Gentoo Archives: gentoo-commits

From: "Andreas Hüttel" <dilfridge@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] data/gentoo-news:master commit in: 2017-11-30-new-17-profiles/
Date: Thu, 30 Nov 2017 22:37:10
Message-Id: 1511992991.12e357ceeef0f3a4e17da01a0cf7591b629ca63b.dilfridge@gentoo
1 commit: 12e357ceeef0f3a4e17da01a0cf7591b629ca63b
2 Author: Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org>
3 AuthorDate: Wed Nov 29 22:03:11 2017 +0000
4 Commit: Andreas Hüttel <dilfridge <AT> gentoo <DOT> org>
5 CommitDate: Wed Nov 29 22:03:11 2017 +0000
6 URL: https://gitweb.gentoo.org/data/gentoo-news.git/commit/?id=12e357ce
7
8 Add 17.0 profiles news item
9
10 .../2017-11-30-new-17-profiles.en.txt | 50 ++++++++++++++++++++++
11 .../2017-11-30-new-17-profiles.en.txt.asc | 19 ++++++++
12 2 files changed, 69 insertions(+)
13
14 diff --git a/2017-11-30-new-17-profiles/2017-11-30-new-17-profiles.en.txt b/2017-11-30-new-17-profiles/2017-11-30-new-17-profiles.en.txt
15 new file mode 100644
16 index 0000000..0ac7d5e
17 --- /dev/null
18 +++ b/2017-11-30-new-17-profiles/2017-11-30-new-17-profiles.en.txt
19 @@ -0,0 +1,50 @@
20 +Title: New 17.0 profiles in the Gentoo repository
21 +Author: Andreas K. Hüttel <dilfridge@g.o>
22 +Posted: 2017-11-30
23 +Revision: 1
24 +News-Item-Format: 2.0
25 +Display-If-Installed: >=sys-devel/gcc-6.4.0
26 +
27 +We have just added (for all arches except arm and mips, these follow
28 +later) a new set of profiles with release version 17.0 to the Gentoo
29 +repository. These bring three changes:
30 +1) The default C++ language version for applications is now C++14.
31 + This change is mostly relevant to Gentoo developers. It also
32 + means, however, that compilers earlier than GCC 6 are masked
33 + and not supported for use as a system compiler anymore. Feel
34 + free to unmask them if you need them for specific applications.
35 +2) Where supported, GCC will now build position-independent
36 + executables (PIE) by default. This improves the overall
37 + security fingerprint. The switch from non-PIE to PIE binaries,
38 + however, requires some steps by users, as detailed below.
39 +3) Up to now, hardened profiles were separate from the default
40 + profile tree. Now they are moving into the 17.0 profile
41 + as a feature there, similar to "no-multilib" and "systemd".
42 +
43 +Please migrate away from the 13.0 profiles within the six weeks after
44 +GCC 6.4.0 has been stabilized on your architecture. The 13.0 profiles
45 +will be deprecated then and removed in half a year.
46 +
47 +If you are not already running a hardened setup with PIE enabled, then
48 +switching the profile involves the following steps:
49 +If not already done,
50 +* Use gcc-config to select gcc-6.4.0 or later as system compiler
51 +* Re-source /etc/profile:
52 + . /etc/profile
53 +* Re-emerge libtool
54 + emerge -1 sys-devel/libtool
55 +Then,
56 +* Select the new profile with eselect
57 +* Re-emerge, in this sequence, gcc, binutils, and glibc
58 + emerge -1 sys-devel/gcc:6.4.0
59 + emerge -1 sys-devel/binutils
60 + emerge -1 sys-libs/glibc
61 +* Rebuild your entire system
62 + emerge -e @world
63 +
64 +Switching the profile from 13.0 to 17.0 modifies the settings of
65 +GCC 6 to generate PIE executables by default; thus, you need to do
66 +the rebuilds even if you have already used GCC 6 beforehand.
67 +If you do not follow these steps you may get spurious build
68 +failures when the linker tries unsuccessfully to combine non-PIE
69 +and PIE code.
70
71 diff --git a/2017-11-30-new-17-profiles/2017-11-30-new-17-profiles.en.txt.asc b/2017-11-30-new-17-profiles/2017-11-30-new-17-profiles.en.txt.asc
72 new file mode 100644
73 index 0000000..4f1f79c
74 --- /dev/null
75 +++ b/2017-11-30-new-17-profiles/2017-11-30-new-17-profiles.en.txt.asc
76 @@ -0,0 +1,19 @@
77 +-----BEGIN PGP SIGNATURE-----
78 +Version: GnuPG v2
79 +
80 +iQKTBAABCgB9FiEEwo/LD3vtE3qssC2JpEzzc+fumeQFAlofLntfFIAAAAAALgAo
81 +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEMy
82 +OEZDQjBGN0JFRDEzN0FBQ0IwMkQ4OUE0NENGMzczRTdFRTk5RTQACgkQpEzzc+fu
83 +meSTSxAAzuipE/owKHTuhqo4kBtvcXHhEXRrXnQWH9fYQWYmf6t0FX/Am3/Vuf6g
84 +BXzojK9RAr6xzT38L6EzVgVLd/BCNQEcmqs7IUP7Q76M8wbzUZI0oX38z+GIbg5d
85 +xYKMZRiPHM3RgARKNY3x0OKJSmDm3wBVpz5lub41qy+4Yr7VeQn+pfmJugK2wohy
86 +iwODyjnEe+N9QE+92Qb2icskMjgxdg++aithY/W0t0Nn23b5WrnvgkQF22AEsGf5
87 +yf7ooqdo6S4JCSZ2zoVsACmZwax6lFSpZ0dE+3T4idKfrHLkS3JqunfBzpWfhIK0
88 +S71o/xkwYfDJUQpM5+A5H3t1TlZg1Kgn7k+wP6MRd8Dm3IV7098NdxAjCPPcKe0I
89 +lEZXTSOq47DvV7seHGxLITY1yoFUnwF4v4BxzMxnLkV9KFfptb3yreAChrUuQz0P
90 +SRohrbiEk5tKlSwkIHw/CDvoC7gpUFfQY/h745FFZ2O8SuBibE5MP9iHwCSFP0a3
91 +wYQU2mcqoNwJXOFhJivljUJLoieWvgzbQ319JTmvEBMTH0Qs0vklQ3QuGYqG9zUS
92 +pOC0GkBXbC1/QVBcuuAW0m0x/Z9GIG4u057gQYpB9m6AJ2FI5WCDGTYwh2VkBKs1
93 +Q86pZrNmI3B8JK9krYZS8c0tmRNl4eMKGIIUyd4WbErtICnADw8=
94 +=U4Gj
95 +-----END PGP SIGNATURE-----