[gentoo-commits] data/gentoo-news:master commit in: 2017-11-30-new-17-profiles/

[gentoo-commits] data/gentoo-news:master commit in: 2017-11-30-new-17-profiles/

[Andreas Hüttel]

commit:     12e357ceeef0f3a4e17da01a0cf7591b629ca63b
Author:     Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org>
AuthorDate: Wed Nov 29 22:03:11 2017 +0000
Commit:     Andreas Hüttel <dilfridge <AT> gentoo <DOT> org>
CommitDate: Wed Nov 29 22:03:11 2017 +0000
URL:        https://gitweb.gentoo.org/data/gentoo-news.git/commit/?id=12e357ce

Add 17.0 profiles news item

 .../2017-11-30-new-17-profiles.en.txt              | 50 ++++++++++++++++++++++
 .../2017-11-30-new-17-profiles.en.txt.asc          | 19 ++++++++
 2 files changed, 69 insertions(+)

diff --git a/2017-11-30-new-17-profiles/2017-11-30-new-17-profiles.en.txt b/2017-11-30-new-17-profiles/2017-11-30-new-17-profiles.en.txt
new file mode 100644
index 0000000..0ac7d5e
--- /dev/null
+++ b/2017-11-30-new-17-profiles/2017-11-30-new-17-profiles.en.txt
@@ -0,0 +1,50 @@
+Title: New 17.0 profiles in the Gentoo repository
+Author: Andreas K. Hüttel <dilfridge@gentoo.org>
+Posted: 2017-11-30
+Revision: 1
+News-Item-Format: 2.0
+Display-If-Installed: >=sys-devel/gcc-6.4.0
+
+We have just added (for all arches except arm and mips, these follow
+later) a new set of profiles with release version 17.0 to the Gentoo 
+repository. These bring three changes:
+1) The default C++ language version for applications is now C++14.
+   This change is mostly relevant to Gentoo developers. It also
+   means, however, that compilers earlier than GCC 6 are masked 
+   and not supported for use as a system compiler anymore. Feel 
+   free to unmask them if you need them for specific applications.
+2) Where supported, GCC will now build position-independent
+   executables (PIE) by default. This improves the overall
+   security fingerprint. The switch from non-PIE to PIE binaries,
+   however, requires some steps by users, as detailed below.
+3) Up to now, hardened profiles were separate from the default
+   profile tree. Now they are moving into the 17.0 profile
+   as a feature there, similar to "no-multilib" and "systemd".
+
+Please migrate away from the 13.0 profiles within the six weeks after
+GCC 6.4.0 has been stabilized on your architecture. The 13.0 profiles
+will be deprecated then and removed in half a year.
+
+If you are not already running a hardened setup with PIE enabled, then
+switching the profile involves the following steps: 
+If not already done,
+* Use gcc-config to select gcc-6.4.0 or later as system compiler
+* Re-source /etc/profile:
+    . /etc/profile
+* Re-emerge libtool
+    emerge -1 sys-devel/libtool
+Then, 
+* Select the new profile with eselect
+* Re-emerge, in this sequence, gcc, binutils, and glibc
+    emerge -1 sys-devel/gcc:6.4.0
+    emerge -1 sys-devel/binutils
+    emerge -1 sys-libs/glibc
+* Rebuild your entire system
+    emerge -e @world
+
+Switching the profile from 13.0 to 17.0 modifies the settings of 
+GCC 6 to generate PIE executables by default; thus, you need to do 
+the rebuilds even if you have already used GCC 6 beforehand.
+If you do not follow these steps you may get spurious build
+failures when the linker tries unsuccessfully to combine non-PIE
+and PIE code.

