'Re: [gentoo-embedded] hardened uclibc gentoo stages'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gentoo-embedded
Subject:    Re: [gentoo-embedded] hardened uclibc gentoo stages
From:       Natanael Copa <mlists () tanael ! org>
Date:       2004-08-24 9:22:39
Message-ID: 20040824112239.080f627f.mlists () tanael ! org
[Download RAW message or body]

On Mon, 23 Aug 2004 01:32:20 -0400
Ned Ludd <solar@gentoo.org> wrote:

> On Sat, 2004-08-21 at 03:12, Natanael Copa wrote:
> > I think I finally got some time to continue with my uclibc gentoo
> > project.
> > 
> > As I understood it, its easiest to strat from scratch when using
> > hardened. Is there any place I can get uclibc hardened stages to get
> > started?
> 
> The first generation stages were hardened ones.

I got a script from Anders Eriksson, that I modified a bit (it is
attatched) but no success.

> http://oc12.net/~solar/uclibc/gentoo/x86/packages
> Lots of fixes have happened from this time.

I tried the
http://dev.gentoo.org/%7evapier/uclibc/stage3-x86-uclibc.tar.bz2 and
then installing your hardened gcc from
http://oc12.net/~solar/uclibc/gentoo/x86/packages

gcc segfaulted when trying to emerge uclibc.

So, I guess I have to either give up hardened for now or I'll try
http://dev.gentoo.org/%7evapier/uclibc/uclibc.txt

I'm wondering if it might be worth running non-hardened and then just
compile some applications with ssp - like network daemons etc. But it
would surely be nice with a "pure" hardened uclibc gentoo.

-- 
Natanael Copa

["ucgentoo.sh" (application/x-shellscript)]

#!/bin/bash

SOURCES="/usr/portage/distfiles"
TARGET=`pwd`/proj/alpine

#STAGE1_URL="http://dev.gentoo.org/%7evapier/uclibc/stage1-x86-uclibc.tar.bz2"
STAGE1_URL="http://oc12.net/~solar/uclibc/gentoo/x86/stage1-uclibc-20040701.tar.bz2"
STAGE1=`basename $STAGE1_URL`

echo "cleaning up old $TARGET"
umount $TARGET/usr/portage 2>/dev/null
umount $TARGET/proc 2>/dev/null
[ -d $TARGET ] && rm -rf $TARGET
mkdir -p $TARGET

echo "Fetching $STAGE1_URL"
if ! [ -f "$SOURCES/$STAGE1" ] ; then
    (
    cd $SOURCES
    wget -c $STAGE1_URL
    )
else
    echo "already fetched"
fi

echo "Unpacking stage..."
tar -C $TARGET -xjf $SOURCES/$STAGE1
mkdir $TARGET/usr/portage
mount --bind /usr/portage $TARGET/usr/portage
mkdir -pf $TARGET/var/cache/distfiles
#mount --bind /var/cache/distfiles $TARGET/var/cache/distfiles
mount -t proc proc $TARGET/proc/


cp /etc/resolv.conf $TARGET/etc/
mkdir -p $TARGET/portage
echo ">=dev-lang/python-2.3.3-r1" >> $TARGET/portage/package.mask

# create the make.conf stuff
cat > $TARGET/etc/make.conf <<EOF
# These settings were set by the catalyst build script that automatically built this stage
# Please consult /etc/make.conf.example for a more detailed example
CFLAGS="-Os -pipe -march=i386 -fomit-frame-pointer"
CHOST="i386-pc-linux-uclibc"
CXXFLAGS="-Os -pipe -march=i386 -fomit-frame-pointer"
DISTDIR=/var/cache/distfiles
USE="crypt gdbm hardened hostap-noplx justify multicall ncurses pcmcia 
pic pie png readline snmp uclibc x86 zlib"
FEATURES="autoaddcvs autoconfig buildpkg ccache nodoc noinfo noman
sandbox sfperms strict"
ACCEPT_KEYWORDS="~x86"

EOF

#grab the mirrors from local config
grep ^GENTOO_MIRRORS /etc/make.conf >> $TARGET/make.conf

# copy the wegetrc, in case of proxy
mkdir -p $TARGET/etc/wget
cp /etc/wget/wgetrc $TARGET/etc/wget/
cp /etc/wget/wgetrc $TARGET

#Prepare the bootstrap scrip to be executed in the new env

cat > $TARGET/bootstrap <<EOF
#!/bin/bash

echo "In chroot..."
env-update
cd /usr/portage
#ACCEPT_KEYWORDS="~x86" 
scripts/bootstrap-cascade.sh

#ugly hack to keep the proxy settings
mkdir -p /etc/wget
mv /wgetrc /etc/wgetrc

#emerge flex
ACCEPT_KEYWORDS="~x86" USE="-* hardened build bootstrap uclibc" emerge system

EOF
chmod +x $TARGET/bootstrap
#Jumping into the new environment

chroot $TARGET /bootstrap




--
gentoo-embedded@gentoo.org mailing list

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic