Kernel update (config), sudo for users of wheel group without password, python update (3.10)

This commit is contained in:
Jörg Deckert 2022-08-12 18:29:25 +02:00
parent 70866fcfda
commit 120776df74
5 changed files with 73 additions and 41 deletions

View File

@ -41,7 +41,7 @@ $(tmux_conf): default/tmux.conf
cp $< $@
$(PAM_SSH_AGENT_AUTH):
sed -i 's/# %wheel ALL=(ALL) ALL/%wheel ALL=(ALL) ALL/' $(CHROOT)/etc/sudoers
sed -i 's/# %wheel ALL=(ALL:ALL) NOPASSWD: ALL/%wheel ALL=(ALL:ALL) NOPASSWD: ALL/' $(CHROOT)/etc/sudoers
sed -i 's#^auth.*$$#auth sufficient pam_ssh_agent_auth.so file=~/.ssh/authorized_keys\nauth required pam_env.so readenv=1 user_readenv=0\nsession required pam_env.so readenv=1 user_readenv=0\nauth substack system-auth#' $(CHROOT)/etc/pam.d/sudo
sed -i 's#^auth.*$$#auth sufficient pam_ssh_agent_auth.so file=~/.ssh/authorized_keys\nauth required pam_env.so readenv=1 user_readenv=0\nsession required pam_env.so readenv=1 user_readenv=0\nauth substack system-auth#' $(CHROOT)/etc/pam.d/sudo-i
echo "Defaults env_keep += SSH_AUTH_SOCK" > $(CHROOT)/etc/sudoers.d/ssh_auth_sock

View File

@ -1,32 +1,38 @@
if [ -e /01firstboot ]; then
echo
echo "##########################################################################"
echo "The new or updated appliance still needs to be configured."
echo "You will be prompted to enter your password for the required root rights."
echo "If errors occur, their cause must be fixed. Afterwards the configuration"
echo "The new or updated appliance still needs to be initialized."
echo "If errors occur, their cause must be fixed. Afterwards the initialization"
echo "can be restarted by running \"sudo /usr/local/bin/01firstboot.start\"."
echo "##########################################################################"
echo
read -n 1 -s -r -p "Press any key to start initialization..."
echo
sudo /usr/local/bin/01firstboot.start
echo
echo "##########################################################################"
echo "After successful configuration, the appliance should be restarted."
echo "After successful initialization, the appliance should be restarted."
echo
read -n 1 -s -r -p "Press any key to continue..."
echo
fi
if [ -e /02firstboot ] && [ ! -e /01firstboot ]; then
echo
echo "##########################################################################"
echo "After the basic configuration, the special services of the appliance still"
echo "have to be configured. You may be asked to enter the password for the"
echo "required root rights. Any errors that may occur must be corrected, after"
echo "After basic initialization, the special services of the appliance still"
echo "have to be configured. Any errors that may occur must be corrected, after"
echo "which the configuration can be restarted by executing"
echo "\"sudo /usr/local/bin/02firstboot.start\"."
echo "##########################################################################"
echo
read -n 1 -s -r -p "Press any key to start configuration..."
echo
sudo /usr/local/bin/02firstboot.start
echo
echo "##########################################################################"
echo "After successful configuration, the appliance should be restarted."
echo
read -n 1 -s -r -p "Press any key to continue..."
echo
fi

View File

@ -5,6 +5,6 @@ MAKEOPTS="-j5"
ACCEPT_LICENSE="*"
# Python-Version festpinnen (s. auch package.mask)
USE_PYTHON="3.9"
PYTHON_TARGETS="python3_9"
PYTHON_SINGLE_TARGET="python3_9"
USE_PYTHON="3.10"
PYTHON_TARGETS="python3_10"
PYTHON_SINGLE_TARGET="python3_10"

View File

@ -1,2 +1,2 @@
# Python: nur Version 3.9 verwenden (s. auch make.conf: PYTHON-Variable)
>=dev-lang/python-3.10
# Python: nur Version 3.10 verwenden (s. auch make.conf: PYTHON-Variable)
>=dev-lang/python-3.11

