From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-user+bounces-120685-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1Pzaso-0001VC-7M
	for garchives@archives.gentoo.org; Tue, 15 Mar 2011 20:30:22 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 9A5571C00B;
	Tue, 15 Mar 2011 20:28:41 +0000 (UTC)
Received: from mail-iy0-f181.google.com (mail-iy0-f181.google.com [209.85.210.181])
	by pigeon.gentoo.org (Postfix) with ESMTP id 6DA891C00B
	for <gentoo-user@lists.gentoo.org>; Tue, 15 Mar 2011 20:28:41 +0000 (UTC)
Received: by iyb26 with SMTP id 26so1330099iyb.40
        for <gentoo-user@lists.gentoo.org>; Tue, 15 Mar 2011 13:28:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:mime-version:in-reply-to:references:date
         :message-id:subject:from:to:content-type:content-transfer-encoding;
        bh=G+V5Gn3KlVooCO/9rebw8k5kCFF9KOLwglzT7oxMO+Y=;
        b=sW7OMmWXIcmS8oOJ3c/exCMB2PpfM0awXOJKKRO0hzuQvAdxwURmMKUVaKgZ4FhkUT
         x1d8173NvMtMtbRh1EmDDjipJmNuK8fOFfHKJQG5/+Cwe9Cf1fbMKX8rTypvktkUwgjL
         pG1PheuOVG5gW+Xtnr6KQwvioxASS+bTioRto=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type:content-transfer-encoding;
        b=BSF+EEjPcpERW6Jzq2ui+MvGvKRsrzsINqEs1XAogc0lAXPd6OKnLJskI4bWWT3zWS
         5uk6enqaMqdL6C6qj/MU16xHFwFQSmaoqWrfX3V+zjh6d+E3iBPrzaBRgVFGZseAVq6w
         O1Fav0R+FSyYZccqtFKS8FTQ3VYQPFXOSbZYc=
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
Received: by 10.43.65.75 with SMTP id xl11mr18409438icb.497.1300220920787;
 Tue, 15 Mar 2011 13:28:40 -0700 (PDT)
Received: by 10.43.131.66 with HTTP; Tue, 15 Mar 2011 13:28:40 -0700 (PDT)
In-Reply-To: <4D7FBF43.2090606@orlitzky.com>
References: <AANLkTi=h=8dRLufX2F=Yupkbn=GLHdLz7T6zLCw4CdFc@mail.gmail.com>
	<4D7FB70E.8070600@orlitzky.com>
	<AANLkTinKTg_7fwn8HS4aapLnx+5T5+gYJcHrnsyyMFZ+@mail.gmail.com>
	<4D7FBF43.2090606@orlitzky.com>
Date: Tue, 15 Mar 2011 13:28:40 -0700
Message-ID: <AANLkTikuHwpEd=Q8+1MnnG3M_Mr8fkOfVi9+ie=CGbD-@mail.gmail.com>
Subject: Re: [gentoo-user] Switching to a hardened profile and back again
From: Grant <emailgrant@gmail.com>
To: gentoo-user@lists.gentoo.org
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
X-Archives-Salt: 
X-Archives-Hash: 2e15681c88d442458186cf94e4fb349a

>>>> A dev is asking me to switch to a hardened profile in order to test a
>>>> fix. =A0I'm happy to go through the process, but is there a chance my
>>>> laptop could be unusable after the switch? =A0If that happens I'll be =
in
>>>> real trouble. =A0Will I be able to switch back to a non-hardened profi=
le
>>>> afterward? =A0I plan to follow this guide:
>>>>
>>>> http://www.gentoo.org/proj/en/hardened/hardenedfaq.xml#hardenedprofile
>>>>
>>>> BTW, are emerge -e world and emerge -e system both necessary? =A0I
>>>> thought emerge -e world would rebuild everything.
>>>
>>> Switching to hardened is safe. The switch back should be, too, although
>>> I haven't personally tried it. (Why would you switch back?)
>>
>> I originally had my laptop on a hardened profile (I think it was a
>> couple laptops back) but there were so many problems I eventually gave
>> up. =A0I remember doing a lot of system reinstalling as I switched
>> profiles around. =A0I don't have time to reinstall my system right now
>> so I'm trying to be sure I can switch to hardened (and from hardened
>> if necessary) without reinstalling.
>
> If you don't run a hardened kernel, "sudo gcc-config 5" (assuming 5 is
> the vanilla gcc on your machine...) will switch you back to the vanilla
> gcc. No need to switch profiles or recompile anything.

I do run a hardened kernel, but you're saying if I switch to gcc-5 I
should be able to test for a crash that was previously exhibited under
a hardened profile?

>>> You emerge system first, and then world so that your world is built by =
a
>>> hardened toolchain. When you compile gcc/glibc with USE=3Dhardened, it
>>> gives them super powers.
>>
>> Would 'emerge gcc glibc && emerge -e world' have the same affect?
>
> There are a couple of other packages you're supposed to re-emerge along
> with gcc and glibc. Binutils was one, but I don't remember the whole
> list. Just suck it up and spend the extra hour to re-emerge system; that
> way, you're sure you haven't missed anything.

OK I'll emerge system first if it comes to that.

- Grant