Abuse filter log

From Gentoo Wiki
Abuse Filter navigation (Home | Recent filter changes | Examine past edits | Abuse log)
Jump to: navigation, search

This log shows a list of all actions caught by the filters.

Details for log entry 2,360

10:04, 30 October 2019: MGorny (talk | contribs) triggered filter 15, performing the action "edit" on Project:Hardened musl. Actions taken: Tag; Filter description: Removed Project Member (examine)

Changes made in edit

 
|Role=Developer
 
|Role=Developer
 
|IsLead=Yes
 
|IsLead=Yes
}}{{Project Member
 
|Developer=User:Anarchy
 
|Role=Developer
 
|IsLead=No
 
 
}}
 
}}
 
}}
 
}}

Action parameters

VariableValue
Whether or not the edit is marked as minor (minor_edit)
Edit count of the user (user_editcount)
2404
Name of the user account (user_name)
MGorny
Age of the user account (user_age)
254157435
Page ID (article_articleid)
56427
Page namespace (article_namespace)
510
Page title (without namespace) (article_text)
Hardened musl
Full page title (article_prefixedtext)
Project:Hardened musl
Action (action)
edit
Edit summary/reason (summary)
anarchy is retiring
Old content model (old_content_model)
wikitext
New content model (new_content_model)
wikitext
Old page wikitext, before the edit (old_wikitext)
{{Project |Name=Hardened musl |Description=This subproject aims to port the hardened tool chain to musl based systems for a variety of architectures. The project treats musl as an alternative to glibc and uClibc, and not necessarily as "embedded". |Email=musl@gentoo.org |IRC=#gentoo-hardened |ParentProject=Project:Hardened |PropagatesMembers=No |LeadElectionDate=2019/08/27 |Members={{Project Member |Developer=User:Blueness |Role=Developer |IsLead=Yes }}{{Project Member |Developer=User:Anarchy |Role=Developer |IsLead=No }} }} The Hardened musl subproject has a goal similar to its sister subproject, [[Project:Hardened_uClibc|Hardened uClibc]], but with the intention of using [http://www.musl-libc.org/ musl] to replace [http://www.gnu.org/software/libc/ glibc] as the system's "standard C library," or "libc" for short. A system's libc forms an integral part of the toolchain, but unlike the other components, it remains a runtime dependency of nearly every dynamically linked object in the system, or becomes incorporated into statically linked executables. For embedded systems, the size and speed of your libc become important issues which are better addressed by libc's designed with that purpose in mind. [http://www.uclibc.org/ uClibc] addresses at least the size issue by being very configurable, so any unneeded code can be turned off. Whether a function is required by POSIX standards or not doesn't matter if you are not using it for some targetted application. [http://www.musl-libc.org/ musl] takes a different approach: it is written with static linking in mind, but also with fast dynamic linking capabilities, while remaining close to standards and conscious of security issues. However, unlike [http://www.uclibc.org/ uClibc], it is not configurable. How [http://www.gnu.org/software/libc/ glibc], [http://www.uclibc.org/ uClibc] and [http://www.musl-libc.org/ musl] compare on the various points of interest is complex and something that will probably be debated forever. The musl team does provide a [http://www.etalabs.net/compare_libcs.html table of C/POSIX standard library implementations for Linux] that you can browse. Since there are different needs for different folks, in Gentoo we are not afraid to target ''anything'' and ''everything'': all arches, all libc's, hardened/vanilla userland, hardened/vanilla Linux kernel, and even different kernels. [http://www.musl-libc.org/ musl]'s completeness, including a robust implementation of [https://en.wikipedia.org/wiki/POSIX_Threads POSIX threads], means that we can include all of Gentoo's Hardened toolchain goodies without any problems: * Stack Smashing Protection ([[wikipedia:Buffer_overflow_protection|SSP]]), which requires threads but doesn't work with the old [[wikipedia:Native_POSIX_Thread_Library|NPTL]] or [[wikipedia:LinuxThreads|LinuxThreads]] that uClibc provides. * Position Independent Execution ([[wikipedia:Position-independent_code|PIE]]). * Bind now and relro, linker hardening to protect the global offset table. These are augmented by the kernel hardening, especially [http://pax.grsecurity.net/ PaX]'s enhanced address space layout randomization ([http://pax.grsecurity.net/docs/aslr.txt ASLR]). This subproject aims to treat [http://www.musl-libc.org/ musl] more as a drop in alternative to [http://www.gnu.org/software/libc/ glibc], and not necessarily as "embedded". This is not at the exclusion of the concerns of embedded systems, but rather to make our userland tarballs as flexible as possible. They can be used as development environments for native compiling on native hardware, starting points to build server or desktop systems, or they can be stripped down to just the essential apps for whatever purpose. The stages are not "embedded" in the sense that they use busybox as their "Swiss Army Knife" of common UNIX utilities. While not excluding this possibility, we aim at making most (all?) of Gentoo's packages both hardened and [http://www.musl-libc.org/ musl] compatible. == Goals == The project goals can be best summarized by the following chart: {| class="table table-condensed table-striped" style="text-align: left;" |- ! Arch ! Subarchs ! Tool Chain Hardening ! Status ! Downloads |- | {{Keyword|amd64}} | Generic | {{ Yes }} | Development | [http://releases.freeharbor.net Desktop] [http://distfiles.gentoo.org/experimental/amd64/musl/ stage3-amd64-musl-{hardened,vanilla}] |- | {{Keyword|arm}} | armv7a-hardfp | {{ Yes }} | Development | [http://distfiles.gentoo.org/experimental/arm/musl/ stage3-armv7a_hardfp-musl-{hardened,vanilla}] |- | {{Keyword|mips}} | mips32r2 | {{ No }} | NA | Not Yet |- | {{Keyword|mips}} | mipsel3 | {{ No }} | Development | [http://distfiles.gentoo.org/experimental/mips/musl stage3-mipsel3-musl-vanilla] |- | {{Keyword|ppc}} | classic | {{ No }} | Development | [http://distfiles.gentoo.org/experimental/ppc/musl/ stage3-ppc-musl-vanilla] |- | {{Keyword|x86}} | i686 | {{ No }} | Development | [http://distfiles.gentoo.org/experimental/x86/musl/ stage3-i686-musl-vanilla] |- |} == Working with musl == Unlike the situation with uClibc, where pretty much every package in the Gentoo portage tree "just builds," musl's adherence to standards means that many packages which deviate from those standards, primarily [[wikipedia:POSIX|POSIX]], need some patching. Most of this is minor, like the location of header files, but some is more substantial. So we maintain the [https://gitweb.gentoo.org/proj/musl.git musl] overlay to house those patches, and this overlay must be added to the stage3's to be able to update and maintain them. Here's how: 0) Get your chroot ready as you would on any other stage3. See the [[Handbook]]. 1) Set up your favorite <var>GENTOO_MIRRORS</var> and sync-uri and sync the main ebuild repository. Obviously replace 192.168.3.1 with your servers of choice: {{RootCmd |echo GENTOO_MIRRORS{{=}}<nowiki>ftp://192.168.3.1/pub/gentoo</nowiki> >> /etc/portage/make.conf |sed -i "/^sync-uri/d" /etc/portage/repos.conf/gentoo.conf |echo "sync-uri {{=}} rsync://192.168.3.1/portage" >> /etc/portage/repos.conf/gentoo.conf |emerge --sync }} 2) Set up the nameserver for DNS resolution: {{RootCmd|echo nameserver 192.168.3.1 >> /etc/resolv.conf}} 3) We need to get git in order to add the overlay. Unfortunately, right now we can't build git with gnupg support: {{RootCmd|echo "dev-vcs/git -gpg" >> /etc/portage/package.use }} {{Emerge|app-portage/layman dev-vcs/git}} 4) Let's add the overlay. {{RootCmd |layman -L |layman -a musl }} 5) Okay now we can update. If we tried to update without the overlay, we get a bunch of downgrades to ebuilds that are slightly broken on musl and will not build. {{RootCmd|emerge -uvNDq @world}} 6) In the future, update both the portage tree and the overlay before repeating step 5. {{RootCmd |emerge --sync |layman -S |emerge -uvNDq @world }} == Contributors == The following people are or have contributed to the project: {| class="table table-condensed table-striped" style="text-align: left;" ! Contributor ! Email ! Still active? |- | Felix Janda | felix.janda@posteo.de | {{ Yes }} |} == Participation == To participate in the Hardened musl project join the mailing list at {{Mail|gentoo-musl@lists.gentoo.org}} and visit our IRC channel at {{IRC|gentoo-hardened}} on Freenode. == See also == * [[Project:Hardened_musl/Bluedragon|Bluedragon]] - A hardened musl XFCE desktop.
New page wikitext, after the edit (new_wikitext)
{{Project |Name=Hardened musl |Description=This subproject aims to port the hardened tool chain to musl based systems for a variety of architectures. The project treats musl as an alternative to glibc and uClibc, and not necessarily as "embedded". |Email=musl@gentoo.org |IRC=#gentoo-hardened |ParentProject=Project:Hardened |PropagatesMembers=No |LeadElectionDate=2019/08/27 |Members={{Project Member |Developer=User:Blueness |Role=Developer |IsLead=Yes }} }} The Hardened musl subproject has a goal similar to its sister subproject, [[Project:Hardened_uClibc|Hardened uClibc]], but with the intention of using [http://www.musl-libc.org/ musl] to replace [http://www.gnu.org/software/libc/ glibc] as the system's "standard C library," or "libc" for short. A system's libc forms an integral part of the toolchain, but unlike the other components, it remains a runtime dependency of nearly every dynamically linked object in the system, or becomes incorporated into statically linked executables. For embedded systems, the size and speed of your libc become important issues which are better addressed by libc's designed with that purpose in mind. [http://www.uclibc.org/ uClibc] addresses at least the size issue by being very configurable, so any unneeded code can be turned off. Whether a function is required by POSIX standards or not doesn't