Re: [gentoo-user] Simplified apache2

["Michael Crute" <mcrute@gmail.com>]

On 9/12/06, James <wireless@tampabay.rr.com> wrote:
>
> I  used 2006.1 livecd to install a pII machine. It's going
> to become a (minimalistic) apache2 server. I just let the
> installation
> set the  flags for the install  so I have these flags currently:

<snip>

Those look a bit excessive for a "minimalist" machine. I would start over ;-)

> Some of these flag look questionable, such as the one with
> underscores (kernel_linux userland_GNU) as I only found
> information on them, where they are describe as 'undocumented
>  use flags'. What's up with these flags?

My understanding is that these are set in the profile and simply tell
portage that you are using Linux. I don't think there is any way
(short of profile hacking) to change them. So don't worry about it.

> Where do I look to discern the minimal list of (necessary) system
> flags that
> must be kept?  (I want to avoid negating any flags that are critical).
>
>
> These are my proposed list of flags:

<snip>

Still a little excessive in my opinion. The approach that I would (do)
take is to put only the bare minimum use flags in make.conf and
override the rest on a per-package level in /etc/portage/package.use.

> So can I just use this list, or do I have to include a -{flag} for each one?
>
> IS there simpler syntax to globally remove unwanted flags [-*], but, not any
> critical system flags? (Is this the same as just leaving the flag out
> of the USE param. setting in make.conf?
>

-* will work but be careful it can break things if you don't know what
your doing.

> Are there default system flag settings that I can safely remove?
> Where is the list and how do I know which ones can be removed or negated?
>
> My (limited) understanding of flags are that the highest priority are
> those set in /etc/portage/package.use, then /etc/make.conf then
> the system default flags which may be located in several locations.
> Is there any docs or listing of all of these location and details
> on precedence?

http://www.gentoo.org/doc/en/handbook/handbook-x86.xml?part=2&chap=2

OK, my advice to you would be to start over with a hardened profile.
While hardened is not specifically required I highly recommend it if
this is just going to be a headless server machine.

You probably want to set your machine up with a similar USE= string in make.conf

USE="-* hardened pic ncurses ssl crypt berkdb tcpd pam perl python readline"

I believe that is the bare minimum if you use -*. Now you can compile
your system and you have a blank slate to start working with. As you
start emerging packages just make sure you use the -pv flags for
emerge and check out the available use flags and add the ones you want
to /etc/portage/package.use. Here is an example of my package.use line
for apache2

net-www/apache mpm-prefork threads

This setup works smashingly for me on my production servers by YMMV.
Best of luck.

-Mike

-- 
________________________________
Michael E. Crute
http://mike.crute.org

I may not have gone where I intended to go, but I think I have ended
up where I intended to be. --Douglas Adams
-- 
gentoo-user@gentoo.org mailing list