul-linux-x86 package sets for removal. This
143. change provides our users with the opportunity to build 32-bit libraries
144. from source with all the flexibility given by ebuilds and the security
145. of using mainline ebuilds, rather than relying on pre-packaged binary
146. versions of them.
147.  
148. The switch to the new system is likely to require a specific action from
149. the users of our multilib profiles. Since the new system collides with
150. the old one, the Package Manager must be able to clearly satisfy all
151. the dependencies using the new system in order to proceed. This may
152. require unmerging packages installed from third-party repositories that
153. have not been updated to support the new system.
154.  
155. In order to enable building necessary 32-bit libraries, users will be
156. required to enable the abi_x86_32 USE flag on respective packages.
157. This can be done using /etc/portage/package.use entries alike
158. the following:
159.  
160. sys-libs/zlib abi_x86_32
161.  
162. In most of the cases, Portage will be able to deliver correct
163. suggestions for that when using the --autounmask feature. However, some
164. users may prefer setting ABI_X86 globally to enable 32-bit libraries
165. in all packages that support building them. This can be done using
166. the following package.use entry:
167.  
168. */* abi_x86_32
169.  
170. In case of issues, blockers especially, users are recommended
171. to manually uninstall any emul-linux-x86 packages that may have been
172. installed on their systems. This will aid the Package Manager
173. in choosing the correct dependency resolution path. If using Portage,
174. this can be done using the following command:
175.  
176. $ emerge -C 'app-emulation/emul-linux-x86*'
177.  
178. Note: 32-bit applications may be temporarily broken after this step.
179. Therefore, it should be followed by a @world upgrade immediately.
180.  
181. 2015-06-08-udev-init-scripts-changes
182. Title udev-init-scripts-29 important changes
183. Author William Hubbs <williamh@gentoo.org>
184. Posted 2015-06-08
185. Revision 2
186.  
187. In udev-init-scripts-29 and newer, the udev service script has been
188. split into udev, udev-settle and udev-trigger.
189.  
190. This means the settings in /etc/conf.d/udev have also been migrated
191. to the appropriate /etc/conf.d files, so be careful when you update your
192. configuration settings.
193.  
194. udev and udev-trigger will be added to your sysinit runlevel, but not
195. udev-settle. udev-settle should not be added to a runlevel. Instead, if
196. a service needs this, it should add "need udev-settle" to its
197. dependencies.
198.  
199.  
200. 2015-07-25-python-targets
201. Title Python 3.4 enabled by default
202. Author Mike Gilbert <floppym@gentoo.org>
203. Posted 2015-07-25
204. Revision 1
205.  
206. Python 3.4 is now enabled by default, replacing Python 3.3 as the
207. default Python 3 interpreter.
208.  
209. PYTHON_TARGETS will be adjusted to contain python2_7 and python3_4 by
210. default via your profile.
211.  
212. PYTHON_SINGLE_TARGET will remain set to python2_7 by default.
213.  
214. If you have PYTHON_TARGETS set in make.conf, that setting will still be
215. respected. You may want to adjust this setting manually.
216.  
217. Once the changes have taken place, a world update should take care of
218. reinstalling any python libraries you have installed. You should also
219. switch your default python3 interpreter using eselect python.
220.  
221. For example:
222.  
223. eselect python set --python3 python3.4
224. emerge -uDv --changed-use @world
225.  
226. 2015-08-13-openssh-weak-keys
227. Title OpenSSH 7.0 disables ssh-dss keys by default
228. Author Mike Frysinger <vapier@gentoo.org>
229. Posted 2015-08-13
230. Revision 1
231.  
232. Starting with the 7.0 release of OpenSSH, support for ssh-dss keys has
233. been disabled by default at runtime due to their inherit weakness. If
234. you rely on these key types, you will have to take corrective action or
235. risk being locked out.
236.  
237. Your best option is to generate new keys using strong algos such as rsa
238. or ecdsa or ed25519. RSA keys will give you the greatest portability
239. with other clients/servers while ed25519 will get you the best security
240. with OpenSSH (but requires recent versions of client & server).
241.  
242. If you are stuck with DSA keys, you can re-enable support locally by
243. updating your sshd_config and ~/.ssh/config files with lines like so:
244. PubkeyAcceptedKeyTypes=+ssh-dss
245.  
246. Be aware though that eventually OpenSSH will drop support for DSA keys
247. entirely, so this is only a stop gap solution.
248.  
249. More details can be found on OpenSSH's website:
250. http://www.openssh.com/legacy.html