diff --git a/2017-11-30-new-17-profiles/2017-11-30-new-17-profiles.en.txt.asc b/2017-11-30-new-17-profiles/2017-11-30-new-17-profiles.en.txt.asc
new file mode 100644
index 0000000..4f1f79c
--- /dev/null
+++ b/2017-11-30-new-17-profiles/2017-11-30-new-17-profiles.en.txt.asc
@@ -0,0 +1,19 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2
+
+iQKTBAABCgB9FiEEwo/LD3vtE3qssC2JpEzzc+fumeQFAlofLntfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEMy
+OEZDQjBGN0JFRDEzN0FBQ0IwMkQ4OUE0NENGMzczRTdFRTk5RTQACgkQpEzzc+fu
+meSTSxAAzuipE/owKHTuhqo4kBtvcXHhEXRrXnQWH9fYQWYmf6t0FX/Am3/Vuf6g
+BXzojK9RAr6xzT38L6EzVgVLd/BCNQEcmqs7IUP7Q76M8wbzUZI0oX38z+GIbg5d
+xYKMZRiPHM3RgARKNY3x0OKJSmDm3wBVpz5lub41qy+4Yr7VeQn+pfmJugK2wohy
+iwODyjnEe+N9QE+92Qb2icskMjgxdg++aithY/W0t0Nn23b5WrnvgkQF22AEsGf5
+yf7ooqdo6S4JCSZ2zoVsACmZwax6lFSpZ0dE+3T4idKfrHLkS3JqunfBzpWfhIK0
+S71o/xkwYfDJUQpM5+A5H3t1TlZg1Kgn7k+wP6MRd8Dm3IV7098NdxAjCPPcKe0I
+lEZXTSOq47DvV7seHGxLITY1yoFUnwF4v4BxzMxnLkV9KFfptb3yreAChrUuQz0P
+SRohrbiEk5tKlSwkIHw/CDvoC7gpUFfQY/h745FFZ2O8SuBibE5MP9iHwCSFP0a3
+wYQU2mcqoNwJXOFhJivljUJLoieWvgzbQ319JTmvEBMTH0Qs0vklQ3QuGYqG9zUS
+pOC0GkBXbC1/QVBcuuAW0m0x/Z9GIG4u057gQYpB9m6AJ2FI5WCDGTYwh2VkBKs1
+Q86pZrNmI3B8JK9krYZS8c0tmRNl4eMKGIIUyd4WbErtICnADw8=
+=U4Gj
+-----END PGP SIGNATURE-----

[gentoo-commits] data/gentoo-news:master commit in: 2017-11-30-new-17-profiles/

[Michał Górny]

commit:     69efe5cc9e0d9f7b943bdb2c32f717979236effa
Author:     Michał Górny <mgorny <AT> gentoo <DOT> org>
AuthorDate: Mon Jan  8 19:25:51 2018 +0000
Commit:     Michał Górny <mgorny <AT> gentoo <DOT> org>
CommitDate: Mon Jan  8 19:28:46 2018 +0000
URL:        https://gitweb.gentoo.org/data/gentoo-news.git/commit/?id=69efe5cc

2017-11-30-new-17-profiles: Display based on profile, not gcc version

Display the news item on 17.0 profile upgrade to all users using 13.0
profiles, rather than the people having new enough gcc installed. Given
that all users see the new profile, it is not a good idea to show
the news item to subset of them and leave the rest without any
instructions. Furthermore, displaying the item to users using 17.0
already is usually pointless.

 2017-11-30-new-17-profiles/2017-11-30-new-17-profiles.en.txt | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/2017-11-30-new-17-profiles/2017-11-30-new-17-profiles.en.txt b/2017-11-30-new-17-profiles/2017-11-30-new-17-profiles.en.txt
index 0ac7d5e..c81ad9a 100644
--- a/2017-11-30-new-17-profiles/2017-11-30-new-17-profiles.en.txt
+++ b/2017-11-30-new-17-profiles/2017-11-30-new-17-profiles.en.txt
@@ -3,7 +3,16 @@ Author: Andreas K. Hüttel <dilfridge@gentoo.org>
 Posted: 2017-11-30
 Revision: 1
 News-Item-Format: 2.0
-Display-If-Installed: >=sys-devel/gcc-6.4.0
+Display-If-Profile: default/linux/amd64/13.0
+Display-If-Profile: default/linux/amd64/13.0/selinux
+Display-If-Profile: default/linux/amd64/13.0/desktop
+Display-If-Profile: default/linux/amd64/13.0/desktop/gnome
+Display-If-Profile: default/linux/amd64/13.0/desktop/gnome/systemd
+Display-If-Profile: default/linux/amd64/13.0/desktop/plasma
+Display-If-Profile: default/linux/amd64/13.0/desktop/plasma/systemd
+Display-If-Profile: default/linux/amd64/13.0/developer
+Display-If-Profile: default/linux/amd64/13.0/no-multilib
+Display-If-Profile: default/linux/amd64/13.0/systemd
 
 We have just added (for all arches except arm and mips, these follow
 later) a new set of profiles with release version 17.0 to the Gentoo 

[gentoo-commits] data/gentoo-news:master commit in: 2017-11-30-new-17-profiles/

[Brian Evans]

commit:     074fef68d5e8cd8106542c8ea56cf5073fe48eef
Author:     Brian Evans <grknight <AT> gentoo <DOT> org>
AuthorDate: Mon Jan  8 20:23:10 2018 +0000
Commit:     Brian Evans <grknight <AT> gentoo <DOT> org>
CommitDate: Mon Jan  8 20:23:10 2018 +0000
URL:        https://gitweb.gentoo.org/data/gentoo-news.git/commit/?id=074fef68

Add additional profiles to the 17.0 news where 13.0 is deprecated

 .../2017-11-30-new-17-profiles.en.txt              | 30 ++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/2017-11-30-new-17-profiles/2017-11-30-new-17-profiles.en.txt b/2017-11-30-new-17-profiles/2017-11-30-new-17-profiles.en.txt
index c81ad9a..f66cd54 100644
--- a/2017-11-30-new-17-profiles/2017-11-30-new-17-profiles.en.txt
+++ b/2017-11-30-new-17-profiles/2017-11-30-new-17-profiles.en.txt
@@ -13,6 +13,36 @@ Display-If-Profile: default/linux/amd64/13.0/desktop/plasma/systemd
 Display-If-Profile: default/linux/amd64/13.0/developer
 Display-If-Profile: default/linux/amd64/13.0/no-multilib
 Display-If-Profile: default/linux/amd64/13.0/systemd
+Display-If-Profile: default/linux/ia64/13.0
+Display-If-Profile: default/linux/ia64/13.0/desktop
+Display-If-Profile: default/linux/ia64/13.0/desktop/gnome
+Display-If-Profile: default/linux/ia64/13.0/desktop/gnome/systemd
+Display-If-Profile: default/linux/ia64/13.0/developer
+Display-If-Profile: default/linux/powerpc/ppc32/13.0
+Display-If-Profile: default/linux/powerpc/ppc32/13.0/desktop
+Display-If-Profile: default/linux/powerpc/ppc32/13.0/desktop/gnome
+Display-If-Profile: default/linux/powerpc/ppc32/13.0/desktop/gnome/systemd
+Display-If-Profile: default/linux/powerpc/ppc32/13.0/developer
+Display-If-Profile: default/linux/powerpc/ppc64/13.0/32bit-userland
+Display-If-Profile: default/linux/powerpc/ppc64/13.0/32bit-userland/desktop
+Display-If-Profile: default/linux/powerpc/ppc64/13.0/32bit-userland/desktop/gnome
+Display-If-Profile: default/linux/powerpc/ppc64/13.0/32bit-userland/desktop/gnome/systemd
+Display-If-Profile: default/linux/powerpc/ppc64/13.0/32bit-userland/developer
+Display-If-Profile: default/linux/powerpc/ppc64/13.0/64bit-userland
+Display-If-Profile: default/linux/powerpc/ppc64/13.0/64bit-userland/desktop
+Display-If-Profile: default/linux/powerpc/ppc64/13.0/64bit-userland/desktop/gnome
+Display-If-Profile: default/linux/powerpc/ppc64/13.0/64bit-userland/desktop/gnome/systemd
+Display-If-Profile: default/linux/powerpc/ppc64/13.0/64bit-userland/developer
+Display-If-Profile: default/linux/x86/13.0
+Display-If-Profile: default/linux/x86/13.0/selinux
+Display-If-Profile: default/linux/x86/13.0/desktop
+Display-If-Profile: default/linux/x86/13.0/desktop/gnome
+Display-If-Profile: default/linux/x86/13.0/desktop/gnome/systemd
+Display-If-Profile: default/linux/x86/13.0/desktop/plasma
+Display-If-Profile: default/linux/x86/13.0/desktop/plasma/systemd
+Display-If-Profile: default/linux/x86/13.0/developer
+Display-If-Profile: default/linux/x86/13.0/no-multilib
+Display-If-Profile: default/linux/x86/13.0/systemd
 
 We have just added (for all arches except arm and mips, these follow
 later) a new set of profiles with release version 17.0 to the Gentoo