On 9/12/06, James <[EMAIL PROTECTED]> wrote:
I used 2006.1 livecd to install a pII machine. It's going
to become a (minimalistic) apache2 server. I just let the
installation
set the flags for the install so I have these flags currently:
<snip>
Those look a bit excessive for a "minimalist" machine. I would start over ;-)
Some of these flag look questionable, such as the one with
underscores (kernel_linux userland_GNU) as I only found
information on them, where they are describe as 'undocumented
use flags'. What's up with these flags?
My understanding is that these are set in the profile and simply tell
portage that you are using Linux. I don't think there is any way
(short of profile hacking) to change them. So don't worry about it.
Where do I look to discern the minimal list of (necessary) system
flags that
must be kept? (I want to avoid negating any flags that are critical).
These are my proposed list of flags:
<snip>
Still a little excessive in my opinion. The approach that I would (do)
take is to put only the bare minimum use flags in make.conf and
override the rest on a per-package level in /etc/portage/package.use.
So can I just use this list, or do I have to include a -{flag} for each one?
IS there simpler syntax to globally remove unwanted flags [-*], but, not any
critical system flags? (Is this the same as just leaving the flag out
of the USE param. setting in make.conf?
-* will work but be careful it can break things if you don't know what
your doing.
Are there default system flag settings that I can safely remove?
Where is the list and how do I know which ones can be removed or negated?
My (limited) understanding of flags are that the highest priority are
those set in /etc/portage/package.use, then /etc/make.conf then
the system default flags which may be located in several locations.
Is there any docs or listing of all of these location and details
on precedence?
http://www.gentoo.org/doc/en/handbook/handbook-x86.xml?part=2&chap=2
OK, my advice to you would be to start over with a hardened profile.
While hardened is not specifically required I highly recommend it if
this is just going to be a headless server machine.
You probably want to set your machine up with a similar USE= string in make.conf
USE="-* hardened pic ncurses ssl crypt berkdb tcpd pam perl python readline"
I believe that is the bare minimum if you use -*. Now you can compile
your system and you have a blank slate to start working with. As you
start emerging packages just make sure you use the -pv flags for
emerge and check out the available use flags and add the ones you want
to /etc/portage/package.use. Here is an example of my package.use line
for apache2
net-www/apache mpm-prefork threads
This setup works smashingly for me on my production servers by YMMV.
Best of luck.
-Mike
--
________________________________
Michael E. Crute
http://mike.crute.org
I may not have gone where I intended to go, but I think I have ended
up where I intended to be. --Douglas Adams
--
gentoo-user@gentoo.org mailing list
