[gentoo-dev] RFC: news item for the 17.0 profiles

[gentoo-dev] RFC: news item for the 17.0 profiles

[Andreas K. Huettel]

[-- Attachment #1: Type: text/plain, Size: 1910 bytes --]

=====================================
Title: New 17.0 profiles in the Gentoo repository
Author: Andreas K. Hüttel <dilfridge@gentoo.org>
Posted: xxxxxxx
Revision: 1
News-Item-Format: 2.0
Display-If-Installed: >=sys-devel/gcc-6.4.0

We have just added a new set of profiles with release version 17.0
to the Gentoo repository. These bring two changes:
1) The default C++ language version for applications is now C++14.
   This change is mostly relevant to Gentoo developers. It also
   means, however, that compilers earlier than GCC 6 are masked 
   and not supported for use as a system compiler anymore. Feel 
   free to unmask them if you need them for specific applications.
2) Where supported, GCC will now build position-independent
   executables (PIE) by default. This improves the overall
   security fingerprint. The switch from non-PIE to PIE binaries,
   however, requires some steps by users, as detailed below.

Please consider switching from your current 13.0 profile to the
corresponding 17.0 profile soon after GCC-6.4.0 has been 
stabilized on your architecture. The 13.0 profiles will be deprecated 
and removed in the near future.

Switching involves the following steps: 
If not already done,
* Use gcc-config to select gcc-6.4.0 or later as system compiler
* Re-source /etc/profile:
    . /etc/profile
* Re-emerge libtool
Then, 
* Select the new profile with eselect
* Re-emerge, in this sequence, gcc, binutils, and glibc
    emerge -1 sys-devel/gcc:6.4.0
    emerge -1 sys-devel/binutils
    emerge -1 sys-libs/glibc
* Rebuild your entire system
    emerge -e world

If you do not follow these steps you may get spurious build
failures when the linker tries unsuccessfully to combine non-PIE
and PIE code.
=====================================

-- 
Andreas K. Hüttel
dilfridge@gentoo.org
Gentoo Linux developer (council, perl, libreoffice)

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 981 bytes --]

Re: [gentoo-dev] RFC: news item for the 17.0 profiles

[Pacho Ramos]

El lun, 09-10-2017 a las 22:58 +0200, Andreas K. Huettel escribió:
> =====================================
> Title: New 17.0 profiles in the Gentoo repository
> Author: Andreas K. Hüttel <dilfridge@gentoo.org>
> Posted: xxxxxxx
> Revision: 1
> News-Item-Format: 2.0
> Display-If-Installed: >=sys-devel/gcc-6.4.0
> 
> We have just added a new set of profiles with release version 17.0
> to the Gentoo repository. These bring two changes:
> 1) The default C++ language version for applications is now C++14.
>    This change is mostly relevant to Gentoo developers. It also
>    means, however, that compilers earlier than GCC 6 are masked 
>    and not supported for use as a system compiler anymore. Feel 
>    free to unmask them if you need them for specific applications.
> 2) Where supported, GCC will now build position-independent
>    executables (PIE) by default. This improves the overall
>    security fingerprint. The switch from non-PIE to PIE binaries,
>    however, requires some steps by users, as detailed below.
> 
> Please consider switching from your current 13.0 profile to the
> corresponding 17.0 profile soon after GCC-6.4.0 has been 
> stabilized on your architecture. The 13.0 profiles will be deprecated 
> and removed in the near future.
> 
> Switching involves the following steps: 
> If not already done,
> * Use gcc-config to select gcc-6.4.0 or later as system compiler
> * Re-source /etc/profile:
>     . /etc/profile
> * Re-emerge libtool

Could anyone with enough knowledge finally give a look to the patched vapier
provided in https://bugs.gentoo.org/88596 but never got committed?

Thanks!

Re: [gentoo-dev] RFC: news item for the 17.0 profiles

[Toralf Förster]

[-- Attachment #1.1: Type: text/plain, Size: 200 bytes --]

On 10/09/2017 11:40 PM, Pacho Ramos wrote:
> Could anyone with enough knowledge finally give a look to the patched vapier

s/patched/patches/

or ? :-)

-- 
Toralf
PGP 23217DA7 9B888F45



[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

Re: [gentoo-dev] RFC: news item for the 17.0 profiles

[Magnus Granberg]

måndag 9 oktober 2017 kl. 22:58:22 CEST skrev  Andreas K. Huettel:
> =====================================
> Title: New 17.0 profiles in the Gentoo repository
> Author: Andreas K. Hüttel <dilfridge@gentoo.org>
> Posted: xxxxxxx
> Revision: 1
> News-Item-Format: 2.0
> Display-If-Installed: >=sys-devel/gcc-6.4.0
> 
> We have just added a new set of profiles with release version 17.0
> to the Gentoo repository. These bring tree changes:
> 1) The default C++ language version for applications is now C++14.
>    This change is mostly relevant to Gentoo developers. It also
>    means, however, that compilers earlier than GCC 6 are masked
>    and not supported for use as a system compiler anymore. Feel
>    free to unmask them if you need them for specific applications.
> 2) Where supported, GCC will now build position-independent
>    executables (PIE) by default. This improves the overall
>    security fingerprint. The switch from non-PIE to PIE binaries,
>    however, requires some steps by users, as detailed below.
> 
3) Hardened profiles will be moved to the 17.0 profile as sub profile.

> Please consider switching from your current 13.0 profile to the
> corresponding 17.0 profile soon after GCC-6.4.0 has been
> stabilized on your architecture. The 13.0 profiles will be deprecated
> and removed in the near future.
> 
> Switching involves the following steps:
> If not already done,
> * Use gcc-config to select gcc-6.4.0 or later as system compiler
> * Re-source /etc/profile:
>     . /etc/profile
> * Re-emerge libtool
> Then,
> * Select the new profile with eselect
> * Re-emerge, in this sequence, gcc, binutils, and glibc
>     emerge -1 sys-devel/gcc:6.4.0
>     emerge -1 sys-devel/binutils
>     emerge -1 sys-libs/glibc
> * Rebuild your entire system
>     emerge -e world
> 
> If you do not follow these steps you may get spurious build
> failures when the linker tries unsuccessfully to combine non-PIE
> and PIE code.
> =====================================

[gentoo-dev] Re: RFC: news item for the 17.0 profiles

[Duncan]

Andreas K. Huettel posted on Mon, 09 Oct 2017 22:58:22 +0200 as excerpted:

> Please consider switching from your current 13.0 profile to the
> corresponding 17.0 profile soon after GCC-6.4.0 has been stabilized on
> your architecture. The 13.0 profiles will be deprecated and removed in
> the near future.
> 
> Switching involves the following steps:
> If not already done,
> * Use gcc-config to select gcc-6.4.0 or later as system compiler
> * Re-source /etc/profile:
>     . /etc/profile
> * Re-emerge libtool Then,
> * Select the new profile with eselect
> * Re-emerge, in this sequence, gcc, binutils, and glibc
>     emerge -1 sys-devel/gcc:6.4.0
>     emerge -1 sys-devel/binutils
>     emerge -1 sys-libs/glibc
> * Rebuild your entire system
>     emerge -e world
> 
> If you do not follow these steps you may get spurious build failures
> when the linker tries unsuccessfully to combine non-PIE and PIE code.

One thing isn't clear here.  Is this sequence necessary due to the 
profile switch itself, because the /profile/ enables PIE by default, or 
is it gcc-6.4+ that enables PIE, and the profile simply forces the PIE 
default by forcing gcc-6.4+?

The answer makes a big difference to those already on gcc-6.4+ and who 
presumably already did an empty-tree rebuild of @world when upgrading to 
it, but not yet on the new profile.  Do they have to do all that again 
when they switch profiles, or is that a bridge they've already crossed 
with the gcc upgrade?

Either way, making the answer to that explicit should be useful, avoiding 
either an unnecessary full rebuild, or avoiding the problems because the 
news item wasn't clear and people already on gcc-6.4+ thought the 
procedure didn't apply to them.

-- 
Duncan - List replies preferred.   No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master."  Richard Stallman

Re: [gentoo-dev] RFC: news item for the 17.0 profiles

[Pacho Ramos]

El mar, 10-10-2017 a las 00:23 +0200, Toralf Förster escribió:
> On 10/09/2017 11:40 PM, Pacho Ramos wrote:
> > Could anyone with enough knowledge finally give a look to the patched vapier
> 
> s/patched/patches/
> 
> or ? :-)
> 

Yes :)

Re: [gentoo-dev] RFC: news item for the 17.0 profiles

[Kent Fredric]

[-- Attachment #1: Type: text/plain, Size: 1030 bytes --]

On Mon, 09 Oct 2017 22:58:22 +0200
"Andreas K. Huettel" <dilfridge@gentoo.org> wrote:

> Please consider switching from your current 13.0 profile to the
> corresponding 17.0 profile soon after GCC-6.4.0 has been 
> stabilized on your architecture. The 13.0 profiles will be deprecated 
> and removed in the near future.

Just  a question that only became apparent to me as I'm trying to
create a "mostly stable" keyworded chroot, but with this change added
to pick up defects:

Are there any specific versions of toolchain modules that should/must be used
in 17.0 to make it work with GCC-6.4.0?

All I did was:

- Forcibly create the profile symlink myself ( as its not visible to me
  yet with eselect )

- accept-keywords for gcc

- Followed remaining instructions.

And hopefully that should be sufficient.

binutils: 2.28.1
gcc: 6.4.0
glibc: 2.23-r4
libtool: 2.4.6-r3

I know this is typically a "don't mix ~arch and arch" thing, but I
can't actually test things that will break otherwise :p

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: [gentoo-dev] RFC: news item for the 17.0 profiles

[Andreas K. Huettel]

[-- Attachment #1: Type: text/plain, Size: 334 bytes --]

Am Dienstag, 10. Oktober 2017, 01:15:42 CEST schrieb Magnus Granberg:

> 
> 3) Hardened profiles will be moved to the 17.0 profile as sub profile.
> 
Are there any special switching instructions for hardened that we need to add?

