'Re: [gentoo-hardened] error building glibc on amd64'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gentoo-hardened
Subject:    Re: [gentoo-hardened] error building glibc on amd64
From:       Marcel Meyer <meyerm () fs ! tum ! de>
Date:       2007-12-15 2:55:08
Message-ID: 200712150355.18436.meyerm () fs ! tum ! de
[Download RAW message or body]

Hi Brant,

thank you for answering.

Am Freitag, 14. Dezember 2007 schrieb brant williams:
> The USE flags for "hardened" and "nls" appear now to be turned off
> somewhere (and have been disabled since the last time you compiled gcc --
> note the asterisk after the flags).
That's correct. I started my USE-variable in "make.conf" with a "-*" to get 
a minimal system and only added flags I intended to use. I did _not_ 
add "nls" since I didn't intent to use any other language and left 
out "hardened" and "pic" too, since I assumed they would be "added by the 
profile" no matter what I add into make.conf. Just as with "multilib" - or 
do I need it...?


> Can you paste the output of `emerge --info`?
Hehe, you didn't read until the end ;-). I cite the output from last time 
again below for reference.


> Also, what steps have you taken so far?  You said that you just chrooted
> into this system; are you just now doing this from the install disc?
Correct, editing the usual files from the live cd bash, chrooting, syncing 
and then the update world. That was all.


> You might want to compile a kernel and make sure the box will boot without
> the install disc before emerging other packages or changing the profile.
Thank you for your suggestion. But I now tried it again _with_ hardened 
added to my USE-flags (after you explicitly mentioned it above) and 
retried. This time it worked as intented...

Below you will find the "make.conf" and "emerge --info" output which 
_didn't_ work. The only relevant difference seems to be the addition of 
the "hardened" USE-flag. I added "pic" too to be sure... So my working 
setup (at least until now ;-) ) is the same as below only with these two 
flags added. I guess I will start an emerge -e world to be safe.


Can someone please explain what USE/C/CXX flags or other variables 
should/must be set on a hardened system when using the hardened profile? 
Obviously "hardened" is one of them ;-). What about "multilib"?

Thanks!
Marcel


> > $ emerge --info
> > emerge --info
> > Portage 2.1.3.19 (hardened/amd64/multilib, gcc-3.4.6, glibc-2.3.6-r5,
> > 2.6.19-gentoo-r5 x86_64)
> > =================================================================
> > System uname: 2.6.19-gentoo-r5 x86_64 AMD Opteron(tm) Processor 850
> > Timestamp of tree: Fri, 14 Dec 2007 14:16:01 +0000
> > app-shells/bash:     3.2_p17
> > dev-lang/python:     2.4.4-r6
> > dev-python/pycrypto: 2.0.1-r6
> > sys-apps/baselayout: 1.12.9
> > sys-apps/sandbox:    1.2.18.1-r2
> > sys-devel/autoconf:  2.61-r1
> > sys-devel/automake:  1.10
> > sys-devel/binutils:  2.18-r1
> > sys-devel/gcc-config: 1.3.16
> > sys-devel/libtool:   1.5.24
> > virtual/os-headers:  2.6.22-r2
> > ACCEPT_KEYWORDS="amd64"
> > CBUILD="x86_64-pc-linux-gnu"
> > CFLAGS="-march=k8 -O2 -pipe -fforce-addr"
> > CHOST="x86_64-pc-linux-gnu"
> > CONFIG_PROTECT="/etc"
> > CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/splash /etc/terminfo"
> > CXXFLAGS="-march=k8 -O2 -pipe -fforce-addr"
> > DISTDIR="/usr/portage/distfiles"
> > FEATURES="autoconfig distlocks metadata-transfer parallel-fetch sandbox
> > sfperms strict unmerge-orphans userfetch"
> > GENTOO_MIRRORS="ftp://sunsite.informatik.rwth-aachen.de/pub/Linux/gento
> >o/ http://distfiles.gentoo.org
> > http://www.ibiblio.org/pub/Linux/distributions/gentoo"
> > MAKEOPTS="-j5"
> > PKGDIR="/usr/portage/packages"
> > PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times
> > --compress --force --whole-file --delete --delete-after --stats
> > --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages
> > --filter=H_**/files/digest-*" PORTAGE_TMPDIR="/var/tmp"
> > PORTDIR="/usr/portage"
> > PORTDIR_OVERLAY="/usr/local/portage"
> > SYNC="rsync://rsync.de.gentoo.org/gentoo-portage"
> > USE="amd64 bash-completion berkdb caps crypt memlimit ncurses nptl pam
> > readline skey snmp ssl unicode vim-syntax xattr xinetd zlib"
> > ELIBC="glibc" INPUT_DEVICES="mouse keyboard" KERNEL="linux"
> > USERLAND="GNU"
> > Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG,
> > LC_ALL, LDFLAGS, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS,
> > PORTAGE_RSYNC_EXTRA_OPTS
> >
> > $ cat /etc/make.conf
> > USE="-* \
> >     bash-completion berkdb \
> >     caps crypt \
> >     memlimit \
> >     ncurses nptl \
> >     pam \
> >     readline \
> >     skey snmp ssl \
> >     unicode \
> >     vim-syntax \
> >     xattr xinetd \
> >     zlib \
> >    "
> >
> > CHOST="x86_64-pc-linux-gnu"
> >
> > CFLAGS="-march=k8 -O2 -pipe -fforce-addr"
> > CXXFLAGS="${CFLAGS}"
> >
> > # ACCEPT_KEYWORDS="~amd64"
> >
> > PORT_LOGDIR="/var/log/portage"
> > PORT_ENOTICE_DIR="/var/log/portage/enotice"
> > PORTDIR_OVERLAY="/usr/local/portage"
> >
> > GENTOO_MIRRORS="ftp://sunsite.informatik.rwth-aachen.de/pub/Linux/gento
> >o/ http://distfiles.gentoo.org
> > http://www.ibiblio.org/pub/Linux/distributions/gentoo"
> >
> > SYNC="rsync://rsync.de.gentoo.org/gentoo-portage"
> >
> > MAKEOPTS="-j5"
> >
> > FEATURES="parallel-fetch sandbox strict"
> >
> > PORTAGE_NICENESS="5"
> > PORTAGE_TMPFS="/dev/shm"
> > PORTAGE_ELOG_CLASSES="info warn error log"
> > PORTAGE_ELOG_SYSTEM="save"
> >
> > ALSA_CARDS=""
> > ALSA_PCM_PLUGINS=""
> > APACHE2_MODULES=""
> > LCD_DEVICES=""
> > VIDEO_CARDS=""



["signature.asc" (application/pgp-signature)]
-- 
gentoo-hardened@gentoo.org mailing list


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic