| 1 |
Hello, |
| 2 |
|
| 3 |
I'm pretty certain that switching to the hardened profile won't cause any slot conflicts, it pretty much just enables some compiler flags ( PIE ( it's enabled in not-hardened profiles since 6.3.0 too iirc ) , stack hardening, fortify source, RELRO ) and hardening flags on a few packages ( e.g. glibc ). Please try it again, maybe the output of emerge --info and the output of your world emerge ( or just the error message , both as pastebin or something ). |
| 4 |
|
| 5 |
I'm not quite sure if I understand the second part correctly, but I guess you want to compile packages on your workstation for that smaller box? In that case it doesn't matter which kernel your host uses, just make sure to choose the correct -march value. You don't have to run the hardened kernel for the hardened profile to work ( although it greatly enhances it - but maybe not for long since GRSEC stopped publishing their patches ). |
| 6 |
|
| 7 |
Regards, |
| 8 |
Rasmus |
| 9 |
|
| 10 |
-------- Original Message -------- |
| 11 |
On 19 Jul 2017, 17:13, Peter Humphrey wrote: |
| 12 |
|
| 13 |
> Hello list, |
| 14 |
> |
| 15 |
> The recent discussion of hardening Gentoo prompted me to have a go at |
| 16 |
> hardening this workstation. I followed the wiki[1] but when I got to emerge |
| 17 |
> -e world I got scores of slot conflicts, maybe hundreds. So I backed off and |
| 18 |
> restored the original system. |
| 19 |
> |
| 20 |
> Now I'm tackling a smaller box, following the same wiki, for which this |
| 21 |
> machine is a compile host with a chroot containing the client's NFS-exported |
| 22 |
> $PORTDIR. I have a question. |
| 23 |
> |
| 24 |
> The chroot and everything in it uses the host's kernel, which is not |
| 25 |
> hardened. If I emerge -e world in the chroot, can I then use the resulting |
| 26 |
> packages to install on the client? I suspect there will be subtle differences |
| 27 |
> (or not so subtle) that prevent me from doing this. |
| 28 |
> |
| 29 |
> That would be a pity, because recompiling everything on the client, a quad- |
| 30 |
> core Celeron N3150 at 1.8GHz, is likely to take a day or two. |
| 31 |
> |
| 32 |
> [1] https://wiki.gentoo.org/wiki/Hardened_Gentoo |
| 33 |
> |
| 34 |
> -- |
| 35 |
> Regards |
| 36 |
> Peter |
Archives