| 1 |
Hi Brant, |
| 2 |
|
| 3 |
thank you for answering. |
| 4 |
|
| 5 |
Am Freitag, 14. Dezember 2007 schrieb brant williams: |
| 6 |
> The USE flags for "hardened" and "nls" appear now to be turned off |
| 7 |
> somewhere (and have been disabled since the last time you compiled gcc -- |
| 8 |
> note the asterisk after the flags). |
| 9 |
That's correct. I started my USE-variable in "make.conf" with a "-*" to get |
| 10 |
a minimal system and only added flags I intended to use. I did _not_ |
| 11 |
add "nls" since I didn't intent to use any other language and left |
| 12 |
out "hardened" and "pic" too, since I assumed they would be "added by the |
| 13 |
profile" no matter what I add into make.conf. Just as with "multilib" - or |
| 14 |
do I need it...? |
| 15 |
|
| 16 |
|
| 17 |
> Can you paste the output of `emerge --info`? |
| 18 |
Hehe, you didn't read until the end ;-). I cite the output from last time |
| 19 |
again below for reference. |
| 20 |
|
| 21 |
|
| 22 |
> Also, what steps have you taken so far? You said that you just chrooted |
| 23 |
> into this system; are you just now doing this from the install disc? |
| 24 |
Correct, editing the usual files from the live cd bash, chrooting, syncing |
| 25 |
and then the update world. That was all. |
| 26 |
|
| 27 |
|
| 28 |
> You might want to compile a kernel and make sure the box will boot without |
| 29 |
> the install disc before emerging other packages or changing the profile. |
| 30 |
Thank you for your suggestion. But I now tried it again _with_ hardened |
| 31 |
added to my USE-flags (after you explicitly mentioned it above) and |
| 32 |
retried. This time it worked as intented... |
| 33 |
|
| 34 |
Below you will find the "make.conf" and "emerge --info" output which |
| 35 |
_didn't_ work. The only relevant difference seems to be the addition of |
| 36 |
the "hardened" USE-flag. I added "pic" too to be sure... So my working |
| 37 |
setup (at least until now ;-) ) is the same as below only with these two |
| 38 |
flags added. I guess I will start an emerge -e world to be safe. |
| 39 |
|
| 40 |
|
| 41 |
Can someone please explain what USE/C/CXX flags or other variables |
| 42 |
should/must be set on a hardened system when using the hardened profile? |
| 43 |
Obviously "hardened" is one of them ;-). What about "multilib"? |
| 44 |
|
| 45 |
Thanks! |
| 46 |
Marcel |
| 47 |
|
| 48 |
|
| 49 |
> > $ emerge --info |
| 50 |
> > emerge --info |
| 51 |
> > Portage 2.1.3.19 (hardened/amd64/multilib, gcc-3.4.6, glibc-2.3.6-r5, |
| 52 |
> > 2.6.19-gentoo-r5 x86_64) |
| 53 |
> > ================================================================= |
| 54 |
> > System uname: 2.6.19-gentoo-r5 x86_64 AMD Opteron(tm) Processor 850 |
| 55 |
> > Timestamp of tree: Fri, 14 Dec 2007 14:16:01 +0000 |
| 56 |
> > app-shells/bash: 3.2_p17 |
| 57 |
> > dev-lang/python: 2.4.4-r6 |
| 58 |
> > dev-python/pycrypto: 2.0.1-r6 |
| 59 |
> > sys-apps/baselayout: 1.12.9 |
| 60 |
> > sys-apps/sandbox: 1.2.18.1-r2 |
| 61 |
> > sys-devel/autoconf: 2.61-r1 |
| 62 |
> > sys-devel/automake: 1.10 |
| 63 |
> > sys-devel/binutils: 2.18-r1 |
| 64 |
> > sys-devel/gcc-config: 1.3.16 |
| 65 |
> > sys-devel/libtool: 1.5.24 |
| 66 |
> > virtual/os-headers: 2.6.22-r2 |
| 67 |
> > ACCEPT_KEYWORDS="amd64" |
| 68 |
> > CBUILD="x86_64-pc-linux-gnu" |
| 69 |
> > CFLAGS="-march=k8 -O2 -pipe -fforce-addr" |
| 70 |
> > CHOST="x86_64-pc-linux-gnu" |
| 71 |
> > CONFIG_PROTECT="/etc" |
| 72 |
> > CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/splash /etc/terminfo" |
| 73 |
> > CXXFLAGS="-march=k8 -O2 -pipe -fforce-addr" |
| 74 |
> > DISTDIR="/usr/portage/distfiles" |
| 75 |
> > FEATURES="autoconfig distlocks metadata-transfer parallel-fetch sandbox |
| 76 |
> > sfperms strict unmerge-orphans userfetch" |
| 77 |
> > GENTOO_MIRRORS="ftp://sunsite.informatik.rwth-aachen.de/pub/Linux/gento |
| 78 |
> >o/ http://distfiles.gentoo.org |
| 79 |
> > http://www.ibiblio.org/pub/Linux/distributions/gentoo" |
| 80 |
> > MAKEOPTS="-j5" |
| 81 |
> > PKGDIR="/usr/portage/packages" |
| 82 |
> > PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times |
| 83 |
> > --compress --force --whole-file --delete --delete-after --stats |
| 84 |
> > --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages |
| 85 |
> > --filter=H_**/files/digest-*" PORTAGE_TMPDIR="/var/tmp" |
| 86 |
> > PORTDIR="/usr/portage" |
| 87 |
> > PORTDIR_OVERLAY="/usr/local/portage" |
| 88 |
> > SYNC="rsync://rsync.de.gentoo.org/gentoo-portage" |
| 89 |
> > USE="amd64 bash-completion berkdb caps crypt memlimit ncurses nptl pam |
| 90 |
> > readline skey snmp ssl unicode vim-syntax xattr xinetd zlib" |
| 91 |
> > ELIBC="glibc" INPUT_DEVICES="mouse keyboard" KERNEL="linux" |
| 92 |
> > USERLAND="GNU" |
| 93 |
> > Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, |
| 94 |
> > LC_ALL, LDFLAGS, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, |
| 95 |
> > PORTAGE_RSYNC_EXTRA_OPTS |
| 96 |
> > |
| 97 |
> > $ cat /etc/make.conf |
| 98 |
> > USE="-* \ |
| 99 |
> > bash-completion berkdb \ |
| 100 |
> > caps crypt \ |
| 101 |
> > memlimit \ |
| 102 |
> > ncurses nptl \ |
| 103 |
> > pam \ |
| 104 |
> > readline \ |
| 105 |
> > skey snmp ssl \ |
| 106 |
> > unicode \ |
| 107 |
> > vim-syntax \ |
| 108 |
> > xattr xinetd \ |
| 109 |
> > zlib \ |
| 110 |
> > " |
| 111 |
> > |
| 112 |
> > CHOST="x86_64-pc-linux-gnu" |
| 113 |
> > |
| 114 |
> > CFLAGS="-march=k8 -O2 -pipe -fforce-addr" |
| 115 |
> > CXXFLAGS="${CFLAGS}" |
| 116 |
> > |
| 117 |
> > # ACCEPT_KEYWORDS="~amd64" |
| 118 |
> > |
| 119 |
> > PORT_LOGDIR="/var/log/portage" |
| 120 |
> > PORT_ENOTICE_DIR="/var/log/portage/enotice" |
| 121 |
> > PORTDIR_OVERLAY="/usr/local/portage" |
| 122 |
> > |
| 123 |
> > GENTOO_MIRRORS="ftp://sunsite.informatik.rwth-aachen.de/pub/Linux/gento |
| 124 |
> >o/ http://distfiles.gentoo.org |
| 125 |
> > http://www.ibiblio.org/pub/Linux/distributions/gentoo" |
| 126 |
> > |
| 127 |
> > SYNC="rsync://rsync.de.gentoo.org/gentoo-portage" |
| 128 |
> > |
| 129 |
> > MAKEOPTS="-j5" |
| 130 |
> > |
| 131 |
> > FEATURES="parallel-fetch sandbox strict" |
| 132 |
> > |
| 133 |
> > PORTAGE_NICENESS="5" |
| 134 |
> > PORTAGE_TMPFS="/dev/shm" |
| 135 |
> > PORTAGE_ELOG_CLASSES="info warn error log" |
| 136 |
> > PORTAGE_ELOG_SYSTEM="save" |
| 137 |
> > |
| 138 |
> > ALSA_CARDS="" |
| 139 |
> > ALSA_PCM_PLUGINS="" |
| 140 |
> > APACHE2_MODULES="" |
| 141 |
> > LCD_DEVICES="" |
| 142 |
> > VIDEO_CARDS="" |
Archives