Hello,

I'm pretty certain that switching to the hardened profile won't cause any slot 
conflicts, it pretty much just enables some compiler flags ( PIE ( it's enabled 
in not-hardened profiles since 6.3.0 too iirc ) , stack hardening, fortify 
source, RELRO ) and hardening flags on a few packages ( e.g. glibc ). Please 
try it again, maybe the output of emerge --info and the output of your world 
emerge ( or just the error message , both as pastebin or something ).

I'm not quite sure if I understand the second part correctly, but I guess you 
want to compile packages on your workstation for that smaller box? In that case 
it doesn't matter which kernel your host uses, just make sure to choose the 
correct -march value. You don't have to run the hardened kernel for the 
hardened profile to work ( although it greatly enhances it - but maybe not for 
long since GRSEC stopped publishing their patches ).

Regards,
Rasmus

-------- Original Message --------
On 19 Jul 2017, 17:13, Peter Humphrey wrote:

> Hello list,
>
> The recent discussion of hardening Gentoo prompted me to have a go at
> hardening this workstation. I followed the wiki[1] but when I got to emerge
> -e world I got scores of slot conflicts, maybe hundreds. So I backed off and
> restored the original system.
>
> Now I'm tackling a smaller box, following the same wiki, for which this
> machine is a compile host with a chroot containing the client's NFS-exported
> $PORTDIR. I have a question.
>
> The chroot and everything in it uses the host's kernel, which is not
> hardened. If I emerge -e world in the chroot, can I then use the resulting
> packages to install on the client? I suspect there will be subtle differences
> (or not so subtle) that prevent me from doing this.
>
> That would be a pity, because recompiling everything on the client, a quad-
> core Celeron N3150 at 1.8GHz, is likely to take a day or two.
>
> [1] https://wiki.gentoo.org/wiki/Hardened_Gentoo
>
> --
> Regards
> Peter

Reply via email to