| 1 |
On 06/29/11 07:19, Anthony G. Basile wrote: |
| 2 |
|
| 3 |
[snip] |
| 4 |
|
| 5 |
> |
| 6 |
> The safest approach in either switching or recompiling everything |
| 7 |
> is: |
| 8 |
> |
| 9 |
> 1. Make the profile is set "eselect profile list" and pick your |
| 10 |
> hardened box. Careful on amd64 about changing multilib/nomultilib. |
| 11 |
> Stick with your mutilib-edness (if such a word exists :) |
| 12 |
> |
| 13 |
> 2. Rebuild the tool chain: emerge binutils glibc gcc |
| 14 |
> |
| 15 |
> 3. Rebuild system: emerge --keep-going -eq system (note anything |
| 16 |
> that fails you might want to file a bug) |
| 17 |
> |
| 18 |
> 4. Rebuild world: emerge --keep-going -eq world (again not any |
| 19 |
> failures, shouldn't happen else we're not doing our job) |
| 20 |
> |
| 21 |
> system vs world = system is just the bare minimum packages that any |
| 22 |
> box running that profile needs. world = system + what you've added. |
| 23 |
> You can skip step 3, but there might be a chance of mixing |
| 24 |
> unhardened/hardened stuff if you do, but I'm not 100% sure. |
| 25 |
> |
| 26 |
|
| 27 |
Thank You! |
| 28 |
|
| 29 |
1. Is there some way this clear, succinct list could get into the |
| 30 |
hardened documentation? |
| 31 |
|
| 32 |
2. At this point, the 'clearest' way to build a hardened box from scratch |
| 33 |
seems to go a few steps into the Gentoo handbook, then migrate using the |
| 34 |
steps above. Not ideal, but until the documentation can be refined, how |
| 35 |
about either putting these steps into the handbook, or alternatively a |
| 36 |
reference *in the handbook* to wherever you find a home for these steps |
| 37 |
(e.g. QandA). |
| 38 |
|
| 39 |
IIRC, there is nowhere a reference to "hardened" in the Gentoo Handbook. |
Archives