Again, grab yourself a copy if you need them, at some point next week (probably on Friday), I’m simply gonna rm -rf them.

• 3WARE 9550SXU-8LP (that’s 399,00€) plus riser card
• VIA EPIA EK 8000EG (that’s 201,69€)
• Kingston ValueRAM DIMM 1 GB DDR-400 (that’s 57,00€)
• 4x Seagate ST31000340NS (that’s 279,00€ each – making a subtotal of 1.116,00€)

So after browsing some more for a replacement for my current fileserver, I’d like to share the latest stages with you people. Thanks to Mike (who mentioned that binutils-2.18* already does the LDFLAGS=”-Wl,-z,relro” part) I replaced it with “-Wl,-O1″. Same old place, there’s fresh stages … (and thanks again to Mike, with working util-linux-2.13-r2).

I also tried getting a Gentoo/Hardened stage for PowerPC working, but that fails as due to >glibc-2.3 needing =gcc-4*. Though luck ….

Oh, yeah. If anyone is looking for the specs, they are in my overlay.

I haven’t really tested them yet, but for what it’s worth, you’ll find stages based on Saturday’s snapshot (that is 200780105 for those not smart enough to take a look at the calendar) here for the following profiles:

• uclibc/ppc (normal/-softfloat)
• uclibc/ppc/hardened
• uclibc/x86
• uclibc/x86/hardened
• hardened/amd64
• hardened/amd64/nomultilib
• hardened/x86/2.6 (x86/i686)

Now remember, this isn’t *official* release material. This is just *MY* effort (for now) to provide current stages.

And just a side-note for those brewing their own (uClibc) soup: if you remerge system/world, you’ll have to keyword =sys-libs/uclibc.0.9.28.3-r2. Otherwise you’ll stumble on bug 195368, which is fixed thanks to solar, just not marked stable yet.

1. Christel, you have been a gracious and honest person, thanks for all the advice and help in the last year
2. Chrissy, thanks for the inspiring words, you really made/make me feel better
3. Alec (antarus), you’ve been a real friend and to say it with your own words “It sucks to be you”; to phrase it differently, I’m really going to miss you
4. Bryan, thanks for all the help, thanks for all the fun at FOSDEM (and after FOSDEM, hah)
5. Ned, Alexander (pappy); you’ve both been an inspiration, thanks for letting me work on hardened foo; it has been real fun
6. Mike (vapier), thanks for being a smart ass and inspiration at the same time
7. Chris, thanks for the inspiration and for being a sarcastic person
8. Andrew, thanks for trying to make a fun out of me and thanks for warning me of Chris’s sarcasm

Apparently, grub segfaults at boot and/or while running it from the chroot in the exact same spot, the new QA warnings complain about ..

* QA Notice: Package has poor programming practices which may compile
*            fine but exhibit random runtime failures.
* char_io.c:181: warning: dereferencing type-punned pointer will break strict-aliasing rules
char_io.c:222: warning: dereferencing type-punned pointer will break strict-aliasing rules
builtins.c:4862: warning: dereferencing type-punned pointer will break strict-aliasing rules
disk_io.c:1027: warning: dereferencing type-punned pointer will break strict-aliasing rules
disk_io.c:1057: warning: dereferencing type-punned pointer will break strict-aliasing rules
tparm.c:719: warning: dereferencing type-punned pointer will break strict-aliasing rules
char_io.c:181: warning: dereferencing type-punned pointer will break strict-aliasing rules
char_io.c:222: warning: dereferencing type-punned pointer will break strict-aliasing rules
builtins.c:4862: warning: dereferencing type-punned pointer will break strict-aliasing rules
disk_io.c:1027: warning: dereferencing type-punned pointer will break strict-aliasing rules
disk_io.c:1057: warning: dereferencing type-punned pointer will break strict-aliasing rules
tparm.c:719: warning: dereferencing type-punned pointer will break strict-aliasing rules
char_io.c:181: warning: dereferencing type-punned pointer will break strict-aliasing rules
char_io.c:181: warning: dereferencing type-punned pointer will break strict-aliasing rules
char_io.c:181: warning: dereferencing type-punned pointer will break strict-aliasing rules
char_io.c:181: warning: dereferencing type-punned pointer will break strict-aliasing rules
char_io.c:181: warning: dereferencing type-punned pointer will break strict-aliasing rules
char_io.c:181: warning: dereferencing type-punned pointer will break strict-aliasing rules
char_io.c:181: warning: dereferencing type-punned pointer will break strict-aliasing rules
char_io.c:181: warning: dereferencing type-punned pointer will break strict-aliasing rules
char_io.c:181: warning: dereferencing type-punned pointer will break strict-aliasing rules
char_io.c:181: warning: dereferencing type-punned pointer will break strict-aliasing rules

So, I unpacked the libc and grub debug files, to get a clue where it’s failing and fed the program execution into gdb and viola:

GNU gdb 6.3
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i686-pc-linux-gnu"...Using host libthread_db library "/lib/tls/libthread_db.so.1".
(gdb) run
Starting program: /sbin/grub --no-floppy

Program received signal SIGSEGV, Segmentation fault.
grub_putstr (str=0xa1660489) at char_io.c:174
in char_io.c
(gdb) quit
The program is running.  Exit anyway? (y or n)

I’m not yet sure if it really is the same spot, but I’ll let Kevin have a shot at it …

$ ls -AGg 2.6.18
-rw-r--r-- 1   1593 Jan 25 23:25 1500_cvs-2007-1000.patch
-rw-r--r-- 1    797 Jan 25 23:25 4000_deprecate-sk98lin.patch
-rw-r--r-- 1  32192 Jan 25 23:25 4105_dm-bbr.patch
-rw-r--r-- 1 125781 Jan 25 23:25 4300_squashfs-3.1.patch
-rw-r--r-- 1   5710 Jan 25 23:25 4405_alpha-sysctl-uac.patch
-rw-r--r-- 1 864955 Jan 25 23:25 4450_grsec-2.1.9-2.6.18.6-200611100917.patch
-rw-r--r-- 1    910 Jan 25 23:25 4451_grsec-2.1.9-2.6.18.2-mute-warnings.patch
-rw-r--r-- 1   1034 Jan 25 23:25 4452_selinux-avc_audit-log-curr_ip-grsec.patch
-rw-r--r-- 1   2097 Jan 25 23:25 4453_pax_curr_ip-fixes.patch

So far all patches are applying fine and according to Alexander it even works on his workstation. But I’ll wait for Steve/Ned to get back to me telling me if this release works for them or not (as they had serious issues with their hardened desktops – something about the cursor being stuck in the corners).

You may also ask, what for is this mute-warning patch. Basically the new grsecurity patch increased the kernel’s verbosity while running make about two times . Thus we decided to revert the warnings to the ones used in vanilla (that’s via CFLAGS).