hardened uclibc: security-enhanced, fully featured XFCE4 desktop for amd64, built on uClibc

Anthony G. Basile basile at opensource.dyc.edu
Thu Jun 6 13:40:27 UTC 2013 

On 06/06/2013 08:30 AM, Natanael Copa wrote:
> On Wed, Jun 5, 2013 at 4:15 PM, Anthony G. Basile <basile at opensource.dyc.edu
>> wrote:
>
>> Hi everyone,
>>
>> I'm forwarding an announcement I made on gentoo-announce at lists.gentoo.**
>> org <gentoo-announce at lists.gentoo.org>.  It may be of interest to this
>> list too:
>>
>> I'd like to announce a new (fun?) initiative of the hardened uClibc
>> subproject: a security-enhanced, fully featured XFCE4 desktop for amd64,
>> built on uClibc, codenamed "Lilblue", after the little blue penguin of New
>> Zealand [1], a smaller cousin of the Gentoo.
>>
>
> This sounds very similar to my Alpine Linux[1] project. I have used
> linux/grsecurity/uclibc/busybox and xfce/firefox/claws-mail/<lots other
> dektop stuff> on both x86_64 and x86 for some years now. Interestingly,
> Alpine Linux was originally built with gentoo but switched to its own
> arch-like build system.
>

Yeah, but there are two major differences:

1) This still *is* Gentoo.  Its hard to categorize Gentoo within the 
world of distros because of the number of choices one can make, and so 
you hear terms like "metadistro" etc.  Within the Gentoo world, this 
project is similar to our gentoo/freebsd or prefix projects.

2) The aim is to build as many Gentoo packages as possible against 
uClibc rather than glibc using the main Gentoo portage tree --- no 
ovelays or other hackiness although we still have some overlay stuff as 
we wait for our patches to be accepted upstream.  So a lot of the effort 
revolves around making our ebuilds work on *both* glibc and uClibc 
systems and if you were to look at the @world set on both glibc and 
uClibc gentoo, you would see they can be made nearly identical.  Hence 
no special dependency on busybox the way other uClibc distros work.

Also, from what I understand, Alpine's hardening comes from the work 
Magnus and I did in hardened gentoo.  I don't know where its gone over 
the last few years as I haven't followed closely.


-- 
Anthony G. Basile, Ph. D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
(716) 829-8197

More information about the uClibc mailing list