-- 
Andreas K. Hüttel
dilfridge@gentoo.org
Gentoo Linux developer (council, perl, libreoffice)

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 981 bytes --]

Re: [gentoo-dev] Re: RFC: news item for the 17.0 profiles

[Andreas K. Huettel]

[-- Attachment #1: Type: text/plain, Size: 1074 bytes --]

Am Dienstag, 10. Oktober 2017, 04:10:13 CEST schrieb Duncan:

> One thing isn't clear here.  Is this sequence necessary due to the
> profile switch itself, because the /profile/ enables PIE by default, or
> is it gcc-6.4+ that enables PIE, and the profile simply forces the PIE
> default by forcing gcc-6.4+?

Switching the profile changes the settings for building gcc (it switches a use-
flag from forced-off to forced-on). A gcc-6 built with the 17.0 profiles will 
produce PIE executables by default, a gcc-6 built with the 13.0 profiles will 
not.

I've added this paragraph:
# Switching the profile modifies the settings of GCC 6 to generate
# PIE executables by default; thus, you need to do the rebuilds
# even if you already used GCC 6 beforehand.

> The answer makes a big difference to those already on gcc-6.4+ and who
> presumably already did an empty-tree rebuild of @world when upgrading to
> it, 

That's really not necessary anymore.


-- 
Andreas K. Hüttel
dilfridge@gentoo.org
Gentoo Linux developer (council, perl, libreoffice)

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 981 bytes --]

Re: [gentoo-dev] RFC: news item for the 17.0 profiles

[Andreas K. Huettel]

[-- Attachment #1: Type: text/plain, Size: 1074 bytes --]

Am Dienstag, 10. Oktober 2017, 09:51:43 CEST schrieb Kent Fredric:
> 
> Are there any specific versions of toolchain modules that should/must be
> used in 17.0 to make it work with GCC-6.4.0?
> 

Not that I know of. I'd use most recent stable though.

(And glibc-2.25 will most likely become stable before gcc-6.)

> All I did was:
> - Forcibly create the profile symlink myself ( as its not visible to me
>   yet with eselect )
> - accept-keywords for gcc
> - Followed remaining instructions.
> And hopefully that should be sufficient.

That should be perfectly fine.

> 
> binutils: 2.28.1
> gcc: 6.4.0
> glibc: 2.23-r4
> libtool: 2.4.6-r3

> I know this is typically a "don't mix ~arch and arch" thing, but I
> can't actually test things that will break otherwise :p

The whole "don't mix ~arch and arch" credo is in my opinion a bit silly. If 
mixing leads to bugs, these should be documented and fixed, if only with a 
version dependency.

-- 
Andreas K. Hüttel
dilfridge@gentoo.org
Gentoo Linux developer (council, perl, libreoffice)

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 981 bytes --]

[gentoo-dev] RFC v2: news item for the 17.0 profiles

[Andreas K. Huettel]

[-- Attachment #1: Type: text/plain, Size: 2289 bytes --]

=====================================
Title: New 17.0 profiles in the Gentoo repository
Author: Andreas K. Hüttel <dilfridge@gentoo.org>
Posted: xxxxxxx
Revision: 1
News-Item-Format: 2.0
Display-If-Installed: >=sys-devel/gcc-6.4.0

We have just added a new set of profiles with release version 17.0
to the Gentoo repository. These bring three changes:
1) The default C++ language version for applications is now C++14.
   This change is mostly relevant to Gentoo developers. It also
   means, however, that compilers earlier than GCC 6 are masked
   and not supported for use as a system compiler anymore. Feel
   free to unmask them if you need them for specific applications.
2) Where supported, GCC will now build position-independent
   executables (PIE) by default. This improves the overall
   security fingerprint. The switch from non-PIE to PIE binaries,
   however, requires some steps by users, as detailed below.
3) Up to now, hardened profiles were separate from the default
   profile tree. Now they are moving into the 17.0 profile
   as a feature there, similar to "no-multilib" and "systemd".

Please consider switching from your current 13.0 profile to the
corresponding 17.0 profile soon after GCC 6.4.0 has been
stabilized on your architecture. The 13.0 profiles will be deprecated
and removed in the near future.

Switching involves the following steps:
If not already done,
* Use gcc-config to select gcc-6.4.0 (or later) as system compiler
* Re-source /etc/profile:
    . /etc/profile
* Re-emerge libtool
Then,
* Select the new profile with eselect
* Re-emerge, in this sequence, the selected gcc, binutils, and glibc
    emerge -1 sys-devel/gcc:6.4.0
    emerge -1 sys-devel/binutils
    emerge -1 sys-libs/glibc
* Rebuild your entire system
    emerge -e world

Switching the profile modifies the use-flags of GCC 6 to generate
PIE executables by default; thus, you need to do the rebuilds
even if you already used GCC 6 beforehand.

