| 1 |
On Wed, 05 Dec 2012 06:57:55 -0500 |
| 2 |
"Anthony G. Basile" <blueness@g.o> wrote: |
| 3 |
|
| 4 |
> > |
| 5 |
> > Is it possible to reduce compilation for hardened gentoo by using |
| 6 |
> > Sabayon and how close to hardened Gentoo could I get. |
| 7 |
> |
| 8 |
> Pretty close, and depending on what you want to do, probably good |
| 9 |
> enough. Sabayon has been adopting hardening of the toolchain and |
| 10 |
> binaries built with it --- I've given them some advise in this |
| 11 |
> regard. I don't think they've adopted hardened-sources on their |
| 12 |
> images, but its there in emerge and they've made noise in that |
| 13 |
> direction. |
| 14 |
> |
| 15 |
|
| 16 |
So when you say pretty close, do you mean only if you use emerge and |
| 17 |
hardened sources for everything and not Sabayons binary repos atleast |
| 18 |
for the time being? |
| 19 |
|
| 20 |
> Having said that, what's the compile issue? It should take just as |
| 21 |
> long to build the kernel on sabayon as gentoo, all else being the |
| 22 |
> same. |
| 23 |
|
| 24 |
I build a grecurity kernel for arch, sign it, deliver it to a few |
| 25 |
machines and update userland. I've found packages like parole, alsa |
| 26 |
instead of pulse, abiword, gnome mixer instead of xfce-mixer and opera |
| 27 |
(until recently) that work with a fully enabled grsecurity kernel purely |
| 28 |
to save time building as I have lots of uses for good machines, don't |
| 29 |
believe in build machines running browsers and wish to minimise time |
| 30 |
spent updating in any case. OTOH I've heard the major package builds |
| 31 |
have binaries on gentoo to save users time so maybe the rest of userland |
| 32 |
will be quite quick to build, I have been meaning to find out on a |
| 33 |
gentoo test machine. I guess the hardened firefox with JIT disabled |
| 34 |
isn't a pre-built? |
| 35 |
|
| 36 |
Sorry for not replying sooner and thanks for the input. |
Archives