On Mon, Jul 2, 2012 at 5:32 PM, Anthony G. Basile <[email protected]> wrote: > On 07/02/2012 01:48 PM, Mitch Harder wrote: >> >> This message applies only to Sabayon 9 users who are migrating their >> system to portage. Entropy users should be unaffected. >> >> The final version of Sabayon 9 (all versions) omits the file >> /etc/portage/profile/use.mask which should contain a single entry: >> "-hardened". >> >> This has a curious impact when you go to build our Sabayon split gcc. >> It will allow you to build sys-devel/base-gcc with "hardened" and >> sys-devel/gcc with "-hardened". >> >> This shouldn't happen since the split gcc ebuilds contain DEPENDS to >> insure that both sys-devel/base-gcc and sys-devel/gcc contain the same >> USE flags (I've tested them on the other USE flags, and it works >> fine). >> >> But the global /usr/portage/profiles/default/linux/package.use.mask >> file contains: sys-devel/gcc hardened >> >> And we have in our >> /etc/portage/package.use/00-sabayon.package.use/00-sabayon.package.use: >> >> # Enable hardened USE flags >> sys-devel/base-gcc hardened >> sys-devel/gcc hardened >> >> Apparently the global USE flag masking will over-ride package USE flag >> DEPENDS. >> > This also has the effect of removing the hardening patches from glibc > resulting in badness for at least ssp. Is there a particular image that I > should test I'd like to see what you guys have done. >
I would recommend the CoreCDX version for examining our hardening as implemented in Sabayon 9. It only has Fluxbox, but it avoids the interdependencies that accompany our more full-featured Desktop releases. So CoreCDX is the easiest to switch to portage usage. Of course, any other version that strikes your fancy is fine also.