View File

@ -1,20 +1,21 @@
#
# Automatically generated file; DO NOT EDIT.
# Linux/x86 5.15.23-gentoo Kernel Configuration
# Linux/x86 5.15.59-gentoo Kernel Configuration
#
CONFIG_CC_VERSION_TEXT="gcc (Gentoo Hardened 11.2.0 p1) 11.2.0"
CONFIG_CC_VERSION_TEXT="gcc (Gentoo Hardened 11.3.0 p5) 11.3.0"
CONFIG_CC_IS_GCC=y
CONFIG_GCC_VERSION=110200
CONFIG_GCC_VERSION=110300
CONFIG_CLANG_VERSION=0
CONFIG_AS_IS_GNU=y
CONFIG_AS_VERSION=23700
CONFIG_AS_VERSION=23800
CONFIG_LD_IS_BFD=y
CONFIG_LD_VERSION=23700
CONFIG_LD_VERSION=23800
CONFIG_LLD_VERSION=0
CONFIG_CC_CAN_LINK=y
CONFIG_CC_CAN_LINK_STATIC=y
CONFIG_CC_HAS_ASM_GOTO=y
CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y
CONFIG_CC_HAS_ASM_GOTO_TIED_OUTPUT=y
CONFIG_CC_HAS_ASM_INLINE=y
CONFIG_CC_HAS_NO_PROFILE_FN_ATTR=y
CONFIG_IRQ_WORK=y
@ -298,7 +299,6 @@ CONFIG_X86_FEATURE_NAMES=y
CONFIG_X86_X2APIC=y
# CONFIG_X86_MPPARSE is not set
# CONFIG_GOLDFISH is not set
CONFIG_RETPOLINE=y
# CONFIG_X86_CPU_RESCTRL is not set
# CONFIG_X86_EXTENDED_PLATFORM is not set
# CONFIG_X86_INTEL_LPSS is not set
@ -437,6 +437,16 @@ CONFIG_MODIFY_LDT_SYSCALL=y
CONFIG_HAVE_LIVEPATCH=y
# end of Processor type and features
CONFIG_CC_HAS_SLS=y
CONFIG_CC_HAS_RETURN_THUNK=y
CONFIG_SPECULATION_MITIGATIONS=y
CONFIG_PAGE_TABLE_ISOLATION=y
CONFIG_RETPOLINE=y
CONFIG_RETHUNK=y
CONFIG_CPU_UNRET_ENTRY=y
CONFIG_CPU_IBPB_ENTRY=y
CONFIG_CPU_IBRS_ENTRY=y
# CONFIG_SLS is not set
CONFIG_ARCH_HAS_ADD_PAGES=y
CONFIG_ARCH_MHP_MEMMAP_ON_MEMORY_ENABLE=y
@ -772,7 +782,7 @@ CONFIG_COMPAT_BINFMT_ELF=y
CONFIG_ELFCORE=y
CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS=y
CONFIG_BINFMT_SCRIPT=y
# CONFIG_BINFMT_MISC is not set
CONFIG_BINFMT_MISC=y
CONFIG_COREDUMP=y
# end of Executable file formats
@ -1098,6 +1108,7 @@ CONFIG_NF_DEFRAG_IPV6=y
# CONFIG_IEEE802154 is not set
# CONFIG_NET_SCHED is not set
# CONFIG_DCB is not set
# CONFIG_DNS_RESOLVER is not set
# CONFIG_BATMAN_ADV is not set
# CONFIG_OPENVSWITCH is not set
CONFIG_VSOCKETS=y
@ -1654,14 +1665,13 @@ CONFIG_PCNET32=y
# CONFIG_NET_VENDOR_AQUANTIA is not set
# CONFIG_NET_VENDOR_ARC is not set
# CONFIG_NET_VENDOR_ATHEROS is not set
# CONFIG_CX_ECAT is not set
# CONFIG_NET_VENDOR_BROADCOM is not set
# CONFIG_NET_VENDOR_BROCADE is not set
# CONFIG_NET_VENDOR_CADENCE is not set
# CONFIG_NET_VENDOR_CAVIUM is not set
# CONFIG_NET_VENDOR_CHELSIO is not set
# CONFIG_NET_VENDOR_CISCO is not set
# CONFIG_NET_VENDOR_CORTINA is not set
# CONFIG_CX_ECAT is not set
# CONFIG_DNET is not set
# CONFIG_NET_VENDOR_DEC is not set
# CONFIG_NET_VENDOR_DLINK is not set
@ -1685,7 +1695,6 @@ CONFIG_IGB=y