If you do not follow these steps you may get spurious build
failures when the linker tries unsuccessfully to combine non-PIE
and PIE code.
=====================================



-- 
Andreas K. Hüttel
dilfridge@gentoo.org
Gentoo Linux developer (council, perl, libreoffice)

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 981 bytes --]

Re: [gentoo-dev] RFC v2: news item for the 17.0 profiles

[Alec Warner]

[-- Attachment #1: Type: text/plain, Size: 2641 bytes --]

On Tue, Oct 10, 2017 at 3:16 PM, Andreas K. Huettel <dilfridge@gentoo.org>
wrote:

> =====================================
> Title: New 17.0 profiles in the Gentoo repository
> Author: Andreas K. Hüttel <dilfridge@gentoo.org>
> Posted: xxxxxxx
> Revision: 1
> News-Item-Format: 2.0
> Display-If-Installed: >=sys-devel/gcc-6.4.0
>
> We have just added a new set of profiles with release version 17.0
> to the Gentoo repository. These bring three changes:
> 1) The default C++ language version for applications is now C++14.
>    This change is mostly relevant to Gentoo developers. It also
>    means, however, that compilers earlier than GCC 6 are masked
>    and not supported for use as a system compiler anymore. Feel
>    free to unmask them if you need them for specific applications.
> 2) Where supported, GCC will now build position-independent
>    executables (PIE) by default. This improves the overall
>    security fingerprint. The switch from non-PIE to PIE binaries,
>    however, requires some steps by users, as detailed below.
> 3) Up to now, hardened profiles were separate from the default
>    profile tree. Now they are moving into the 17.0 profile
>    as a feature there, similar to "no-multilib" and "systemd".
>
> Please consider switching from your current 13.0 profile to the
> corresponding 17.0 profile soon after GCC 6.4.0 has been
> stabilized on your architecture. The 13.0 profiles will be deprecated
> and removed in the near future.
>

Can you commit to a deadline on this?

Its OK to be wrong (e.g. say 1 month but remove in 3); but "near future" is
not actionable by readers.


>
> Switching involves the following steps:
> If not already done,
> * Use gcc-config to select gcc-6.4.0 (or later) as system compiler
> * Re-source /etc/profile:
>     . /etc/profile
> * Re-emerge libtool
> Then,
> * Select the new profile with eselect
> * Re-emerge, in this sequence, the selected gcc, binutils, and glibc
>     emerge -1 sys-devel/gcc:6.4.0
>     emerge -1 sys-devel/binutils
>     emerge -1 sys-libs/glibc
> * Rebuild your entire system
>     emerge -e world
>
> Switching the profile modifies the use-flags of GCC 6 to generate
> PIE executables by default; thus, you need to do the rebuilds
> even if you already used GCC 6 beforehand.
>
> If you do not follow these steps you may get spurious build
> failures when the linker tries unsuccessfully to combine non-PIE
> and PIE code.
> =====================================
>
>
>
> --
> Andreas K. Hüttel
> dilfridge@gentoo.org
> Gentoo Linux developer (council, perl, libreoffice)

[-- Attachment #2: Type: text/html, Size: 3439 bytes --]

Re: [gentoo-dev] RFC: news item for the 17.0 profiles

[Nils Freydank]

[-- Attachment #1: Type: text/plain, Size: 680 bytes --]

Am Dienstag, 10. Oktober 2017, 20:56:32 CEST schrieb Andreas K. Huettel:
> Am Dienstag, 10. Oktober 2017, 01:15:42 CEST schrieb Magnus Granberg:
> > 3) Hardened profiles will be moved to the 17.0 profile as sub profile.
> 
> Are there any special switching instructions for hardened that we need to
> add?
As far as I know hardened had the PIE enabled at least for a while, but it is 
possible to switch to a non-PIE subprofile via gcc-config for gcc <6.

It looks to me as there isn’t any emtytree world rebuild necessary, as long as 
someone comes from hardened with PIE enabled.
-- 
GPG fingerprint: '766B 8122 1342 6912 3401 492A 8B54 D7A3 FF3C DB17'
Holgersson

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

[gentoo-dev] Re: RFC: news item for the 17.0 profiles

[Duncan]

Andreas K. Huettel posted on Tue, 10 Oct 2017 21:02:32 +0200 as excerpted:

> Am Dienstag, 10. Oktober 2017, 04:10:13 CEST schrieb Duncan:
> 
>> One thing isn't clear here.  Is this sequence necessary due to the
>> profile switch itself, because the /profile/ enables PIE by default, or
>> is it gcc-6.4+ that enables PIE, and the profile simply forces the PIE
>> default by forcing gcc-6.4+?
> 
> Switching the profile changes the settings for building gcc (it switches
> a use-flag from forced-off to forced-on). A gcc-6 built with the 17.0
> profiles will produce PIE executables by default, a gcc-6 built with
> the 13.0 profiles will not.
> 
> I've added this paragraph:
> # Switching the profile modifies the settings of GCC 6 to generate
> # PIE executables by default; thus, you need to do the rebuilds
> # even if you already used GCC 6 beforehand.

Thanks.  Much clearer now. =:^)

(And I'll have some rebuilding to do.)

-- 
Duncan - List replies preferred.   No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master."  Richard Stallman

[gentoo-dev] Re: RFC v2: news item for the 17.0 profiles

[Duncan]

Alec Warner posted on Tue, 10 Oct 2017 15:28:41 -0400 as excerpted:

>> Please consider switching from your current 13.0 profile to the
>> corresponding 17.0 profile soon after GCC 6.4.0 has been stabilized on
>> your architecture. The 13.0 profiles will be deprecated and removed in
>> the near future.
>>
>>
> Can you commit to a deadline on this?
> 
> Its OK to be wrong (e.g. say 1 month but remove in 3); but "near future"
> is not actionable by readers.

