[gentoo-user] server to firewall conversion

[gentoo-user] server to firewall conversion

[James]

Hello,

I've been pruning down a server to become a minimal firewall. Slowly
removing packages, running 'revdep-rebuild -p' removing packages
and so on. Now I've got my make.conf looking like this:

USE="perl -gtk -gnome -qt -kde  acl acpi hardened kerberos krb4 ssl -alsa -arts/
-avi -cups -gif -gstreamer -gtk2 -jpeg -motif -mp3 -mpeg -ogg -oggvorbis /
-png  -quicktime -spell -vorbis -X  -xmms -xv dvd -cdr sse mmx  -cups  /
-jack   -php -tiff  lm_sensors  -mozilla doc syslog "

Anything else I should add/subtract from the USE flags?

When I run a emerge -uavDN world, it still wants to rebuild some X packages:
x11-base/xorg-x11-6.8.2-r6 

Somehow, I think I've missed a few things as I definately want X, kde and gnome
removed from the server-to-firewall.

thoughts and suggestions are most welcome.

James



-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] server to firewall conversion

[z3rosix]

Hello,

On Wed, Feb 15, 2006 at 01:49:06PM +0000, James wrote:
> Hello,
> 
> I've been pruning down a server to become a minimal firewall. Slowly
> removing packages, running 'revdep-rebuild -p' removing packages
> and so on. Now I've got my make.conf looking like this:
> 
> USE="perl -gtk -gnome -qt -kde  acl acpi hardened kerberos krb4 ssl -alsa -arts/
> -avi -cups -gif -gstreamer -gtk2 -jpeg -motif -mp3 -mpeg -ogg -oggvorbis /
> -png  -quicktime -spell -vorbis -X  -xmms -xv dvd -cdr sse mmx  -cups  /
> -jack   -php -tiff  lm_sensors  -mozilla doc syslog "
>

you can make it look like this USE="-* perl acl acpi hardened kerberos
krb4 ssl dvd sse mmx lm_sensors"
The first "-*" disabels all and then you are sure that only what you
want's gets enabled.

> Anything else I should add/subtract from the USE flags?
> 
> When I run a emerge -uavDN world, it still wants to rebuild some X packages:
> x11-base/xorg-x11-6.8.2-r6 
> 

try to run emerge with "-p --pretend" option, which should give you the
reason, why xorg would be emerged

> Somehow, I think I've missed a few things as I definately want X, kde and gnome
> removed from the server-to-firewall.
> 
> thoughts and suggestions are most welcome.
>

greetz

alex
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] server to firewall conversion

[Neil Bothwick]

[-- Attachment #1: Type: text/plain, Size: 902 bytes --]

On Wed, 15 Feb 2006 13:49:06 +0000 (UTC), James wrote:

> USE="perl -gtk -gnome -qt -kde  acl acpi hardened kerberos krb4 ssl
> -alsa -arts/ -avi -cups -gif -gstreamer -gtk2 -jpeg -motif -mp3 -mpeg
> -ogg -oggvorbis / -png  -quicktime -spell -vorbis -X  -xmms -xv dvd
> -cdr sse mmx  -cups  / -jack   -php -tiff  lm_sensors  -mozilla doc
> syslog "
> 
> Anything else I should add/subtract from the USE flags?

Start with -* then add only the USE flags you want. Make sure you
include readline.

> When I run a emerge -uavDN world, it still wants to rebuild some X
> packages: x11-base/xorg-x11-6.8.2-r6 

Add --tree (-t) to the options to see what is pulling in X.


-- 
Neil Bothwick

NOTE: The most fundamental particles in your computer are held together
by a "glueing" force about which little is known and whose adhesive power
cannot therefore be permanently guaranteed.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-user] server to firewall conversion

[Richard Fish]

On 2/15/06, z3rosix@my-mail.ch <z3rosix@my-mail.ch> wrote:
> try to run emerge with "-p --pretend" option, which should give you the
> reason, why xorg would be emerged

Of course you meant to say "--tree --pretend". :-)

-Richard

-- 
gentoo-user@gentoo.org mailing list

[gentoo-user] SOLVED: Re: server to firewall conversion

[James]

 <z3rosix <at> my-mail.ch> writes:


> > I've been pruning down a server to become a minimal firewall. Slowly
> > removing packages, running 'revdep-rebuild -p' removing packages
> > and so on. Now I've got my make.conf looking like this:

> > USE="perl -gtk -gnome -qt -kde  acl acpi hardened kerberos krb4 
ssl -alsa -arts/
> > -avi -cups -gif -gstreamer -gtk2 -jpeg -motif -mp3 -mpeg 
-ogg -oggvorbis /
> > -png  -quicktime -spell -vorbis -X  -xmms -xv dvd -cdr sse mmx
  -cups  /
> > -jack   -php -tiff  lm_sensors  -mozilla doc syslog "

> you can make it look like this USE="-* perl acl acpi hardened kerberos
> krb4 ssl dvd sse mmx lm_sensors"
> The first "-*" disabels all and then you are sure that only what you
> want's gets enabled.

OK, I  changed this in make.conf and it gives me a whole bunch
of packages to rebuild. That's OK. BUT, It still wants to add back:
N    ] x11-base/xorg-x11-6.8.2-r6
N    ] virtual/x11-6.8 
Both of which are unacceptable.

The world file only contains these packages now:
sys-fs/devfsd
app-portage/esearch
sys-apps/iproute2
app-portage/eix
sys-libs/glibc
media-video/mpeg-tools
sys-kernel/linux-headers
net-analyzer/bwmon
sys-fs/udev
app-editors/vim
sys-process/vixie-cron
sys-boot/grub
sys-apps/pciutils
sys-apps/slocate
dev-util/cvs
sys-apps/lm_sensors
sys-apps/discover
sys-apps/lshw
sys-apps/coldplug
app-admin/syslog-ng
app-editors/nano
sys-power/acpid
sys-kernel/gentoo-sources
app-portage/genlop
sys-apps/ethtool
net-firewall/iptables
app-portage/gentoolkit
sys-kernel/hardened-sources

> try to run emerge with "-p --pretend" option, which should give you the
> reason, why xorg would be emerged

Um I'm not sure you are correct here:

emerge -pv x11-base/xorg-x11-6.8.2-r6
does not show me what's calling for it to be installed.

So I tried:
emerge --tree --verbose --update --deep world
which shows:
curl, mpeg-tools and discover as the culprits!
I unmerged them and all x, nor xorg are trying to reinstall.

Thanks so much!

James




-- 
gentoo-user@gentoo.org mailing list

[gentoo-user] Re: server to firewall conversion

[James]

Neil Bothwick <neil <at> digimed.co.uk> writes:

> > Anything else I should add/subtract from the USE flags?

> Start with -* then add only the USE flags you want. Make sure you
> include readline.

'readline' was added to the USE flags....

thx,

James




-- 
gentoo-user@gentoo.org mailing list