From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1QbxDx-00034X-7R for garchives@archives.gentoo.org; Wed, 29 Jun 2011 16:02:45 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id D021F1C24E for ; Wed, 29 Jun 2011 16:02:44 +0000 (UTC) Received: from mail-vx0-f181.google.com (mail-vx0-f181.google.com [209.85.220.181]) by pigeon.gentoo.org (Postfix) with ESMTP id CA71F1C1AE for ; Wed, 29 Jun 2011 15:03:16 +0000 (UTC) Received: by vxa40 with SMTP id 40so1187538vxa.40 for ; Wed, 29 Jun 2011 08:03:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:references:in-reply-to; bh=CQuQDvUIG40MO5bIS5GoJEcX79ViCWiJ328PTZh5u6k=; b=rHZr3RfYYwmNb/Ur8rC9enS3fRT56jv6jx7iUGfj9lg+7ajETFEZVHWwa7hjzVTB53 K2lcm4LvGOVMcy7amTCllXT4WF8rSWmvNpvz+ZJ2E9RgawGvpUsEa6o6U6tKcSwJPM+J hrMgUCtlnLwpOzxRfLtrVNxq82Lm6trEJFiHM= Received: by 10.52.37.194 with SMTP id a2mr1205572vdk.71.1309359059763; Wed, 29 Jun 2011 07:50:59 -0700 (PDT) Received: from [127.0.0.1] (politkovskaja.torservers.net [77.247.181.165]) by mx.google.com with ESMTPS id q1sm423183vdt.35.2011.06.29.07.50.51 (version=SSLv3 cipher=OTHER); Wed, 29 Jun 2011 07:50:59 -0700 (PDT) Message-ID: <4E0B3AE4.4050204@gmail.com> Date: Wed, 29 Jun 2011 10:47:00 -0400 From: 7v5w7go9ub0o <7v5w7go9ub0o@gmail.com> To: gentoo-hardened@lists.gentoo.org Subject: [gentoo-hardened] Re: Tips for upgrading to the current stable gentoo hardened? References: <201106151055.12918.karlis.repsons@gmail.com> <4DFF5746.9030500@wildgooses.com> <4E0B0A42.4060302@gentoo.org> In-Reply-To: <4E0B0A42.4060302@gentoo.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-hardened@lists.gentoo.org Reply-to: gentoo-hardened@lists.gentoo.org X-Archives-Salt: X-Archives-Hash: 32919b73a283bca72b8356be86bfacfa On 06/29/11 07:19, Anthony G. Basile wrote: [snip] > > The safest approach in either switching or recompiling everything > is: > > 1. Make the profile is set "eselect profile list" and pick your > hardened box. Careful on amd64 about changing multilib/nomultilib. > Stick with your mutilib-edness (if such a word exists :) > > 2. Rebuild the tool chain: emerge binutils glibc gcc > > 3. Rebuild system: emerge --keep-going -eq system (note anything > that fails you might want to file a bug) > > 4. Rebuild world: emerge --keep-going -eq world (again not any > failures, shouldn't happen else we're not doing our job) > > system vs world = system is just the bare minimum packages that any > box running that profile needs. world = system + what you've added. > You can skip step 3, but there might be a chance of mixing > unhardened/hardened stuff if you do, but I'm not 100% sure. > Thank You! 1. Is there some way this clear, succinct list could get into the hardened documentation? 2. At this point, the 'clearest' way to build a hardened box from scratch seems to go a few steps into the Gentoo handbook, then migrate using the steps above. Not ideal, but until the documentation can be refined, how about either putting these steps into the handbook, or alternatively a reference *in the handbook* to wherever you find a home for these steps (e.g. QandA). IIRC, there is nowhere a reference to "hardened" in the Gentoo Handbook.