On Saturday 10 September 2005 14:45, Edward Catmur wrote:
> On Sat, 2005-09-10 at 14:29 -0500, John Jolet wrote:
> > We're in the process of transitioning from 32-bit Redhat (7 I think)
> > web/app servers to 64-bit gentoo web/app servers. One concern I've got
> > is from a security standpoint, normally you don't deploy webservers with
> > development tools on them. How do you guys handle this question with
> > internet-facing production servers?
> >
> > One thought I had was to set up a build server, build the binaries on
> > this server, and do an emerge of the binaries FROM this server to the
> > production servers, with gcc and such removed from them. Will this work?
>
> Yes.
>
> >From emerge(1):
>
> --buildpkg (-b)
> Tells emerge to build binary packages for all ebuilds processed
> in addition to actually merging the packages. Useful for main-
> tainers or if you administrate multiple Gentoo Linux systems
> (build once, emerge tbz2s everywhere). The package will be cre-
> ated in the ${PKGDIR}/All directory. An alternative for
> already-merged packages is to use quickpkg which creates a tbz2
> from the live filesystem.
>
> I would recommend building packages on a build server with --buildpkg,
> installing them on a testing server, and once tested re-packaging them
> with quickpkg on the testing server to install on the production
> servers. (The advantage of quickpkg is it picks up changes to
> configuration files.) Of course, you could combine the build and testing
> servers onto one machine.
>
> HTH.
Thanks.
--
John Jolet
Your On-Demand IT Department
512-762-0729
www.jolet.net
[EMAIL PROTECTED]
--
[email protected] mailing list
