| 1 |
On 9/12/06, James <wireless@×××××××××××.com> wrote: |
| 2 |
> |
| 3 |
> I used 2006.1 livecd to install a pII machine. It's going |
| 4 |
> to become a (minimalistic) apache2 server. I just let the |
| 5 |
> installation |
| 6 |
> set the flags for the install so I have these flags currently: |
| 7 |
|
| 8 |
<snip> |
| 9 |
|
| 10 |
Those look a bit excessive for a "minimalist" machine. I would start over ;-) |
| 11 |
|
| 12 |
> Some of these flag look questionable, such as the one with |
| 13 |
> underscores (kernel_linux userland_GNU) as I only found |
| 14 |
> information on them, where they are describe as 'undocumented |
| 15 |
> use flags'. What's up with these flags? |
| 16 |
|
| 17 |
My understanding is that these are set in the profile and simply tell |
| 18 |
portage that you are using Linux. I don't think there is any way |
| 19 |
(short of profile hacking) to change them. So don't worry about it. |
| 20 |
|
| 21 |
> Where do I look to discern the minimal list of (necessary) system |
| 22 |
> flags that |
| 23 |
> must be kept? (I want to avoid negating any flags that are critical). |
| 24 |
> |
| 25 |
> |
| 26 |
> These are my proposed list of flags: |
| 27 |
|
| 28 |
<snip> |
| 29 |
|
| 30 |
Still a little excessive in my opinion. The approach that I would (do) |
| 31 |
take is to put only the bare minimum use flags in make.conf and |
| 32 |
override the rest on a per-package level in /etc/portage/package.use. |
| 33 |
|
| 34 |
> So can I just use this list, or do I have to include a -{flag} for each one? |
| 35 |
> |
| 36 |
> IS there simpler syntax to globally remove unwanted flags [-*], but, not any |
| 37 |
> critical system flags? (Is this the same as just leaving the flag out |
| 38 |
> of the USE param. setting in make.conf? |
| 39 |
> |
| 40 |
|
| 41 |
-* will work but be careful it can break things if you don't know what |
| 42 |
your doing. |
| 43 |
|
| 44 |
> Are there default system flag settings that I can safely remove? |
| 45 |
> Where is the list and how do I know which ones can be removed or negated? |
| 46 |
> |
| 47 |
> My (limited) understanding of flags are that the highest priority are |
| 48 |
> those set in /etc/portage/package.use, then /etc/make.conf then |
| 49 |
> the system default flags which may be located in several locations. |
| 50 |
> Is there any docs or listing of all of these location and details |
| 51 |
> on precedence? |
| 52 |
|
| 53 |
http://www.gentoo.org/doc/en/handbook/handbook-x86.xml?part=2&chap=2 |
| 54 |
|
| 55 |
OK, my advice to you would be to start over with a hardened profile. |
| 56 |
While hardened is not specifically required I highly recommend it if |
| 57 |
this is just going to be a headless server machine. |
| 58 |
|
| 59 |
You probably want to set your machine up with a similar USE= string in make.conf |
| 60 |
|
| 61 |
USE="-* hardened pic ncurses ssl crypt berkdb tcpd pam perl python readline" |
| 62 |
|
| 63 |
I believe that is the bare minimum if you use -*. Now you can compile |
| 64 |
your system and you have a blank slate to start working with. As you |
| 65 |
start emerging packages just make sure you use the -pv flags for |
| 66 |
emerge and check out the available use flags and add the ones you want |
| 67 |
to /etc/portage/package.use. Here is an example of my package.use line |
| 68 |
for apache2 |
| 69 |
|
| 70 |
net-www/apache mpm-prefork threads |
| 71 |
|
| 72 |
This setup works smashingly for me on my production servers by YMMV. |
| 73 |
Best of luck. |
| 74 |
|
| 75 |
-Mike |
| 76 |
|
| 77 |
-- |
| 78 |
________________________________ |
| 79 |
Michael E. Crute |
| 80 |
http://mike.crute.org |
| 81 |
|
| 82 |
I may not have gone where I intended to go, but I think I have ended |
| 83 |
up where I intended to be. --Douglas Adams |
| 84 |
-- |
| 85 |
gentoo-user@g.o mailing list |
Archives