Steve Kemp <[EMAIL PROTECTED]> writes:
> I wasn't going to post this, but it might be relevent to the
> ongoing custom distribution stuff that's happening.
>
> I've been experimenting with producing a hardened Debian derivitive
> as a small piece of paid work. This mostly means compiling things with
> a stackguard compiler, using format guard, and enforcing policies, etc.
>
> (We know that stackguard isn't going to produce a completely
> hardened environment; as all the return-into-libc type exploits will
> work. Lets not discuss/flame about that. Pretty please!)
>
> All of that part I'm happy with. I have a modified glibc and compiler
> and am confident that I can recompile all the base packages and others that
> are necessary. It's the process of installing after that after that I'm
> a bit confused.
You create a local apt repository. After that you just point the cd
creation to you repository instead of debian.
> If I wish to produce an installation CD-ROM identical to that used
> in woody, with my packages installed how do I do that? Is there some
> tool that will allow me to create an ISO with my packages.
You probably want to use the sarge Debian-Installer if you start
anything new. Its WIP but no point in getting used to something that
will be gone with sarge.
You need boot-floppies or debian-installer to creae the installation
software and debian-cd will create you a set of cds from the
installation software and your local repository.
> I'm wondering if jigado, or using debootstrap from my apt repository
> should be the way to go? Any pointers appreciated.
Debian-cd can generate you jigdo files. The installation (both woody
and sarge) already use debootstrap, which just means you need the apt
repository you alreadycreaed to make cds.
> The other approach which is simpler to manage but harder to install
> is to insist upon a stable installation, then have an apt repository
> with each package I've recompiled have a higher version number, or
> in a distribution of my own with a release file. (eg like testing,
> but "steving" or similar.)
>
> The latter approach appears to be what Adamantix are doing.
>
> Steve
Thats an option too and you get it for free.
MfG
Goswin
