On Saturday 10 September 2005 14:45, Edward Catmur wrote: > On Sat, 2005-09-10 at 14:29 -0500, John Jolet wrote: > > We're in the process of transitioning from 32-bit Redhat (7 I think) > > web/app servers to 64-bit gentoo web/app servers. One concern I've got > > is from a security standpoint, normally you don't deploy webservers with > > development tools on them. How do you guys handle this question with > > internet-facing production servers? > > > > One thought I had was to set up a build server, build the binaries on > > this server, and do an emerge of the binaries FROM this server to the > > production servers, with gcc and such removed from them. Will this work? > > Yes. > > >From emerge(1): > > --buildpkg (-b) > Tells emerge to build binary packages for all ebuilds processed > in addition to actually merging the packages. Useful for main- > tainers or if you administrate multiple Gentoo Linux systems > (build once, emerge tbz2s everywhere). The package will be cre- > ated in the ${PKGDIR}/All directory. An alternative for > already-merged packages is to use quickpkg which creates a tbz2 > from the live filesystem. > > I would recommend building packages on a build server with --buildpkg, > installing them on a testing server, and once tested re-packaging them > with quickpkg on the testing server to install on the production > servers. (The advantage of quickpkg is it picks up changes to > configuration files.) Of course, you could combine the build and testing > servers onto one machine. > > HTH. Thanks. -- John Jolet Your On-Demand IT Department 512-762-0729 www.jolet.net [EMAIL PROTECTED] -- gentoo-user@gentoo.org mailing list