From: Mansour Moufid <mansourmoufid@gmail.com>
To: gentoo-hardened@lists.gentoo.org
Subject: Re: [gentoo-hardened] Hardened Targets
Date: Tue, 1 Dec 2009 09:11:53 -0500 [thread overview]
Message-ID: <44a1f4d20912010611x7b762921r4ca6fe1c7c8567f9@mail.gmail.com> (raw)
In-Reply-To: <166af1cf0912010240n1e4ee221g9c4a1bfc7e05e833@mail.gmail.com>
On Tue, Dec 1, 2009 at 5:40 AM, Shinkan <shinkan@gmail.com> wrote:
> The main problem I can see from my rookie level is that I want each target
> to be built with its own version of GCC/LIBC/(basethings) and its own
> "snapshot" of a portage tree at a T time.
You can specify versions by masking with Portage. For example, if you
don't want gcc 4, then you would do:
# echo ">sys-devel/gcc-4" >> /etc/portage/package.mask
As for Portage "snapshots", you can get those from the Gentoo mirrors
by date, similar to how you did during the installation process. Just
don't emerge --sync. You probably do want to apply GLSA updates though
(see: glsa-check).
> I want the final target to be
> buildtools-less, portage-less,
> almost-everything-except-the-kernel-and-bash-less...
You can start by adding the "minimal" USE flag to make.conf. Then,
once you're sure everything you need is installed, unmerge everything
you don't need (gcc, etc.). I'm sure there's a trick to get Portage to
unmerge everything in the sys-devel category, which others might be
able to help with.
You really shouldn't unmerge Portage, but if you want to, it should be
the last step -- coming *after* emerge -uUDN world && emerge
--depclean && revdep-rebuild. After which you can safely rm -drf
/usr/portage.
> I would prefer a "2 step" additive way. Step 1 : I would like to build, for
> each target, a "build" dir which contains an hardened toolchain with
> specified versions of GCC/LIBC/etc, Step 2 : then from this build dir I
> would emerge things I need by hand from zero in a target dir, and build a
> kernel.
If you want one kernel per build, then it seems to me you will need to
use chroots, similar to how you chrooted to /mnt/gentoo from the
Gentoo installation environment. For example, start with mkdir -p
/var/target/1 /var/target/2, etc., each of which would be analogous to
/mnt/gentoo. In this case, replace the root directories (``/'') I
mentioned above with ``/var/target/n'' as needed, e.g.
/var/target/1/etc/portage.mask, etc.
Hope this helps.
--
Mansour Moufid
next prev parent reply other threads:[~2009-12-01 14:13 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-12-01 10:40 [gentoo-hardened] Hardened Targets Shinkan
2009-12-01 14:11 ` Mansour Moufid [this message]
2009-12-01 14:36 ` Shinkan
2009-12-01 15:08 ` Mike Edenfield
2009-12-01 15:39 ` Ed W
2009-12-01 16:31 ` Shinkan
2009-12-01 17:00 ` Ed W
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=44a1f4d20912010611x7b762921r4ca6fe1c7c8567f9@mail.gmail.com \
--to=mansourmoufid@gmail.com \
--cc=gentoo-hardened@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox