diff options
| author |   Kevin F. Quinn <kevquinn@gentoo.org> | 2006-12-16 12:09:40 +0000 |
|---|---|---|
| committer | Kevin F. Quinn <kevquinn@gentoo.org> | 2006-12-16 12:09:40 +0000 |
| commit | 94f0ccb2dfed2256283a39b7592086da50fc9193 (patch) | |
| tree | ee4f4e5c58830181949095a4bcc9709743261223 | |
| parent | move xorg-xserver to xorg-server (diff) | |
| download | kevquinn-94f0ccb2dfed2256283a39b7592086da50fc9193.tar.gz kevquinn-94f0ccb2dfed2256283a39b7592086da50fc9193.tar.bz2 kevquinn-94f0ccb2dfed2256283a39b7592086da50fc9193.zip | |
Updated upgrade instructions
svn path=/; revision=110
| -rw-r--r-- | hardened/toolchain.README | 49 |
1 files changed, 37 insertions, 12 deletions
diff --git a/hardened/toolchain.README b/hardened/toolchain.README index 5250a36..681ba61 100644 --- a/hardened/toolchain.README +++ b/hardened/toolchain.README @@ -4,39 +4,64 @@ Upgrade path for Hardened Gentoo users from glibc-2.3*/gcc-3* to glibc-2.4+/gcc- Note; references to "hardened", "non-hardened" etc refer to the toolchain, not the kernel. + Generic upgrade instructions ---------------------------- -1) going from non-hardened stage3 2006.1: +There are separate instructions depending on where you start. Instruction set (2) +should work in all cases, provided a vanilla compiler is set via gcc-config first. +However the most common case will be (1) - which is why it's listed first :) + + +1) HARDENED SYSTEMS with hardened gcc-3 and glibc-2.3 + Going from an existing hardened system (gcc-3.4.6 & glibc-2.3.6 hardened) + + .1) emerge --oneshot sys-libs/glibc + build the hardened version of glibc-2.4 (with the gcc-3 hardened compiler) + + .2) emerge --oneshot sys-devel/gcc + build the hardened gcc-4.1.1 with the hardened gcc-3.4.6 + + .3) emerge --oneshot sys-libs/glibc + rebuild the hardened version of glibc-2.4 (with the gcc-4 hardened compiler) + + +2) NON-HARDENED SYSTEMS with gcc-4.1.1 and glibc-2.4 (no -hardened compiler available) + Going from non-hardened stage3 2006.1: This starts from non-hardened gcc-4.1.1 and glibc-2.4 .1) Switch profile to the hardened profile + This means remaking the softlink /etc/make.conf to a hardened profile. + Do not confuse this with selecting a hardened compiler with gcc-config (which + you can't do anyway from the standard 2006.1 stage3). .2) emerge --oneshot sys-libs/glibc - Build glibc with support for both gcc-3 and gcc-4 stack protection + Build glibc with support for both gcc-3 and gcc-4 stack protectiona. .3) USE="-hardened" emerge --oneshot sys-devel/gcc Build gcc-4 non-hardened, but including split-specs so it can build - hardened later. + hardened objects later. - .4) gcc-config to the (now available) hardened variant of the compiler + .4) gcc-config to the (now available) hardened variant of the compiler. .5) emerge --oneshot sys-libs/glibc - build the hardened version of glibc-2.4 (with the gcc-4 hardened compiler) + Build the hardened version of glibc-2.4 (with the gcc-4 hardened compiler) .6) emerge --oneshot sys-devel/gcc This will build gcc itself hardened (in particular, building the static libraries PIE) -2) going from an existing hardened system (gcc-3.4.6 & glibc-2.3.6 hardened) +3) NON-HARDENED SYSTEMS with a -hardened gcc available - .1) emerge --oneshot sys-libs/glibc - build the hardened version of glibc-2.4 (with the gcc-3 hardened compiler) + .1) gcc-config to the -hardened gcc - .2) emerge --oneshot sys-devel/gcc - build the hardened gcc-4.1.1 with the hardened gcc-3.4.6 - - .3) emerge --oneshot sys-libs/glibc + .2) emerge --oneshot sys-libs/glibc + Build glibc with support for both gcc-3 and gcc-4 stack protectiona. + + .3) emerge --oneshot sys-devel/gcc + build the hardened gcc-4.1.1 with a hardened gcc + + .4) emerge --oneshot sys-libs/glibc rebuild the hardened version of glibc-2.4 (with the gcc-4 hardened compiler) |