I've now finished the second stage of my "tuning" experiments, and the results are at http://www.linuxfromscratch.org/~ken/tuning/
As always, projects have scope creep and things don't turn out as expected. Specifically, I've been looking at "cheap hardening" which are flags/defines to do some hardening with (hopefully) only a low runtime cost. The current files are: README.txt - a continuing summary tuning-1-packages-and notes.txt - the packages I build, and what I did to get them to build with my CFLAGS/CXXFLAGS. I've updated the references to the notes for things I've changed/added. tuning-2-cheap-hardening.txt - More details about what I did, comments on how my build (and run) times varied a lot more than I had expected - to the extent that I do not think they are particularly useful, and notes on a few packages where I had issues. tuning-notes-2.txt - the revised notes, these replace the -1 verison. desktop-runtime-comparisons.ods - a LO spreadsheet, with run times for repeated runs of a few simple and quick scripts or compiles. My conclusion is that I will now be using ALL of the following (at least in compiled packages where I have made sure they are really being used, there are other server and 'occasional' packages that I have not looked at : -D_FORTIFY_SOURCE=2 -fstack-protector-strong -D_GLIBCXX_ASSERT (the latter only for C++, it affects libstdc++ functions. I've noted the few exceptions in "tuning-2...", together with the one package (texinfo) where forcing -D_FORTIFY_SOURCE=2 has accidentally NOT been tested, and why. My current estimate is that most things may take 2% or less longer, but there are outliers.including some of the compiles or testsuites. For a desktop system on a modern machine, I think this is worth it (it's what fedora and RH do, and I think Arch and recent debian). But for a public-facing server it is probably insufficient. ĸen -- Before the universe began, there was a sound. It went: "One, two, ONE, two, three, four" [...] The cataclysmic power chord that followed was the creation of time and space and matter and it does Not Fade Away. - wiki.lspace.org/mediawiki/Music_With_Rocks_In -- http://lists.linuxfromscratch.org/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
