From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1RJTAL-00080M-Mj for garchives@archives.gentoo.org; Thu, 27 Oct 2011 16:50:54 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id CA87C21C03F; Thu, 27 Oct 2011 16:50:43 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id 1710421C025 for ; Thu, 27 Oct 2011 16:50:15 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp.gentoo.org (Postfix) with ESMTP id 90EDC1B405C for ; Thu, 27 Oct 2011 16:50:14 +0000 (UTC) X-Virus-Scanned: by amavisd-new using ClamAV at gentoo.org X-Spam-Score: -3.776 X-Spam-Level: X-Spam-Status: No, score=-3.776 required=5.5 tests=[AWL=0.928, BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.504] Received: from smtp.gentoo.org ([127.0.0.1]) by localhost (smtp.gentoo.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p5zJ5ylH9ToG for ; Thu, 27 Oct 2011 16:50:08 +0000 (UTC) Received: from lo.gmane.org (lo.gmane.org [80.91.229.12]) by smtp.gentoo.org (Postfix) with ESMTP id 7E6DD1B4041 for ; Thu, 27 Oct 2011 16:50:04 +0000 (UTC) Received: from list by lo.gmane.org with local (Exim 4.69) (envelope-from ) id 1RJT9S-0004Nx-36 for gentoo-dev@gentoo.org; Thu, 27 Oct 2011 18:49:58 +0200 Received: from ip68-231-22-224.ph.ph.cox.net ([68.231.22.224]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 27 Oct 2011 18:49:58 +0200 Received: from 1i5t5.duncan by ip68-231-22-224.ph.ph.cox.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 27 Oct 2011 18:49:58 +0200 X-Injected-Via-Gmane: http://gmane.org/ To: gentoo-dev@lists.gentoo.org From: Duncan <1i5t5.duncan@cox.net> Subject: [gentoo-dev] Re: hardened glibc and gcc dependencies Date: Thu, 27 Oct 2011 16:49:46 +0000 (UTC) Message-ID: References: <4EA91E7E.4000902@gentoo.org> <4EA98204.4030601@gentoo.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 X-Complaints-To: usenet@dough.gmane.org X-Gmane-NNTP-Posting-Host: ip68-231-22-224.ph.ph.cox.net User-Agent: Pan/0.135 (Tomorrow I'll Wake Up and Scald Myself with Tea; GIT 045ef68 /st/portage/src/egit-src/pan2) Content-Transfer-Encoding: quoted-printable X-Archives-Salt: X-Archives-Hash: 09809346c6a74ade5c30f7111866378f Pawe=C5=82 Hajdan, Jr. posted on Thu, 27 Oct 2011 18:08:36 +0200 as excer= pted: > On 10/27/11 11:03 AM, "Pawe=C5=82 Hajdan, Jr." wrote: >> In glibc: DEPEND=3D"gcc[hardened?]" >> In gcc: PDEPEND=3D"elibc_glibc? glibc[hardened?]" >=20 > I even got an OK on #gentoo-hardened, but I just realized that EAPI-0 > (that both packages in question use) doesn't allow use deps like > [hardened?]. >=20 > I guess bumping the EAPI on those packages is not an option (is it?), s= o > I'm going to do some more experiments to see if there are more possible > problems. AFAIK, it's an option, but a tough one. But as with profiles, at some=20 point it's worth considering whether holding back on toolchain EAPI bumps= =20 is worth it any longer. It'll need to happen eventually, and AFAIK, for=20 a system without EAPI-1 or 2 or whatever, portage is already borked. =20 Same with the tree in general, since a bash of that vintage isn't going=20 to parse certain ebuilds due to the bash 4.1 thing. Actually, but for the patience of toolchain maintainers, that bump might=20 have already happened. So I guess it's sort of up to them, tho getting=20 the blessing of council on something that big is probably a reasonable=20 idea. But that's probably a good idea for moving toward hardened by=20 default anyway, so I don't see that as a huge block. I'm reminded of the move to cascading profiles... Plus the bash 4.1=20 thing. At some point, you just accept current reality and move on. But=20 toolchain's say will matter a lot. If they don't believe it's time to=20 leave EAPI-0 for gcc and glibc, I don't think it's worth pushing against=20 them on their own packages. --=20 Duncan - List replies preferred. No HTML msgs. "Every nonfree program has a lord, a master -- and if you use the program, he is your master." Richard Stallman