Will the 13.0 profiles be removed all together, or per-arch?

If they're removed all at the same time, then the time-limiting factor 
will certainly be how long it takes the last arch to stabilize gcc-6.4+, 
something that's likely not entirely predictable but that might take some 
time, given gentoo's known issues with straggling archs.

If the existing profiles will be deprecated and removed per-arch, with 
some fixed time after gcc-6.4+ stabilizes on that arch as a goal, then 
the time for most popular and best maintained archs may be predicted now, 
but the time will differ for each one, so the best that could be done 
would be either a time range or a list of the known ones, with presently  
unknowns being added to the list in further revisions of the news item.

The other alternative might be to word it something like (1 year can be 6 
months or whatever instead, if that works better):

"13.0 profiles are set to be removed one year after the last arch 
stabilizes gcc-6.4+, with the goal for the gcc stabilization being the 
end of 2017, meaning 13.0 profile removal is planned for the end of 2018 
if all archs meet their gcc-6.4+ stabilization goal."

-- 
Duncan - List replies preferred.   No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master."  Richard Stallman

Re: [gentoo-dev] Re: RFC v2: news item for the 17.0 profiles

[Alec Warner]

[-- Attachment #1: Type: text/plain, Size: 2900 bytes --]

On Tue, Oct 10, 2017 at 11:56 PM, Duncan <1i5t5.duncan@cox.net> wrote:

> Alec Warner posted on Tue, 10 Oct 2017 15:28:41 -0400 as excerpted:
>
> >> Please consider switching from your current 13.0 profile to the
> >> corresponding 17.0 profile soon after GCC 6.4.0 has been stabilized on
> >> your architecture. The 13.0 profiles will be deprecated and removed in
> >> the near future.
> >>
> >>
> > Can you commit to a deadline on this?
> >
> > Its OK to be wrong (e.g. say 1 month but remove in 3); but "near future"
> > is not actionable by readers.
>
> Will the 13.0 profiles be removed all together, or per-arch?
>
> If they're removed all at the same time, then the time-limiting factor
> will certainly be how long it takes the last arch to stabilize gcc-6.4+,
> something that's likely not entirely predictable but that might take some
> time, given gentoo's known issues with straggling archs.
>

> If the existing profiles will be deprecated and removed per-arch, with
> some fixed time after gcc-6.4+ stabilizes on that arch as a goal, then
> the time for most popular and best maintained archs may be predicted now,
> but the time will differ for each one, so the best that could be done
> would be either a time range or a list of the known ones, with presently
> unknowns being added to the list in further revisions of the news item.
>

So my point isn't to be pedantic (that is why I said its OK to be
incorrect.)

"In the near future" to me could mean:

1) tomorrow
2) next week
3) next month
4) next quarter

If we wrote:

"The 13.0 profiles will be removed in six weeks, upgrade before then." Its
clear to the reader that
they should schedule this effort before the six weeks is up. It matters
less if the six weeks is true; the email
sets expectations regardless of the truth.

We could rewrite it further to avoid the pedantry and say:

"Please upgrade away from the 13.0 profiles in the next six weeks."

This also sets expectations for readers, but avoids any specific guarantee
around when Gentoo developers actually delete the 13.0 profiles.
The reality of when the work is done matters significantly less than the
expectation setting (as you imply there will likely be unknowable delays in
deprecation and so forth, but users shouldn't take that as an opportunity
to delay upgrades.)



>
> The other alternative might be to word it something like (1 year can be 6
> months or whatever instead, if that works better):
>
> "13.0 profiles are set to be removed one year after the last arch
> stabilizes gcc-6.4+, with the goal for the gcc stabilization being the
> end of 2017, meaning 13.0 profile removal is planned for the end of 2018
> if all archs meet their gcc-6.4+ stabilization goal."
>
> --
> Duncan - List replies preferred.   No HTML msgs.
> "Every nonfree program has a lord, a master --
> and if you use the program, he is your master."  Richard Stallman
>
>
>

[-- Attachment #2: Type: text/html, Size: 4112 bytes --]

Re: [gentoo-dev] RFC v2: news item for the 17.0 profiles

[Walter Dnes]

> Display-If-Installed: >=sys-devel/gcc-6.4.0

[...snip...]

> Switching the profile modifies the use-flags of GCC 6 to generate
> PIE executables by default; thus, you need to do the rebuilds
> even if you already used GCC 6 beforehand.
> 
> If you do not follow these steps you may get spurious build
> failures when the linker tries unsuccessfully to combine non-PIE
> and PIE code.
> =====================================

  I'm on 6.3.0 on x86, which is currently unstable on *ALL* arches, and
"emerge -pv =sys-devel/gcc-6.3.0" shows "(-pie)".  Two questions...

1) Will 6.3.0 be skipped for stabilization?

2) If someone decides to override and set "-pie" in USE, will their
current systems continue to function?  On a new install I'll go with
the default, but "emerge -e" takes a long time on my current machine.
It's an ancient 2008 CORE2 with 3 gigs of ram, but it works fine for
me, including Youtube 1080P streaming.

