From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 43758158041 for ; Sat, 16 Mar 2024 16:17:06 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 32B11E29E2; Sat, 16 Mar 2024 16:17:01 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id C8F6EE29BB for ; Sat, 16 Mar 2024 16:17:00 +0000 (UTC) From: "Andreas K. Huettel" To: gentoo-dev@lists.gentoo.org Cc: Duncan <1i5t5.duncan@cox.net> Subject: Re: [gentoo-dev] Re: Profile 23.0 testing with stages and binhost (part 2 of 2) Date: Sat, 16 Mar 2024 17:16:47 +0100 Message-ID: <4288192.1IzOArtZ34@noumea> Organization: Gentoo Linux In-Reply-To: References: <23517098.6Emhk5qWAg@noumea> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart2753881.BddDVKsqQX"; micalg="pgp-sha256"; protocol="application/pgp-signature" X-Archives-Salt: 5afda818-4740-428a-a0e1-8f5506af839e X-Archives-Hash: 72005b85967b8b1b90eb2e02fd20b71f --nextPart2753881.BddDVKsqQX Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="iso-8859-1"; protected-headers="v1" From: "Andreas K. Huettel" To: gentoo-dev@lists.gentoo.org Cc: Duncan <1i5t5.duncan@cox.net> Date: Sat, 16 Mar 2024 17:16:47 +0100 Message-ID: <4288192.1IzOArtZ34@noumea> Organization: Gentoo Linux In-Reply-To: MIME-Version: 1.0 Am Samstag, 16. M=E4rz 2024, 13:12:04 CET schrieb Duncan: > Andreas K. Huettel posted on Fri, 15 Mar 2024 19:12:54 +0100 as excerpted: >=20 > > Note 3: amd64 now has CET turned on by default. > > https://docs.kernel.org/next/x86/shstk.html If you have already used the > > unannounced 23.0 profiles, you should wipe your package cache and emerge > > -ev world now. >=20 > There's not much about CET in any of the links. While the kernel.org lin= k=20 > describes what it does (in a line, "yese": yet another security=20 > enhancement) a bit, it doesn't say how to actually find whether your=20 > hardware supports it, and the gentoo wiki and bug links say even less --= =20 > in particular, unless I missed it, the changes and update instructions=20 > links don't appear to mention CET or shadow-stacks AT ALL. That's because it was a last-minute addition, and not particularly well thought through. :| Ignore Note 3. The part about emerge -ev world is just plain wrong for now. =2D-=20 Andreas K. H=FCttel dilfridge@gentoo.org Gentoo Linux developer=20 (council, comrel, toolchain, base-system, perl, libreoffice) https://wiki.gentoo.org/wiki/User:Dilfridge --nextPart2753881.BddDVKsqQX Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part. Content-Transfer-Encoding: 7Bit -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEE/Rnm0xsZLuTcY+rT3CsWIV7VQSoFAmX1xe8ACgkQ3CsWIV7V QSqUdA//ZFfgsviuUEr8Lrej8coy6kI2o+B/6BConEClVmrUfvYIyIBrtXoWB6AY 1uiYZM0yeTGCVphn18VRcFmyxPXnNwc+Hn0SJ6Q4qBV/WVCrUj0o1KqJrG73VGnt Vu7MpSABGWK4lDrc4u6Jml7Jeb/S7YHbCnmfDBqhxZ8CPRwgFQoV7n+FnCDg1iY2 Hx+YP1GmUrhYVLj6TFtVRHiSWfvC4Wicsa2fC6uEDsijdv1Dg3adZ6Fpi9IlYR98 6yQlbWEs5UZzuYSr9aFmHV6ZiwrzS9ZRQjkk/K/UVpRT/92XPbZLoKTRbd9pivrR 9+eGucBWIpNnfjL09xj39S3zs5wAPj83lHoqBDImS+WQArllp2ludu5EIe+AgC3B CJNdtswflg9Cdzp4vnd1FHc2ya7dn0DJ3296t6YhbcgAKukA+4qMeIGB1e3BFX/N 9pT0p7K3Nh8JFG5rr6YL5WJuaTluTtraYxHNLsBFpP0pH+ph22rL65wOgg6ghKXU 4FwEWzXqgZ94u9rfPrJerR5Rwodqi31R8gDBnfyWkkF6m+4aFmL3STfkusCKN1yw DgtExQbibM0iXwD5NBxOvEBi5kGtPmU/MxfTWnCmjcqyPBcDT5A5YhoVRphyvdCW nbUk23BpvrwRddceuj9gUqyAQXzt3Ao9QH1H/Qa/SnwbaRXzfZ8= =o2o9 -----END PGP SIGNATURE----- --nextPart2753881.BddDVKsqQX--