* [gentoo-dev] [PATCH] profiles: update pie use-flag masks for sys-devel/gcc
@ 2017-05-12 0:17 Matthias Maier
2017-05-12 0:17 ` Matthias Maier
2017-05-12 2:45 ` [gentoo-dev] " Duncan
0 siblings, 2 replies; 5+ messages in thread
From: Matthias Maier @ 2017-05-12 0:17 UTC (permalink / raw
To: gentoo-dev; +Cc: toolchain, embedded
Hello all,
In light of the recent discussion, I will restore the status quo for the
pie use-flag: masked on non-hardened profiles, unmasked and forced on
hardened profiles.
The next step will be to switch the pie use-flag on default profiles from
masked to unmasked/forced with a profile update.
Best,
Matthias
^ permalink raw reply [flat|nested] 5+ messages in thread
* [gentoo-dev] [PATCH] profiles: update pie use-flag masks for sys-devel/gcc
2017-05-12 0:17 [gentoo-dev] [PATCH] profiles: update pie use-flag masks for sys-devel/gcc Matthias Maier
@ 2017-05-12 0:17 ` Matthias Maier
2017-05-12 2:45 ` [gentoo-dev] " Duncan
1 sibling, 0 replies; 5+ messages in thread
From: Matthias Maier @ 2017-05-12 0:17 UTC (permalink / raw
To: gentoo-dev; +Cc: toolchain, embedded
- mask pie for sys-devel/gcc unconditionally in base/
- selectively unmask pie use-flag for hardened/linux and
hardened/linux/musl profiles
---
profiles/arch/amd64/package.use.mask | 4 ----
profiles/arch/base/package.use.mask | 4 ----
profiles/base/package.use.mask | 4 ++++
profiles/hardened/linux/musl/amd64/package.use.mask | 4 ----
profiles/hardened/linux/musl/package.use.mask | 4 ++++
profiles/hardened/linux/package.use.mask | 4 ++++
6 files changed, 12 insertions(+), 12 deletions(-)
diff --git a/profiles/arch/amd64/package.use.mask b/profiles/arch/amd64/package.use.mask
index 372ea9c..cb0fafd 100644
--- a/profiles/arch/amd64/package.use.mask
+++ b/profiles/arch/amd64/package.use.mask
@@ -34,10 +34,6 @@ dev-lang/ocaml -spacetime
# nvidia drivers are unmasked here
media-video/ffmpeg -nvenc
-# Magnus Granberg <zorry@gentoo.org> (18 Jan 2017)
-# masked in base, unmask for amd64
->=sys-devel/gcc-6.3.0 -pie
-
# Luke Dashjr <luke-jr+gentoobugs@utopios.org> (04 Jan 2017)
# Assembly optimisations are supported on amd64 for all versions
dev-libs/libsecp256k1 -asm
diff --git a/profiles/arch/base/package.use.mask b/profiles/arch/base/package.use.mask
index 5adfb6a..a9d8a52 100644
--- a/profiles/arch/base/package.use.mask
+++ b/profiles/arch/base/package.use.mask
@@ -22,10 +22,6 @@ media-video/ffmpeg nvenc
# media-libs/raspberrypi-userland not keyworded
media-video/motion mmal
-# Magnus Granberg <zorry@gentoo.org> (18 Jan 2017)
-# Mask it globally, unmask it on supported arch
->=sys-devel/gcc-6.2.0 pie
-
# Luke Dashjr <luke-jr+gentoobugs@utopios.org> (04 Jan 2017)
# Mask assembly optimisations that are platform-specific
dev-libs/libsecp256k1 asm
diff --git a/profiles/base/package.use.mask b/profiles/base/package.use.mask
index 9f55b27..68fe87a 100644
--- a/profiles/base/package.use.mask
+++ b/profiles/base/package.use.mask
@@ -7,6 +7,10 @@
# This file is only for generic masks. For arch-specific masks (i.e.
# mask everywhere, unmask on arch/*) use arch/base.
+# Matthias Maier <tamiko@gentoo.org> (11 May 2017)
+# Globally mask pie use flag. Selectively unmask on specific profiles.
