FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo Hardened

 
 
LinkBack Thread Tools
 
Old 06-29-2011, 09:39 PM
Tom Hendrikx
 
Default Tips for upgrading to the current stable gentoo hardened?

On 29/06/11 16:47, 7v5w7go9ub0o wrote:
> On 06/29/11 07:19, Anthony G. Basile wrote:
>
> [snip]
>
>>
>> The safest approach in either switching or recompiling everything
>> is:
>>
>> 1. Make the profile is set "eselect profile list" and pick your
>> hardened box. Careful on amd64 about changing multilib/nomultilib.
>> Stick with your mutilib-edness (if such a word exists
>>
>> 2. Rebuild the tool chain: emerge binutils glibc gcc
>>
>> 3. Rebuild system: emerge --keep-going -eq system (note anything
>> that fails you might want to file a bug)
>>
>> 4. Rebuild world: emerge --keep-going -eq world (again not any
>> failures, shouldn't happen else we're not doing our job)
>>
>> system vs world = system is just the bare minimum packages that any
>> box running that profile needs. world = system + what you've added.
>> You can skip step 3, but there might be a chance of mixing
>> unhardened/hardened stuff if you do, but I'm not 100% sure.
>>
>
> Thank You!
>
> 1. Is there some way this clear, succinct list could get into the
> hardened documentation?
>
> 2. At this point, the 'clearest' way to build a hardened box from scratch
> seems to go a few steps into the Gentoo handbook, then migrate using the
> steps above. Not ideal, but until the documentation can be refined, how
> about either putting these steps into the handbook, or alternatively a
> reference *in the handbook* to wherever you find a home for these steps
> (e.g. QandA).

I built a hardened box last week by grabbing a hardened autobuild, then
following the regular handbook for my arch. Above steps are only needed
when you start from a regular stage, or when you are converting a
regular install.

Usage of autobuilds is missing in the handbook now, but iirc there are
some open bugs on getting this changed.

--
Regards,
Tom
 
Old 06-29-2011, 11:44 PM
7v5w7go9ub0o
 
Default Tips for upgrading to the current stable gentoo hardened?

On 06/29/11 17:39, Tom Hendrikx wrote:

On 29/06/11 16:47, 7v5w7go9ub0o wrote:




2. At this point, the 'clearest' way to build a hardened box from
scratch seems to go a few steps into the Gentoo handbook, then
migrate using the steps above. Not ideal, but until the
documentation can be refined, how about either putting these steps
into the handbook, or alternatively a reference *in the handbook*
to wherever you find a home for these steps (e.g. QandA).


I built a hardened box last week by grabbing a hardened autobuild,
then following the regular handbook for my arch. Above steps are only
needed when you start from a regular stage, or when you are
converting a regular install.

Usage of autobuilds is missing in the handbook now, but iirc there
are some open bugs on getting this changed.

-- Regards, Tom




Geeze... I've built a couple of hardened boxes from scratch; most
recently two or three years ago; never *heard* of autobuild. Maybe my
experience precedes it (I was using experimental.org).

Perhaps the perfect (as in the traditionally excellent Gentoo
documentation) has become the enemy of the good (the documentation of the
autobuild is good, but not perfect enough to be entered into official docs.)

If "Q and A" is now the official hardened documentation, then 'twould be
nice if someone put a couple of imperfect sentences in there about
autobuild.

Good to know; so autobuilds are probably the clearest way to build a
hardened box. Thanks for posting.

(p.s. I think of ALL of the work that Zorry, Blueness, and a myriad of
other folks put into bringing Hardened Gentoo up to date - truly
*heroic* contributions - and I now fear that a lack of documentation will
result in a loss of the benefit of all of that work)

killall rant
 
Old 06-30-2011, 01:21 AM
"Anthony G. Basile"
 
Default Tips for upgrading to the current stable gentoo hardened?

On 06/29/2011 05:39 PM, Tom Hendrikx wrote:
> On 29/06/11 16:47, 7v5w7go9ub0o wrote:
>> On 06/29/11 07:19, Anthony G. Basile wrote:
>>
>> [snip]
>>
>>>
>>> The safest approach in either switching or recompiling everything
>>> is:
>>>
>>> 1. Make the profile is set "eselect profile list" and pick your
>>> hardened box. Careful on amd64 about changing multilib/nomultilib.
>>> Stick with your mutilib-edness (if such a word exists
>>>
>>> 2. Rebuild the tool chain: emerge binutils glibc gcc
>>>
>>> 3. Rebuild system: emerge --keep-going -eq system (note anything
>>> that fails you might want to file a bug)
>>>
>>> 4. Rebuild world: emerge --keep-going -eq world (again not any
>>> failures, shouldn't happen else we're not doing our job)
>>>
>>> system vs world = system is just the bare minimum packages that any
>>> box running that profile needs. world = system + what you've added.
>>> You can skip step 3, but there might be a chance of mixing
>>> unhardened/hardened stuff if you do, but I'm not 100% sure.
>>>
>>
>> Thank You!
>>
>> 1. Is there some way this clear, succinct list could get into the
>> hardened documentation?
>>
>> 2. At this point, the 'clearest' way to build a hardened box from scratch
>> seems to go a few steps into the Gentoo handbook, then migrate using the
>> steps above. Not ideal, but until the documentation can be refined, how
>> about either putting these steps into the handbook, or alternatively a
>> reference *in the handbook* to wherever you find a home for these steps
>> (e.g. QandA).
>
> I built a hardened box last week by grabbing a hardened autobuild, then
> following the regular handbook for my arch. Above steps are only needed
> when you start from a regular stage, or when you are converting a
> regular install.
>
> Usage of autobuilds is missing in the handbook now, but iirc there are
> some open bugs on getting this changed.
>
> --
> Regards,
> Tom

That's correct, these are instructions for switching from vanilla or if
you want to *very* safely recompile everything making sure you get
hardened. It is the most conservative path but also very time consuming.

If you're starting from scratch, just grab the latest stage3 *hardened*
tarball, start building your system from there and save yourself the
time. You will gain nothing but recompiling the tool chain and
system/world.

--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail : blueness@gentoo.org
GnuPG FP : 8040 5A4D 8709 21B1 1A88 33CE 979C AF40 D045 5535
GnuPG ID : D0455535
 

Thread Tools




All times are GMT. The time now is 04:20 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org