From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 7CEF7139694 for ; Wed, 10 May 2017 09:20:07 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 0D6D921C07D; Wed, 10 May 2017 09:19:54 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id A699D21C039 for ; Wed, 10 May 2017 09:19:53 +0000 (UTC) Received: from [10.100.0.22] (host-37-191-226-104.lynet.no [37.191.226.104]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: k_f) by smtp.gentoo.org (Postfix) with ESMTPSA id 0E0FB34169C; Wed, 10 May 2017 09:19:51 +0000 (UTC) Subject: Re: [gentoo-dev] [RFC] News item: GCC 6 defaults to USE="pie ssp", v2 To: gentoo-dev@lists.gentoo.org, Alexis Ballier References: <874lwu9c13.fsf@kestrel.kyomu.43-1.org> <87inl9y43x.fsf@kestrel.kyomu.43-1.org> <20170510095221.538bbce1@gentoo.org> From: Kristian Fiskerstrand Message-ID: <830a66d7-5102-cf5c-fadd-add67f48ad04@gentoo.org> Date: Wed, 10 May 2017 11:19:45 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.1.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 In-Reply-To: <20170510095221.538bbce1@gentoo.org> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="GV7AXF04OJQB29fexVsusfR7jOFQIAOEL" X-Archives-Salt: 274e4536-14ff-4d6c-aa16-7d6a9c9fac7b X-Archives-Hash: 5eb95cb48b27a93335d8f4df77a771f8 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --GV7AXF04OJQB29fexVsusfR7jOFQIAOEL Content-Type: multipart/mixed; boundary="VoVsbTqckewhHqCTDAKFarQxF9RUOadAq"; protected-headers="v1" From: Kristian Fiskerstrand Reply-To: k_f@gentoo.org To: gentoo-dev@lists.gentoo.org, Alexis Ballier Message-ID: <830a66d7-5102-cf5c-fadd-add67f48ad04@gentoo.org> Subject: Re: [gentoo-dev] [RFC] News item: GCC 6 defaults to USE="pie ssp", v2 References: <874lwu9c13.fsf@kestrel.kyomu.43-1.org> <87inl9y43x.fsf@kestrel.kyomu.43-1.org> <20170510095221.538bbce1@gentoo.org> In-Reply-To: <20170510095221.538bbce1@gentoo.org> --VoVsbTqckewhHqCTDAKFarQxF9RUOadAq Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 05/10/2017 09:52 AM, Alexis Ballier wrote: > On Tue, 09 May 2017 18:58:42 -0500 > Matthias Maier wrote: >=20 >> This is a reworded news item (assuming we proceed with the plan to >> default-enable USE=3Dpie). Suggestions for improving the emerge comman= d >> to fix static archives is highly welcomed. >> >=20 > Really, I think the slot to have pie for gcc 6 has been missed by > default-enabling it only recently. We should aim for gcc 7 at least and= > have proper testing. >=20 > And add a few safety nets: A portage warning when installing non-pie > binaries, something that dies with FEATURES=3Dstrict or stricter, like > the textrel one we have. That is to avoid the quick n dirty > 'append-ldflags -no-pie' that makes the whole thing about forcing pie > questionable. If possible, detect static archives that have relocations= > too. >=20 > Ideally provide a system scanning tool for the above too. >=20 >=20 > After a few months of masked gcc7 like that we'll have enough data to > decide on a proper plan. It'll probably be good to get QA in the loop > and make this a QA goal too. >=20 Sounds like a reasonable action plan. The consequences of such a change definitely seems to be sufficiently high to merit a proper migration plan which doesn't seem to have been established at this point. Whether that can be added to a later point with gcc6 (e.g by adding a new profile, or a later point release) I don't have strong opinions on, but there should be a plan and proper overview of the consequences. --=20 Kristian Fiskerstrand OpenPGP keyblock reachable at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 --VoVsbTqckewhHqCTDAKFarQxF9RUOadAq-- --GV7AXF04OJQB29fexVsusfR7jOFQIAOEL Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEtOrRIMf4mkrqRycHJQt6/tY3nYUFAlkS2zEACgkQJQt6/tY3 nYWywwf/YTwhmogKuE8DjuS+uUX/BiE4/AP5co7tx3krOh0O5Kr1Zm/kQZpQRwzM 2JV27fRaaivDbrJgU4qfR7sUdE5g/jBHrHe3X/ftyNxTPNPp1nu1ZaUrz9ew8o3N Pz+S02tv7N8ir8/IRxA5oWqxKkqFC40Z9Z4nNVCflj+66phZAGHqLgJ52a0HaYn2 KjyDbzoioqQTKbO7NXESyIl4EwR9/Kg4pCgQccYYadC4E/3bf3pZOEqfja6L8QRn UVVx43DZnOVr+yDQNToS3+bpY7aU18pVEu+E9gi/tlG8WPN8ZvD14GWk9UqXFzNG Ry1FiOQVu6sLUQM2hmxvGpD79SrSkQ== =9C4k -----END PGP SIGNATURE----- --GV7AXF04OJQB29fexVsusfR7jOFQIAOEL--