| 1 |
On Wed, 30 Jan 2008 11:49:48 +0100 |
| 2 |
Alex Schuster <wonko@×××××××××.org> wrote: |
| 3 |
|
| 4 |
> Dan Farrell writes: |
| 5 |
> |
| 6 |
> > Alex Schuster <wonko@×××××××××.org> wrote: |
| 7 |
> > > I want to harden the gentoo running on my little server, but I'm a |
| 8 |
> > > little worried about possible problems. Like, services not coming |
| 9 |
> > > up when rebooting after an emerge -e world. Do you see any |
| 10 |
> > > possibility for that? |
| 11 |
> > |
| 12 |
> > Absolutely. These problems can be overcome with a little attention, |
| 13 |
> > but outdated config files that were not updated with dispatch-conf |
| 14 |
> > or etc-update might not work with newer versions of software. |
| 15 |
> |
| 16 |
> Sure. But the system is up to date, emerge -uN world gives nothing. |
| 17 |
> It's only the re-compiling of everything with a hardened gcc that |
| 18 |
> worries me a little. If something might go wrong there, I would wait |
| 19 |
> with re-compiling until I know I have physical access to the machine |
| 20 |
> for a while, while most of the time I am away some 100 km from it. |
| 21 |
> |
| 22 |
> I must admit that I should know more about the hardened stuff, but I |
| 23 |
> thought I'd start with the preparations. Configuring things like Pax |
| 24 |
> would come later, when emerge -e world has finished on this slow |
| 25 |
> machine (and when I have read all the howtos). |
| 26 |
> |
| 27 |
> Wonko |
| 28 |
|
| 29 |
You might consider building packages but not installing them -- I think |
| 30 |
could use --buildpkgonly (aka -B) to achieve this end. If the world |
| 31 |
emerge with a -B flag finishes successfully, I think that means all |
| 32 |
packages were built and you are ready to emerge world with --usepkgonly |
| 33 |
(-K) without having to worry about build-time issues that could cause |
| 34 |
conflicting packages on the system. |
| 35 |
|
| 36 |
|
| 37 |
But what does everyone else think? |
| 38 |
-- |
| 39 |
gentoo-user@l.g.o mailing list |
Archives