+sys-devel/gcc pie
+
# Mike Gilbert <floppym@gentoo.org> (28 Apr 2017)
# Needs sandbox-2.11 (masked)
>=www-client/chromium-59 tcmalloc
diff --git a/profiles/hardened/linux/musl/amd64/package.use.mask b/profiles/hardened/linux/musl/amd64/package.use.mask
index e2d77b0..49830f8 100644
--- a/profiles/hardened/linux/musl/amd64/package.use.mask
+++ b/profiles/hardened/linux/musl/amd64/package.use.mask
@@ -1,6 +1,2 @@
# Copyright 1999-2017 Gentoo Foundation.
# Distributed under the terms of the GNU General Public License v2
-
-# Matthias Maier <tamiko@genoto.org> (07 May 2017)
-# masked in arch/base, unmask for hardened/musl/amd64
->=sys-devel/gcc-6.3.0 -pie
diff --git a/profiles/hardened/linux/musl/package.use.mask b/profiles/hardened/linux/musl/package.use.mask
index 9078b7c..d66f247 100644
--- a/profiles/hardened/linux/musl/package.use.mask
+++ b/profiles/hardened/linux/musl/package.use.mask
@@ -1,6 +1,10 @@
# Copyright 1999-2015 Gentoo Foundation.
# Distributed under the terms of the GNU General Public License v2
+# Matthias Maier <tamiko@genoto.org> (11 May 2017)
+# masked in base, unmask for hardened/musl/
+sys-devel/gcc -pie
+
# See bug #504200
sys-devel/gcc sanitize
diff --git a/profiles/hardened/linux/package.use.mask b/profiles/hardened/linux/package.use.mask
index 4178151..4a80418 100644
--- a/profiles/hardened/linux/package.use.mask
+++ b/profiles/hardened/linux/package.use.mask
@@ -1,6 +1,10 @@
# Copyright 1999-2017 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
+# Matthias Maier <tamiko@gentoo.org> (11 May 2017)
+# masked in base, unmask for hardened profiles
+sys-devel/gcc -pie
+
# Ilya Tumaykin <itumaykin+gentoo@gmail.com> (19 Jan 2017)
# Requires x11-drivers/nvidia-drivers. Needs testing first.
media-video/mpv cuda
--
2.10.2
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [gentoo-dev] Re: [PATCH] profiles: update pie use-flag masks for sys-devel/gcc
2017-05-12 0:17 [gentoo-dev] [PATCH] profiles: update pie use-flag masks for sys-devel/gcc Matthias Maier
2017-05-12 0:17 ` Matthias Maier
@ 2017-05-12 2:45 ` Duncan
2017-05-12 3:25 ` Jonathan Callen
1 sibling, 1 reply; 5+ messages in thread
From: Duncan @ 2017-05-12 2:45 UTC (permalink / raw
To: gentoo-dev
Matthias Maier posted on Thu, 11 May 2017 19:17:51 -0500 as excerpted:
> In light of the recent discussion, I will restore the status quo for the
> pie use-flag: masked on non-hardened profiles, unmasked and forced on
> hardened profiles.
>
> The next step will be to switch the pie use-flag on default profiles
> from masked to unmasked/forced with a profile update.
For those of us who already have a default-pie system and now that we do,
don't want to go back, what's the prescribed override? I've never felt
the need to override a masked flag like that, before.
(I'm sure I could find the general documentation and handle it myself,
but I'm equally sure that there's likely to be others in my situation by
now, and we shouldn't /all/ need to figure it out on our own.)
(As some may remember, yes, I do have USE="-* ..." set, so didn't get pie
with the initial gcc6 emerge and @world rebuild, but I was persuaded by
the discussion here to try it, second global rebuild, and so far it
works. So both because it's supposed to be safer and because I don't
want to do now a /third/ global rebuild, I strongly prefer to keep it,
now that I have it, and no issues so far.)
--
Duncan - List replies preferred. No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master." Richard Stallman
^ permalink raw reply [flat|nested] 5+ messages in thread
* [gentoo-dev] Re: [PATCH] profiles: update pie use-flag masks for sys-devel/gcc
2017-05-12 2:45 ` [gentoo-dev] " Duncan
@ 2017-05-12 3:25 ` Jonathan Callen
2017-05-12 4:56 ` Duncan
0 siblings, 1 reply; 5+ messages in thread
From: Jonathan Callen @ 2017-05-12 3:25 UTC (permalink / raw
To: gentoo-dev
[-- Attachment #1.1: Type: text/plain, Size: 1857 bytes --]
On 05/11/2017 10:45 PM, Duncan wrote:
> Matthias Maier posted on Thu, 11 May 2017 19:17:51 -0500 as excerpted:
>
>> In light of the recent discussion, I will restore the status quo for the
>> pie use-flag: masked on non-hardened profiles, unmasked and forced on
>> hardened profiles.
>>
>> The next step will be to switch the pie use-flag on default profiles
>> from masked to unmasked/forced with a profile update.
>
> For those of us who already have a default-pie system and now that we do,
> don't want to go back, what's the prescribed override? I've never felt
> the need to override a masked flag like that, before.
>
> (I'm sure I could find the general documentation and handle it myself,
> but I'm equally sure that there's likely to be others in my situation by
> now, and we shouldn't /all/ need to figure it out on our own.)
>
> (As some may remember, yes, I do have USE="-* ..." set, so didn't get pie
> with the initial gcc6 emerge and @world rebuild, but I was persuaded by
> the discussion here to try it, second global rebuild, and so far it
> works. So both because it's supposed to be safer and because I don't
> want to do now a /third/ global rebuild, I strongly prefer to keep it,
> now that I have it, and no issues so far.)
>
In general, to override a package.use{,.stable}.{mask,force} entry in
your profile, you add an entry to the same file in /etc/portage/profile/
that turns off the mask/force value in the profile. In this case, you
would add a line like:
>=sys-devel/gcc-6.3.0 -pie
to the /etc/portage/profile/package.use.mask file (creating the
file/parent directory as needed). If a flag is masked/forced for all
packages in use.{mask,force}, then you would add a line like "-foo" to
the use.{mask,force} file in /etc/portage/profile/.
--
Jonathan Callen
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* [gentoo-dev] Re: [PATCH] profiles: update pie use-flag masks for sys-devel/gcc
2017-05-12 3:25 ` Jonathan Callen
@ 2017-05-12 4:56 ` Duncan
0 siblings, 0 replies; 5+ messages in thread
From: Duncan @ 2017-05-12 4:56 UTC (permalink / raw
To: gentoo-dev
Jonathan Callen posted on Thu, 11 May 2017 23:25:24 -0400 as excerpted:
> In this case, you would add a line like:
>
> >=sys-devel/gcc-6.3.0 -pie
>
> to the /etc/portage/profile/package.use.mask file (creating the
> file/parent directory as needed). If a flag is masked/forced for all
> packages in use.{mask,force}, then you would add a line like "-foo" to
> the use.{mask,force} file in /etc/portage/profile/.
Thanks. As I said I doubt I'm the only one who will find this useful.
=:^)
--
Duncan - List replies preferred. No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master." Richard Stallman
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2017-05-12 5:00 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-05-12 0:17 [gentoo-dev] [PATCH] profiles: update pie use-flag masks for sys-devel/gcc Matthias Maier
2017-05-12 0:17 ` Matthias Maier
2017-05-12 2:45 ` [gentoo-dev] " Duncan
2017-05-12 3:25 ` Jonathan Callen
2017-05-12 4:56 ` Duncan
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox