HLFS project scope.

robert baker robertmbaker at gmail.com
Tue May 25 16:18:33 PDT 2010


Below you will find my suggestions for the scope of the HLFS book.

What we want to provide.
- A base platform and build environment
- A platform for building hardened servers, routers, and firewalls


Work needed to reach a release candidate

- various package version bumps
- frandom update
- glibc-sanitize-env
- grub2
- fortify source by default
- test suite/sanity checks
- x86_64 and i?86 build completion
- multi-lib or pure64 or both
- if pure64 is included patches or additional seds are needed
- ssh daemon for bootable_temporary
- libcap-ng (requires python)
- completed book text

In my oppinion HLFS-1.0 should be limited in scope to just the basic
toolchain. Very few packages should be added beyond the scope of LFS.
Those packages include libcap, (if we use libcap-ng we need Python
too.) paxctl, and an ssh daemon for the bootable temporary tools. All
other work should be focused on preparing the build environment and
base install.

HLFS-2.0 should be a more aggressive target. I would like to see the
book include documentation on grsec's RBAC system. I would also like
to see a full audit of posix capabilities on the binaries included in
the base system. Some documentation on posix capabilities would also
be a nice addition. Any additional packages that we agree should be in
the book should be added for the 2.0 version.

Any thoughts/comments/additions are welcome.

RBaker



More information about the hlfs-dev mailing list