From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 1D923139083 for ; Tue, 9 May 2017 20:59:36 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 6E3A621C237; Tue, 9 May 2017 20:59:26 +0000 (UTC) Received: from tsukuyomi.43-1.org (tsukuyomi.43-1.org [IPv6:2a01:4f8:173:743::1:50]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 1B9CDE0DA3 for ; Tue, 9 May 2017 20:59:23 +0000 (UTC) From: Matthias Maier To: gentoo-dev@lists.gentoo.org Cc: toolchain@gentoo.org, embedded@gentoo.org Subject: [gentoo-dev] [PATCH] profiles: Mask pie useflag for >=sys-devel/gcc-6 Date: Tue, 9 May 2017 15:59:17 -0500 Message-Id: <20170509205917.14698-1-tamiko@gentoo.org> X-Mailer: git-send-email 2.10.2 In-Reply-To: <87k25p92d3.fsf@kestrel.kyomu.43-1.org> References: <87k25p92d3.fsf@kestrel.kyomu.43-1.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org X-Archives-Salt: aacd5fb0-0986-434e-b804-bd9b1e4c1cd9 X-Archives-Hash: 961d1306ce8413ec7eafe5644bec76a1 - Mask sys-devel/gcc pie useflag globally in /base - Selectively unmask pie useflag for hardened/linux hardened/linux/musl profiles - Ensure pie useflag is forced for hardened profiles --- profiles/arch/amd64/package.use.mask | 4 ---- profiles/arch/base/package.use.mask | 4 ---- profiles/base/package.use.mask | 4 ++++ profiles/hardened/linux/musl/amd64/package.use.mask | 6 ------ profiles/hardened/linux/musl/package.use.mask | 4 ++++ profiles/hardened/linux/musl/use.force | 4 ++++ profiles/hardened/linux/package.use.mask | 4 ++++ profiles/hardened/linux/use.force | 2 +- 8 files changed, 17 insertions(+), 15 deletions(-) delete mode 100644 profiles/hardened/linux/musl/amd64/package.use.mask diff --git a/profiles/arch/amd64/package.use.mask b/profiles/arch/amd64/package.use.mask index 4548392..2fe5376 100644 --- a/profiles/arch/amd64/package.use.mask +++ b/profiles/arch/amd64/package.use.mask @@ -30,10 +30,6 @@ dev-lang/ocaml -spacetime # nvidia drivers are unmasked here media-video/ffmpeg -nvenc -# Magnus Granberg (18 Jan 2017) -# masked in base, unmask for amd64 ->=sys-devel/gcc-6.3.0 -pie - # Luke Dashjr (04 Jan 2017) # Assembly optimisations are supported on amd64 for all versions dev-libs/libsecp256k1 -asm diff --git a/profiles/arch/base/package.use.mask b/profiles/arch/base/package.use.mask index f2d3a9b..8442d97 100644 --- a/profiles/arch/base/package.use.mask +++ b/profiles/arch/base/package.use.mask @@ -18,10 +18,6 @@ media-video/ffmpeg nvenc # media-libs/raspberrypi-userland not keyworded media-video/motion mmal -# Magnus Granberg (18 Jan 2017) -# Mask it globally, unmask it on supported arch ->=sys-devel/gcc-6.2.0 pie - # Luke Dashjr (04 Jan 2017) # Mask assembly optimisations that are platform-specific dev-libs/libsecp256k1 asm diff --git a/profiles/base/package.use.mask b/profiles/base/package.use.mask index 9f55b27..c8faec7 100644 --- a/profiles/base/package.use.mask +++ b/profiles/base/package.use.mask @@ -7,6 +7,10 @@ # This file is only for generic masks. For arch-specific masks (i.e. # mask everywhere, unmask on arch/*) use arch/base. +# Matthias Maier (09 May 2017) +# Mask pie useflag globally and unmask + use.force on hardened profiles. +sys-devel/gcc pie + # Mike Gilbert (28 Apr 2017) # Needs sandbox-2.11 (masked) >=www-client/chromium-59 tcmalloc diff --git a/profiles/hardened/linux/musl/amd64/package.use.mask b/profiles/hardened/linux/musl/amd64/package.use.mask deleted file mode 100644 index e2d77b0..00000000 --- a/profiles/hardened/linux/musl/amd64/package.use.mask +++ /dev/null @@ -1,6 +0,0 @@ -# Copyright 1999-2017 Gentoo Foundation. -# Distributed under the terms of the GNU General Public License v2 - -# Matthias Maier (07 May 2017) -# masked in arch/base, unmask for hardened/musl/amd64 ->=sys-devel/gcc-6.3.0 -pie diff --git a/profiles/hardened/linux/musl/package.use.mask b/profiles/hardened/linux/musl/package.use.mask index 9078b7c..46857dc 100644 --- a/profiles/hardened/linux/musl/package.use.mask +++ b/profiles/hardened/linux/musl/package.use.mask @@ -1,6 +1,10 @@ # Copyright 1999-2015 Gentoo Foundation. # Distributed under the terms of the GNU General Public License v2 +# Matthias Maier (09 May 2017) +# Unmask the pie useflag on hardened/linux/musl profiles. +sys-devel/gcc -pie + # See bug #504200 sys-devel/gcc sanitize diff --git a/profiles/hardened/linux/musl/use.force b/profiles/hardened/linux/musl/use.force index 79e5575..debacff 100644 --- a/profiles/hardened/linux/musl/use.force +++ b/profiles/hardened/linux/musl/use.force @@ -2,3 +2,7 @@ # Distributed under the terms of the GNU General Public License v2 elibc_musl + +# Make sure people don't accidentally turn off ssp/pie in important packages. +pie +ssp diff --git a/profiles/hardened/linux/package.use.mask b/profiles/hardened/linux/package.use.mask index 4178151..aa2adc5 100644 --- a/profiles/hardened/linux/package.use.mask +++ b/profiles/hardened/linux/package.use.mask @@ -1,6 +1,10 @@ # Copyright 1999-2017 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 +# Matthias Maier (09 May 2017) +# Unmask the pie useflag on hardened profiles. +sys-devel/gcc -pie + # Ilya Tumaykin (19 Jan 2017) # Requires x11-drivers/nvidia-drivers. Needs testing first. media-video/mpv cuda diff --git a/profiles/hardened/linux/use.force b/profiles/hardened/linux/use.force index 35e5653..ec5509c 100644 --- a/profiles/hardened/linux/use.force +++ b/profiles/hardened/linux/use.force @@ -1,6 +1,6 @@ # Copyright 1999-2015 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# Make sure people don't accidentally turn of ssp/pie in important packages. +# Make sure people don't accidentally turn off ssp/pie in important packages. pie ssp -- 2.10.2