matter if you are not using it for some targetted application. [http://www.musl-libc.org/ musl] takes a different approach: it is written with static linking in mind, but also with fast dynamic linking capabilities, while remaining close to standards and conscious of security issues. However, unlike [http://www.uclibc.org/ uClibc], it is not configurable. How [http://www.gnu.org/software/libc/ glibc], [http://www.uclibc.org/ uClibc] and [http://www.musl-libc.org/ musl] compare on the various points of interest is complex and something that will probably be debated forever. The musl team does provide a [http://www.etalabs.net/compare_libcs.html table of C/POSIX standard library implementations for Linux] that you can browse. Since there are different needs for different folks, in Gentoo we are not afraid to target ''anything'' and ''everything'': all arches, all libc's, hardened/vanilla userland, hardened/vanilla Linux kernel, and even different kernels. [http://www.musl-libc.org/ musl]'s completeness, including a robust implementation of [https://en.wikipedia.org/wiki/POSIX_Threads POSIX threads], means that we can include all of Gentoo's Hardened toolchain goodies without any problems: * Stack Smashing Protection ([[wikipedia:Buffer_overflow_protection|SSP]]), which requires threads but doesn't work with the old [[wikipedia:Native_POSIX_Thread_Library|NPTL]] or [[wikipedia:LinuxThreads|LinuxThreads]] that uClibc provides. * Position Independent Execution ([[wikipedia:Position-independent_code|PIE]]). * Bind now and relro, linker hardening to protect the global offset table. These are augmented by the kernel hardening, especially [http://pax.grsecurity.net/ PaX]'s enhanced address space layout randomization ([http://pax.grsecurity.net/docs/aslr.txt ASLR]). This subproject aims to treat [http://www.musl-libc.org/ musl] more as a drop in alternative to [http://www.gnu.org/software/libc/ glibc], and not necessarily as "embedded". This is not at the exclusion of the concerns of embedded systems, but rather to make our userland tarballs as flexible as possible. They can be used as development environments for native compiling on native hardware, starting points to build server or desktop systems, or they can be stripped down to just the essential apps for whatever purpose. The stages are not "embedded" in the sense that they use busybox as their "Swiss Army Knife" of common UNIX utilities. While not excluding this possibility, we aim at making most (all?) of Gentoo's packages both hardened and [http://www.musl-libc.org/ musl] compatible. == Goals == The project goals can be best summarized by the following chart: {| class="table table-condensed table-striped" style="text-align: left;" |- ! Arch ! Subarchs ! Tool Chain Hardening ! Status ! Downloads |- | {{Keyword|amd64}} | Generic | {{ Yes }} | Development | [http://releases.freeharbor.net Desktop] [http://distfiles.gentoo.org/experimental/amd64/musl/ stage3-amd64-musl-{hardened,vanilla}] |- | {{Keyword|arm}} | armv7a-hardfp | {{ Yes }} | Development | [http://distfiles.gentoo.org/experimental/arm/musl/ stage3-armv7a_hardfp-musl-{hardened,vanilla}] |- | {{Keyword|mips}} | mips32r2 | {{ No }} | NA | Not Yet |- | {{Keyword|mips}} | mipsel3 | {{ No }} | Development | [http://distfiles.gentoo.org/experimental/mips/musl stage3-mipsel3-musl-vanilla] |- | {{Keyword|ppc}} | classic | {{ No }} | Development | [http://distfiles.gentoo.org/experimental/ppc/musl/ stage3-ppc-musl-vanilla] |- | {{Keyword|x86}} | i686 | {{ No }} | Development | [http://distfiles.gentoo.org/experimental/x86/musl/ stage3-i686-musl-vanilla] |- |} == Working with musl == Unlike the situation with uClibc, where pretty much every package in the Gentoo portage tree "just builds," musl's adherence to standards means that many packages which deviate from those standards, primarily [[wikipedia:POSIX|POSIX]], need some patching. Most of this is minor, like the location of header files, but some is more substantial. So we maintain the [https://gitweb.gentoo.org/proj/musl.git musl] overlay to house those patches, and this overlay must be added to the stage3's to be able to update and maintain them. Here's how: 0) Get your chroot ready as you would on any other stage3. See the [[Handbook]]. 1) Set up your favorite <var>GENTOO_MIRRORS</var> and sync-uri and sync the main ebuild repository. Obviously replace 192.168.3.1 with your servers of choice: {{RootCmd |echo GENTOO_MIRRORS{{=}}<nowiki>ftp://192.168.3.1/pub/gentoo</nowiki> >> /etc/portage/make.conf |sed -i "/^sync-uri/d" /etc/portage/repos.conf/gentoo.conf |echo "sync-uri {{=}} rsync://192.168.3.1/portage" >> /etc/portage/repos.conf/gentoo.conf |emerge --sync }} 2) Set up the nameserver for DNS resolution: {{RootCmd|echo nameserver 192.168.3.1 >> /etc/resolv.conf}} 3) We need to get git in order to add the overlay. Unfortunately, right now we can't build git with gnupg support: {{RootCmd|echo "dev-vcs/git -gpg" >> /etc/portage/package.use }} {{Emerge|app-portage/layman dev-vcs/git}} 4) Let's add the overlay. {{RootCmd |layman -L |layman -a musl }} 5) Okay now we can update. If we tried to update without the overlay, we get a bunch of downgrades to ebuilds that are slightly broken on musl and will not build. {{RootCmd|emerge -uvNDq @world}} 6) In the future, update both the portage tree and the overlay before repeating step 5. {{RootCmd |emerge --sync |layman -S |emerge -uvNDq @world }} == Contributors == The following people are or have contributed to the project: {| class="table table-condensed table-striped" style="text-align: left;" ! Contributor ! Email ! Still active? |- | Felix Janda | felix.janda@posteo.de | {{ Yes }} |} == Participation == To participate in the Hardened musl project join the mailing list at {{Mail|gentoo-musl@lists.gentoo.org}} and visit our IRC channel at {{IRC|gentoo-hardened}} on Freenode. == See also == * [[Project:Hardened_musl/Bluedragon|Bluedragon]] - A hardened musl XFCE desktop.
Unified diff of changes made by edit (edit_diff)
@@ -11,8 +11,4 @@ |Role=Developer |IsLead=Yes -}}{{Project Member -|Developer=User:Anarchy -|Role=Developer -|IsLead=No }} }}
Old page size (old_size)
7454
Lines added in edit (added_lines)
Lines removed in edit (removed_lines)
}}{{Project Member |Developer=User:Anarchy |Role=Developer |IsLead=No
New page text, stripped of any markup (new_text)
Hardened musl Description This subproject aims to port the hardened tool chain to musl based systems for a variety of architectures. The project treats musl as an alternative to glibc and uClibc, and not necessarily as "embedded". Project email musl@gentoo.org IRC channel #gentoo-hardened Lead(s) Anthony G. Basile (blueness)Developer Last elected: 2019/08/27 Member(s) Jory A. Pratt (Anarchy)Developer Subproject(s)(and inherited member(s)) (none) Parent Project Hardened Project listing The Hardened musl subproject has a goal similar to its sister subproject, Hardened uClibc, but with the intention of using musl to replace glibc as the system's "standard C library," or "libc" for short. A system's libc forms an integral part of the toolchain, but unlike the other components, it remains a runtime dependency of nearly every dynamically linked object in the system, or becomes incorporated into statically linked executables. For embedded systems, the size and speed of your libc become important issues which are better addressed by libc's designed with that purpose in mind. uClibc addresses at least the size issue by being very configurable, so any unneeded code can be turned off. Whether a function is required by POSIX standards or not doesn't matter if you are not using it for some targetted application. musl takes a different approach: it is written with static linking in mind, but also with fast dynamic linking capabilities, while remaining close to standards and conscious of security issues. However, unlike uClibc, it is not configurable. How glibc, uClibc and musl compare on the various points of interest is complex and something that will probably be debated forever. The musl team does provide a table of C/POSIX standard library implementations for Linux that you can browse. Since there are different needs for different folks, in Gentoo we are not afraid to target anything and everything: all arches, all libc's, hardened/vanilla userland, hardened/vanilla Linux kernel, and even different kernels. musl's completeness, including a robust implementation of POSIX threads, means that we can include all of Gentoo's Hardened toolchain goodies without any problems: Stack Smashing Protection (SSP), which requires threads but doesn't work with the old NPTL or LinuxThreads that uClibc provides. Position Independent Execution (PIE). Bind now and relro, linker hardening to protect the global offset table. These are augmented by the kernel hardening, especially PaX's enhanced address space layout randomization (ASLR). This subproject aims to treat musl more as a drop in alternative to glibc, and not necessarily as "embedded". This is not at the exclusion of the concerns of embedded systems, but rather to make our userland tarballs as flexible as possible. They can be used as development environments for native compiling on native hardware, starting points to build server or desktop systems, or they can be stripped down to just the essential apps for whatever purpose. The stages are not "embedded" in the sense that they use busybox as their "Swiss Army Knife" of common UNIX utilities. While not excluding this possibility, we aim at making most (all?) of Gentoo's packages both hardened and musl compatible. Contents 1 Goals 2 Working with musl 3 Contributors 4 Participation 5 See also Goals[edit] The project goals can be best summarized by the following chart: Arch Subarchs Tool Chain Hardening Status Downloads amd64 Generic Yes Development Desktop stage3-amd64-musl-{hardened,vanilla} arm armv7a-hardfp Yes Development stage3-armv7a_hardfp-musl-{hardened,vanilla} mips mips32r2 No NA Not Yet mips mipsel3 No Development stage3-mipsel3-musl-vanilla ppc classic No Development stage3-ppc-musl-vanilla x86 i686 No Development stage3-i686-musl-vanilla Working with musl[edit] Unlike the situation with uClibc, where pretty much every package in the Gentoo portage tree "just builds," musl's adherence to standards means that many packages which deviate from those standards, primarily POSIX, need some patching. Most of this is minor, like the location of header files, but some is more substantial. So we maintain the musl overlay to house those patches, and this overlay must be added to the stage3's to be able to update and maintain them. Here's how: 0) Get your chroot ready as you would on any other stage3. See the Handbook. 1) Set up your favorite GENTOO_MIRRORS and sync-uri and sync the main ebuild repository. Obviously replace 192.168.3.1 with your servers of choice: root #echo GENTOO_MIRRORS=ftp://192.168.3.1/pub/gentoo &gt;&gt; /etc/portage/make.conf root #sed -i "/^sync-uri/d" /etc/portage/repos.conf/gentoo.conf root #echo "sync-uri = rsync://192.168.3.1/portage" &gt;&gt; /etc/portage/repos.conf/gentoo.conf root #emerge --sync 2) Set up the nameserver for DNS resolution: root #echo nameserver 192.168.3.1 &gt;&gt; /etc/resolv.conf 3) We need to get git in order to add the overlay. Unfortunately, right now we can't build git with gnupg support: root #echo "dev-vcs/git -gpg" &gt;&gt; /etc/portage/package.use root #emerge --ask app-portage/layman dev-vcs/git 4) Let's add the overlay. root #layman -L root #layman -a musl 5) Okay now we can update. If we tried to update without the overlay, we get a bunch of downgrades to ebuilds that are slightly broken on musl and will not build. root #emerge -uvNDq @world 6) In the future, update both the portage tree and the overlay before repeating step 5. root #emerge --sync root #layman -S root #emerge -uvNDq @world Contributors[edit] The following people are or have contributed to the project: Contributor Email Still active? Felix Janda felix.janda@posteo.de Yes Participation[edit] To participate in the Hardened musl project join the mailing list at gentoo-musl@lists.gentoo.org and visit our IRC channel at #gentoo-hardened on Freenode. See also[edit] Bluedragon - A hardened musl XFCE desktop.
Parsed HTML source of the new revision (new_html)
<div class="mw-parser-output"><table class="table table-condensed" style="width: 30em; font-size: 95%; border: 1px solid #ddd; background-color: #f9f9f9; color: black; margin-bottom: 0.5em; margin-left: 1em; padding: 0.2em; float: right; clear: right; text-align:left;"> <tbody><tr> <th style="text-align: center; background-color:#3E355A; color: white;" colspan="2"><big>Hardened musl</big> </th></tr> <tr valign="top"> <th>Description </th> <td style="text-align: justify;">This subproject aims to port the hardened tool chain to musl based systems for a variety of architectures. The project treats musl as an alternative to glibc and uClibc, and not necessarily as "embedded". </td></tr> <tr> <th><span title="Mails to member(s) listed below.">Project email</span> </th> <td><a rel="nofollow" class="external text" href="mailto:musl@gentoo.org">musl@gentoo.org</a> </td></tr> <tr> <th><span title="The link opens a webchat to this project&#39;s Freenode IRC channel.">IRC channel</span> </th> <td><a rel="nofollow" class="external text" href="https://webchat.freenode.net/?channels=gentoo-hardened">#gentoo-hardened</a> </td></tr> <tr valign="top"> <th>Lead(s) </th> <td><ul><li><a href="/wiki/User:Blueness" title="User:Blueness">Anthony G. Basile</a> (blueness)<br /><i>Developer</i></li></ul> <br />Last elected: 2019/08/27 </td></tr> <tr valign="top"> <th>Member(s) </th> <td><ul><li><a href="/wiki/User:Anarchy" title="User:Anarchy">Jory A. Pratt</a> (Anarchy)<br /><i>Developer</i></li></ul> </td></tr> <tr valign="top"> <th>Subproject(s)<br /><small style="font-weight: normal;">(and inherited member(s))</small> </th> <td>(none) </td></tr> <tr> <th>Parent Project </th> <td><a href="/wiki/Project:Hardened" title="Project:Hardened">Hardened</a> </td></tr> <tr> <td colspan="2" style="border-top: 1px solid #ddd; font-size: smaller; text-align: center;"><a href="/wiki/Project:Gentoo" title="Project:Gentoo">Project listing</a> </td></tr></tbody></table> <p>The Hardened musl subproject has a goal similar to its sister subproject, <a href="/wiki/Project:Hardened_uClibc" title="Project:Hardened uClibc">Hardened uClibc</a>, but with the intention of using <a rel="nofollow" class="external text" href="http://www.musl-libc.org/">musl</a> to replace <a rel="nofollow" class="external text" href="http://www.gnu.org/software/libc/">glibc</a> as the system's "standard C library," or "libc" for short. A system's libc forms an integral part of the toolchain, but unlike the other components, it remains a runtime dependency of nearly every dynamically linked object in the system, or becomes incorporated into statically linked executables. For embedded systems, the size and speed of your libc become important issues