stupid newbie question
japie at deserver.nl
Sat Jul 23 11:17:46 PDT 2005
Op za 23-07-2005, om 19:21 schreef Robert Connolly:
> > I added -fstack-protector-all -pie -fpie as CCFLAGS to my .bashrc so it
> > will be used every build.
> > Is this stupid?
> You don't need to add them to CFLAGS because there is a script in the book to
> add them to gcc's default flags. Also, adding -fstack-protector-all to CFLAGS
> would be a problem with glibc and adding -fpie to CFLAGS will miscompile
> every library. So, don't do that, and use the script in the book.
I'am sorry for misleading you, I ment it for usage after the hlfs build.
Since going beyond hlfs is yust starting I was hoping on an easy way for
adding those options to other packages. (and if an particilary package
would fail to remove them for that one)
At the moment I tryed some blfs stuff (with those CFLAGS) and midnight
commander is running fine, dispite that glib was also compiled with
Is that yust pure luck? (in Holland we say: luck is with the stupid ;-)
I looked for the script in the book, but I couldn't find it. (I mirrored
the cvs book localy)
> > Another thing, do I need grsecurity/pax in the kernel?
> You don't have to. You can use other patches, or vanilla, if you want. The
> grsecurity patch has a lot of nice optional features that don't reduce
> performance much, so I'm not sure why you wouldn't want to use it.
I noticed some cool things in there, particaly for chrooted things. (and
a lot more I don't understand)
It's a bit to much for me building and setting up my new server and also
looking into grsec at the same time, so I was planning on looking in
that later on.
Apart from that, it will also replace my freevo box so it will do some
heavy multimedia things and I have no clue or grsec is alowing all of
I started with a 188.8.131.52-grsec-supermount-psuedo_random kernel, but
both ivtv and nvidia failed to build so it has to wait a little.
More information about the hlfs-dev