From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-user+bounces-120681-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1PzZpO-0003pf-Hv
	for garchives@archives.gentoo.org; Tue, 15 Mar 2011 19:22:46 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id A33FA1C02F;
	Tue, 15 Mar 2011 19:20:10 +0000 (UTC)
Received: from mail-yi0-f53.google.com (mail-yi0-f53.google.com [209.85.218.53])
	by pigeon.gentoo.org (Postfix) with ESMTP id 735B91C02F
	for <gentoo-user@lists.gentoo.org>; Tue, 15 Mar 2011 19:20:10 +0000 (UTC)
Received: by yia25 with SMTP id 25so572729yia.40
        for <gentoo-user@lists.gentoo.org>; Tue, 15 Mar 2011 12:20:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:mime-version:in-reply-to:references:date
         :message-id:subject:from:to:content-type:content-transfer-encoding;
        bh=yoCjDerkyc+gusFgTiRUTVj26X1JvG7glVKNOiLdHSM=;
        b=grtuiYxk5gYGezON6GmrA+U3n56LFrCpRf3WoT8ksSc99pHI5rC912A3uSICh7Svq1
         Ys/oJ5JBZlgOJkoOt8FspBmBvk5ZJhZNCYu7vMNsg9+Wi62YlZH3yULbFRbZyQkzzE9r
         jvHIRQlOBpDh/DuxClpcB2V9dQa9MiUPi9FC8=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type:content-transfer-encoding;
        b=swRC+L57nA3222F3hKqmkaH3cFc0EuHXLMJHkL5R/8kHg7gSrpFuZacG/mXpsQFkTW
         E05DGJAHJXNFrpEKECxp+wx6B/4QunK6t1hXvyChyj/1kBFFq2rme7KLQqKmvFGTH0E2
         gFTgtojy4WAK+HOPiDQd+s2RswJ97lmb4Ai7E=
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
Received: by 10.43.45.10 with SMTP id ui10mr5133871icb.430.1300216809771; Tue,
 15 Mar 2011 12:20:09 -0700 (PDT)
Received: by 10.43.131.66 with HTTP; Tue, 15 Mar 2011 12:20:09 -0700 (PDT)
In-Reply-To: <4D7FB70E.8070600@orlitzky.com>
References: <AANLkTi=h=8dRLufX2F=Yupkbn=GLHdLz7T6zLCw4CdFc@mail.gmail.com>
	<4D7FB70E.8070600@orlitzky.com>
Date: Tue, 15 Mar 2011 12:20:09 -0700
Message-ID: <AANLkTinKTg_7fwn8HS4aapLnx+5T5+gYJcHrnsyyMFZ+@mail.gmail.com>
Subject: Re: [gentoo-user] Switching to a hardened profile and back again
From: Grant <emailgrant@gmail.com>
To: gentoo-user@lists.gentoo.org
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
X-Archives-Salt: 
X-Archives-Hash: 57c873ade6a3cce4d0ffdca8ef194c92

>> A dev is asking me to switch to a hardened profile in order to test a
>> fix. =A0I'm happy to go through the process, but is there a chance my
>> laptop could be unusable after the switch? =A0If that happens I'll be in
>> real trouble. =A0Will I be able to switch back to a non-hardened profile
>> afterward? =A0I plan to follow this guide:
>>
>> http://www.gentoo.org/proj/en/hardened/hardenedfaq.xml#hardenedprofile
>>
>> BTW, are emerge -e world and emerge -e system both necessary? =A0I
>> thought emerge -e world would rebuild everything.
>
> Switching to hardened is safe. The switch back should be, too, although
> I haven't personally tried it. (Why would you switch back?)

I originally had my laptop on a hardened profile (I think it was a
couple laptops back) but there were so many problems I eventually gave
up.  I remember doing a lot of system reinstalling as I switched
profiles around.  I don't have time to reinstall my system right now
so I'm trying to be sure I can switch to hardened (and from hardened
if necessary) without reinstalling.

> You emerge system first, and then world so that your world is built by a
> hardened toolchain. When you compile gcc/glibc with USE=3Dhardened, it
> gives them super powers.

Would 'emerge gcc glibc && emerge -e world' have the same affect?

- Grant