which are better addressed by libc's designed with that purpose in mind. <a rel="nofollow" class="external text" href="http://www.uclibc.org/">uClibc</a> addresses at least the size issue by being very configurable, so any unneeded code can be turned off. Whether a function is required by POSIX standards or not doesn't matter if you are not using it for some targetted application. <a rel="nofollow" class="external text" href="http://www.musl-libc.org/">musl</a> takes a different approach: it is written with static linking in mind, but also with fast dynamic linking capabilities, while remaining close to standards and conscious of security issues. However, unlike <a rel="nofollow" class="external text" href="http://www.uclibc.org/">uClibc</a>, it is not configurable. How <a rel="nofollow" class="external text" href="http://www.gnu.org/software/libc/">glibc</a>, <a rel="nofollow" class="external text" href="http://www.uclibc.org/">uClibc</a> and <a rel="nofollow" class="external text" href="http://www.musl-libc.org/">musl</a> compare on the various points of interest is complex and something that will probably be debated forever. The musl team does provide a <a rel="nofollow" class="external text" href="http://www.etalabs.net/compare_libcs.html">table of C/POSIX standard library implementations for Linux</a> that you can browse. Since there are different needs for different folks, in Gentoo we are not afraid to target <i>anything</i> and <i>everything</i>: all arches, all libc's, hardened/vanilla userland, hardened/vanilla Linux kernel, and even different kernels. </p><p><a rel="nofollow" class="external text" href="http://www.musl-libc.org/">musl</a>'s completeness, including a robust implementation of <a rel="nofollow" class="external text" href="https://en.wikipedia.org/wiki/POSIX_Threads">POSIX threads</a>, means that we can include all of Gentoo's Hardened toolchain goodies without any problems: </p> <ul><li>Stack Smashing Protection (<a href="https://en.wikipedia.org/wiki/Buffer_overflow_protection" class="extiw" title="wikipedia:Buffer overflow protection">SSP</a>), which requires threads but doesn't work with the old <a href="https://en.wikipedia.org/wiki/Native_POSIX_Thread_Library" class="extiw" title="wikipedia:Native POSIX Thread Library">NPTL</a> or <a href="https://en.wikipedia.org/wiki/LinuxThreads" class="extiw" title="wikipedia:LinuxThreads">LinuxThreads</a> that uClibc provides.</li> <li>Position Independent Execution (<a href="https://en.wikipedia.org/wiki/Position-independent_code" class="extiw" title="wikipedia:Position-independent code">PIE</a>).</li> <li>Bind now and relro, linker hardening to protect the global offset table.</li></ul> <p>These are augmented by the kernel hardening, especially <a rel="nofollow" class="external text" href="http://pax.grsecurity.net/">PaX</a>'s enhanced address space layout randomization (<a rel="nofollow" class="external text" href="http://pax.grsecurity.net/docs/aslr.txt">ASLR</a>). </p><p>This subproject aims to treat <a rel="nofollow" class="external text" href="http://www.musl-libc.org/">musl</a> more as a drop in alternative to <a rel="nofollow" class="external text" href="http://www.gnu.org/software/libc/">glibc</a>, and not necessarily as "embedded". This is not at the exclusion of the concerns of embedded systems, but rather to make our userland tarballs as flexible as possible. They can be used as development environments for native compiling on native hardware, starting points to build server or desktop systems, or they can be stripped down to just the essential apps for whatever purpose. The stages are not "embedded" in the sense that they use busybox as their "Swiss Army Knife" of common UNIX utilities. While not excluding this possibility, we aim at making most (all?) of Gentoo's packages both hardened and <a rel="nofollow" class="external text" href="http://www.musl-libc.org/">musl</a> compatible. </p> <div id="toc" class="toc"><div class="toctitle" lang="en" dir="ltr"><h2>Contents</h2></div> <ul> <li class="toclevel-1 tocsection-1"><a href="#Goals"><span class="tocnumber">1</span> <span class="toctext">Goals</span></a></li> <li class="toclevel-1 tocsection-2"><a href="#Working_with_musl"><span class="tocnumber">2</span> <span class="toctext">Working with musl</span></a></li> <li class="toclevel-1 tocsection-3"><a href="#Contributors"><span class="tocnumber">3</span> <span class="toctext">Contributors</span></a></li> <li class="toclevel-1 tocsection-4"><a href="#Participation"><span class="tocnumber">4</span> <span class="toctext">Participation</span></a></li> <li class="toclevel-1 tocsection-5"><a href="#See_also"><span class="tocnumber">5</span> <span class="toctext">See also</span></a></li> </ul> </div> <h2><span class="mw-headline" id="Goals">Goals</span><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/index.php?title=Project:Hardened_musl&amp;action=edit&amp;section=1" title="Edit section: Goals">edit</a><span class="mw-editsection-bracket">]</span></span></h2> <p>The