-- 
Walter Dnes <waltdnes@waltdnes.org>
I don't run "desktop environments"; I run useful applications

Re: [gentoo-dev] RFC v2: news item for the 17.0 profiles

[Aaron W. Swenson]

[-- Attachment #1: Type: text/plain, Size: 916 bytes --]

On 2017-10-10 21:16, Andreas K. Huettel wrote:
> …
> Switching involves the following steps:
> If not already done,
> * Use gcc-config to select gcc-6.4.0 (or later) as system compiler
> * Re-source /etc/profile:
>     . /etc/profile
> * Re-emerge libtool

Should probably instruct users to upgrade all packages first because it
can be, as I’ve experienced, nearly impossible to upgrade GCC if the
world isn’t up to the latest stable.

An ‘emerge -avuDN world’ should do the trick as a first step.

> Then,
> * Select the new profile with eselect
> * Re-emerge, in this sequence, the selected gcc, binutils, and glibc
>     emerge -1 sys-devel/gcc:6.4.0
>     emerge -1 sys-devel/binutils
>     emerge -1 sys-libs/glibc

Some of these can take a while. Maybe we want to spell it out:

for p in sys-devel/gcc:6.4.0 sys-devel/binutils sys-libs/glibc; do
emerge -1 $p || break
done

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 376 bytes --]

Re: [gentoo-dev] RFC v2: news item for the 17.0 profiles

[Robin H. Johnson]

[-- Attachment #1: Type: text/plain, Size: 535 bytes --]

On Wed, Oct 11, 2017 at 08:10:02AM -0400, Aaron W. Swenson wrote:
> Some of these can take a while. Maybe we want to spell it out:
> 
> for p in sys-devel/gcc:6.4.0 sys-devel/binutils sys-libs/glibc; do
> emerge -1 $p || break
> done
Is gcc-config/binutils-config needed in this sequence as well?

-- 
Robin Hugh Johnson
Gentoo Linux: Dev, Infra Lead, Foundation Asst. Treasurer
E-Mail   : robbat2@gentoo.org
GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85
GnuPG FP : 7D0B3CEB E9B85B1F 825BCECF EE05E6F6 A48F6136

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 1113 bytes --]

Re: [gentoo-dev] RFC v2: news item for the 17.0 profiles

[Walter Dnes]

On Wed, Oct 11, 2017 at 12:41:06AM -0400, Walter Dnes wrote

>   I'm on 6.3.0 on x86, which is currently unstable on *ALL* arches, and
> "emerge -pv =sys-devel/gcc-6.3.0" shows "(-pie)".

   And x86 32-bit gcc-6.4.0 shows (-pie) as well...

==========================================================================

[d531][waltdnes][~] ACCEPT_KEYWORDS="~x86" emerge -pv =sys-devel/gcc-6.4.0

These are the packages that would be merged, in order:

Calculating dependencies... done!
[ebuild  NS    ] sys-devel/gcc-6.4.0:6.4.0::gentoo [6.3.0:6.3.0::gentoo] USE="cxx fortran nptl openmp sanitize vtv (-altivec) (-awt) -cilk -debug -doc (-fixed-point) (-gcj) -go -graphite (-hardened) (-jit) (-libssp) -mpx (-multilib) -nls -objc -objc++ -objc-gc -pch -pgo (-pie) -regression-test -ssp -vanilla" 74,379 KiB

-- 
Walter Dnes <waltdnes@waltdnes.org>
I don't run "desktop environments"; I run useful applications

Re: [gentoo-dev] RFC v2: news item for the 17.0 profiles

[Brian Evans]

[-- Attachment #1.1: Type: text/plain, Size: 971 bytes --]

On 10/11/2017 04:33 PM, Walter Dnes wrote:
> On Wed, Oct 11, 2017 at 12:41:06AM -0400, Walter Dnes wrote
> 
>>   I'm on 6.3.0 on x86, which is currently unstable on *ALL* arches, and
>> "emerge -pv =sys-devel/gcc-6.3.0" shows "(-pie)".
> 
>    And x86 32-bit gcc-6.4.0 shows (-pie) as well...
> 
> ==========================================================================
> 
> [d531][waltdnes][~] ACCEPT_KEYWORDS="~x86" emerge -pv =sys-devel/gcc-6.4.0
> 
> These are the packages that would be merged, in order:
> 
> Calculating dependencies... done!
> [ebuild  NS    ] sys-devel/gcc-6.4.0:6.4.0::gentoo [6.3.0:6.3.0::gentoo] USE="cxx fortran nptl openmp sanitize vtv (-altivec) (-awt) -cilk -debug -doc (-fixed-point) (-gcj) -go -graphite (-hardened) (-jit) (-libssp) -mpx (-multilib) -nls -objc -objc++ -objc-gc -pch -pgo (-pie) -regression-test -ssp -vanilla" 74,379 KiB
> 

It gets forced on with the 17.0 profile.  Did you switch yet?

Brian


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 981 bytes --]

Re: [gentoo-dev] RFC v2: news item for the 17.0 profiles

[Walter Dnes]

On Wed, Oct 11, 2017 at 07:28:12PM -0400, Brian Evans wrote

> It gets forced on with the 17.0 profile.  Did you switch yet?

