Hi all, this is a general post,

I have used and installed gentoo a few times in a few different settings (ie
desktop, dial-up server with no X) and was thinking about trying a "distro"
called Linux-from-scratch; rather than the word "distro" it's more a set of
instructions for downloading and compiling a linux tool-chain, and in addition
to the standard one, there is a hardened version as well that specifically
covers security, that I'm looking into for a future server.

While I'm not a linux expert, I have setup gentoo in various stages, set up and
used other distros, compiled the kernel and other software packages MANY times,
and done a LITTLE programming myself both in school and on my own. Is this
really enough for installing linux-from-scratch, and does the process produce a
viable, usable linux that one can add new packages to without going through
dependency circles (and general craziness). And is the hardened
linux-from-scratch in the same ballpark security-wise as OpenBSD?

TIA,
~David~

~David~ wrote:

> While I'm not a linux expert, I have setup gentoo in various stages, set up and
> used other distros, compiled the kernel and other software packages MANY times,
> and done a LITTLE programming myself both in school and on my own. Is this
> really enough for installing linux-from-scratch,

Installing LFS and BLFS, as long as you can read it's all you need to know,
the instructions are straight forward and you can just "cut'n'paste" most of
the stuff from the manual to your shell prompt.


> and does the process produce a
> viable, usable linux that one can add new packages to without going through
> dependency circles (and general craziness). And is the hardened
> linux-from-scratch in the same ballpark security-wise as OpenBSD?

In BLFS you can add RPM, then you get the RPM dependency, but over that LFS
don't have any package manager, so you will need to keep track of dependencies
yourself all the time and the same for keeping the system up to date.


//Aho

In article <4bvvqkF1364sqU1@individual.net>, J.O. Aho <user@example.net> wrote:
>~David~ wrote:
>
>Installing LFS and BLFS, as long as you can read it's all you need to know,
>the instructions are straight forward and you can just "cut'n'paste" most of
>the stuff from the manual to your shell prompt.
>
Just remember, you must read carefully and do things exactly in the order
given. But when you are done, you will have a much better understanding of
how things (should) work. I recommend it to people who want to learn about
Linux/Unix.
>
> > and does the process produce a
> > viable, usable linux that one can add new packages to without going through
> > dependency circles (and general craziness). And is the hardened
> > linux-from-scratch in the same ballpark security-wise as OpenBSD?
>
My web and email servers are LFS/BLFS. I went that way after years of
frustration with various distributions. (Why does everybody seem to insist
on putting sendmail and apache files all over the place in strange
locations?) I have had less dependency problems (I won't by any means
say none though) and just less problems overall.

>In BLFS you can add RPM, then you get the RPM dependency, but over that LFS
>don't have any package manager, so you will need to keep track of dependencies
>yourself all the time and the same for keeping the system up to date.

I've tried RPM and most of the other suggested package managers that are
suggested for LFS/BLFS and decided that for the most part they do more
harm than good. Instead, I keep a database of what I've installed including
the version, the command lines used to configure and compile the programs
and any notes or dependencies I found. More or less my own WBLFS (WAY
Beyond Linux From Scratch) book. I also archive the source code packages
that I've used just in case I need or want to rebuild from the original
or use make uninstall.

I also use CERT and freshmeat to keep myself informed of vulnerabilities
and updates (but I did that anyway because way too often the distributions
lag way too far behind and I maintain customer machines that in many cases
are more vulnerable than my own)

-ray

Ray,

since this is a Gentoo newsgroup, how do see this relating to Gentoo?
Could you achieve all that you've done with LFS / BLFS or your own
"WBLFS" by simply putting a bit of time into making your own ebuilds? I
ask because, in my mind, as has been pointed out an infinite number of
times, _THE_ major strength of Gentoo is the portage system coupled
with a simple ebuild format. You gain all the benefits of LFS without
the headaches.

I agree that LFS is an excellent learning tool and, like you, recommend
it to people who've done some Linux but want to know more. However,
when they want a new desktop I pull them back and move them to Gentoo
(my jury is still out on Gentoo for servers).

I'm just curious as to your thoughts here.

In article <1147097954.046362.29610@i40g2000cwc.googlegroups. com>,
Brian D. Ropers-Huilman <brian.ropers.huilman@gmail.com> wrote:
>Ray,
>
>since this is a Gentoo newsgroup, how do see this relating to Gentoo?
>Could you achieve all that you've done with LFS / BLFS or your own
>"WBLFS" by simply putting a bit of time into making your own ebuilds? I
>ask because, in my mind, as has been pointed out an infinite number of
>times, _THE_ major strength of Gentoo is the portage system coupled
>with a simple ebuild format. You gain all the benefits of LFS without
>the headaches.
>
Actually I use both Gentoo and my scratch built systems. And at one
point I tried doing my own ebuilds. I ended up putting more time and
effort in it than I do with my own from scratch systems.

>I agree that LFS is an excellent learning tool and, like you, recommend
>it to people who've done some Linux but want to know more. However,
>when they want a new desktop I pull them back and move them to Gentoo
>(my jury is still out on Gentoo for servers).
>
>I'm just curious as to your thoughts here.
>
My experience with Gentoo for servers is that it puts too many things
in non-standard places. And no matter what I do, it installs way too
many things that I don't want. Maybe I just want my servers to look more
like a "traditional" Unix system.

-ray

> I've tried RPM and most of the other suggested package managers that are
> suggested for LFS/BLFS and decided that for the most part they do more
> harm than good. Instead, I keep a database of what I've installed including
> the version, the command lines used to configure and compile the programs
> and any notes or dependencies I found. More or less my own WBLFS (WAY
> Beyond Linux From Scratch) book. I also archive the source code packages
> that I've used just in case I need or want to rebuild from the original
> or use make uninstall.
I've also heard that just doing package updates and installs manually is the
best. With gentoo, the dependencies are figured out for you (and debians apt
and red hats rpm) but I know of some packages that seem to need lots of
dependencies, as some devs seem to not want to write what might turn out to be
small libraries or code to solve dependency issues.
>
> I also use CERT and freshmeat to keep myself informed of vulnerabilities
> and updates (but I did that anyway because way too often the distributions
> lag way too far behind and I maintain customer machines that in many cases
> are more vulnerable than my own)
I've glanced at a few of the LFS books and they seem to say that one should
stick to the packages mentioned in the book and on the site, as sometimes
updates to those packages result in problems. I'm assuming this is only for the
core tool chain (glibc, gcc, bin-utils) or does this apply to everything
mentioned in the manual.

Thanks for the pointers. I like your Way Beyond Linux From Scratch :-)

~David~

> -ray