As I wrote previously, I’m going to use a virtualized environment to run my desktop machine and the Direct Connect server for the Campus Party. In this first document I’ll try to cover a hardened multilib amd64 installation using gcc-4.x from a stage 3 following the gentoo handbook.
As usual we got through chapters 1 to 4 to get a working system from a Live CD, then configure its network connection and partition its hard disks (as a side note I like to comment that I have made boot being in the same partition as the main gentoo system).
After that I downloaded the hardened multilib stage3 (remember it can be found at the hardened directory inside the stages dir) file and uncompressed it following the instructions in the handbook.
Next thing I did was installing portage and then configuring the make.conf to my likes.
After that I selected a Mirror and followed the chroot process explained at section 6.a
Next, was changing the profile to the appropiate one (hardened/amd64/multilib/) as indicated at 6.b I also added the multilib USE as it doesn’t seems to work properly with that profile (see BUG #261482). And generated the appropiate locales (es-ES in my case).
After that and following part 6 I passed to adding gcc-4* to my system before going for the kernel.
First thing you need is layman and git so start by emerging both:
# emerge -v dev-util/git app-portage/layman
Also you should configure your make.conf so it reads data from layman:
# echo “source /usr/portage/local/layman/make.conf” >> /etc/make.conf
On new versions of layman this moved so use:
# echo “source /usr/local/portage/layman/make.conf” >> /etc/make.conf
After that we added the overlay using layman:
# layman -o http://github.com/Xake/toolchain-overlay.git/xake-toolchain.xml -fa xake-toolchain
As the overlay has moved,you’d better use
# layman -kfa hardened-development
Then we add a few thing to our make.conf to solve a few problema:
# echo ‘FEATURES=”metadata-transfer”‘ >> /etc/make.conf
#echo ‘PORTAGE_ECLASS_WARNING_ENABLE=”0″ >> /etc/make.conf
And we unamsk the 4.3 version of gcc (as 4.2 is gone) and the required glibc-2.7* version we also unmask a few packages required by the toolchain to work properly:
# echo =sys-devel/gcc-4.3* >> /etc/portage/package.unmask
# echo =sys-libs/glibc-2.7* >> /etc/portage/package.unmask
# echo =sys-devel/gcc-4.3* >> /etc/portage/package.keywords
# echo =sys-libs/glibc-2.7* >> /etc/portage/package.keywords
# echo “=sys-devel/binutils-2.18-r4″ >>/etc/portage/package.keywords
# echo “=sys-boot/grub-0.97-r10″ >>/etc/portage/package.keywords
Now we build our fancy new toolchain:
# emerge gcc-config linux-headers glibc binutils gcc portage -1
And set up the system so it uses it:
# gcc-config 6
# source /etc/profile
# export PS1=”(chroot) $PS1″
So now we have a hardened install with a gcc-4.3 compiler. We could remove the old gcc version but we are keeping it just in case. Next steep is following chapter 7 (configure and compile the kernel).
After following step 7.a to set the time we got the hardened sources:
emerge hardened-sources
And then jumped to step 7.c to configure the hardened kernel where I enabled PAX and Grsec.
After that (as I didn’t use modules) I jumped to chapter 8. and followed until the end.
I’ll report on how well or bad it works as it ends compiling kde 
[offtopic]
Eh tu, que hemos abierto las inscripciones de la mlp!
a ver si nos vemos por allí
[/offtopic]
[flame]
debian rox
[/flame]
xD
Lo intentaré n0p