1 |
On 9/12/06, James <wireless@×××××××××××.com> wrote: |
2 |
> |
3 |
> I used 2006.1 livecd to install a pII machine. It's going |
4 |
> to become a (minimalistic) apache2 server. I just let the |
5 |
> installation |
6 |
> set the flags for the install so I have these flags currently: |
7 |
|
8 |
<snip> |
9 |
|
10 |
Those look a bit excessive for a "minimalist" machine. I would start over ;-) |
11 |
|
12 |
> Some of these flag look questionable, such as the one with |
13 |
> underscores (kernel_linux userland_GNU) as I only found |
14 |
> information on them, where they are describe as 'undocumented |
15 |
> use flags'. What's up with these flags? |
16 |
|
17 |
My understanding is that these are set in the profile and simply tell |
18 |
portage that you are using Linux. I don't think there is any way |
19 |
(short of profile hacking) to change them. So don't worry about it. |
20 |
|
21 |
> Where do I look to discern the minimal list of (necessary) system |
22 |
> flags that |
23 |
> must be kept? (I want to avoid negating any flags that are critical). |
24 |
> |
25 |
> |
26 |
> These are my proposed list of flags: |
27 |
|
28 |
<snip> |
29 |
|
30 |
Still a little excessive in my opinion. The approach that I would (do) |
31 |
take is to put only the bare minimum use flags in make.conf and |
32 |
override the rest on a per-package level in /etc/portage/package.use. |
33 |
|
34 |
> So can I just use this list, or do I have to include a -{flag} for each one? |
35 |
> |
36 |
> IS there simpler syntax to globally remove unwanted flags [-*], but, not any |
37 |
> critical system flags? (Is this the same as just leaving the flag out |
38 |
> of the USE param. setting in make.conf? |
39 |
> |
40 |
|
41 |
-* will work but be careful it can break things if you don't know what |
42 |
your doing. |
43 |
|
44 |
> Are there default system flag settings that I can safely remove? |
45 |
> Where is the list and how do I know which ones can be removed or negated? |
46 |
> |
47 |
> My (limited) understanding of flags are that the highest priority are |
48 |
> those set in /etc/portage/package.use, then /etc/make.conf then |
49 |
> the system default flags which may be located in several locations. |
50 |
> Is there any docs or listing of all of these location and details |
51 |
> on precedence? |
52 |
|
53 |
http://www.gentoo.org/doc/en/handbook/handbook-x86.xml?part=2&chap=2 |
54 |
|
55 |
OK, my advice to you would be to start over with a hardened profile. |
56 |
While hardened is not specifically required I highly recommend it if |
57 |
this is just going to be a headless server machine. |
58 |
|
59 |
You probably want to set your machine up with a similar USE= string in make.conf |
60 |
|
61 |
USE="-* hardened pic ncurses ssl crypt berkdb tcpd pam perl python readline" |
62 |
|
63 |
I believe that is the bare minimum if you use -*. Now you can compile |
64 |
your system and you have a blank slate to start working with. As you |
65 |
start emerging packages just make sure you use the -pv flags for |
66 |
emerge and check out the available use flags and add the ones you want |
67 |
to /etc/portage/package.use. Here is an example of my package.use line |
68 |
for apache2 |
69 |
|
70 |
net-www/apache mpm-prefork threads |
71 |
|
72 |
This setup works smashingly for me on my production servers by YMMV. |
73 |
Best of luck. |
74 |
|
75 |
-Mike |
76 |
|
77 |
-- |
78 |
________________________________ |
79 |
Michael E. Crute |
80 |
http://mike.crute.org |
81 |
|
82 |
I may not have gone where I intended to go, but I think I have ended |
83 |
up where I intended to be. --Douglas Adams |
84 |
-- |
85 |
gentoo-user@g.o mailing list |