You should be able to just install a generic gentoo if necessary, then
change the profile over, change make.conf CFLAGS and 'emerge -e world'
(possibly twice to get all the software rebuilt with the hardened
toolchain) and have it running 64bit hardened. Putting '-march=athlon64
-msse3' in your CFLAGS should get you what you want. Do not use -O3,
it's unstable and generally not worth it anyway.
Ed W wrote:
Javi Moreno wrote:
I've succesfully installed an AMD64+hardened. Runs
apache+postfix+postgres+courier-imap+many things.
No problems so far, u'll have to use grub-static.
Thanks.
I have run into some early problems booting the darn system! Perhaps
someone here has some cunning ideas
Basic issue is that the machine is one of the cheap hosted boxes from
1&1 internet in the UK. They pre-install one of three operating systems
and then have a really neat PXE boot into a rescue OS. So basically I
am booting into the debian 2.6kernel rescue boot system and then trying
to bootstrap the AMD64 install from there.
The big issue is that it's a 32bit install of debian and so it's quite
difficult to chroot into the 64bit stage 3 because /bin/bash is not
going to run under a 32 bit kernel...
I have spent quite a bit of time (and ultimately failed) to figure out
how to boot the CD install which has been unpacked onto a spare
partition. I reformatted the syslinux boot line to work under gentoo,
but it keeps reporting that it can't find the root filesystem.
I think for the moment I am going to stick with the 32 bit distro
because it's going to improve my options if I need the rescue boot to
recover control of the machine. However, what is the best compiler
option for 32bit on an AMD64? At first sight it would appear that I
should use "-march=pentium4" because other athlon options don't use the
SSE2? Same for the kernel architecture option?
Final question: I have a 32bit 2006.1 up and running on the machine
right now. What are the implications of just turning on the hardened
flag and running "emerge -e"? From some discussion a few days back it
seems that hardened is extremely unsupported with gcc4.1.1 right now??
Is there a hardened stage 3 refresh due imminently?
Cheers all
Ed W
--
lunaslide * * * *
* * * * * * *
We can't have lasting peace unless we work actively and vigorously
to bring about conditions of freedom and justice in the world.
* * - Harry Truman at West Point, 1952 * *
* *
* * * * * *
--
[email protected] mailing list
