| 1 |
There's another thread on a similar topic. Going from 2006.1 normal to the |
| 2 |
hardened profile causes a lot of problems because GCC 4+ is not ready for |
| 3 |
the hardened toolchain. Please refer to the previous thread (only few days |
| 4 |
ago) for more info than I can give. |
| 5 |
|
| 6 |
SM |
| 7 |
|
| 8 |
-----Original Message----- |
| 9 |
From: linux42@××××××××.hu [mailto:linux42@××××××××.hu] |
| 10 |
Sent: 22 January 2007 01:17 |
| 11 |
To: gentoo-hardened@l.g.o |
| 12 |
Subject: [gentoo-hardened] I have trouble installing |
| 13 |
|
| 14 |
Hi list! |
| 15 |
|
| 16 |
I would like to switch to hardened gentoo from Adamantix. I need a linux |
| 17 |
that has PaX, SSP and RSBAC at least. And support, QA. That's what is |
| 18 |
missing from Adamantix. |
| 19 |
|
| 20 |
So this is the first time I try to install gentoo, by the book, and it |
| 21 |
fails. Since I have no experience with gentoo I write here what I did, so |
| 22 |
you can tell me if I have missed a step, or made some other mistake. |
| 23 |
|
| 24 |
I am sorry, but it is a little bit long. |
| 25 |
|
| 26 |
Booted from CD, have net, partitioned, formatted, mounted, downloaded |
| 27 |
stage3-i686-2006.1.tar.bz2 |
| 28 |
|
| 29 |
# cd /mnt/gentoo |
| 30 |
# tar xjSpf stage3-i686-2006.1.tar.bz2 |
| 31 |
# tar xjf portage-latest.tar.bz2 -C usr/ # cd /mnt/gentoo/etc # |
| 32 |
mirrorselect -i -o >> /mnt/gentoo/etc/make.conf # mirrorselect -i -r -o >> |
| 33 |
/mnt/gentoo/etc/make.conf # cat make.conf |
| 34 |
# These settings were set by the catalyst build script that |
| 35 |
# automatically built this stage |
| 36 |
# Please consult /etc/make.conf.example for a more detailed example |
| 37 |
CFLAGS="-O2 -march=i686 -pipe" |
| 38 |
CHOST="i686-pc-linux-gnu" |
| 39 |
CXXFLAGS="${CFLAGS}" |
| 40 |
GENTOO_MIRRORS="http://gentoo.inf.elte.hu/ " |
| 41 |
SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" |
| 42 |
# cp -L /etc/resolv.conf resolv.conf |
| 43 |
# mount -t proc none /mnt/gentoo/proc |
| 44 |
# mount -o bind /dev /mnt/gentoo/dev |
| 45 |
# cd ../.. |
| 46 |
# chroot /mnt/gentoo bin/bash |
| 47 |
# env-update |
| 48 |
# source /etc/profile |
| 49 |
# emerge --sync |
| 50 |
# emerge portage |
| 51 |
* Applying portage-2.1.1-r2.patch ... |
| 52 |
* Setting portage.VERSION to 2.1.1-r2 ... |
| 53 |
# find /etc -iname '._cfg????_*' |
| 54 |
# cd /etc |
| 55 |
# mv ._cfg0000_make.conf.example make.conf.example # mv |
| 56 |
._cfg0000_etc-update.conf etc-update.conf # rm /etc/make.profile # ln -s |
| 57 |
/usr/portage/profiles/hardened/x86/2.6/ make.profile # env-update # source |
| 58 |
/etc/profile # emerge gcc binutils virtual/libc |
| 59 |
|
| 60 |
Downloads gcc 3.4.6 patches, etc. compiles for hours |
| 61 |
|
| 62 |
* The current gcc config appears valid, so it will not be |
| 63 |
* automatically switched for you. If you would like to |
| 64 |
* switch to the newly installed gcc version, do the |
| 65 |
* following: |
| 66 |
|
| 67 |
* gcc-config i686-pc-linux-gnu-3.4.6 |
| 68 |
* source /etc/profile |
| 69 |
|
| 70 |
* Switching native-compiler to i686-pc-linux-gnu-4.1.1 ... |
| 71 |
... |
| 72 |
>>> sys-devel/gcc-3.4.6-r2 merged. |
| 73 |
|
| 74 |
Does this mean that the new, SSP patched gcc is installed, but not in use at |
| 75 |
this point? |
| 76 |
If it is so, isn't it a problem, that binutils and libc is compiled with the |
| 77 |
old gcc? |
| 78 |
And why is this version 3.4.6? |
| 79 |
|
| 80 |
I have expected to see the same version of gcc that I already had (from |
| 81 |
stage3 I suppose), which is 4.1.1, recompiled with SSP, and possibly other |
| 82 |
patches, and the new hardened version to replace the current one. |
| 83 |
|
| 84 |
Why does emerge give me an older version? Is this normal? |
| 85 |
|
| 86 |
And it seems that the method written in |
| 87 |
http://www.gentoo.org/proj/en/hardened/hardenedfaq.xml#hardenedprofile |
| 88 |
does not work. |
| 89 |
|
| 90 |
emerge downloads binutils, compiles for about half an hour, unmerges |
| 91 |
original, merges binutils-2.16.1-r3 |
| 92 |
|
| 93 |
emerging sys-libs/glibc-2.3.6-r5 to / |
| 94 |
|
| 95 |
downloads, then: |
| 96 |
|
| 97 |
* checking ebuild checksums ;-) ... |
| 98 |
[ ok ] |
| 99 |
* checking auxfile checksums ;-) ... |
| 100 |
[ ok ] |
| 101 |
* checking miscfile checksums ;-) ... |
| 102 |
[ ok ] |
| 103 |
* checking glibc-2.3.6.tar.bz2 ;-) ... |
| 104 |
[ ok ] |
| 105 |
* checking glibc-linuxthreads-2.3.6.tar.bz2 ;-) ... |
| 106 |
[ ok ] |
| 107 |
* checking glibc-libidn-2.3.6.tar.bz2 ;-) ... |
| 108 |
[ ok ] |
| 109 |
* checking glibc-2.3.6-patches-1.19.tar.bz2 ;-) ... |
| 110 |
[ ok ] |
| 111 |
* checking glibc-manpages-2.3.6-1.tar.bz2 ;-) ... |
| 112 |
[ ok ] |
| 113 |
* checking glibc-infopages-2.3.6.tar.bz2 ;-) ... |
| 114 |
[ ok ] |
| 115 |
* Sanity check to keep you from breaking your system: |
| 116 |
* Downgrading glibc is not supported and a sure way to destruction |
| 117 |
|
| 118 |
!!! ERROR: sys-libs/glibc-2.3.6-r5 failed. |
| 119 |
Call stack: |
| 120 |
ebuild.sh, line 1562: Called dyn_setup |
| 121 |
ebuild.sh, line 665: Called pkg_setup |
| 122 |
glibc-2.3.6-r5.ebuild, line 1037: Called die |
| 123 |
|
| 124 |
!!! aborting to save your system |
| 125 |
!!! If you need support, post the topmost build error, and the call stack |
| 126 |
if relevant. |
| 127 |
|
| 128 |
So, emerging libc has failed. I thought that when I switch to the hardened |
| 129 |
profile, it only has to recompile the same version that I already have. |
| 130 |
But it seems that it tries an older version? Just as it did with gcc. |
| 131 |
Why? |
| 132 |
|
| 133 |
So what do I do now? |
| 134 |
|
| 135 |
Do I have to manually switch to the hardened gcc? Then I have to recompile |
| 136 |
binutils, as it was compiled with the unhardened gcc. How do I emerge the |
| 137 |
libc? |
| 138 |
|
| 139 |
Cheers, |
| 140 |
Gabor |
| 141 |
-- |
| 142 |
gentoo-hardened@g.o mailing list |
| 143 |
|
| 144 |
|
| 145 |
|
| 146 |
-- |
| 147 |
gentoo-hardened@g.o mailing list |
Archives