| 1 |
On Tue, Oct 10, 2017 at 3:16 PM, Andreas K. Huettel <dilfridge@g.o> |
| 2 |
wrote: |
| 3 |
|
| 4 |
> ===================================== |
| 5 |
> Title: New 17.0 profiles in the Gentoo repository |
| 6 |
> Author: Andreas K. Hüttel <dilfridge@g.o> |
| 7 |
> Posted: xxxxxxx |
| 8 |
> Revision: 1 |
| 9 |
> News-Item-Format: 2.0 |
| 10 |
> Display-If-Installed: >=sys-devel/gcc-6.4.0 |
| 11 |
> |
| 12 |
> We have just added a new set of profiles with release version 17.0 |
| 13 |
> to the Gentoo repository. These bring three changes: |
| 14 |
> 1) The default C++ language version for applications is now C++14. |
| 15 |
> This change is mostly relevant to Gentoo developers. It also |
| 16 |
> means, however, that compilers earlier than GCC 6 are masked |
| 17 |
> and not supported for use as a system compiler anymore. Feel |
| 18 |
> free to unmask them if you need them for specific applications. |
| 19 |
> 2) Where supported, GCC will now build position-independent |
| 20 |
> executables (PIE) by default. This improves the overall |
| 21 |
> security fingerprint. The switch from non-PIE to PIE binaries, |
| 22 |
> however, requires some steps by users, as detailed below. |
| 23 |
> 3) Up to now, hardened profiles were separate from the default |
| 24 |
> profile tree. Now they are moving into the 17.0 profile |
| 25 |
> as a feature there, similar to "no-multilib" and "systemd". |
| 26 |
> |
| 27 |
> Please consider switching from your current 13.0 profile to the |
| 28 |
> corresponding 17.0 profile soon after GCC 6.4.0 has been |
| 29 |
> stabilized on your architecture. The 13.0 profiles will be deprecated |
| 30 |
> and removed in the near future. |
| 31 |
> |
| 32 |
|
| 33 |
Can you commit to a deadline on this? |
| 34 |
|
| 35 |
Its OK to be wrong (e.g. say 1 month but remove in 3); but "near future" is |
| 36 |
not actionable by readers. |
| 37 |
|
| 38 |
|
| 39 |
> |
| 40 |
> Switching involves the following steps: |
| 41 |
> If not already done, |
| 42 |
> * Use gcc-config to select gcc-6.4.0 (or later) as system compiler |
| 43 |
> * Re-source /etc/profile: |
| 44 |
> . /etc/profile |
| 45 |
> * Re-emerge libtool |
| 46 |
> Then, |
| 47 |
> * Select the new profile with eselect |
| 48 |
> * Re-emerge, in this sequence, the selected gcc, binutils, and glibc |
| 49 |
> emerge -1 sys-devel/gcc:6.4.0 |
| 50 |
> emerge -1 sys-devel/binutils |
| 51 |
> emerge -1 sys-libs/glibc |
| 52 |
> * Rebuild your entire system |
| 53 |
> emerge -e world |
| 54 |
> |
| 55 |
> Switching the profile modifies the use-flags of GCC 6 to generate |
| 56 |
> PIE executables by default; thus, you need to do the rebuilds |
| 57 |
> even if you already used GCC 6 beforehand. |
| 58 |
> |
| 59 |
> If you do not follow these steps you may get spurious build |
| 60 |
> failures when the linker tries unsuccessfully to combine non-PIE |
| 61 |
> and PIE code. |
| 62 |
> ===================================== |
| 63 |
> |
| 64 |
> |
| 65 |
> |
| 66 |
> -- |
| 67 |
> Andreas K. Hüttel |
| 68 |
> dilfridge@g.o |
| 69 |
> Gentoo Linux developer (council, perl, libreoffice) |
Archives