1 |
commit: 12e357ceeef0f3a4e17da01a0cf7591b629ca63b |
2 |
Author: Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org> |
3 |
AuthorDate: Wed Nov 29 22:03:11 2017 +0000 |
4 |
Commit: Andreas Hüttel <dilfridge <AT> gentoo <DOT> org> |
5 |
CommitDate: Wed Nov 29 22:03:11 2017 +0000 |
6 |
URL: https://gitweb.gentoo.org/data/gentoo-news.git/commit/?id=12e357ce |
7 |
|
8 |
Add 17.0 profiles news item |
9 |
|
10 |
.../2017-11-30-new-17-profiles.en.txt | 50 ++++++++++++++++++++++ |
11 |
.../2017-11-30-new-17-profiles.en.txt.asc | 19 ++++++++ |
12 |
2 files changed, 69 insertions(+) |
13 |
|
14 |
diff --git a/2017-11-30-new-17-profiles/2017-11-30-new-17-profiles.en.txt b/2017-11-30-new-17-profiles/2017-11-30-new-17-profiles.en.txt |
15 |
new file mode 100644 |
16 |
index 0000000..0ac7d5e |
17 |
--- /dev/null |
18 |
+++ b/2017-11-30-new-17-profiles/2017-11-30-new-17-profiles.en.txt |
19 |
@@ -0,0 +1,50 @@ |
20 |
+Title: New 17.0 profiles in the Gentoo repository |
21 |
+Author: Andreas K. Hüttel <dilfridge@g.o> |
22 |
+Posted: 2017-11-30 |
23 |
+Revision: 1 |
24 |
+News-Item-Format: 2.0 |
25 |
+Display-If-Installed: >=sys-devel/gcc-6.4.0 |
26 |
+ |
27 |
+We have just added (for all arches except arm and mips, these follow |
28 |
+later) a new set of profiles with release version 17.0 to the Gentoo |
29 |
+repository. These bring three changes: |
30 |
+1) The default C++ language version for applications is now C++14. |
31 |
+ This change is mostly relevant to Gentoo developers. It also |
32 |
+ means, however, that compilers earlier than GCC 6 are masked |
33 |
+ and not supported for use as a system compiler anymore. Feel |
34 |
+ free to unmask them if you need them for specific applications. |
35 |
+2) Where supported, GCC will now build position-independent |
36 |
+ executables (PIE) by default. This improves the overall |
37 |
+ security fingerprint. The switch from non-PIE to PIE binaries, |
38 |
+ however, requires some steps by users, as detailed below. |
39 |
+3) Up to now, hardened profiles were separate from the default |
40 |
+ profile tree. Now they are moving into the 17.0 profile |
41 |
+ as a feature there, similar to "no-multilib" and "systemd". |
42 |
+ |
43 |
+Please migrate away from the 13.0 profiles within the six weeks after |
44 |
+GCC 6.4.0 has been stabilized on your architecture. The 13.0 profiles |
45 |
+will be deprecated then and removed in half a year. |
46 |
+ |
47 |
+If you are not already running a hardened setup with PIE enabled, then |
48 |
+switching the profile involves the following steps: |
49 |
+If not already done, |
50 |
+* Use gcc-config to select gcc-6.4.0 or later as system compiler |
51 |
+* Re-source /etc/profile: |
52 |
+ . /etc/profile |
53 |
+* Re-emerge libtool |
54 |
+ emerge -1 sys-devel/libtool |
55 |
+Then, |
56 |
+* Select the new profile with eselect |
57 |
+* Re-emerge, in this sequence, gcc, binutils, and glibc |
58 |
+ emerge -1 sys-devel/gcc:6.4.0 |
59 |
+ emerge -1 sys-devel/binutils |
60 |
+ emerge -1 sys-libs/glibc |
61 |
+* Rebuild your entire system |
62 |
+ emerge -e @world |
63 |
+ |
64 |
+Switching the profile from 13.0 to 17.0 modifies the settings of |
65 |
+GCC 6 to generate PIE executables by default; thus, you need to do |
66 |
+the rebuilds even if you have already used GCC 6 beforehand. |
67 |
+If you do not follow these steps you may get spurious build |
68 |
+failures when the linker tries unsuccessfully to combine non-PIE |
69 |
+and PIE code. |
70 |
|
71 |
diff --git a/2017-11-30-new-17-profiles/2017-11-30-new-17-profiles.en.txt.asc b/2017-11-30-new-17-profiles/2017-11-30-new-17-profiles.en.txt.asc |
72 |
new file mode 100644 |
73 |
index 0000000..4f1f79c |
74 |
--- /dev/null |
75 |
+++ b/2017-11-30-new-17-profiles/2017-11-30-new-17-profiles.en.txt.asc |
76 |
@@ -0,0 +1,19 @@ |
77 |
+-----BEGIN PGP SIGNATURE----- |
78 |
+Version: GnuPG v2 |
79 |
+ |
80 |
+iQKTBAABCgB9FiEEwo/LD3vtE3qssC2JpEzzc+fumeQFAlofLntfFIAAAAAALgAo |
81 |
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEMy |
82 |
+OEZDQjBGN0JFRDEzN0FBQ0IwMkQ4OUE0NENGMzczRTdFRTk5RTQACgkQpEzzc+fu |
83 |
+meSTSxAAzuipE/owKHTuhqo4kBtvcXHhEXRrXnQWH9fYQWYmf6t0FX/Am3/Vuf6g |
84 |
+BXzojK9RAr6xzT38L6EzVgVLd/BCNQEcmqs7IUP7Q76M8wbzUZI0oX38z+GIbg5d |
85 |
+xYKMZRiPHM3RgARKNY3x0OKJSmDm3wBVpz5lub41qy+4Yr7VeQn+pfmJugK2wohy |
86 |
+iwODyjnEe+N9QE+92Qb2icskMjgxdg++aithY/W0t0Nn23b5WrnvgkQF22AEsGf5 |
87 |
+yf7ooqdo6S4JCSZ2zoVsACmZwax6lFSpZ0dE+3T4idKfrHLkS3JqunfBzpWfhIK0 |
88 |
+S71o/xkwYfDJUQpM5+A5H3t1TlZg1Kgn7k+wP6MRd8Dm3IV7098NdxAjCPPcKe0I |
89 |
+lEZXTSOq47DvV7seHGxLITY1yoFUnwF4v4BxzMxnLkV9KFfptb3yreAChrUuQz0P |
90 |
+SRohrbiEk5tKlSwkIHw/CDvoC7gpUFfQY/h745FFZ2O8SuBibE5MP9iHwCSFP0a3 |
91 |
+wYQU2mcqoNwJXOFhJivljUJLoieWvgzbQ319JTmvEBMTH0Qs0vklQ3QuGYqG9zUS |
92 |
+pOC0GkBXbC1/QVBcuuAW0m0x/Z9GIG4u057gQYpB9m6AJ2FI5WCDGTYwh2VkBKs1 |
93 |
+Q86pZrNmI3B8JK9krYZS8c0tmRNl4eMKGIIUyd4WbErtICnADw8= |
94 |
+=U4Gj |
95 |
+-----END PGP SIGNATURE----- |