How long until hardened and toolchain will produce a hardene

[zorry]

[7v5w7go9ub0o]

[kernelOfTruth]

[7v5w7go9ub0o]

?? 7v5w7go9ub0o, does that mean everything works for you including
?? self-compiled firefox, gnome, kde4 / qt4-apps, nvidia-settings ?

Yes on self-compiled firefox, yes on QT4 vidalia, nvidia-settings. I don't use kde/gnome, yes on LXDE

?? <-- of course all of that is compiled with fPIE / the full hardened compiler specs

Well, I presume so. I used this as my install guide: https://forums.gentoo.org/viewtopic-t-705939.html . running gcc -dumpspecs gives me, among other things:

*link_ssp:
%{fstack-protector:}
*asm_pie:
%{pie:-K PIC}
*cc1_ssp:
*cc1_ssp_all:
*cc1_pie:
%{pie:-fPIE}
*cc1_strict:
*link_now:
*link_pie:
%{pie:-pie}

How do I check that I have the full hardened config?


?? WOW ! Thanks

?? so the only downside is that you can't compile / emerge the nvidia-driver via portage ?

yep; and that the script is picky - sometimes it proclaims that it can't identify the kernel source code

?? oh and as a proof - please post output of the mentioned script in while nvidia-settings is running:
https://forums.gentoo.org/viewtopic-p-5795768.html#5795768

[7v5w7go9ub0o]

Hmmmmm don't know if this is worth the forum space or not; for anyone following this thread, I do NOT use genkernel. The first time I compile a new kernel I run "make", and then "make modules_install" so as to create a directory structure in /lib/modules for NV to install its lkm.

After doing a one-time "make modules-install", I subsequently do only a make, then copy the bzImage to /boot, and then lilo (BTW, lilo works fine on hardened AMD64). FWICT, make modules_install will delete any earlier lkm, and you gotta run the NV script again.

HTH

.

[radegand]

Hi all,
I've just rebuild my kde 4.2.4 and I'm having some issues with 'kwin'. PAX is killing it due to an execution attempt and I need to disable mprotect on the binary. This affects only my x86 and not amd64 box...is anyone experiencing similar issue? I'm using the nouveau drivers from the X11 overlay.

Zorry, could you please update the ebuild for openoffice-3.1.0 in the overlay? The most up to date version in portage is 3.1.0 and with the same changes in the ebuild as previously, it compiles fine with all the hardened goodies! Happy days!

[zorry]

[radegand]

Thanks zorry!

With regards to my kwin bug - it was (is) bug in mesa and good old libGL.

[zorry]

GCC 4.4.1-r1 is in the testing branch
_________________
gcc version 6.1.0 (Gentoo Hardened 6.1.0 p1.1)

[radegand]

[zorry]

[radegand]

[zorry]

GCC 4.4.1 updeted with new espf 0.3.2 and GCC 4.3.4 is in the testing branch.
Have added support for uclibc too.
Will move GCC 4.4.1 and 4.3.4 to master branch after this week.
_________________
gcc version 6.1.0 (Gentoo Hardened 6.1.0 p1.1)

[costel78]

These are great news!
Thank you very much (all unofficial gentoo hardened team) for your hard work.
_________________
Sorry for my English. I'm still learning this language.

[kernelOfTruth]

[7v5w7go9ub0o]

[zorry]

[zorry]

[Herring42]

Could you please give me a pointer to the current hardened overlay. Cheers.
_________________
"The problem with quotes on the internet is that it is difficult
to determine whether or not they are genuine." -- Abraham Lincoln

[radegand]

[radegand]

[7v5w7go9ub0o]

[zorry]

GCC 4.4.1 and GCC 4.3.4 is in the master branch now
Have remove all old GCC in the master branch.
Will add GCC 4.5 to the testing branch later.
Glibc have all the patches from sys-libs/glibc-2.10.1 glibc-2.5-hardened-configure-picdefault.patch fails on hardened
We have added uclibc support to but you need uclibc 0.9.30.1
HAPPY TESTING
_________________
gcc version 6.1.0 (Gentoo Hardened 6.1.0 p1.1)

[likewhoa]

[zorry]

NEWS
We have moved the overlay to overlays.gentoo.org
overlays / proj/hardened-development.git / summary
git clone git://git.overlays.gentoo.org/proj/hardened-development.git
I hope more work can be done.
_________________
gcc version 6.1.0 (Gentoo Hardened 6.1.0 p1.1)