On 06/29/11 07:19, Anthony G. Basile wrote: [snip]
> > The safest approach in either switching or recompiling everything > is: > > 1. Make the profile is set "eselect profile list" and pick your > hardened box. Careful on amd64 about changing multilib/nomultilib. > Stick with your mutilib-edness (if such a word exists :) > > 2. Rebuild the tool chain: emerge binutils glibc gcc > > 3. Rebuild system: emerge --keep-going -eq system (note anything > that fails you might want to file a bug) > > 4. Rebuild world: emerge --keep-going -eq world (again not any > failures, shouldn't happen else we're not doing our job) > > system vs world = system is just the bare minimum packages that any > box running that profile needs. world = system + what you've added. > You can skip step 3, but there might be a chance of mixing > unhardened/hardened stuff if you do, but I'm not 100% sure. > Thank You! 1. Is there some way this clear, succinct list could get into the hardened documentation? 2. At this point, the 'clearest' way to build a hardened box from scratch seems to go a few steps into the Gentoo handbook, then migrate using the steps above. Not ideal, but until the documentation can be refined, how about either putting these steps into the handbook, or alternatively a reference *in the handbook* to wherever you find a home for these steps (e.g. QandA). IIRC, there is nowhere a reference to "hardened" in the Gentoo Handbook.