# CONFIG_ICE is not set
# CONFIG_FM10K is not set
# CONFIG_IGC is not set
# CONFIG_NET_VENDOR_MICROSOFT is not set
# CONFIG_JME is not set
# CONFIG_NET_VENDOR_LITEX is not set
# CONFIG_NET_VENDOR_MARVELL is not set
@ -1693,14 +1702,15 @@ CONFIG_IGB=y
# CONFIG_NET_VENDOR_MICREL is not set
# CONFIG_NET_VENDOR_MICROCHIP is not set
# CONFIG_NET_VENDOR_MICROSEMI is not set
# CONFIG_NET_VENDOR_MICROSOFT is not set
# CONFIG_NET_VENDOR_MYRI is not set
# CONFIG_FEALNX is not set
# CONFIG_NET_VENDOR_NI is not set
CONFIG_NET_VENDOR_NATSEMI=y
# CONFIG_NATSEMI is not set
# CONFIG_NS83820 is not set
# CONFIG_NET_VENDOR_NETERION is not set
# CONFIG_NET_VENDOR_NETRONOME is not set
# CONFIG_NET_VENDOR_NI is not set
CONFIG_NET_VENDOR_8390=y
CONFIG_NE2K_PCI=y
# CONFIG_NET_VENDOR_NVIDIA is not set
@ -1709,6 +1719,7 @@ CONFIG_NE2K_PCI=y
# CONFIG_NET_VENDOR_PACKET_ENGINES is not set
# CONFIG_NET_VENDOR_PENSANDO is not set
# CONFIG_NET_VENDOR_QLOGIC is not set
# CONFIG_NET_VENDOR_BROCADE is not set
# CONFIG_NET_VENDOR_QUALCOMM is not set
# CONFIG_NET_VENDOR_RDC is not set
CONFIG_NET_VENDOR_REALTEK=y
@ -1719,9 +1730,9 @@ CONFIG_8139CP=y
# CONFIG_NET_VENDOR_ROCKER is not set
# CONFIG_NET_VENDOR_SAMSUNG is not set
# CONFIG_NET_VENDOR_SEEQ is not set
# CONFIG_NET_VENDOR_SOLARFLARE is not set
# CONFIG_NET_VENDOR_SILAN is not set
# CONFIG_NET_VENDOR_SIS is not set
# CONFIG_NET_VENDOR_SOLARFLARE is not set
# CONFIG_NET_VENDOR_SMSC is not set
# CONFIG_NET_VENDOR_SOCIONEXT is not set
# CONFIG_NET_VENDOR_STMICRO is not set
@ -2738,7 +2749,9 @@ CONFIG_FANOTIFY=y
# CONFIG_QUOTA is not set
CONFIG_AUTOFS4_FS=y
CONFIG_AUTOFS_FS=y
# CONFIG_FUSE_FS is not set
CONFIG_FUSE_FS=y
# CONFIG_CUSE is not set
CONFIG_VIRTIO_FS=y
# CONFIG_OVERLAY_FS is not set
#
@ -2847,13 +2860,17 @@ CONFIG_IO_WQ=y
#
# Security options
#
# CONFIG_KEYS is not set
CONFIG_KEYS=y
# CONFIG_KEYS_REQUEST_CACHE is not set
# CONFIG_PERSISTENT_KEYRINGS is not set
# CONFIG_ENCRYPTED_KEYS is not set
CONFIG_KEY_DH_OPERATIONS=y
# CONFIG_SECURITY_DMESG_RESTRICT is not set
# CONFIG_SECURITY is not set
# CONFIG_SECURITYFS is not set
CONFIG_PAGE_TABLE_ISOLATION=y
CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
CONFIG_HARDENED_USERCOPY=y