project goals can be best summarized by the following chart: </p> <table class="table table-condensed table-striped" style="text-align: left;"> <tbody><tr> <th>Arch </th> <th>Subarchs </th> <th>Tool Chain Hardening </th> <th>Status </th> <th>Downloads </th></tr> <tr> <td><b><span style="font-family: monospace; font-size: 95%; color: #54487a">amd64</span></b> </td> <td>Generic </td> <td style="background-color: #DFF0D8; color: black; vertical-align: middle; text-align: left;" class="cell-yes"><span class="glyphicon glyphicon-ok"></span> Yes </td> <td>Development </td> <td><a rel="nofollow" class="external text" href="http://releases.freeharbor.net">Desktop</a> <a rel="nofollow" class="external text" href="http://distfiles.gentoo.org/experimental/amd64/musl/">stage3-amd64-musl-{hardened,vanilla}</a> </td></tr> <tr> <td><b><span style="font-family: monospace; font-size: 95%; color: #54487a">arm</span></b> </td> <td>armv7a-hardfp </td> <td style="background-color: #DFF0D8; color: black; vertical-align: middle; text-align: left;" class="cell-yes"><span class="glyphicon glyphicon-ok"></span> Yes </td> <td>Development </td> <td><a rel="nofollow" class="external text" href="http://distfiles.gentoo.org/experimental/arm/musl/">stage3-armv7a_hardfp-musl-{hardened,vanilla}</a> </td></tr> <tr> <td><b><span style="font-family: monospace; font-size: 95%; color: #54487a">mips</span></b> </td> <td>mips32r2 </td> <td style="background-color: #F2DEDE; color: black; vertical-align: middle; text-align: left;" class="cell-no"><span class="glyphicon glyphicon-remove"></span> No </td> <td>NA </td> <td>Not Yet </td></tr> <tr> <td><b><span style="font-family: monospace; font-size: 95%; color: #54487a">mips</span></b> </td> <td>mipsel3 </td> <td style="background-color: #F2DEDE; color: black; vertical-align: middle; text-align: left;" class="cell-no"><span class="glyphicon glyphicon-remove"></span> No </td> <td>Development </td> <td><a rel="nofollow" class="external text" href="http://distfiles.gentoo.org/experimental/mips/musl">stage3-mipsel3-musl-vanilla</a> </td></tr> <tr> <td><b><span style="font-family: monospace; font-size: 95%; color: #54487a">ppc</span></b> </td> <td>classic </td> <td style="background-color: #F2DEDE; color: black; vertical-align: middle; text-align: left;" class="cell-no"><span class="glyphicon glyphicon-remove"></span> No </td> <td>Development </td> <td><a rel="nofollow" class="external text" href="http://distfiles.gentoo.org/experimental/ppc/musl/">stage3-ppc-musl-vanilla</a> </td></tr> <tr> <td><b><span style="font-family: monospace; font-size: 95%; color: #54487a">x86</span></b> </td> <td>i686 </td> <td style="background-color: #F2DEDE; color: black; vertical-align: middle; text-align: left;" class="cell-no"><span class="glyphicon glyphicon-remove"></span> No </td> <td>Development </td> <td><a rel="nofollow" class="external text" href="http://distfiles.gentoo.org/experimental/x86/musl/">stage3-i686-musl-vanilla</a> </td></tr> </tbody></table> <h2><span class="mw-headline" id="Working_with_musl">Working with musl</span><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/index.php?title=Project:Hardened_musl&amp;action=edit&amp;section=2" title="Edit section: Working with musl">edit</a><span class="mw-editsection-bracket">]</span></span></h2> <p>Unlike the situation with uClibc, where pretty much every package in the Gentoo portage tree "just builds," musl's adherence to standards means that many packages which deviate from those standards, primarily <a href="https://en.wikipedia.org/wiki/POSIX" class="extiw" title="wikipedia:POSIX">POSIX</a>, need some patching. Most of this is minor, like the location of header files, but some is more substantial. So we maintain the <a rel="nofollow" class="external text" href="https://gitweb.gentoo.org/proj/musl.git">musl</a> overlay to house those patches, and this overlay must be added to the stage3's to be able to update and maintain them. Here's how: </p><p>0) Get your chroot ready as you would on any other stage3. See the <a href="/wiki/Handbook" class="mw-redirect" title="Handbook">Handbook</a>. </p><p>1) Set up your favorite <var>GENTOO_MIRRORS</var> and sync-uri and sync the main ebuild repository. Obviously replace 192.168.3.1 with your servers of choice: </p> <div class="cmd-box"><div><code style="color: #ef2929; font-weight: bold;">root #</code><span class="tripleclick-separator"></span><code>echo GENTOO_MIRRORS=ftp://192.168.3.1/pub/gentoo &gt;&gt; /etc/portage/make.conf </code></div><div><code style="color: #ef2929; font-weight: bold;">root #</code><span class="tripleclick-separator"></span><code>sed -i "/^sync-uri/d" /etc/portage/repos.conf/gentoo.conf </code></div><div><code style="color: #ef2929; font-weight: bold;">root #</code><span class="tripleclick-separator"></span><code>echo "sync-uri = rsync://192.168.3.1/portage" &gt;&gt; /etc/portage/repos.conf/gentoo.conf </code></div><div><code style="color: #ef2929; font-weight: bold;">root #</code><span class="tripleclick-separator"></span><code>emerge --sync </code></div></div> <p>2) Set up the nameserver for DNS resolution: </p> <div class="cmd-box"><div><code style="color: #ef2929; font-weight: bold;">root #</code><span class="tripleclick-separator"></span><code>echo nameserver 192.168.3.1 &gt;&gt; /etc/resolv.conf</code></div></div> <p>3) We need to get git in order to add the overlay. Unfortunately, right now we can't build git with gnupg support: </p> <div class="cmd-box"><div><code style="color: #ef2929; font-weight: bold;">root #</code><span class="tripleclick-separator"></span><code>echo "dev-vcs/git -gpg" &gt;&gt; /etc/portage/package.use </code></div></div> <div class="cmd-box"><div><code style="color: #ef2929; font-weight: bold;">root #</code><span class="tripleclick-separator"></span><code>emerge --ask app-portage/layman dev-vcs/git</code></div></div> <p>4) Let's add the overlay. </p> <div class="cmd-box"><div><code style="color: #ef2929; font-weight: bold;">root #</code><span class="tripleclick-separator"></span><code>layman -L </code></div><div><code style="color: #ef2929; font-weight: bold;">root #</code><span class="tripleclick-separator"></span><code>layman -a musl </code></div></div> <p>5) Okay now we can update. If we tried to update without the overlay, we get a bunch of downgrades to ebuilds that are slightly broken on musl and will not build. </p> <div class="cmd-box"><div><code style="color: #ef2929; font-weight: bold;">root #</code><span class="tripleclick-separator"></span><code>emerge -uvNDq @world</code></div></div> <p>6) In the future, update both the portage tree and the overlay before repeating step 5. </p> <div class="cmd-box"><div><code style="color: #ef2929; font-weight: bold;">root #</code><span class="tripleclick-separator"></span><code>emerge --sync </code></div><div><code style="color: #ef2929; font-weight: bold;">root #</code><span class="tripleclick-separator"></span><code>layman -S </code></div><div><code style="color: #ef2929; font-weight: bold;">root #</code><span class="tripleclick-separator"></span><code>emerge -uvNDq @world </code></div></div> <h2><span class="mw-headline" id="Contributors">Contributors</span><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/index.php?title=Project:Hardened_musl&amp;action=edit&amp;section=3" title="Edit section: Contributors">edit</a><span class="mw-editsection-bracket">]</span></span></h2> <p>The following people are or have contributed to the project: </p> <table class="table table-condensed table-striped" style="text-align: left;"> <tbody><tr> <th>Contributor </th> <th>Email </th> <th>Still active? </th></tr> <tr> <td>Felix Janda </td> <td>felix.janda@posteo.de </td> <td style="background-color: #DFF0D8; color: black; vertical-align: middle; text-align: left;" class="cell-yes"><span class="glyphicon glyphicon-ok"></span> Yes </td></tr></tbody></table> <h2><span class="mw-headline" id="Participation">Participation</span><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/index.php?title=Project:Hardened_musl&amp;action=edit&amp;section=4" title="Edit section: Participation">edit</a><span class="mw-editsection-bracket">]</span></span></h2> <p>To participate in the Hardened musl project join the mailing list at <a rel="nofollow" class="external text" href="mailto:gentoo-musl@lists.gentoo.org">gentoo-musl@lists.gentoo.org</a> and visit our IRC channel at <span style="font-family: monospace; font-size: 95%;"><a rel="nofollow" class="external text" href="irc://irc.gentoo.org/gentoo-hardened">#gentoo-hardened</a></span> on Freenode. </p> <h2><span class="mw-headline" id="See_also">See also</span><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/index.php?title=Project:Hardened_musl&amp;action=edit&amp;section=5" title="Edit section: See also">edit</a><span class="mw-editsection-bracket">]</span></span></h2> <ul><li><a href="/wiki/Project:Hardened_musl/Bluedragon" title="Project:Hardened musl/Bluedragon">Bluedragon</a> - A hardened musl XFCE desktop.</li></ul> <!-- NewPP limit report Cached time: 20191030100402 Cache expiry: 86400 Dynamic content: false [SMW] In‐text annotation parser time: 0.003 seconds CPU time usage: 0.140 seconds Real time usage: 0.152 seconds Preprocessor visited node count: 1150/1000000 Preprocessor generated node count: 2921/1000000 Post‐expand include size: 19759/2097152 bytes Template argument size: 3338/2097152 bytes Highest expansion depth: 11/40 Expensive parser function count: 0/100 Unstrip recursion depth: 0/20 Unstrip post‐expand size: 28/5000000 bytes --> <!-- Transclusion expansion time report (%,ms,calls,template) 100.00% 102.165 1 -total 51.97% 53.094 1 Template:Project 31.46% 32.139 7 Template:RootCmd 25.33% 25.881 7 Template:GenericCmd 16.05% 16.398 2 Template:ProjectMemberLine 7.53% 7.692 2 Template:ProjectMemberLineNickname 7.51% 7.670 13 Template:GenericCmd/Line 7.02% 7.174 1 Template:Mail 6.06% 6.188 1 Template:Emerge 5.77% 5.893 1 Template:DevName --> </div>
Unix timestamp of change (timestamp)
1572429842