  Not yet.  I'm currently delving further into an obscure ebuild failure
for python, so that I can submit a more detailed bug report.  Once I get
that done (I already have a workaround), I'll look at the profile jump.

-- 
Walter Dnes <waltdnes@waltdnes.org>
I don't run "desktop environments"; I run useful applications

[gentoo-dev] Re: RFC: news item for the 17.0 profiles

[Duncan]

Duncan posted on Wed, 11 Oct 2017 03:31:55 +0000 as excerpted:

> Andreas K. Huettel posted on Tue, 10 Oct 2017 21:02:32 +0200 as
> excerpted:
> 
>> Switching the profile changes the settings for building gcc (it
>> switches a use-flag from forced-off to forced-on). A gcc-6 built with
>> the 17.0 profiles will produce PIE executables by default, a gcc-6
>> built with the 13.0 profiles will not.
>> 
>> I've added this paragraph:
>> # Switching the profile modifies the settings of GCC 6 to generate
>> # PIE executables by default; thus, you need to do the rebuilds
>> # even if you already used GCC 6 beforehand.
> 
> Thanks.  Much clearer now. =:^)
> 
> (And I'll have some rebuilding to do.)

Actually it seems not.  I had forgotten this from my 
/etc/portage/profile/package.use.mask (along with the appropriate system-
wide USE flag):

# 2017.0513 Now that I have gcc-pie enabled, don't want
# the new profile package.use.mask.  See the
# "[PATCH] profiles: update pie use-flag masks for sys-devel/gcc"
# thread, OP on Thursday, 11 May 2017
# by Mathias Maier <tamiko@gentoo.org on gentoo-devel
sys-devel/gcc           -pie

I had turned it on already by the time of the mask, and unmasked to avoid 
turning it off and rebuilding again, once it was on system-wide and the 
mask was trying to turn it off again, which would have forced another 
system-wide rebuild then, and yet /another/ one now.

Of course that's a big part of why I as a responsible gentoo-based-system 
sysadmin follow this list, to see such changes coming down the pike and 
take appropriate measures before they hit me and the systems I administer 
(only my own, but that's no reason not to take the job seriously)
head-on. =:^)

So AFAICS my profile upgrade should be just a matter of flipping the 
symlink. I guess I'll find out in the next few days.  =:^)

-- 
Duncan - List replies preferred.   No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master."  Richard Stallman

Re: [gentoo-dev] Re: RFC v2: news item for the 17.0 profiles

[Andreas K. Huettel]

[-- Attachment #1: Type: text/plain, Size: 751 bytes --]

Am Mittwoch, 11. Oktober 2017, 06:24:44 CEST schrieb Alec Warner:
> 
> "Please upgrade away from the 13.0 profiles in the next six weeks."
> 

Good idea. Here's what I wrote:

Please upgrade away from the 13.0 profiles within the six weeks after
GCC 6.4.0 has been stabilized on your architecture. The 13.0 profiles
will be deprecated then and removed in half a year.

[I'd very much like to remove them faster, but am not sure about upgrade paths 
and recommended deprecation times. It may become necessary to mask more and 
more packages in the 13.0 tree over the half year since devs will start to 
depend on c++11 only libraries...]

-- 
Andreas K. Hüttel
dilfridge@gentoo.org
Gentoo Linux developer (council, perl, libreoffice)

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 981 bytes --]

Re: [gentoo-dev] RFC v2: news item for the 17.0 profiles

[Andreas K. Huettel]

[-- Attachment #1: Type: text/plain, Size: 1115 bytes --]

Am Mittwoch, 11. Oktober 2017, 06:41:06 CEST schrieb Walter Dnes:
> 
> 1) Will 6.3.0 be skipped for stabilization?

Yes. 

(Actually I'd prefer to drop it yesterday, but didn't manage to wake up enough 
toolchain team members for that.)

> 
> 2) If someone decides to override and set "-pie" in USE, will their
> current systems continue to function? 

Yes. 

(Though technically if you override masked/forced flags you lose your warranty. 
:)

Depending on your system the fallout from 1) switching pie on and 2) *not* 
rebuilding *world* *may* be rather small. You'll get some spurious link 
errors, especially when static libraries are involved, and may have to 
manually rebuild dependencies. If you're willing to deal with that (and 
promise not to file bugs) ...

> On a new install I'll go with
> the default, but "emerge -e" takes a long time on my current machine.
> It's an ancient 2008 CORE2 with 3 gigs of ram, but it works fine for
> me, including Youtube 1080P streaming.


-- 
Andreas K. Hüttel
dilfridge@gentoo.org
Gentoo Linux developer (council, perl, libreoffice)

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 981 bytes --]

Re: [gentoo-dev] RFC v2: news item for the 17.0 profiles

[Andreas K. Huettel]

[-- Attachment #1: Type: text/plain, Size: 522 bytes --]

Am Mittwoch, 11. Oktober 2017, 18:45:37 CEST schrieb Robin H. Johnson:
> On Wed, Oct 11, 2017 at 08:10:02AM -0400, Aaron W. Swenson wrote:
> > Some of these can take a while. Maybe we want to spell it out:
> > 
> > for p in sys-devel/gcc:6.4.0 sys-devel/binutils sys-libs/glibc; do
> > emerge -1 $p || break
> > done
> 
> Is gcc-config/binutils-config needed in this sequence as well?

