Mindstab.net

So that was exciting. I like to keep my server fairly stable and so I'm accordingly pretty conservative on software upgrades on it. But sometimes with Gentoo you don't get to play that game. I had hard masked glibc > 2.3.* and gcc > 3.* because that upgrade would require a full system rebuild. Not exactly something I want to willingly do on my server. However earlier this week a GLSA came out saying there was a security vulnerability in glibc and I needed to upgrade to glibc 2.5. So I had no choice but to take the plunge and unmask them and recompile the whole system. It took about a day, and unlike my desktop, went pretty smoothly through the whole emerge process. Having only 450 packages instead of 1200 might have helped :). Anyways, recompiled a new kernel with the new GCC and rebooted.

Not bad results, only apache failed and iptables. Apache was just because of some config file changes I ahd merged. I took them out and it was fine. IPTables on the other hand was complaining it could find the 'nat' table. A little more annoying and concerning. Turns out between 2.6.17 and 2.6.20 they made some rather invasive changes to netfilter/fiptables and renamed a bunch of stuff and so my config file didn't activate about half the stuff I needed for iptables. Aside from the nat talbe not being there, connection tracking was missing, and several targets and match criteria were suddenly unchecked, some as crucial as 'state matching' were unselected. After a few recompiles I got everything in the kernel I needed to fully load my iptables config. And now I think everything is running and working and up to date. I wonder if the kernel devs provide a better kernel config migration tool because that was a bit on the silly side really. 3 minor versions and iptables fell apart.

Gentoo on the server can at times be involving and time consuming and needing attention and love. Definitely not for the week of heart, or possibly sane.

p.s. I've also been playing with wordpress avatar plugins. I know I'm published on at least one feed site (Planet Larry) and they could do avatars for me, but I do like to change it up every once in a while so this seemed like a better way for me to keep control of the avatar. On the flip side, it might not integrate as well with other feeds, so let me know if theres something I can do to make it fit in better.