stupid newbie question

Jaap Struyk japie at deserver.nl
Sat Jul 23 11:17:46 PDT 2005


Op za 23-07-2005, om 19:21 schreef Robert Connolly:

> > I added -fstack-protector-all -pie -fpie as CCFLAGS to my .bashrc so it
> > will be used every build.
> > Is this stupid?

> You don't need to add them to CFLAGS because there is a script in the book to 
> add them to gcc's default flags. Also, adding -fstack-protector-all to CFLAGS 
> would be a problem with glibc and adding -fpie to CFLAGS will miscompile 
> every library. So, don't do that, and use the script in the book.

I'am sorry for misleading you, I ment it for usage after the hlfs build.
Since going beyond hlfs is yust starting I was hoping on an easy way for
adding those options to other packages. (and if an particilary package
would fail to remove them for that one)
At the moment I tryed some blfs stuff (with those CFLAGS) and midnight
commander is running fine, dispite that glib was also compiled with
those options.
Is that yust pure luck? (in Holland we say: luck is with the stupid ;-)
I looked for the script in the book, but I couldn't find it. (I mirrored
the cvs book localy)

> > Another thing, do I need grsecurity/pax in the kernel?
> 
> You don't have to. You can use other patches, or vanilla, if you want. The 
> grsecurity patch has a lot of nice optional features that don't reduce 
> performance much, so I'm not sure why you wouldn't want to use it.

I noticed some cool things in there, particaly for chrooted things. (and
a lot more I don't understand)
It's a bit to much for me building and setting up my new server and also
looking into grsec at the same time, so I was planning on looking in
that later on.
Apart from that, it will also replace my freevo box so it will do some
heavy multimedia things and I have no clue or grsec is alowing all of
that.
I started with a 2.6.11.12-grsec-supermount-psuedo_random kernel, but
both ivtv and nvidia failed to build so it has to wait a little.
-- 
Groetjes Japie




More information about the hlfs-dev mailing list