I don't think so. Magnus?

-- 
Andreas K. Hüttel
dilfridge@gentoo.org
Gentoo Linux developer (council, perl, libreoffice)

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 981 bytes --]

[gentoo-dev] Re: RFC v2: news item for the 17.0 profiles

[Duncan]

Andreas K. Huettel posted on Fri, 13 Oct 2017 00:51:23 +0200 as excerpted:

> Am Mittwoch, 11. Oktober 2017, 06:24:44 CEST schrieb Alec Warner:
>> 
>> "Please upgrade away from the 13.0 profiles in the next six weeks."
>> 
>> 
> Good idea. Here's what I wrote:
> 
> Please upgrade away from the 13.0 profiles within the six weeks after
> GCC 6.4.0 has been stabilized on your architecture. The 13.0 profiles
> will be deprecated then and removed in half a year.

Looks good. =:^)

> [I'd very much like to remove them faster, but am not sure about upgrade
> paths and recommended deprecation times. It may become necessary to mask
> more and more packages in the 13.0 tree over the half year since devs
> will start to depend on c++11 only libraries...]

Ouch.  Good reason to ensure the upgrade is done, and a total of 7.5 
months from the last arch upgrade does seem reasonable.

Tho gentoo has historically tried to ensure at least a year's upgrade 
path, for those who have a year's military or volunteer service, during 
which they're away from their gentoo machines, for instance.

Personally, I have occasionally upgraded (secondary, off-net) machines 
after even longer (to 2.5 years, IIRC), but that has been while keeping 
my main machine current, so I had a memory of how to fix breakage and the 
configuration of the updated machine to reference while bringing the 
secondary machine current, a few packages at a time.

And my own position, based on that experience, is that if you've not been 
doing /any/ gentooing for anything close to a year, it's very likely that 
simply starting over with a new stage3, probably in a chroot so you can 
use the existing install until the new install is up and running, is 
going to be easier.

So 7.5 months does seem reasonable, to me at least. =:^)

-- 
Duncan - List replies preferred.   No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master."  Richard Stallman

[gentoo-dev] Re: RFC v2: news item for the 17.0 profiles

[Kristian Fiskerstrand]

[-- Attachment #1.1: Type: text/plain, Size: 311 bytes --]

On 10/10/2017 09:16 PM, Andreas K. Huettel wrote:
>     emerge -e world

we should use "@world" for sets to be consistent with recommendations to
users here.

-- 
Kristian Fiskerstrand
OpenPGP keyblock reachable at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

Re: [gentoo-dev] RFC v2: news item for the 17.0 profiles

[Dirkjan Ochtman]

[-- Attachment #1: Type: text/plain, Size: 640 bytes --]

On Tue, Oct 10, 2017 at 9:16 PM, Andreas K. Huettel <dilfridge@gentoo.org>
wrote:

> =====================================
> Title: New 17.0 profiles in the Gentoo repository
> Author: Andreas K. Hüttel <dilfridge@gentoo.org>
> Posted: xxxxxxx
> Revision: 1
> News-Item-Format: 2.0
> Display-If-Installed: >=sys-devel/gcc-6.4.0
>

So gcc-6.4.0 is now in stable on amd64, when do we expect the news item to
land? I was looking at testing the procedure out, but noticed eselect still
doesn't show the 17.0 profiles (I know I can twiddle the symlink instead,
but would like to test the full procedure).

Regards,

Dirkjan

[-- Attachment #2: Type: text/html, Size: 1062 bytes --]

Re: [gentoo-dev] RFC v2: news item for the 17.0 profiles

[Andreas K. Huettel]

[-- Attachment #1: Type: text/plain, Size: 712 bytes --]

Am Dienstag, 28. November 2017, 12:43:59 CET schrieb Dirkjan Ochtman:
> > =====================================
> > Title: New 17.0 profiles in the Gentoo repository
> > Author: Andreas K. Hüttel <dilfridge@gentoo.org>
> 
> So gcc-6.4.0 is now in stable on amd64, when do we expect the news item to
> land? I was looking at testing the procedure out, but noticed eselect still
> doesn't show the 17.0 profiles (I know I can twiddle the symlink instead,
> but would like to test the full procedure).

Over the next days, likely on the weekend. Just too busy with other (non-
gentoo) stuff atm...

-a

-- 
Andreas K. Hüttel
dilfridge@gentoo.org
Gentoo Linux developer (council, perl, libreoffice)

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 981 bytes --]

Re: [gentoo-dev] RFC: news item for the 17.0 profiles

[Toralf Förster]

[-- Attachment #1.1: Type: text/plain, Size: 368 bytes --]

On 10/10/2017 11:27 PM, Nils Freydank wrote:
> It looks to me as there isn’t any emtytree world rebuild necessary, as long as 
> someone comes from hardened with PIE enabled.

Furthermore I do wonder if even rebuilding GCC is necessary - except for
changed USE flags - for a hardened user already having PIE enabled ?

-- 
Toralf
PGP 23217DA7 9B888F45



[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]