CONFIG_HARDENED_USERCOPY_FALLBACK=y
CONFIG_FORTIFY_SOURCE=y
# CONFIG_STATIC_USERMODEHELPER is not set
CONFIG_DEFAULT_SECURITY_DAC=y
@ -2893,6 +2910,7 @@ CONFIG_CRYPTO_RNG2=y
CONFIG_CRYPTO_RNG_DEFAULT=y
CONFIG_CRYPTO_AKCIPHER2=y
CONFIG_CRYPTO_KPP2=y
CONFIG_CRYPTO_KPP=y
CONFIG_CRYPTO_ACOMP2=y
CONFIG_CRYPTO_MANAGER=y
CONFIG_CRYPTO_MANAGER2=y
@ -2909,7 +2927,7 @@ CONFIG_CRYPTO_NULL2=y
# Public-key cryptography
#
# CONFIG_CRYPTO_RSA is not set
# CONFIG_CRYPTO_DH is not set
CONFIG_CRYPTO_DH=y
# CONFIG_CRYPTO_ECDH is not set
# CONFIG_CRYPTO_ECDSA is not set
# CONFIG_CRYPTO_ECRDSA is not set
@ -3045,23 +3063,13 @@ CONFIG_CRYPTO_USER_API_HASH=y
# CONFIG_CRYPTO_USER_API_RNG is not set
# CONFIG_CRYPTO_USER_API_AEAD is not set
# CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE is not set
#
# Crypto library routines
#
CONFIG_CRYPTO_LIB_AES=y
# CONFIG_CRYPTO_LIB_BLAKE2S is not set
# CONFIG_CRYPTO_LIB_CHACHA is not set
# CONFIG_CRYPTO_LIB_CURVE25519 is not set
CONFIG_CRYPTO_LIB_POLY1305_RSIZE=11
# CONFIG_CRYPTO_LIB_POLY1305 is not set
# CONFIG_CRYPTO_LIB_CHACHA20POLY1305 is not set
CONFIG_CRYPTO_LIB_SHA256=y
# CONFIG_CRYPTO_HW is not set
# CONFIG_ASYMMETRIC_KEY_TYPE is not set
#
# Certificates for signature checking
#
# CONFIG_SYSTEM_BLACKLIST_KEYRING is not set
# end of Certificates for signature checking
CONFIG_BINARY_PRINTF=y
@ -3083,6 +3091,21 @@ CONFIG_GENERIC_IOMAP=y
CONFIG_ARCH_USE_CMPXCHG_LOCKREF=y
CONFIG_ARCH_HAS_FAST_MULTIPLIER=y
CONFIG_ARCH_USE_SYM_ANNOTATIONS=y
#
# Crypto library routines
#
CONFIG_CRYPTO_LIB_AES=y
CONFIG_CRYPTO_LIB_BLAKE2S_GENERIC=y
# CONFIG_CRYPTO_LIB_CHACHA is not set
# CONFIG_CRYPTO_LIB_CURVE25519 is not set
CONFIG_CRYPTO_LIB_POLY1305_RSIZE=11
# CONFIG_CRYPTO_LIB_POLY1305 is not set
# CONFIG_CRYPTO_LIB_CHACHA20POLY1305 is not set
CONFIG_CRYPTO_LIB_SHA256=y
# end of Crypto library routines
CONFIG_LIB_MEMNEQ=y
# CONFIG_CRC_CCITT is not set
CONFIG_CRC16=y
CONFIG_CRC_T10DIF=y
@ -3122,6 +3145,7 @@ CONFIG_DECOMPRESS_LZO=y
CONFIG_DECOMPRESS_LZ4=y
CONFIG_DECOMPRESS_ZSTD=y
CONFIG_INTERVAL_TREE=y
CONFIG_ASSOCIATIVE_ARRAY=y
CONFIG_HAS_IOMEM=y
CONFIG_HAS_IOPORT_MAP=y
CONFIG_HAS_DMA=y
@ -3137,7 +3161,9 @@ CONFIG_DQL=y
CONFIG_GLOB=y
# CONFIG_GLOB_SELFTEST is not set
CONFIG_NLATTR=y
CONFIG_CLZ_TAB=y
# CONFIG_IRQ_POLL is not set
CONFIG_MPILIB=y
CONFIG_HAVE_GENERIC_VDSO=y
CONFIG_GENERIC_GETTIMEOFDAY=y
CONFIG_GENERIC_VDSO_TIME_NS=y