| 1 |
Hi everyone, |
| 2 |
|
| 3 |
I'd like to announce a new (fun?) initiative of the hardened uClibc |
| 4 |
subproject: a security-enhanced, fully featured XFCE4 desktop for amd64, |
| 5 |
built on uClibc, codenamed "Lilblue", after the little blue penguin of |
| 6 |
New Zealand [1], a smaller cousin of the Gentoo. |
| 7 |
|
| 8 |
The hardened uClibc subproject aims at producing hardened stage3s for |
| 9 |
amd64, mips (isa=mips32r2/mipsel3, abi=o32), armv7a (softfloat) and i686 |
| 10 |
[2]. Recent improvements in uClibc and bugfixes in various Gentoo |
| 11 |
packages, both downstream and upstream, now make it possible to build an |
| 12 |
entire desktop system replacing glibc with uClibc. So, in addition to |
| 13 |
the stage3s, we are now releasing a fully featured XFCE4 desktop for |
| 14 |
arch=amd64. It does *not* depend on busybox to provide its core |
| 15 |
utilities like most uClibc systems, but coreutils, util-linux and all |
| 16 |
the usual system packages you find on a generic Gentoo system. The |
| 17 |
tarball bundles about 800 packages including ephiphany, claws, hexchat, |
| 18 |
abiword, gqview, transmission, vinagre, etc. We have plans to provide |
| 19 |
binpkgs for up to 7000 packages in all. The hardening includes all of |
| 20 |
the usual toolchain and kernel hardening you get in regular hardened |
| 21 |
glibc-based Gentoo. |
| 22 |
|
| 23 |
The project has been in development for a year but should be considered |
| 24 |
experimental. A user base of ... uhm ... one ... does not really |
| 25 |
qualify it to be labeled as "safe for production" [3]. However, I have |
| 26 |
had no issues with it (minor bugs of course) and I use it on a daily |
| 27 |
basis. For the average user, the main advantage is speed and the system |
| 28 |
does feel "snappy". For developers, its fun to dig into bugs which |
| 29 |
revolve around what functions are provided by your standard C lib: is |
| 30 |
this POSIX or a GNU-ism? should I fix the package or add a new function |
| 31 |
to uClibc? what is the best way to implement this fix so it ports |
| 32 |
across different *libcs? what do I do about this package whose build |
| 33 |
system is braindead and doesn't understand libdir? If you have too much |
| 34 |
time on your hands and you're into that kind of "fun" we have a project |
| 35 |
for you! On a serious note, the main reason for this initiative is to |
| 36 |
explore and expand the usefulness of an alternative standard C library. |
| 37 |
|
| 38 |
The home page is at [4] and a freecode.com announcement at [5]. It can |
| 39 |
be downloaded from any gentoo mirror [6] at |
| 40 |
[mirror]/gentoo/experimental/amd64/uclibc/desktop-amd64-uclibc-hardened-[date].tar.bz2. |
| 41 |
The date of the first release is 20130531. |
| 42 |
|
| 43 |
Ref. |
| 44 |
[1] https://en.wikipedia.org/wiki/Little_Penguin |
| 45 |
[2] http://www.gentoo.org/proj/en/hardened/uclibc/index.xml |
| 46 |
[3] This is not entirely true. I would like to thank my students for |
| 47 |
testing, especially Devan Franchini <twitch153@×××××××.com>. |
| 48 |
[4] http://www.gentoo.org/proj/en/hardened/uclibc/lilblue.xml |
| 49 |
[5] https://freecode.com/projects/lilblue-linux |
| 50 |
[6] http://www.gentoo.org/main/en/mirrors2.xml |
| 51 |
|
| 52 |
-- |
| 53 |
Anthony G. Basile, Ph.D. |
| 54 |
Gentoo Linux Developer [Hardened] |
| 55 |
E-Mail : blueness@g.o |
| 56 |
GnuPG FP : 1FED FAD9 D82C 52A5 3BAB DC79 9384 FA6E F52D 4BBA |
| 57 |
GnuPG ID : F52D4BBA |
Archives