Wednesday, November 5, 2008

More notes from the PIE party (Ubuntu bootstrapping howto) ...

So after getting stuck and putting this work aside, I decided to take a second stab at it after meeting up with another Ubuntu developer in real life, and doing additional research. Using the experimental gcc-4.3 branch of Gentoo Hardened as a base, I'm now making extremely good progress bootstrapping amd64-pie, and the results look promising thus far.

For those of us curious, bootstrapping the archive is a straightforward if time intensive project. Essentially the process requires three individual bootstraps, an inital one that you use to build debian package, a chroot from those package, and a final chroot that is the end result.

Right now I'm working on the first part of this bootstrap, which is from a Linux host (without Debian) to generating the inital bootstrap packages. It requires compiling each build-dep from source with the proper configuration arguements, then building the packages with dpkg-buildpackage -d, and installing it, until you have build the entire base system.

From there, you take the debs, place them in a repo, and debootstrap, and then rebuild again, which produces the final result debs. It's straightforward and fasicating work (if a little tedious)

1 comment:

igli said...

Glad to see the gentooexperimental hardened work is being put to wider use. Full credit to Zorry, xake, psm and dwokfur for all the hard work they've done on it.
Please don't forget to send upstream bugs to

the trac
as it'll mean faster progress for all.