Hardened build is complete, except the hardened kernel which will follow the next days. Altough our tests were successfull, and no major breackage occured, we need more people to test it.
An upgrade path from older installations is available through a sepparate, hardened repository. Right now some manual intervention is required here and there, since we are yet to merge the hardened branch. Once merged, the final upgrade path will be silky smooth, without any manual intervention required.
#### WARNING !!!
Before we move on with the instructions, the upgrade path is only available and supported for Redcore Linux binary (binmode) mode. Hybrid (mixedmode) and source (srcmode) mode upgrades are unsupported. Any 3rd party package installed in those two modes must be removed before upgrade, and reinstalled after upgrade. You have been warned!!!
#### Instructions :
1. Make sure your Redcore Linux installation is up to date
sisyphus upgrade
2. Make sure there are no orphan packages left over in the system
sisyphus remove-orphans
3. Configure hardened repository in /etc/sisyphus/mirrors.conf
echo PORTAGE_BINHOST=\"http://hardened.redcorelinux.org/packages/\"| tee -a /etc/sisyphus/mirrors.conf
4. Comment and disable any other repository in /etc/sisyphus/mirrors.conf
5. Install app-admin/vasile (our supreme tool) from hardened repository
emerge -av1 --nodeps vasile
6. Use vasile to reswitch to binary mode (only this time, it will also switch the Redcore Linux profile to hardened)
vasile --binmode
7. Switch to hardened branch overlay and portage configuration
cd /usr/ports/redcore && git checkout hardened && cd /opt/redcore-build && git checkout hardened
8. Work around upgrade block
emerge -Cv libnsl && emerge -av1 --nodeps libnsl
9. Upgrade the system (depending on your machine configuration and internet speed, it may take a few hours. DO NOT INTERRUPT OR CANCEL THE PROCESS. IF YOU DO, YOUR SYSTEM WILL BE BROKEN)
sisyphus upgrade
10. Clean up orphan packages
sisyphus remove-orphans
11. Reboot and enjoy your hardened system!
Reverting to "regular" Redcore Linux requires same steps, with some changes:
1. Comment and disable or remove the hardened repository
2. Uncomment any regular repository
3. Switch to regular branch overlay and portage configuration
cd /usr/ports/redcore && git checkout master && cd /opt/redcore-build && git checkout master
4. Clean reinstall will be many times faster :D
NOTE : please make backups before following this guide. If possible, do it on a separate Redcore Linux installation, on another partition or in a VM. Remember this is a work in progress, a testing repository, so please report any issues in our bugtracker.
UPDATE (03.03.2018) : the above upgrade path seem to be broken. We will provide hardened ISO images instead.