From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org)
	by nuthatch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-user+bounces-50806-garchives=archives.gentoo.org@gentoo.org>)
	id 1GNA2L-0000IC-1S
	for garchives@archives.gentoo.org; Tue, 12 Sep 2006 15:18:57 +0000
Received: from robin.gentoo.org (localhost [127.0.0.1])
	by robin.gentoo.org (8.13.8/8.13.6) with SMTP id k8CFHqUa019638;
	Tue, 12 Sep 2006 15:17:52 GMT
Received: from nz-out-0102.google.com (nz-out-0102.google.com [64.233.162.206])
	by robin.gentoo.org (8.13.8/8.13.6) with ESMTP id k8CF8t6s018391
	for <gentoo-user@lists.gentoo.org>; Tue, 12 Sep 2006 15:08:55 GMT
Received: by nz-out-0102.google.com with SMTP id n1so755430nzf
        for <gentoo-user@lists.gentoo.org>; Tue, 12 Sep 2006 08:08:55 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=lB276X9/fkJ41RKEr++Qh9xr6Rsi8sHl/8o4hF+XukHqgJeai4xOLA/9CDj4taGjYD/nliZH4FF0bTEUBJBebJaSvIfFaRSHXpSsEAQuA1f4e4I3LBIuXalPxkWAoB0210gNFnIGgvz1lDU/zrp4QmM23nZPRDfCfLEJAW3gfWU=
Received: by 10.65.43.17 with SMTP id v17mr3791303qbj;
        Tue, 12 Sep 2006 08:08:54 -0700 (PDT)
Received: by 10.65.158.15 with HTTP; Tue, 12 Sep 2006 08:08:54 -0700 (PDT)
Message-ID: <558b73fb0609120808k799baf30j41560442b9c38d12@mail.gmail.com>
Date: Tue, 12 Sep 2006 11:08:54 -0400
From: "Michael Crute" <mcrute@gmail.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Simplified apache2
In-Reply-To: <loom.20060912T142340-527@post.gmane.org>
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <loom.20060912T142340-527@post.gmane.org>
X-Archives-Salt: 90d6992e-01a8-4e24-8f25-e45962fb8ae5
X-Archives-Hash: 375e168494efca1c41518992f86f0756

On 9/12/06, James <wireless@tampabay.rr.com> wrote:
>
> I  used 2006.1 livecd to install a pII machine. It's going
> to become a (minimalistic) apache2 server. I just let the
> installation
> set the  flags for the install  so I have these flags currently:

<snip>

Those look a bit excessive for a "minimalist" machine. I would start over ;-)

> Some of these flag look questionable, such as the one with
> underscores (kernel_linux userland_GNU) as I only found
> information on them, where they are describe as 'undocumented
>  use flags'. What's up with these flags?

My understanding is that these are set in the profile and simply tell
portage that you are using Linux. I don't think there is any way
(short of profile hacking) to change them. So don't worry about it.

> Where do I look to discern the minimal list of (necessary) system
> flags that
> must be kept?  (I want to avoid negating any flags that are critical).
>
>
> These are my proposed list of flags:

<snip>

Still a little excessive in my opinion. The approach that I would (do)
take is to put only the bare minimum use flags in make.conf and
override the rest on a per-package level in /etc/portage/package.use.

> So can I just use this list, or do I have to include a -{flag} for each one?
>
> IS there simpler syntax to globally remove unwanted flags [-*], but, not any
> critical system flags? (Is this the same as just leaving the flag out
> of the USE param. setting in make.conf?
>

-* will work but be careful it can break things if you don't know what
your doing.

> Are there default system flag settings that I can safely remove?
> Where is the list and how do I know which ones can be removed or negated?
>
> My (limited) understanding of flags are that the highest priority are
> those set in /etc/portage/package.use, then /etc/make.conf then
> the system default flags which may be located in several locations.
> Is there any docs or listing of all of these location and details
> on precedence?

http://www.gentoo.org/doc/en/handbook/handbook-x86.xml?part=2&chap=2

OK, my advice to you would be to start over with a hardened profile.
While hardened is not specifically required I highly recommend it if
this is just going to be a headless server machine.

You probably want to set your machine up with a similar USE= string in make.conf

USE="-* hardened pic ncurses ssl crypt berkdb tcpd pam perl python readline"

I believe that is the bare minimum if you use -*. Now you can compile
your system and you have a blank slate to start working with. As you
start emerging packages just make sure you use the -pv flags for
emerge and check out the available use flags and add the ones you want
to /etc/portage/package.use. Here is an example of my package.use line
for apache2

net-www/apache mpm-prefork threads

This setup works smashingly for me on my production servers by YMMV.
Best of luck.

-Mike

-- 
________________________________
Michael E. Crute
http://mike.crute.org

I may not have gone where I intended to go, but I think I have ended
up where I intended to be. --Douglas Adams
-- 
gentoo-user@gentoo.org mailing list