1 |
Joachim Blaabjerg wrote: |
2 |
>Mikael Hallendal <hallski@g.o> wrote: |
3 |
> |
4 |
>I was planning to use Gentoo as a base, kind of, and make "secure" Portage |
5 |
>packages (with safe defaults etc., plus a few packages that aren't made for |
6 |
>Gentoo yes (AFAIK), like LIDS and libsafe, plus the patched kernel). |
7 |
|
8 |
Very cool. |
9 |
|
10 |
>> An interesting thought here would be to have some variable set in |
11 |
>> make.conf that if set only lets you install packages from a list of |
12 |
>> trusted apps/version. This would be a very flexible solution. Since it |
13 |
>> lets you have the exact same operating system on your workstation/server |
14 |
>> while having a really secure setup on your server. |
15 |
> |
16 |
>Hmm... Sounds interesting! |
17 |
|
18 |
Yes, I think you'll find that Gentoo (like BSD) has very good control over |
19 |
the system from a very few centralized files. There should be very little |
20 |
reason to make your changes at the lowest level. If there is, then |
21 |
something in portage itself probably needs attention so that kind of work |
22 |
can be avoided. It's undesirable because of the maintenance cost. |
23 |
|
24 |
>My only "problem" right now is to figure out where to start... ;) I guess I'll |
25 |
>have to, more or less, modify each and every one of the .ebuild files. |
26 |
|
27 |
I think this is where eclasses could really help. Eclasses should allow |
28 |
you to create a meta ebuild that looks for certain make.conf vars set and |
29 |
react accordingly. danarmak and drobbins are the ones to ask for more |
30 |
details on eclasses. |
31 |
|
32 |
>> Otherwise the only thing I have to say, welcome to the Gentoo community! |
33 |
|
34 |
Ditto! |
35 |
|
36 |
kabau |
37 |
|
38 |
-- |
39 |
"UNIX was not designed to stop you from doing stupid things, because that |
40 |
would also stop you from doing clever things." --Doug Gwyn |