I have a smiliar setup and while I don't claim to understand exactly how the entire thing works, my understanding of how it works is that the hardened profile doesn't affect all packages per se, it just flags the toolchain (gcc, binutils, glibc) so that the toolchain will generate hardened code. Every package built after the toolchain is hardened will have the hardening included by default.
-Drew -- [email protected] mailing list
