is going away

For those of you, still using my binary packages. It’s just a waste of disk space for me (6.8G to be exact), so I decided to remove them. I’m gonna give people one week to grab yourself a copy. I’m gonna keep the bashrc and all the other stuff I wrote back when I was still interested in binary packages, but the binary packages are gonna vanish!

Again, grab yourself a copy if you need them, at some point next week (probably on Friday), I’m simply gonna rm -rf them.

EPIA fun

Well, as for replacing my current fileserver (which I seriously need to consider replacing), I’ll just pick up these things:

  • 3WARE 9550SXU-8LP (that’s 399,00€) plus riser card
  • VIA EPIA EK 8000EG (that’s 201,69€)
  • Kingston ValueRAM DIMM 1 GB DDR-400 (that’s 57,00€)
  • 4x Seagate ST31000340NS (that’s 279,00€ each – making a subtotal of 1.116,00€)

So after browsing some more for a replacement for my current fileserver, I’d like to share the latest stages with you people. Thanks to Mike (who mentioned that binutils-2.18* already does the LDFLAGS=”-Wl,-z,relro” part) I replaced it with “-Wl,-O1”. Same old place, there’s fresh stages … (and thanks again to Mike, with working util-linux-2.13-r2).

I also tried getting a Gentoo/Hardened stage for PowerPC working, but that fails as due to >glibc-2.3 needing =gcc-4*. Though luck ….

Oh, yeah. If anyone is looking for the specs, they are in my overlay.


For what it’s worth, I’ve been trying to get some stages together the last few days. Thanks to solar and Brent, the ppc-stages are now coming along quite fast.

I haven’t really tested them yet, but for what it’s worth, you’ll find stages based on Saturday’s snapshot (that is 200780105 for those not smart enough to take a look at the calendar) here for the following profiles:

  • uclibc/ppc (normal/-softfloat)
  • uclibc/ppc/hardened
  • uclibc/x86
  • uclibc/x86/hardened
  • hardened/amd64
  • hardened/amd64/nomultilib
  • hardened/x86/2.6 (x86/i686)

Now remember, this isn’t *official* release material. This is just *MY* effort (for now) to provide current stages.

And just a side-note for those brewing their own (uClibc) soup: if you remerge system/world, you’ll have to keyword =sys-libs/uclibc. Otherwise you’ll stumble on bug 195368, which is fixed thanks to solar, just not marked stable yet.

Saying thank you

As I’m way better writing stuff than saying it with my own words, here a short Thank you!

  1. Christel, you have been a gracious and honest person, thanks for all the advice and help in the last year
  2. Chrissy, thanks for the inspiring words, you really made/make me feel better
  3. Alec (antarus), you’ve been a real friend and to say it with your own words “It sucks to be you”; to phrase it differently, I’m really going to miss you
  4. Bryan, thanks for all the help, thanks for all the fun at FOSDEM (and after FOSDEM, hah)
  5. Ned, Alexander (pappy); you’ve both been an inspiration, thanks for letting me work on hardened foo; it has been real fun
  6. Mike (vapier), thanks for being a smart ass and inspiration at the same time
  7. Chris, thanks for the inspiration and for being a sarcastic person 😉
  8. Andrew, thanks for trying to make a fun out of me 😛 and thanks for warning me of Chris’s sarcasm

Gentoo/hardened and the new toolchain

OK, as some of you have noticed; I prepared my box for the new toolchain, recompiled the stuff Kevin mentioned in the exact same order wrote down in his README, and it looks like it actually works with all my stuff I have on my box; except sys-libs/grub! *sigh*

Apparently, grub segfaults at boot and/or while running it from the chroot in the exact same spot, the new QA warnings complain about ..

So, I unpacked the libc and grub debug files, to get a clue where it’s failing and fed the program execution into gdb and viola:

I’m not yet sure if it really is the same spot, but I’ll let Kevin have a shot at it …


Today (OK, it’s yesterday now, it’s again after 12:00) I had a little fun with pappy (Alexander Gabert) preparing 2.6.18 for prime time 😀

So far all patches are applying fine and according to Alexander it even works on his workstation. But I’ll wait for Steve/Ned to get back to me telling me if this release works for them or not (as they had serious issues with their hardened desktops – something about the cursor being stuck in the corners).

You may also ask, what for is this mute-warning patch. Basically the new grsecurity patch increased the kernel’s verbosity while running make about two times 😮 . Thus we decided to revert the warnings to the ones used in vanilla (that’s via CFLAGS).