Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Gentoo: Hardened

Profile hardened/linux/x86 updated

  

 
Gentoo hardened RSS feed   Index | Next | Previous | View Threaded


blueness at gentoo

Nov 20, 2010, 5:54 AM

Post #1 of 8 (787 views)
Permalink
Profile hardened/linux/x86 updated
Hi everyone,

I've now updated the x86 profile for hardened:

hardened/linux/x86

Please test by switching to the new profile and making sure your emerge
-ep system and emerge -ep world do not change.

There is only amd64 yet to go. If all goes well with x86, I will make
update amd64 around Nov 24, 2010.

As always, let me know if anything breaks.



--
Anthony G. Basile, Ph.D.
Gentoo Developer


lypsik at gmail

Nov 20, 2010, 10:45 PM

Post #2 of 8 (754 views)
Permalink
Re: Profile hardened/linux/x86 updated [In reply to]
"making sure your emerge -ep system and emerge -ep world do not change"
What does this mean exactly? Running these commands should say "Total:
0 packages, Size of downloads: 0 kB"? Because on my install "emerge
-ep system" wants to reinstall 159 and "emerge -ep world" 640
packages.


atoth at atoth

Nov 21, 2010, 4:43 AM

Post #3 of 8 (755 views)
Permalink
Re: Profile hardened/linux/x86 updated [In reply to]
That was a smooth transition. The claimed packages seems to be the same.
--
dr Tóth Attila, Radiológus, 06-20-825-8057, 06-30-5962-962
Attila Toth MD, Radiologist, +36-20-825-8057, +36-30-5962-962

2010.November 20.(Szo) 14:54 időpontban Anthony G. Basile ezt írta:
>
> Hi everyone,
>
> I've now updated the x86 profile for hardened:
>
> hardened/linux/x86
>
> Please test by switching to the new profile and making sure your emerge
> -ep system and emerge -ep world do not change.
>
> There is only amd64 yet to go. If all goes well with x86, I will make
> update amd64 around Nov 24, 2010.
>
> As always, let me know if anything breaks.
>
>
>
> --
> Anthony G. Basile, Ph.D.
> Gentoo Developer
>


blueness at gentoo

Nov 21, 2010, 11:30 AM

Post #4 of 8 (741 views)
Permalink
Re: Profile hardened/linux/x86 updated [In reply to]
On 11/21/2010 01:45 AM, Lypsik wrote:
> "making sure your emerge -ep system and emerge -ep world do not change"
> What does this mean exactly? Running these commands should say "Total:
> 0 packages, Size of downloads: 0 kB"? Because on my install "emerge
> -ep system" wants to reinstall 159 and "emerge -ep world" 640
> packages.

This is expected. The point is that emerge -ep system wants to rebuild
everything in your system target, and emerge -ep world wants to rebuild
everything in your world target. I'm not suggesting that you actually
do so, hence the -p (pretend). What I'm saying is that these lists
should not change BEFORE and AFTER the profile change. If they do, then
I made some mistake. I tested on my test systems, but since there are
so many possible combinations of USE flags and packages, I thought I'd
get community feedback too.

What you should have seen for emerge -ep system is something like this


blueness [at] yellownes ~ $ emerge -ep system

These are the packages that would be merged, in order:

Calculating dependencies... done!
[ebuild R ] sys-libs/zlib-1.2.3-r1
[ebuild R ] virtual/libintl-0
[ebuild R ] dev-libs/expat-2.0.1-r3
[ebuild R ] sys-devel/gnuconfig-20100403
[ebuild R ] virtual/libiconv-0
[ebuild R ] app-arch/bzip2-1.0.6
[ebuild R ] dev-libs/gmp-4.3.2
[ebuild R ] media-libs/jpeg-8b
[ebuild R ] app-misc/pax-utils-0.2.1
...


all just a bunch of R's, not U's, not UD's not NS's etc.

See man emerge for more details.


--
Anthony G. Basile, Ph.D.
Gentoo Developer


lypsik at gmail

Nov 23, 2010, 11:01 AM

Post #5 of 8 (745 views)
Permalink
Re: Profile hardened/linux/x86 updated [In reply to]
> What I'm saying is that these lists should not change BEFORE and AFTER the profile change.
OK, I understand now, but I think a step-by-step guide should have
been included (run 1, change, run2; compare output of 1&2).

>What you should have seen for emerge -ep system is something like this
> ...
> all just a bunch of R's, not U's, not UD's not NS's etc.
All R-s, so I think everything works.


franxisco1988 at gmail

Nov 23, 2010, 1:01 PM

Post #6 of 8 (735 views)
Permalink
Re: Profile hardened/linux/x86 updated [In reply to]
El 23/11/10 20:01, Lypsik escribió:
>> What I'm saying is that these lists should not change BEFORE and AFTER the profile change.
> OK, I understand now, but I think a step-by-step guide should have
> been included (run 1, change, run2; compare output of 1&2).
>
>> What you should have seen for emerge -ep system is something like this
>> ...
>> all just a bunch of R's, not U's, not UD's not NS's etc.
And no use flags changed :P If I recall correctly that's use* and -use* ;)

As a fast guide:

$ emerge -evp system > /root/system1
$ emerge -evp world > /root/world1
$ eselect profile list
$ eselect profile set x
#x is the number corresponding to hardened ;)
$ emerge -evp system > /root/system2
$ diff /root/system1 /root/system2
#They shouldn't change except on the "Calculating dependencies ....... done!" line (with a different number of dots)
$ diff /root/world1 /root/world2
#They shouldn't change except on the "Calculating dependencies ....... done!" line (with a different number of dots)
#Finally to make sure:
$ emerge -va1uDN world
#Shouldn't need to upgrade, downgrade rebuild any package.
#Finally to clean up
$ rm /root/{system,world}{1,2}

Hope that helps ;)
Attachments: signature.asc (0.26 KB)


lypsik at gmail

Nov 24, 2010, 9:20 PM

Post #7 of 8 (725 views)
Permalink
Re: Profile hardened/linux/x86 updated [In reply to]
Thanks for the commands, I have one more x86 to switch over, and also
an amd64 coming up.

On Tue, Nov 23, 2010 at 23:01, klondike <franxisco1988 [at] gmail> wrote:
> El 23/11/10 20:01, Lypsik escribió:
> ...
> $ emerge -evp system > /root/system1
> $ emerge -evp world > /root/world1
> $ eselect profile list
> $ eselect profile set x
> #x is the number corresponding to hardened ;)
> $ emerge -evp system > /root/system2
> $ diff /root/system1 /root/system2
> #They shouldn't change except on the "Calculating dependencies  ....... done!" line (with a different number of dots)
> $ diff /root/world1 /root/world2
> #They shouldn't change except on the "Calculating dependencies  ....... done!" line (with a different number of dots)
> #Finally to make sure:
> $ emerge -va1uDN world
> #Shouldn't need to upgrade, downgrade rebuild any package.
> #Finally to clean up
> $ rm /root/{system,world}{1,2}
>
> Hope that helps ;)
>
>


lypsik at gmail

Nov 28, 2010, 5:56 AM

Post #8 of 8 (699 views)
Permalink
Re: Profile hardened/linux/x86 updated [In reply to]
Updating the profile on the other x86 and on the amd64 succeeded
without any problems.

On Thu, Nov 25, 2010 at 07:20, Lypsik <lypsik [at] gmail> wrote:
> Thanks for the commands, I have one more x86 to switch over, and also
> an amd64 coming up.

Gentoo hardened RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.