| 1 |
On Thu, Feb 21, 2008 at 8:21 AM, Kerin Millar <kerframil@×××××.com> wrote: |
| 2 |
|
| 3 |
> On 21/02/2008, Calum <caluml@×××××.com> wrote: |
| 4 |
> |
| 5 |
> [snip] |
| 6 |
> |
| 7 |
> > Yes, that's what I did. There is a hardened/amd64/ and a |
| 8 |
> > hardened/amd64/multilib/ profile. Does that mean then, that if I use |
| 9 |
> > the multilib amd64 profile, I should have less problems? |
| 10 |
> |
| 11 |
> Yes. |
| 12 |
> |
| 13 |
> > > Regardless of whether that was the case or not, I wouldn't |
| 14 |
> personally |
| 15 |
> > > recommend migrating systems in this manner in-situ as it is a |
| 16 |
> complex |
| 17 |
> > > procedure at the best of times. I'd suggest to use a recent stage |
| 18 |
> > > tarball (see the topic in the #gentoo-hardened channel), roll a new |
| 19 |
> > > chroot and use that as a basis for preparing your new base system. |
| 20 |
> > |
| 21 |
> > |
| 22 |
> > No, it's not something I'd normally want to do, given the choice. But |
| 23 |
> > life is never perfect, is it? :) |
| 24 |
> > It's a box that's up and running, and I wanted to migrate it with |
| 25 |
> > minimal downtime. |
| 26 |
> |
| 27 |
> Preparing a chroot need not entail any downtime. You could use the |
| 28 |
> quickpkg tool to generate binary packages from within the chroot then |
| 29 |
> consume those packages on your live system. There are still many |
| 30 |
> factors to consider but it's a lot more reliable than a "direct" |
| 31 |
> migration. |
| 32 |
> |
| 33 |
> > |
| 34 |
> > Other than that, though - is the AMD64 Hardened as well polished as |
| 35 |
> > the X86 variety? |
| 36 |
> |
| 37 |
> Yes. |
| 38 |
> |
| 39 |
> Regards, |
| 40 |
> |
| 41 |
> --Kerin |
| 42 |
> -- |
| 43 |
> gentoo-hardened@l.g.o mailing list |
| 44 |
> |
| 45 |
> |
| 46 |
I have been running hardened amd64 in production for some time now with |
| 47 |
great results. I did, however, start from a hardened stage3 on all the |
| 48 |
machines. From what you have said, downtime is an issue, so I agree with |
| 49 |
Kerin Miller above, build in a chroot, perhaps on another drive, then reboot |
| 50 |
after everything (hardened kernel) is done. |
| 51 |
|
| 52 |
Regards, |
| 53 |
-- |
| 54 |
M. Summers |
| 55 |
|
| 56 |
msummers42@×××××.com |
| 57 |
|
| 58 |
"...there are no rules here -- we're trying to accomplish something." |
| 59 |
- Thomas A. Edison |
Archives