Date

First off: I live. Breathe and such.  Work a bit too much and need to clear my head.  Got my hair cut&dyed (first haircut for... 8 years?)  and I'm generally okay.  Glad you cared, if all you wanted was a life sign, then you probably want to stop reading now.

Skay, So lets talk technology.

Hardware:

I have a couple of small Via Epia systems ( Centaur VIA Samuel 2 CPU + box and board)  your basic (old) micro-atx. These days they are probably considered "obsolete power hogs".  I run it with a 512MB CF disk + 512MB RAM ( With an IDE->CF bridge. no DMA mode available) . So, not very big and fast, but still quite neat for what I want it to do. ( And it lacks fans)

Software:

Currently it is running a version of Gentoo Linux,  Stripped and Slimmed.  The installation has been in place for a few years now, Gentoo works quite well here. Why Gentoo? Well, none of the working "firewall distributions" had documentation on disk usage or comments on what other than their fancy-gui I could be doing once it was installed.  I wanted to do a bit more than just firewall off it.  Also, I was quite intimately involved in Gentoo some time ago, and I still know how the system works and hangs together.

So currently it does NAT/Firewall, UPNP ( badly.  I suspect a firewall issue with the NAT)  routing, IRC,  webserver (cherokee), tor+privoxy and host a few IRC clients and other stuff.  Nothing fancy ;)

The setup:

So, on my server I then have a complete chroot for the build environment.  This is a normal Gentoo image (i586 as the via cpu lacks CMOV) with -mtune=i686  for preformance.  In here I have all the base/build packages+whatever I target for the installation. From here I then simply do a "ROOT=/tiny emerge \<foo> "  to install.  After that,  using rsync -pvar  from the firewall I can copy over the files as needed.  Smooth sailing.

At some point I decided to try out a version control of the /tiny root.  Many reasons, mainly because doing copies from the firewall to the build host,  installing and upgrade, and recopying back was turning out to be a bit dangerous (operator error ahoy).   Doing it with separate trees that you merge between in git was a breeze. Except that it lost suid b its.  Baaad.

So, now I've got to decide. Do I keep doing it like this, or do I swap my installation for something simpler/different and use a prebuilt system?

And just for kicks, this is something of the update procedure:

cd /tiny git checkout Live ssh firewall sync-to-server git add .;  git commit -a -m "Sync from server" git checkout master git pull . Live cd / emerge --sync; emerge -vuDa world; ROOT=/tiny emerge -up <packages> cd /tiny git add . ; git commit -a -m "Updated <foo>" git checkout Cleaned git pull . master chroot . /usr/bin/localepurge find usr/ -type f -iname '*.la' -delete rm -rf usr/include usr/share/doc usr/share/man -- insert extra steps -- copy kernel&modules over git add .; git commit -a -m "Cleanout phase done" ssh firewall sync-from-server
The lost suid bits cost me a couple of hours of debugging. Bloody pain in the arse.