From Gentoo Wiki
Jump to: navigation, search

Contact info
needle (IRC)

User info
Gentoo user since 2006

Meet me in freenode's fvwm IRC channel.

libressl migration on headless productive raspberry pi2

Migration to libressl on pi2 works exactly like described in Project:LibreSSL with 2 major differences:

  • Need to add this particular file instead of /etc/portage/profile/use.stable.mask
FILE /etc/portage/profile/use.mask
  • The migration worked on a productive system, a headless box with minimal dependencies, no fancy stuff like f.e. X. Made successful migration from openssl to libressl. Stick to the Project Website in this wiki it will work.

Enable IPv6 privacy extensions (RFC4941)

IPv6 privacy extensions are disabled by default on GNU/linux, they lead to problems if users are not aware of this. To enable privacy extensions on gentoo permanently add following lines and reboot the system:

FILE /etc/sysctl.confEnabling IPv6 privacy extensions
# Enabling IPv6 privacy extensions for specified interfaces. 
# here eth0 and wlan0
net.ipv6.conf.eth0.use_tempaddr = 2
net.ipv6.conf.wlan0.use_tempaddr = 2
net.ipv6.conf.default.use_tempaddr = 2

# Setting q shorter timeout for a temporary IPv6 prefix
# default setting is one day
net.ipv6.conf.eth0.temp_prefered_lft = 14400
net.ipv6.conf.wlan0.temp_prefered_lft = 14400

The setting net.ipv6.conf.all.use_tempaddr is used to propagate its value to all interfaces currently attached to the system. This setting might not work reliably for all interfaces. At least not on my own tested gentoo installations up to kernel 4.14.

There are two old bugs in the Linux kernel bugtracker for this issue: