I have to say, I like the recent upgrade to portage. I’ve noticed a few a great improvements. With the upgrade of portage-2.1.3.9, they implemented some subtle but great improvements. First off, I set up egress filtering with iptables, and I only allow certain process limited port access out of my box. This is a security measure that I like implement on my boxes. Since the portage upgrade, I noticed that emerge was unable to fetch packages. I thought this was odd, and checked the egress rule for root and port 80, and sure enough it was allowed. Looks like the dropped privs, and are running emerge as ‘portage’ when fetching files. Very nice. So I simply added that owner to have port 80/443/21 out.
The other feature that I noticed was the color coding. I’m still not fully understanding the bright green vs dark green colors (even with man color.map), but I’m hoping that it applies to system update vs package update, if so, that’s handy for a quick glance.
I have to say, I like the recent upgrade to portage. I’ve noticed a few a great improvements. With the upgrade of portage-2.1.3.9, they implemented some subtle but great improvements. First off, I set up egress filtering with iptables, and I only allow certain process limited port access out of my box. This is a security measure that I like implement on my boxes. Since the portage upgrade, I noticed that emerge was unable to fetch packages. I thought this was odd, and checked the egress rule for root and port 80, and sure enough it was allowed. Looks like the dropped privs, and are running emerge as ‘portage’ when fetching files. Very nice. So I simply added that owner to have port 80/443/21 out.
The other feature that I noticed was the color coding. I’m still not fully understanding the bright green vs dark green colors (even with man color.map), but I’m hoping that it applies to system update vs package update, if so, that’s handy for a quick glance.
The last feature that I noticed with the emerge summary at the end. I can’t believe how many times I’ve been burnt because I missed the message because it was in the middle of all my packages. Now they provide a nice summary of all emerge messages at the end!
Way to go Gentoo devs!