From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1GNA2L-0000IC-1S for garchives@archives.gentoo.org; Tue, 12 Sep 2006 15:18:57 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.8/8.13.6) with SMTP id k8CFHqUa019638; Tue, 12 Sep 2006 15:17:52 GMT Received: from nz-out-0102.google.com (nz-out-0102.google.com [64.233.162.206]) by robin.gentoo.org (8.13.8/8.13.6) with ESMTP id k8CF8t6s018391 for ; Tue, 12 Sep 2006 15:08:55 GMT Received: by nz-out-0102.google.com with SMTP id n1so755430nzf for ; Tue, 12 Sep 2006 08:08:55 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=lB276X9/fkJ41RKEr++Qh9xr6Rsi8sHl/8o4hF+XukHqgJeai4xOLA/9CDj4taGjYD/nliZH4FF0bTEUBJBebJaSvIfFaRSHXpSsEAQuA1f4e4I3LBIuXalPxkWAoB0210gNFnIGgvz1lDU/zrp4QmM23nZPRDfCfLEJAW3gfWU= Received: by 10.65.43.17 with SMTP id v17mr3791303qbj; Tue, 12 Sep 2006 08:08:54 -0700 (PDT) Received: by 10.65.158.15 with HTTP; Tue, 12 Sep 2006 08:08:54 -0700 (PDT) Message-ID: <558b73fb0609120808k799baf30j41560442b9c38d12@mail.gmail.com> Date: Tue, 12 Sep 2006 11:08:54 -0400 From: "Michael Crute" To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Simplified apache2 In-Reply-To: Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: X-Archives-Salt: 90d6992e-01a8-4e24-8f25-e45962fb8ae5 X-Archives-Hash: 375e168494efca1c41518992f86f0756 On 9/12/06, James wrote: > > I used 2006.1 livecd to install a pII machine. It's going > to become a (minimalistic) apache2 server. I just let the > installation > set the flags for the install so I have these flags currently: Those look a bit excessive for a "minimalist" machine. I would start over ;-) > Some of these flag look questionable, such as the one with > underscores (kernel_linux userland_GNU) as I only found > information on them, where they are describe as 'undocumented > use flags'. What's up with these flags? My understanding is that these are set in the profile and simply tell portage that you are using Linux. I don't think there is any way (short of profile hacking) to change them. So don't worry about it. > Where do I look to discern the minimal list of (necessary) system > flags that > must be kept? (I want to avoid negating any flags that are critical). > > > These are my proposed list of flags: Still a little excessive in my opinion. The approach that I would (do) take is to put only the bare minimum use flags in make.conf and override the rest on a per-package level in /etc/portage/package.use. > So can I just use this list, or do I have to include a -{flag} for each one? > > IS there simpler syntax to globally remove unwanted flags [-*], but, not any > critical system flags? (Is this the same as just leaving the flag out > of the USE param. setting in make.conf? > -* will work but be careful it can break things if you don't know what your doing. > Are there default system flag settings that I can safely remove? > Where is the list and how do I know which ones can be removed or negated? > > My (limited) understanding of flags are that the highest priority are > those set in /etc/portage/package.use, then /etc/make.conf then > the system default flags which may be located in several locations. > Is there any docs or listing of all of these location and details > on precedence? http://www.gentoo.org/doc/en/handbook/handbook-x86.xml?part=2&chap=2 OK, my advice to you would be to start over with a hardened profile. While hardened is not specifically required I highly recommend it if this is just going to be a headless server machine. You probably want to set your machine up with a similar USE= string in make.conf USE="-* hardened pic ncurses ssl crypt berkdb tcpd pam perl python readline" I believe that is the bare minimum if you use -*. Now you can compile your system and you have a blank slate to start working with. As you start emerging packages just make sure you use the -pv flags for emerge and check out the available use flags and add the ones you want to /etc/portage/package.use. Here is an example of my package.use line for apache2 net-www/apache mpm-prefork threads This setup works smashingly for me on my production servers by YMMV. Best of luck. -Mike -- ________________________________ Michael E. Crute http://mike.crute.org I may not have gone where I intended to go, but I think I have ended up where I intended to be. --Douglas Adams -- gentoo-user@gentoo.org mailing list