| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA1 |
| 3 |
|
| 4 |
On 01/10/2014 10:50 AM, Ryan Hill wrote: |
| 5 |
> On Fri, 10 Jan 2014 01:35:09 -0500 |
| 6 |
> "Rick \"Zero_Chaos\" Farina" <zerochaos@g.o> wrote: |
| 7 |
> |
| 8 |
>> More to the point, "this specific use flag" appears to have no purpose |
| 9 |
>> what-so-ever. If a user can do exactly the same with |
| 10 |
>> CFLAGS=-fno-stack-protector in make.conf, and it would be INSANE for a |
| 11 |
>> package to dep on gcc[nossp] then this is has got to be one of the most |
| 12 |
>> useless use flags in gentoo. |
| 13 |
> |
| 14 |
> Having slept on it I'm starting to agree. My first argument was that on |
| 15 |
> hardened ssp is -fstack-protector-all, which is much more expensive, and it |
| 16 |
> adds -fstack-check and -z,now to the linker by default as well. The pie half |
| 17 |
> adds -fPIE but also a crtbeginP section for linking static libs with -pie. So |
| 18 |
> there are situations where you want to disable one or both, if only for |
| 19 |
> testing. But what I forgot is that hardened installs multiple gcc-config |
| 20 |
> profiles to switch these out on the fly. So there goes that idea. |
| 21 |
> |
| 22 |
> It might be useful to have these flags so we can mask them on archs that don't |
| 23 |
> support ssp/pie. But that's always been true and it looks like sh is the only |
| 24 |
> place we've bothered for some reason. |
| 25 |
> |
| 26 |
>> Not saying I would block this patch, not saying it has to be this |
| 27 |
>> second, but I see this use flag as a small example of things in |
| 28 |
>> toolchain which could probably be cleaned up if fresh eyes were to see |
| 29 |
>> things. |
| 30 |
> |
| 31 |
> Yes, and believe it or not I appreciate the input. I know I'm stubborn as hell |
| 32 |
> but eventually common sense gets through. |
| 33 |
|
| 34 |
Well, that's why I asked for your opinion ;-) Now since I know you have |
| 35 |
plenty to do I'll leave you with this though bouncing around in there. |
| 36 |
When you are working on your updates, we would prefer that this "nopie" |
| 37 |
and "nossp" flags to bye bye. If you REALLY wanted a way to change the |
| 38 |
gcc profile then do for the normal users what the hardened team does and |
| 39 |
offer them multiple profiles. Obviously we should involved docs team at |
| 40 |
that point, but it makes much more sense to "gcc-config 3" than rebuild |
| 41 |
gcc with a different use flag. |
| 42 |
|
| 43 |
Again, doesn't have to be this second, but I want it in your head since |
| 44 |
I know you are working on this stuff right now. |
| 45 |
|
| 46 |
Thanks! |
| 47 |
Zero |
| 48 |
> |
| 49 |
> |
| 50 |
|
| 51 |
-----BEGIN PGP SIGNATURE----- |
| 52 |
Version: GnuPG v2.0.22 (GNU/Linux) |
| 53 |
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ |
| 54 |
|
| 55 |
iQIcBAEBAgAGBQJS0D3YAAoJEKXdFCfdEflK1HEP/jdF9nwxpDde8j4PMypeZSm8 |
| 56 |
FKG0l3MmMr6+2joKkgZSLqVebiTcc8OtCgpk6UJJVEWSpNMWqrjqX5oTkIBAJisr |
| 57 |
sGUVGJEAyDCCsNJwTtbW/sBKw5r5Xh1zLk92T55YhaWBMTJPc4UzSqhpr+TBZ8wJ |
| 58 |
T77XOIPtxOdZYjubGqIm4lSWsgT/o0F0S6kge75iYm81omuBtZpAze6ePE2DteTj |
| 59 |
IinauiMUhqkTYXv6AXdBNv4dDLiInyDrdlUIFbWlawxsx64Wpt77j3jA2fHrRmEf |
| 60 |
8MPvoRzLpX/7DPMDaS3WyGBVpM8CPNTaxQiXjC+giXNj4jkJyop/m6Q4a00wYvQg |
| 61 |
C+1o6JMEsYNlrIuSooInFxQ5OqARzna4lFc7Jp6+eMaBE4NhYkPkxJ7KOerD3IvI |
| 62 |
yW1lSN5gte/zxgm3Ny/96Zw/6+Jx5ffQNc8bCgE2+TxDG0wwB5qZGn/w6dl6gFYX |
| 63 |
jXD5dFmw3C5T2HhTIZ6j9n8b0MNkT71CzFA2O4EzEyPrI3b8KTmU6PkppT/Vwlo4 |
| 64 |
EHc/EUWdjSCPH/FzzJdcNbFUdvLCigZQqvaggN3Qjh/YyJRECXz6Hy2M8VTOg18a |
| 65 |
XVE36Z5/DNeobeBQ5XaKLcb5po22wJueJzKFdEK+GaSewzn+FXsNCquVZV9Y3lZC |
| 66 |
epKNxmbxtX/Uqx8q9+74 |
| 67 |
=++P6 |
| 68 |
-----END PGP SIGNATURE----- |
Archives