diff --git a/appliances/default/Makefile b/appliances/default/Makefile index d93c30d..35e002d 100644 --- a/appliances/default/Makefile +++ b/appliances/default/Makefile @@ -41,7 +41,7 @@ $(tmux_conf): default/tmux.conf cp $< $@ $(PAM_SSH_AGENT_AUTH): - sed -i 's/# %wheel ALL=(ALL) ALL/%wheel ALL=(ALL) ALL/' $(CHROOT)/etc/sudoers + sed -i 's/# %wheel ALL=(ALL:ALL) NOPASSWD: ALL/%wheel ALL=(ALL:ALL) NOPASSWD: ALL/' $(CHROOT)/etc/sudoers sed -i 's#^auth.*$$#auth sufficient pam_ssh_agent_auth.so file=~/.ssh/authorized_keys\nauth required pam_env.so readenv=1 user_readenv=0\nsession required pam_env.so readenv=1 user_readenv=0\nauth substack system-auth#' $(CHROOT)/etc/pam.d/sudo sed -i 's#^auth.*$$#auth sufficient pam_ssh_agent_auth.so file=~/.ssh/authorized_keys\nauth required pam_env.so readenv=1 user_readenv=0\nsession required pam_env.so readenv=1 user_readenv=0\nauth substack system-auth#' $(CHROOT)/etc/pam.d/sudo-i echo "Defaults env_keep += SSH_AUTH_SOCK" > $(CHROOT)/etc/sudoers.d/ssh_auth_sock diff --git a/appliances/default/default/bashrc.firstboot b/appliances/default/default/bashrc.firstboot index c5600c3..5d28aae 100644 --- a/appliances/default/default/bashrc.firstboot +++ b/appliances/default/default/bashrc.firstboot @@ -1,32 +1,38 @@ if [ -e /01firstboot ]; then echo echo "##########################################################################" - echo "The new or updated appliance still needs to be configured." - echo "You will be prompted to enter your password for the required root rights." - echo "If errors occur, their cause must be fixed. Afterwards the configuration" + echo "The new or updated appliance still needs to be initialized." + echo "If errors occur, their cause must be fixed. Afterwards the initialization" echo "can be restarted by running \"sudo /usr/local/bin/01firstboot.start\"." echo "##########################################################################" echo + read -n 1 -s -r -p "Press any key to start initialization..." + echo sudo /usr/local/bin/01firstboot.start echo echo "##########################################################################" - echo "After successful configuration, the appliance should be restarted." + echo "After successful initialization, the appliance should be restarted." + echo + read -n 1 -s -r -p "Press any key to continue..." echo fi if [ -e /02firstboot ] && [ ! -e /01firstboot ]; then echo echo "##########################################################################" - echo "After the basic configuration, the special services of the appliance still" - echo "have to be configured. You may be asked to enter the password for the" - echo "required root rights. Any errors that may occur must be corrected, after" + echo "After basic initialization, the special services of the appliance still" + echo "have to be configured. Any errors that may occur must be corrected, after" echo "which the configuration can be restarted by executing" echo "\"sudo /usr/local/bin/02firstboot.start\"." echo "##########################################################################" echo + read -n 1 -s -r -p "Press any key to start configuration..." + echo sudo /usr/local/bin/02firstboot.start echo echo "##########################################################################" echo "After successful configuration, the appliance should be restarted." echo + read -n 1 -s -r -p "Press any key to continue..." + echo fi diff --git a/appliances/default/make.conf b/appliances/default/make.conf index d4b204f..a7b43d6 100644 --- a/appliances/default/make.conf +++ b/appliances/default/make.conf @@ -5,6 +5,6 @@ MAKEOPTS="-j5" ACCEPT_LICENSE="*" # Python-Version festpinnen (s. auch package.mask) -USE_PYTHON="3.9" -PYTHON_TARGETS="python3_9" -PYTHON_SINGLE_TARGET="python3_9" +USE_PYTHON="3.10" +PYTHON_TARGETS="python3_10" +PYTHON_SINGLE_TARGET="python3_10" diff --git a/appliances/default/package.mask b/appliances/default/package.mask index fe981bb..1998109 100644 --- a/appliances/default/package.mask +++ b/appliances/default/package.mask @@ -1,2 +1,2 @@ -# Python: nur Version 3.9 verwenden (s. auch make.conf: PYTHON-Variable) ->=dev-lang/python-3.10 +# Python: nur Version 3.10 verwenden (s. auch make.conf: PYTHON-Variable) +>=dev-lang/python-3.11 diff --git a/configs/kernel.config.amd64 b/configs/kernel.config.amd64 index 6ece35a..7e7f1f9 100644 --- a/configs/kernel.config.amd64 +++ b/configs/kernel.config.amd64 @@ -1,20 +1,21 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 5.15.23-gentoo Kernel Configuration +# Linux/x86 5.15.59-gentoo Kernel Configuration # -CONFIG_CC_VERSION_TEXT="gcc (Gentoo Hardened 11.2.0 p1) 11.2.0" +CONFIG_CC_VERSION_TEXT="gcc (Gentoo Hardened 11.3.0 p5) 11.3.0" CONFIG_CC_IS_GCC=y -CONFIG_GCC_VERSION=110200 +CONFIG_GCC_VERSION=110300 CONFIG_CLANG_VERSION=0 CONFIG_AS_IS_GNU=y -CONFIG_AS_VERSION=23700 +CONFIG_AS_VERSION=23800 CONFIG_LD_IS_BFD=y -CONFIG_LD_VERSION=23700 +CONFIG_LD_VERSION=23800 CONFIG_LLD_VERSION=0 CONFIG_CC_CAN_LINK=y CONFIG_CC_CAN_LINK_STATIC=y CONFIG_CC_HAS_ASM_GOTO=y CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y +CONFIG_CC_HAS_ASM_GOTO_TIED_OUTPUT=y CONFIG_CC_HAS_ASM_INLINE=y CONFIG_CC_HAS_NO_PROFILE_FN_ATTR=y CONFIG_IRQ_WORK=y @@ -298,7 +299,6 @@ CONFIG_X86_FEATURE_NAMES=y CONFIG_X86_X2APIC=y # CONFIG_X86_MPPARSE is not set # CONFIG_GOLDFISH is not set -CONFIG_RETPOLINE=y # CONFIG_X86_CPU_RESCTRL is not set # CONFIG_X86_EXTENDED_PLATFORM is not set # CONFIG_X86_INTEL_LPSS is not set @@ -437,6 +437,16 @@ CONFIG_MODIFY_LDT_SYSCALL=y CONFIG_HAVE_LIVEPATCH=y # end of Processor type and features +CONFIG_CC_HAS_SLS=y +CONFIG_CC_HAS_RETURN_THUNK=y +CONFIG_SPECULATION_MITIGATIONS=y +CONFIG_PAGE_TABLE_ISOLATION=y +CONFIG_RETPOLINE=y +CONFIG_RETHUNK=y +CONFIG_CPU_UNRET_ENTRY=y +CONFIG_CPU_IBPB_ENTRY=y +CONFIG_CPU_IBRS_ENTRY=y +# CONFIG_SLS is not set CONFIG_ARCH_HAS_ADD_PAGES=y CONFIG_ARCH_MHP_MEMMAP_ON_MEMORY_ENABLE=y @@ -772,7 +782,7 @@ CONFIG_COMPAT_BINFMT_ELF=y CONFIG_ELFCORE=y CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS=y CONFIG_BINFMT_SCRIPT=y -# CONFIG_BINFMT_MISC is not set +CONFIG_BINFMT_MISC=y CONFIG_COREDUMP=y # end of Executable file formats @@ -1098,6 +1108,7 @@ CONFIG_NF_DEFRAG_IPV6=y # CONFIG_IEEE802154 is not set # CONFIG_NET_SCHED is not set # CONFIG_DCB is not set +# CONFIG_DNS_RESOLVER is not set # CONFIG_BATMAN_ADV is not set # CONFIG_OPENVSWITCH is not set CONFIG_VSOCKETS=y @@ -1654,14 +1665,13 @@ CONFIG_PCNET32=y # CONFIG_NET_VENDOR_AQUANTIA is not set # CONFIG_NET_VENDOR_ARC is not set # CONFIG_NET_VENDOR_ATHEROS is not set +# CONFIG_CX_ECAT is not set # CONFIG_NET_VENDOR_BROADCOM is not set -# CONFIG_NET_VENDOR_BROCADE is not set # CONFIG_NET_VENDOR_CADENCE is not set # CONFIG_NET_VENDOR_CAVIUM is not set # CONFIG_NET_VENDOR_CHELSIO is not set # CONFIG_NET_VENDOR_CISCO is not set # CONFIG_NET_VENDOR_CORTINA is not set -# CONFIG_CX_ECAT is not set # CONFIG_DNET is not set # CONFIG_NET_VENDOR_DEC is not set # CONFIG_NET_VENDOR_DLINK is not set @@ -1685,7 +1695,6 @@ CONFIG_IGB=y # CONFIG_ICE is not set # CONFIG_FM10K is not set # CONFIG_IGC is not set -# CONFIG_NET_VENDOR_MICROSOFT is not set # CONFIG_JME is not set # CONFIG_NET_VENDOR_LITEX is not set # CONFIG_NET_VENDOR_MARVELL is not set @@ -1693,14 +1702,15 @@ CONFIG_IGB=y # CONFIG_NET_VENDOR_MICREL is not set # CONFIG_NET_VENDOR_MICROCHIP is not set # CONFIG_NET_VENDOR_MICROSEMI is not set +# CONFIG_NET_VENDOR_MICROSOFT is not set # CONFIG_NET_VENDOR_MYRI is not set # CONFIG_FEALNX is not set +# CONFIG_NET_VENDOR_NI is not set CONFIG_NET_VENDOR_NATSEMI=y # CONFIG_NATSEMI is not set # CONFIG_NS83820 is not set # CONFIG_NET_VENDOR_NETERION is not set # CONFIG_NET_VENDOR_NETRONOME is not set -# CONFIG_NET_VENDOR_NI is not set CONFIG_NET_VENDOR_8390=y CONFIG_NE2K_PCI=y # CONFIG_NET_VENDOR_NVIDIA is not set @@ -1709,6 +1719,7 @@ CONFIG_NE2K_PCI=y # CONFIG_NET_VENDOR_PACKET_ENGINES is not set # CONFIG_NET_VENDOR_PENSANDO is not set # CONFIG_NET_VENDOR_QLOGIC is not set +# CONFIG_NET_VENDOR_BROCADE is not set # CONFIG_NET_VENDOR_QUALCOMM is not set # CONFIG_NET_VENDOR_RDC is not set CONFIG_NET_VENDOR_REALTEK=y @@ -1719,9 +1730,9 @@ CONFIG_8139CP=y # CONFIG_NET_VENDOR_ROCKER is not set # CONFIG_NET_VENDOR_SAMSUNG is not set # CONFIG_NET_VENDOR_SEEQ is not set -# CONFIG_NET_VENDOR_SOLARFLARE is not set # CONFIG_NET_VENDOR_SILAN is not set # CONFIG_NET_VENDOR_SIS is not set +# CONFIG_NET_VENDOR_SOLARFLARE is not set # CONFIG_NET_VENDOR_SMSC is not set # CONFIG_NET_VENDOR_SOCIONEXT is not set # CONFIG_NET_VENDOR_STMICRO is not set @@ -2738,7 +2749,9 @@ CONFIG_FANOTIFY=y # CONFIG_QUOTA is not set CONFIG_AUTOFS4_FS=y CONFIG_AUTOFS_FS=y -# CONFIG_FUSE_FS is not set +CONFIG_FUSE_FS=y +# CONFIG_CUSE is not set +CONFIG_VIRTIO_FS=y # CONFIG_OVERLAY_FS is not set # @@ -2847,13 +2860,17 @@ CONFIG_IO_WQ=y # # Security options # -# CONFIG_KEYS is not set +CONFIG_KEYS=y +# CONFIG_KEYS_REQUEST_CACHE is not set +# CONFIG_PERSISTENT_KEYRINGS is not set +# CONFIG_ENCRYPTED_KEYS is not set +CONFIG_KEY_DH_OPERATIONS=y # CONFIG_SECURITY_DMESG_RESTRICT is not set # CONFIG_SECURITY is not set # CONFIG_SECURITYFS is not set -CONFIG_PAGE_TABLE_ISOLATION=y CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y CONFIG_HARDENED_USERCOPY=y +CONFIG_HARDENED_USERCOPY_FALLBACK=y CONFIG_FORTIFY_SOURCE=y # CONFIG_STATIC_USERMODEHELPER is not set CONFIG_DEFAULT_SECURITY_DAC=y @@ -2893,6 +2910,7 @@ CONFIG_CRYPTO_RNG2=y CONFIG_CRYPTO_RNG_DEFAULT=y CONFIG_CRYPTO_AKCIPHER2=y CONFIG_CRYPTO_KPP2=y +CONFIG_CRYPTO_KPP=y CONFIG_CRYPTO_ACOMP2=y CONFIG_CRYPTO_MANAGER=y CONFIG_CRYPTO_MANAGER2=y @@ -2909,7 +2927,7 @@ CONFIG_CRYPTO_NULL2=y # Public-key cryptography # # CONFIG_CRYPTO_RSA is not set -# CONFIG_CRYPTO_DH is not set +CONFIG_CRYPTO_DH=y # CONFIG_CRYPTO_ECDH is not set # CONFIG_CRYPTO_ECDSA is not set # CONFIG_CRYPTO_ECRDSA is not set @@ -3045,23 +3063,13 @@ CONFIG_CRYPTO_USER_API_HASH=y # CONFIG_CRYPTO_USER_API_RNG is not set # CONFIG_CRYPTO_USER_API_AEAD is not set # CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE is not set - -# -# Crypto library routines -# -CONFIG_CRYPTO_LIB_AES=y -# CONFIG_CRYPTO_LIB_BLAKE2S is not set -# CONFIG_CRYPTO_LIB_CHACHA is not set -# CONFIG_CRYPTO_LIB_CURVE25519 is not set -CONFIG_CRYPTO_LIB_POLY1305_RSIZE=11 -# CONFIG_CRYPTO_LIB_POLY1305 is not set -# CONFIG_CRYPTO_LIB_CHACHA20POLY1305 is not set -CONFIG_CRYPTO_LIB_SHA256=y # CONFIG_CRYPTO_HW is not set +# CONFIG_ASYMMETRIC_KEY_TYPE is not set # # Certificates for signature checking # +# CONFIG_SYSTEM_BLACKLIST_KEYRING is not set # end of Certificates for signature checking CONFIG_BINARY_PRINTF=y @@ -3083,6 +3091,21 @@ CONFIG_GENERIC_IOMAP=y CONFIG_ARCH_USE_CMPXCHG_LOCKREF=y CONFIG_ARCH_HAS_FAST_MULTIPLIER=y CONFIG_ARCH_USE_SYM_ANNOTATIONS=y + +# +# Crypto library routines +# +CONFIG_CRYPTO_LIB_AES=y +CONFIG_CRYPTO_LIB_BLAKE2S_GENERIC=y +# CONFIG_CRYPTO_LIB_CHACHA is not set +# CONFIG_CRYPTO_LIB_CURVE25519 is not set +CONFIG_CRYPTO_LIB_POLY1305_RSIZE=11 +# CONFIG_CRYPTO_LIB_POLY1305 is not set +# CONFIG_CRYPTO_LIB_CHACHA20POLY1305 is not set +CONFIG_CRYPTO_LIB_SHA256=y +# end of Crypto library routines + +CONFIG_LIB_MEMNEQ=y # CONFIG_CRC_CCITT is not set CONFIG_CRC16=y CONFIG_CRC_T10DIF=y @@ -3122,6 +3145,7 @@ CONFIG_DECOMPRESS_LZO=y CONFIG_DECOMPRESS_LZ4=y CONFIG_DECOMPRESS_ZSTD=y CONFIG_INTERVAL_TREE=y +CONFIG_ASSOCIATIVE_ARRAY=y CONFIG_HAS_IOMEM=y CONFIG_HAS_IOPORT_MAP=y CONFIG_HAS_DMA=y @@ -3137,7 +3161,9 @@ CONFIG_DQL=y CONFIG_GLOB=y # CONFIG_GLOB_SELFTEST is not set CONFIG_NLATTR=y +CONFIG_CLZ_TAB=y # CONFIG_IRQ_POLL is not set +CONFIG_MPILIB=y CONFIG_HAVE_GENERIC_VDSO=y CONFIG_GENERIC_GETTIMEOFDAY=y CONFIG_GENERIC_VDSO_TIME_NS=y