Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-hardened

From: John Davis <zhen@g.o>
To: Richard Laager <rlaager@××××××.com>
Cc: 'Peter Simons' <simons@××××.to>, gentoo-hardened@g.o
Subject: Re: [gentoo-hardened] hardened-gcc and glibc/gcc updates?[Scanned]
Date: Wed, 15 Oct 2003 19:01:17
Message-Id: 3F8D9923.20001@gentoo.org
In Reply to: RE: [gentoo-hardened] hardened-gcc and glibc/gcc updates? by Richard Laager
1 -----BEGIN PGP SIGNED MESSAGE-----
2 Hash: SHA1
3
4 Richard Laager wrote:
5 |
6 | Peter Simons wrote:
7 |
8 |>First of all, thanks to all you guys for maintaining the hardened
9 |>profile! Consider me a happy user. About two weeks ago, I installed
10 |>a Gentoo machine from the scratch with _all_ the nifty features:
11 |>hardened-sources with SELinux, PaX, hardened-gcc, super-freeswan
12 |>... everything. And it worked like charm, the whole installation
13 |>took less than 6 hours. Honestly, Gentoo rocks. :-)
14 |
15 |
16 | How did you pull this off? I've tried various permutations of steps
17 | and haven't had any luck. I can't seem to get a system bootstrapped
18 | with hardened-gcc. Any pointers to instructions?
19 |
20 | Thanks,
21 | Richard Laager
22 |
23
24 boostrapping w/ hgcc is a touch tricky. For stage building, I had to
25 make my own custom boostrap.sh that essentially emerged hgcc first, then
26 did everything else. The bootstrap.sh in /usr/portage/scripts will not
27 accomplish this. Check out http://dev.gentoo.org/~zhen/Hardened/unpack
28 for my boostrap.sh script. It will require some hacking to remove
29 catalyst specfic vars and what not, but you will see the general idea.
30
31 Personally, I would recommend starting with a hardened stage2 and going
32 from there. All you have to do is set your optimizations, and emerge
33 system. From that point, you are using the hardened profile and all of
34 your binaries are et_dyn+ssp. You can get testing hardened stages @
35 http://dev.gentoo.org/~zhen/Hardened/stages. Make sure to use the most
36 recent ones :)
37
38 Hope this helps -
39
40 Cheers,
41 //zhen
42 - --
43 John Davis
44 Gentoo Linux Developer
45 <http://dev.gentoo.org/~zhen>
46
47 - ----
48 Knowledge can be more terrible than ignorance if you're powerless to
49 change your world.
50 -----BEGIN PGP SIGNATURE-----
51 Version: GnuPG v1.2.3 (GNU/Linux)
52 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
53
54 iD8DBQE/jZkjZlASNRlGLUcRAvadAKCpGBzJ87K8sAM2Wwk8ZfpywhrPDQCfVqfV
55 2Krt2C77dUacYyJPlgzaxHo=
56 =uZ+/
57 -----END PGP SIGNATURE-----
58
59
60 --
61 gentoo-hardened@g.o mailing list
Report Message
Find on MARC Find on Google Groups