| 1 |
Hi list! |
| 2 |
|
| 3 |
I would like to switch to hardened gentoo from Adamantix. I need a linux |
| 4 |
that has PaX, SSP and RSBAC at least. And support, QA. That's what is |
| 5 |
missing from Adamantix. |
| 6 |
|
| 7 |
So this is the first time I try to install gentoo, by the book, and it |
| 8 |
fails. Since I have no experience with gentoo I write here what I did, |
| 9 |
so you can tell me if I have missed a step, or made some other mistake. |
| 10 |
|
| 11 |
I am sorry, but it is a little bit long. |
| 12 |
|
| 13 |
Booted from CD, have net, partitioned, formatted, mounted, downloaded |
| 14 |
stage3-i686-2006.1.tar.bz2 |
| 15 |
|
| 16 |
# cd /mnt/gentoo |
| 17 |
# tar xjSpf stage3-i686-2006.1.tar.bz2 |
| 18 |
# tar xjf portage-latest.tar.bz2 -C usr/ |
| 19 |
# cd /mnt/gentoo/etc |
| 20 |
# mirrorselect -i -o >> /mnt/gentoo/etc/make.conf |
| 21 |
# mirrorselect -i -r -o >> /mnt/gentoo/etc/make.conf |
| 22 |
# cat make.conf |
| 23 |
# These settings were set by the catalyst build script that |
| 24 |
# automatically built this stage |
| 25 |
# Please consult /etc/make.conf.example for a more detailed example |
| 26 |
CFLAGS="-O2 -march=i686 -pipe" |
| 27 |
CHOST="i686-pc-linux-gnu" |
| 28 |
CXXFLAGS="${CFLAGS}" |
| 29 |
GENTOO_MIRRORS="http://gentoo.inf.elte.hu/ " |
| 30 |
SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" |
| 31 |
# cp -L /etc/resolv.conf resolv.conf |
| 32 |
# mount -t proc none /mnt/gentoo/proc |
| 33 |
# mount -o bind /dev /mnt/gentoo/dev |
| 34 |
# cd ../.. |
| 35 |
# chroot /mnt/gentoo bin/bash |
| 36 |
# env-update |
| 37 |
# source /etc/profile |
| 38 |
# emerge --sync |
| 39 |
# emerge portage |
| 40 |
* Applying portage-2.1.1-r2.patch ... |
| 41 |
* Setting portage.VERSION to 2.1.1-r2 ... |
| 42 |
# find /etc -iname '._cfg????_*' |
| 43 |
# cd /etc |
| 44 |
# mv ._cfg0000_make.conf.example make.conf.example |
| 45 |
# mv ._cfg0000_etc-update.conf etc-update.conf |
| 46 |
# rm /etc/make.profile |
| 47 |
# ln -s /usr/portage/profiles/hardened/x86/2.6/ make.profile |
| 48 |
# env-update |
| 49 |
# source /etc/profile |
| 50 |
# emerge gcc binutils virtual/libc |
| 51 |
|
| 52 |
Downloads gcc 3.4.6 patches, etc. compiles for hours |
| 53 |
|
| 54 |
* The current gcc config appears valid, so it will not be |
| 55 |
* automatically switched for you. If you would like to |
| 56 |
* switch to the newly installed gcc version, do the |
| 57 |
* following: |
| 58 |
|
| 59 |
* gcc-config i686-pc-linux-gnu-3.4.6 |
| 60 |
* source /etc/profile |
| 61 |
|
| 62 |
* Switching native-compiler to i686-pc-linux-gnu-4.1.1 ... |
| 63 |
... |
| 64 |
>>> sys-devel/gcc-3.4.6-r2 merged. |
| 65 |
|
| 66 |
Does this mean that the new, SSP patched gcc is installed, but not in |
| 67 |
use at this point? |
| 68 |
If it is so, isn't it a problem, that binutils and libc is compiled with |
| 69 |
the old gcc? |
| 70 |
And why is this version 3.4.6? |
| 71 |
|
| 72 |
I have expected to see the same version of gcc that I already had (from |
| 73 |
stage3 I suppose), which is 4.1.1, recompiled with SSP, and possibly |
| 74 |
other patches, and the new hardened version to replace the current one. |
| 75 |
|
| 76 |
Why does emerge give me an older version? Is this normal? |
| 77 |
|
| 78 |
And it seems that the method written in |
| 79 |
http://www.gentoo.org/proj/en/hardened/hardenedfaq.xml#hardenedprofile |
| 80 |
does not work. |
| 81 |
|
| 82 |
emerge downloads binutils, compiles for about half an hour, unmerges |
| 83 |
original, merges binutils-2.16.1-r3 |
| 84 |
|
| 85 |
emerging sys-libs/glibc-2.3.6-r5 to / |
| 86 |
|
| 87 |
downloads, then: |
| 88 |
|
| 89 |
* checking ebuild checksums ;-) ... |
| 90 |
[ ok ] |
| 91 |
* checking auxfile checksums ;-) ... |
| 92 |
[ ok ] |
| 93 |
* checking miscfile checksums ;-) ... |
| 94 |
[ ok ] |
| 95 |
* checking glibc-2.3.6.tar.bz2 ;-) ... |
| 96 |
[ ok ] |
| 97 |
* checking glibc-linuxthreads-2.3.6.tar.bz2 ;-) ... |
| 98 |
[ ok ] |
| 99 |
* checking glibc-libidn-2.3.6.tar.bz2 ;-) ... |
| 100 |
[ ok ] |
| 101 |
* checking glibc-2.3.6-patches-1.19.tar.bz2 ;-) ... |
| 102 |
[ ok ] |
| 103 |
* checking glibc-manpages-2.3.6-1.tar.bz2 ;-) ... |
| 104 |
[ ok ] |
| 105 |
* checking glibc-infopages-2.3.6.tar.bz2 ;-) ... |
| 106 |
[ ok ] |
| 107 |
* Sanity check to keep you from breaking your system: |
| 108 |
* Downgrading glibc is not supported and a sure way to destruction |
| 109 |
|
| 110 |
!!! ERROR: sys-libs/glibc-2.3.6-r5 failed. |
| 111 |
Call stack: |
| 112 |
ebuild.sh, line 1562: Called dyn_setup |
| 113 |
ebuild.sh, line 665: Called pkg_setup |
| 114 |
glibc-2.3.6-r5.ebuild, line 1037: Called die |
| 115 |
|
| 116 |
!!! aborting to save your system |
| 117 |
!!! If you need support, post the topmost build error, and the call stack if relevant. |
| 118 |
|
| 119 |
So, emerging libc has failed. I thought that when I switch to the hardened |
| 120 |
profile, it only has to recompile the same version that I already have. |
| 121 |
But it seems that it tries an older version? Just as it did with gcc. |
| 122 |
Why? |
| 123 |
|
| 124 |
So what do I do now? |
| 125 |
|
| 126 |
Do I have to manually switch to the hardened gcc? Then I have to recompile |
| 127 |
binutils, as it was compiled with the unhardened gcc. How do I emerge the libc? |
| 128 |
|
| 129 |
Cheers, |
| 130 |
Gabor |
| 131 |
-- |
| 132 |
gentoo-hardened@g.o mailing list |
Archives