Shinkan wrote:


2009/12/1 Mansour Moufid <mansourmoufid@gmail.com>

You really shouldn't unmerge Portage, but if you want to, it should be
the last step -- coming *after* emerge -uUDN world && emerge
--depclean && revdep-rebuild. After which you can safely rm -drf
/usr/portage.

I get the way you would do the things, but that's quite the same thing that catalyst do behind the scene.
But it uses a cache system that avoid re-emerging too often.
That's chrooting a stage3, emerging fancy features, then removing others, all of this according to profiles.
I thing that's not very maintainable and that's error prone (because you're not sure of what is unmerged, or what dependencies it could break).

I haven't looked, but this isn't the way I understand Catalyst to work?

What it should be doing is exactly what you would do if you wrote your own scripts (It's basically just a fancy wrapper).  So look at the TinyGentoo instructions: http://en.gentoo-wiki.com/wiki/TinyGentoo and this gives you the basic principles

I use a kind of similar process to build my builds.  I use a chroot as the build system (basically just a roughly right stage4 build), then I chroot into that and build packages for everything that I need, then I install all the packages into some build directory and that becomes the new installation. This means that the destination doesn't need portage or gcc, etc (it's a very small and bare installation).  You can also build packages to distribute with qpkg, etc.

Also see alpine linux?

I'm interrested if there's a magic command to unmerge & clean every dev related things once system is built.

Sure - just "emerge -C yourstuff" and it's gone.  You can easily get a list of packages that were installed, you just need to know which ones you want to remove?  I personally build mine the other way and install only the stuff I need

What I *expect* catalyst to do is to build a stage1-4 build environment, then use that stage4 build environment to build another stage1-4 distribution where each stage builds incrementally?  Never used catalyst, but that's what I would expect to happen.  The logic being that you first build the build environment, then use the build environment to build the final distribution.  You could jump straight in and script all the steps directly yourself if you dont need the flexibility of catalyst?

ONE OFF-TOPIC MORE GENERAL QUESTION :
Is there a gentoo hardened toolchain with SSP and PIE BEFORE gcc 4 ?

Actually that's the gcc3.4.6 which was stable only a few weeks ago.  However, as has been mentioned it's not the same SSP as the new GCC4.4. 

There is a hardened overlay for gcc4.4 and I'm using this right now in conjunction with uclibc and I have to say it's working very nicely with fairly few workarounds needed (Python and sandbox mainly).  I'm actually unsure why it's not already migrated to gentoo package masked, however, I would suggest you base any new work on that overlay if you are starting now

Good luck

Ed W