| 1 |
On 12/04/2012 04:46 PM, Kevin Chadwick wrote: |
| 2 |
> Sabayon has a hardened kernel and emerge as well as binaries. |
| 3 |
> |
| 4 |
> Is it possible to reduce compilation for hardened gentoo by using |
| 5 |
> Sabayon and how close to hardened Gentoo could I get. |
| 6 |
|
| 7 |
Pretty close, and depending on what you want to do, probably good |
| 8 |
enough. Sabayon has been adopting hardening of the toolchain and |
| 9 |
binaries built with it --- I've given them some advise in this regard. |
| 10 |
I don't think they've adopted hardened-sources on their images, but its |
| 11 |
there in emerge and they've made noise in that direction. |
| 12 |
|
| 13 |
Having said that, what's the compile issue? It should take just as long |
| 14 |
to build the kernel on sabayon as gentoo, all else being the same. |
| 15 |
|
| 16 |
> |
| 17 |
> I am currently using arch and I am happy with the timely package |
| 18 |
> updates, however I am not happy with the move to systemd and prefer |
| 19 |
> Gentoo's position of user power to Arches upstream and dev power. This |
| 20 |
> lack of synergy with myself has surprised me as so many devs list |
| 21 |
> OpenBSD as a favourite OS. Opera failing to start with mprotect enabled |
| 22 |
> is also pushing me to migrate sooner with the final push being a panic |
| 23 |
> today in init just after freeing kernel memory by |
| 24 |
> CONFIG_GRKERNSEC_KERN_LOCKOUT introduced in either 3.2.33 or 3.2.34. |
| 25 |
> |
| 26 |
|
| 27 |
This is a serious problem for lots of people. While some Gentoo devs |
| 28 |
did not agree with our fork of systemd, they do agree that they will not |
| 29 |
be forced to use systemd and will continue to isolate udev out of it. |
| 30 |
Having looked at that code --- I'm one of the forkers --- I ask myself, |
| 31 |
how much longer before that isolation becomes a rats' nest. |
| 32 |
|
| 33 |
I'm not sure what "gentoo" is except a group of devs who are brought |
| 34 |
together by portage, a package delivery and build system. Other than |
| 35 |
that, its pretty much anything. Put and -alt after it and gentoo is there. |
| 36 |
|
| 37 |
Anyhow, you'll always find some devs here who are sympathetic to what |
| 38 |
you want to do, and others that will think you're crazy. |
| 39 |
|
| 40 |
|
| 41 |
> Do you use stable or unstable sources and so firefox 10 or 17 and which |
| 42 |
> gets updates first? |
| 43 |
> |
| 44 |
> Would you say firefox/chromium is usually available to emerge within a |
| 45 |
> couple of days of release on mozilla.org? |
| 46 |
|
| 47 |
Get on freenode/#gentoo or #gentoo-chat and ask Anarchy (ie Jory). He |
| 48 |
does firefox and mozilla products and he is very sympathetic to hardening. |
| 49 |
|
| 50 |
> |
| 51 |
> Do you think a migration from arch will have more than a small learning |
| 52 |
> curve as my available time needs to be kept to a minimum at the |
| 53 |
> moment? |
| 54 |
> |
| 55 |
> Thanks, Kc |
| 56 |
|
| 57 |
There with great knowledge comes great freedom! <- okay that was bad! |
| 58 |
|
| 59 |
Gentoo is harder to maintain that arch no doubt. Read the handbook, |
| 60 |
read man portage, man emerge and man make.conf and you should be good to |
| 61 |
go. The handbook is at |
| 62 |
|
| 63 |
http://www.gentoo.org/doc/en/handbook/ |
| 64 |
|
| 65 |
|
| 66 |
|
| 67 |
-- |
| 68 |
Anthony G. Basile, Ph.D. |
| 69 |
Gentoo Linux Developer [Hardened] |
| 70 |
E-Mail : blueness@g.o |
| 71 |
GnuPG FP : 8040 5A4D 8709 21B1 1A88 33CE 979C AF40 D045 5535 |
| 72 |
GnuPG ID : D0455535 |
Archives