On 12/04/2012 04:46 PM, Kevin Chadwick wrote:
Sabayon has a hardened kernel and emerge as well as binaries.
Is it possible to reduce compilation for hardened gentoo by using
Sabayon and how close to hardened Gentoo could I get.
Pretty close, and depending on what you want to do, probably good
enough. Sabayon has been adopting hardening of the toolchain and
binaries built with it --- I've given them some advise in this regard.
I don't think they've adopted hardened-sources on their images, but its
there in emerge and they've made noise in that direction.
Having said that, what's the compile issue? It should take just as long
to build the kernel on sabayon as gentoo, all else being the same.
I am currently using arch and I am happy with the timely package
updates, however I am not happy with the move to systemd and prefer
Gentoo's position of user power to Arches upstream and dev power. This
lack of synergy with myself has surprised me as so many devs list
OpenBSD as a favourite OS. Opera failing to start with mprotect enabled
is also pushing me to migrate sooner with the final push being a panic
today in init just after freeing kernel memory by
CONFIG_GRKERNSEC_KERN_LOCKOUT introduced in either 3.2.33 or 3.2.34.
This is a serious problem for lots of people. While some Gentoo devs
did not agree with our fork of systemd, they do agree that they will not
be forced to use systemd and will continue to isolate udev out of it.
Having looked at that code --- I'm one of the forkers --- I ask myself,
how much longer before that isolation becomes a rats' nest.
I'm not sure what "gentoo" is except a group of devs who are brought
together by portage, a package delivery and build system. Other than
that, its pretty much anything. Put and -alt after it and gentoo is there.
Anyhow, you'll always find some devs here who are sympathetic to what
you want to do, and others that will think you're crazy.
Do you use stable or unstable sources and so firefox 10 or 17 and which
gets updates first?
Would you say firefox/chromium is usually available to emerge within a
couple of days of release on mozilla.org?
Get on freenode/#gentoo or #gentoo-chat and ask Anarchy (ie Jory). He
does firefox and mozilla products and he is very sympathetic to hardening.
Do you think a migration from arch will have more than a small learning
curve as my available time needs to be kept to a minimum at the
moment?
Thanks, Kc
There with great knowledge comes great freedom! <- okay that was bad!
Gentoo is harder to maintain that arch no doubt. Read the handbook,
read man portage, man emerge and man make.conf and you should be good to
go. The handbook is at
http://www.gentoo.org/doc/en/handbook/
--
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail : [email protected]
GnuPG FP : 8040 5A4D 8709 21B1 1A88 33CE 979C AF40 D045 5535
GnuPG ID : D0455535
