Am Tue, 02 Jan 2018 19:26:44 +0000 schrieb Stroller: >> On 2 Jan 2018, at 11:54, Kruglov Sergey <kr_se...@hotmail.com> wrote: >> >> Now I have gentoo-sources-4.14.8-r1 installed. >> After "emerge --ask --update --deep --with-bdeps=y --newuse @world" >> command emerge installs old kernel in NS (after first update 4.12.12, >> after second update 4.9.49-r1). >> How can I fix it? >> There is sys-kernel/gentoo-sources in my world set. > > Remove sys-kernel/gentoo-sources from your world file - I believe you > can do this using the emerge command, but am unsure of the right syntax; > you can just edit /var/lib/portage/world and delete the appropriate > line.D
It is "emerge --deselect ...". > Now `emerge -n =sys-kernel/gentoo-sources-4.14.8-r1` - "This option can > be used to update the world file without rebuilding the packages." I don't think this is how it works. While technically correct, the outcome is different to what you're trying to achieve. > This pins your kernel version at 4.14.8-r1 and you can update when, in > future, you decide it's time to update your kernel, without being nagged > about it every time a new version is release or you emerge world. The equal sign doesn't pin versions, at least not that I remember. Package are pinned by slot in the world file. Coincidence may be that the version you selected happens to be exclusively the only slot, too. If you intend to pin a package, either emerge by slot, or use package.mask and package.unmask. > For this reason it's always best to emerge kernels with an equals sign, > pinning them at some specific version, IMO. Makes no sense if my above answer is correct. > This suggestion may provoke responses that the kernel is important and > you should update it to ensure you get security updates - look at the > attack vectors, you're probably sitting behind a NAT router, with very > few ports exposed to the internet. The attack vector is probably not the network facing surface of the kernel... Which makes your argument misleading at best... It is more likely that your kernel is attacked by something you did from the browser, or by running a server on one of the "few ports exposed" which is vulnerable, and that is the attack vector: A local privilege escalation or buffer overflow allowing the attacker to gain control of a process, and only then attacking the kernel. This is why you first should keep your software updated and secured, and for the rest just stick to gentoo-sources stable. Keep in mind that gentoo-sources back-ports some security fixes early. Also stable uses LTS kernels mostly which have long-term security maintenance. > It's adequate to update your kernel every 3 months. It's adequate to update your password every 3 months. It's adequate to update your software every 3 months. Really? No... It's adequate to update your software when a security hole was fixed - on the point. Not two or three months later... It gives a false impression of safety if you recommend such things. Just my two cents... ;-) -- Regards, Kai Replies to list-only preferred.
