1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
Richard Laager wrote: |
5 |
| |
6 |
| Peter Simons wrote: |
7 |
| |
8 |
|>First of all, thanks to all you guys for maintaining the hardened |
9 |
|>profile! Consider me a happy user. About two weeks ago, I installed |
10 |
|>a Gentoo machine from the scratch with _all_ the nifty features: |
11 |
|>hardened-sources with SELinux, PaX, hardened-gcc, super-freeswan |
12 |
|>... everything. And it worked like charm, the whole installation |
13 |
|>took less than 6 hours. Honestly, Gentoo rocks. :-) |
14 |
| |
15 |
| |
16 |
| How did you pull this off? I've tried various permutations of steps |
17 |
| and haven't had any luck. I can't seem to get a system bootstrapped |
18 |
| with hardened-gcc. Any pointers to instructions? |
19 |
| |
20 |
| Thanks, |
21 |
| Richard Laager |
22 |
| |
23 |
|
24 |
boostrapping w/ hgcc is a touch tricky. For stage building, I had to |
25 |
make my own custom boostrap.sh that essentially emerged hgcc first, then |
26 |
did everything else. The bootstrap.sh in /usr/portage/scripts will not |
27 |
accomplish this. Check out http://dev.gentoo.org/~zhen/Hardened/unpack |
28 |
for my boostrap.sh script. It will require some hacking to remove |
29 |
catalyst specfic vars and what not, but you will see the general idea. |
30 |
|
31 |
Personally, I would recommend starting with a hardened stage2 and going |
32 |
from there. All you have to do is set your optimizations, and emerge |
33 |
system. From that point, you are using the hardened profile and all of |
34 |
your binaries are et_dyn+ssp. You can get testing hardened stages @ |
35 |
http://dev.gentoo.org/~zhen/Hardened/stages. Make sure to use the most |
36 |
recent ones :) |
37 |
|
38 |
Hope this helps - |
39 |
|
40 |
Cheers, |
41 |
//zhen |
42 |
- -- |
43 |
John Davis |
44 |
Gentoo Linux Developer |
45 |
<http://dev.gentoo.org/~zhen> |
46 |
|
47 |
- ---- |
48 |
Knowledge can be more terrible than ignorance if you're powerless to |
49 |
change your world. |
50 |
-----BEGIN PGP SIGNATURE----- |
51 |
Version: GnuPG v1.2.3 (GNU/Linux) |
52 |
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org |
53 |
|
54 |
iD8DBQE/jZkjZlASNRlGLUcRAvadAKCpGBzJ87K8sAM2Wwk8ZfpywhrPDQCfVqfV |
55 |
2Krt2C77dUacYyJPlgzaxHo= |
56 |
=uZ+/ |
57 |
-----END PGP SIGNATURE----- |
58 |
|
59 |
|
60 |
-- |
61 |
gentoo-hardened@g.o mailing list |