Language Selection

English French German Italian Portuguese Spanish

Gentoo News

Syndicate content
News and information from Gentoo Linux
Updated: 11 hours 18 min ago

AArch64 (arm64) profiles are now stable!

Sunday 11th of August 2019 12:00:00 AM

The ARM64 project is pleased to announce that all ARM64 profiles are now stable.

While our developers and users have contributed significantly in this accomplishment, we must also thank our Packet sponsor for their contribution. Providing the Gentoo developer community with access to bare metal hardware has accelerated progress in achieving the stabilization of the ARM64 profiles.

About Packet.com

This access has been kindly provided to Gentoo by bare metal cloud Packet via their Works on Arm project. Learn more about their commitment to supporting open source here.

About Gentoo

Gentoo Linux is a free, source-based, rolling release meta distribution that features a high degree of flexibility and high performance. It empowers you to make your computer work for you, and offers a variety of choices at all levels of system configuration.

As a community, Gentoo consists of approximately two hundred developers and over fifty thousand users globally.

Impact of SKS keyserver poisoning on Gentoo

Wednesday 3rd of July 2019 12:00:00 AM

The SKS keyserver network has been a victim of certificate poisoning attack lately. The OpenPGP verification used for repository syncing is protected against the attack. However, our users can be affected when using GnuPG directly. In this post, we would like to shortly summarize what the attack is, what we did to protect Gentoo against it and what can you do to protect your system.

The certificate poisoning attack abuses three facts: that OpenPGP keys can contain unlimited number of signatures, that anyone can append signatures to any key and that there is no way to distinguish a legitimate signature from garbage. The attackers are appending a large number of garbage signatures to keys stored on SKS keyservers, causing them to become very large and cause severe performance issues in GnuPG clients that fetch them.

The attackers have poisoned the keys of a few high ranking OpenPGP people on the SKS keyservers, including one Gentoo developer. Furthermore, the current expectation is that the problem won’t be fixed any time soon, so it seems plausible that more keys may be affected in the future. We recommend users not to fetch or refresh keys from SKS keyserver network (this includes aliases such as keys.gnupg.net) for the time being. GnuPG upstream is already working on client-side countermeasures and they can be expected to enter Gentoo as soon as they are released.

The Gentoo key infrastructure has not been affected by the attack. Shortly after it was reported, we have disabled fetching developer key updates from SKS and today we have disabled public key upload access to prevent the keys stored on the server from being poisoned by a malicious third party.

The gemato tool used to verify the Gentoo ebuild repository uses WKD by default. During normal operation it should not be affected by this vulnerability. Gemato has a keyserver fallback that might be vulnerable if WKD fails, however gemato operates in an isolated environment that will prevent a poisoned key from causing permanent damage to your system. In the worst case; Gentoo repository syncs will be slow or hang.

The webrsync and delta-webrsync methods also support gemato, although it is not used by default at the moment. In order to use it, you need to remove PORTAGE_GPG_DIR from /etc/portage/make.conf (if it present) and put the following values into /etc/portage/repos.conf:

[gentoo] sync-type = webrsync sync-webrsync-delta = true # false to use plain webrsync sync-webrsync-verify-signature = true

Afterwards, calling emerge --sync or emaint sync --repo gentoo will use gemato key management rather than the vulnerable legacy method. The default is going to be changed in a future release of Portage.

When using GnuPG directly, Gentoo developer and service keys can be securely fetched (and refreshed) via:

  1. Web Key Directory, e.g. gpg --locate-key developer@gentoo.org
  2. Gentoo keyserver, e.g. gpg --keyserver hkps://keys.gentoo.org ...
  3. Key bundles, e.g.: active devs, service keys

Please note that the aforementioned services provide only keys specific to Gentoo. Keys belonging to other people will not be found on our keyserver. If you are looking for them, you may try keys.openpgp.org keyserver that is not vulnerable to the attack, at the cost of stripping all signatures and unverified UIDs.

More in Tux Machines

Ubuntu 19.10 (Eoan Ermine) Enters Final Freeze Ahead of October 17th Release

As of October 10th, the Ubuntu 19.10 release is officially in Final Freeze, the last step of its development stage, which means that only release critical bugs affecting the ISO images or the installers will be accepted in the archives. Release Candidate images are also now available for testing to ensure an uneventful and smooth release. "We will shut down cronjobs and spin some RC images late Friday or early Saturday once the archive and proposed-migration have settled a bit, and we expect everyone with a vested interest in a flavour (or two) and a few spare hours here and there to get to testing to make sure we have another uneventful release next week," said Adam Conrad. Read more

KDE neon 5.17

KDE neon 5.17 is out. You can upgrade your existing KDE neon User Edition install or install fresh from an ISO image or run the Docker image. Featuring Plasma 5.17 it is packed full of new features according to OMG Ubuntu. Read more

Games: The Universim, POSTAL 4: No Regerts, RPCS3, Shadow of the Tomb Raider, Games Archive and X-Plane

  • City building god sim 'The Universim' will now let you launch rockets with satellites into orbit

    The Universim is slowly turning into a city building god game truly worth playing, with the Sky High update now available expanding the game into planetary orbit. Being able to actually launch things into space is a stepping stone towards visiting other planets. Currently, the Cosmodrome will allow you to send up Defence Satellites that will enable ground to air defences for your Defence Towers. So now you have a reasonable chance to take down meteors and other threats from space.

  • POSTAL 4: No Regerts released into Early Access, Linux version likely in future

    Running With Scissors are back, with a surprise release of POSTAL 4: No Regerts on Steam and a Linux version is looking likely in future. Naturally, someone posted on Steam to ask about the possibility of Linux support. This is something that happens a lot but here it's a bit different. RWS already supported Linux with multiple previous Postal releases.

  • PlayStation 3 emulator RPCS3 is coming along quickly with their August progress report up

    Delayed as usual due to the progress reports being done by contributors, the team working on the PlayStation 3 emulator RPCS3 have another post up to show off more incredible progress. To start with, they have again changed how they list what games are playable and not with the removal of games that won't work due to servers being shut down. They said even if RPCS3 becomes 100% complete, they wouldn't work unless someone accurately emulated and hosted servers for them. With that in mind, they also did a lot of testing of games that previously only went in-game to see how many are now properly playable. Thanks to all the testing, the Playable category has jumped up to 1,426 titles!

  • Shadow of the Tomb Raider Definitive Edition arrives on Linux on November 5th

    Feral Interactive have finally confirmed the Linux release date for Shadow of the Tomb Raider after announcing it for Linux back in November last year. They've said today it will officially release as "Shadow of the Tomb Raider Definitive Edition" on November 5th! Looking around at dates, technically this is the earliest we've seen any of the newer Tomb Raider series arrive on Linux. The first Tomb Raider came to Linux in 2016 after an original 2013 release, with Rise of the Tomb Raider arriving on Linux 2018 after an original 2016 release and we get the final game in the reboot trilogy next month!

  • The Internet Archive website has added another 2,500 MS-DOS games

    Another point scored for game preservation. The Internet Archive have added another 2,500 MS-DOS games you can play right in your browser. In their official announcement, they said that while they've added a few more to their collection here and there this is the biggest yet and it ranges from "tiny recent independent productions to long-forgotten big-name releases from decades ago".

  • 2,500 More MS-DOS Games Playable at the Archive

    Another few thousand DOS Games are playable at the Internet Archive! Since our initial announcement in 2015, we’ve added occasional new games here and there to the collection, but this will be our biggest update yet, ranging from tiny recent independent productions to long-forgotten big-name releases from decades ago.

  • Vulkan support is not far away now for the flight sim X-Plane 11, physics & flight model updates coming

    X-Plane 11, the detailed flight simulator is finally closing in on an update that will bring in Vulkan support as detailed in a new developer blog post.

7 Linux Applications You Should Start Using Right Now

Linux used to be the go-to operating system among the tech-savvy crowd. Because back in the day, it was a lot more demanding to use. Now Linux has modern, user-friendly distributions such as Ubuntu and Mint. The application repository they have in common has matured too. Customizing it to your heart’s desire is now easier than ever before. And this should be the end goal — to mold the OS into a tool that’s custom-tailored to your needs. So if you haven’t already, consider installing the following types of applications. Read more