From: Mick <michaelkintzios@gmail.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Re: grub-0.97-r16 and profile 17.0 change
Date: Sat, 2 Dec 2017 23:28:54 +0000 [thread overview]
Message-ID: <20171202232853.GA7720@dell_xps.STUDY> (raw)
In-Reply-To: <20171202212837.5azto4ppmd6vcazx@matica.foolinux.mooo.com>
On 02-12-2017 ,13:28:37, Ian Zimmerman wrote:
> This profile change seems to have hit a few people in sensitive
> locations.
>
> What is the upshot of this change? Can I eyeball the diff _before_ I
> sync ?
This is what the news item states:
=================================
~ $ eselect news read new
2017-11-30-new-17-profiles
Title New 17.0 profiles in the Gentoo repository
Author Andreas K. Hüttel <dilfridge@gentoo.org>
Posted 2017-11-30
Revision 1
We have just added (for all arches except arm and mips, these follow
later) a new set of profiles with release version 17.0 to the Gentoo
repository. These bring three changes:
1) The default C++ language version for applications is now C++14.
This change is mostly relevant to Gentoo developers. It also
means, however, that compilers earlier than GCC 6 are masked
and not supported for use as a system compiler anymore. Feel
free to unmask them if you need them for specific applications.
2) Where supported, GCC will now build position-independent
executables (PIE) by default. This improves the overall
security fingerprint. The switch from non-PIE to PIE binaries,
however, requires some steps by users, as detailed below.
3) Up to now, hardened profiles were separate from the default
profile tree. Now they are moving into the 17.0 profile
as a feature there, similar to "no-multilib" and "systemd".
Please migrate away from the 13.0 profiles within the six weeks after
GCC 6.4.0 has been stabilized on your architecture. The 13.0 profiles
will be deprecated then and removed in half a year.
If you are not already running a hardened setup with PIE enabled, then
switching the profile involves the following steps:
If not already done,
* Use gcc-config to select gcc-6.4.0 or later as system compiler
* Re-source /etc/profile:
. /etc/profile
* Re-emerge libtool
emerge -1 sys-devel/libtool
Then,
* Select the new profile with eselect
* Re-emerge, in this sequence, gcc, binutils, and glibc
emerge -1 sys-devel/gcc:6.4.0
emerge -1 sys-devel/binutils
emerge -1 sys-libs/glibc
* Rebuild your entire system
emerge -e @world
Switching the profile from 13.0 to 17.0 modifies the settings of
GCC 6 to generate PIE executables by default; thus, you need to do
the rebuilds even if you have already used GCC 6 beforehand.
If you do not follow these steps you may get spurious build
failures when the linker tries unsuccessfully to combine non-PIE
and PIE code.
========================================
next prev parent reply other threads:[~2017-12-02 23:29 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-12-02 12:30 [gentoo-user] grub-0.97-r16 and profile 17.0 change Mick
2017-12-02 21:28 ` [gentoo-user] " Ian Zimmerman
2017-12-02 23:28 ` Mick [this message]
2017-12-03 2:11 ` Adam Carter
2017-12-02 23:33 ` Michael Orlitzky
2017-12-03 1:07 ` Heiko Baums
2017-12-03 1:14 ` Michael Orlitzky
2017-12-03 2:18 ` Ian Zimmerman
2017-12-03 2:27 ` Michael Orlitzky
2017-12-03 10:57 ` [gentoo-user] " Peter Humphrey
2017-12-03 15:12 ` Mick
2017-12-05 1:54 ` Daniel Frey
2017-12-05 2:13 ` Daniel Frey
2017-12-05 2:15 ` Michael Orlitzky
2017-12-05 3:39 ` Daniel Frey
2017-12-05 10:15 ` Peter Humphrey
2017-12-05 10:44 ` Tom H
2017-12-05 7:06 ` [gentoo-user] " Ian Zimmerman
2017-12-05 2:20 ` [gentoo-user] " wabe
2017-12-05 10:11 ` Mick
2017-12-05 10:21 ` Raffaele Belardi
2017-12-05 12:48 ` Mick
2017-12-06 1:58 ` wabe
2017-12-06 12:28 ` Peter Humphrey
2017-12-07 12:04 ` Kai Peter
2017-12-07 14:22 ` Peter Humphrey
2017-12-07 15:06 ` Helmut Jarausch
2017-12-07 16:51 ` Kai Peter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171202232853.GA7720@dell_xps.STUDY \
--to=michaelkintzios@gmail.com \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox