| 1 |
You should be able to just install a generic gentoo if necessary, then |
| 2 |
change the profile over, change make.conf CFLAGS and 'emerge -e world' |
| 3 |
(possibly twice to get all the software rebuilt with the hardened |
| 4 |
toolchain) and have it running 64bit hardened. Putting '-march=athlon64 |
| 5 |
-msse3' in your CFLAGS should get you what you want. Do not use -O3, |
| 6 |
it's unstable and generally not worth it anyway. |
| 7 |
|
| 8 |
Ed W wrote: |
| 9 |
> Javi Moreno wrote: |
| 10 |
>> I've succesfully installed an AMD64+hardened. Runs |
| 11 |
>> apache+postfix+postgres+courier-imap+many things. |
| 12 |
>> |
| 13 |
>> No problems so far, u'll have to use grub-static. |
| 14 |
> |
| 15 |
> Thanks. |
| 16 |
> |
| 17 |
> I have run into some early problems booting the darn system! Perhaps |
| 18 |
> someone here has some cunning ideas |
| 19 |
> |
| 20 |
> Basic issue is that the machine is one of the cheap hosted boxes from |
| 21 |
> 1&1 internet in the UK. They pre-install one of three operating systems |
| 22 |
> and then have a really neat PXE boot into a rescue OS. So basically I |
| 23 |
> am booting into the debian 2.6kernel rescue boot system and then trying |
| 24 |
> to bootstrap the AMD64 install from there. |
| 25 |
> The big issue is that it's a 32bit install of debian and so it's quite |
| 26 |
> difficult to chroot into the 64bit stage 3 because /bin/bash is not |
| 27 |
> going to run under a 32 bit kernel... |
| 28 |
> |
| 29 |
> I have spent quite a bit of time (and ultimately failed) to figure out |
| 30 |
> how to boot the CD install which has been unpacked onto a spare |
| 31 |
> partition. I reformatted the syslinux boot line to work under gentoo, |
| 32 |
> but it keeps reporting that it can't find the root filesystem. |
| 33 |
> |
| 34 |
> |
| 35 |
> I think for the moment I am going to stick with the 32 bit distro |
| 36 |
> because it's going to improve my options if I need the rescue boot to |
| 37 |
> recover control of the machine. However, what is the best compiler |
| 38 |
> option for 32bit on an AMD64? At first sight it would appear that I |
| 39 |
> should use "-march=pentium4" because other athlon options don't use the |
| 40 |
> SSE2? Same for the kernel architecture option? |
| 41 |
> |
| 42 |
> Final question: I have a 32bit 2006.1 up and running on the machine |
| 43 |
> right now. What are the implications of just turning on the hardened |
| 44 |
> flag and running "emerge -e"? From some discussion a few days back it |
| 45 |
> seems that hardened is extremely unsupported with gcc4.1.1 right now?? |
| 46 |
> |
| 47 |
> Is there a hardened stage 3 refresh due imminently? |
| 48 |
> |
| 49 |
> Cheers all |
| 50 |
> |
| 51 |
> Ed W |
| 52 |
|
| 53 |
|
| 54 |
-- |
| 55 |
lunaslide * * * * |
| 56 |
* * * * * * * |
| 57 |
We can't have lasting peace unless we work actively and vigorously |
| 58 |
to bring about conditions of freedom and justice in the world. |
| 59 |
* * - Harry Truman at West Point, 1952 * * |
| 60 |
* * |
| 61 |
* * * * * * |
| 62 |
-- |
| 63 |
gentoo-hardened@g.o mailing list |
Archives