| 1 |
"Kevin F. Quinn (Gentoo)" <kevquinn@g.o> posted |
| 2 |
20060512125157.53c9419b@×××××××××××××××××.com, excerpted below, on Fri, |
| 3 |
12 May 2006 12:51:57 +0200: |
| 4 |
|
| 5 |
> We (hardened) haven't had the time to investigate further, and we don't |
| 6 |
> want to complicate the stabilisation effort of modular X (which is a big |
| 7 |
> enough job as it is) so we've left it as it is for the moment. |
| 8 |
|
| 9 |
Nice maybe clickable bug URL: |
| 10 |
http://bugs.gentoo.org/show_bug.cgi?id=110506 |
| 11 |
|
| 12 |
I'm still of the opinion that as long as people only following the advice |
| 13 |
in the portage QA SUID warning, to set LDFLAGS="-Wl,-z,now", end up with a |
| 14 |
broken package, it shouldn't be stabilized. Merging the xorg-server |
| 15 |
ebuild itself invokes that warning, yet anyone following its advice ends |
| 16 |
up with a broken xorg-server. Are users expected to ignore instructions |
| 17 |
now? That's why I can't see how it can be stabilized under current |
| 18 |
conditions. Either there needs to be a way to block that message from |
| 19 |
portage (yeah, not likely), or the ebuild needs to be able to correct for |
| 20 |
the situation where a user actually /does/ follow the instructions (seems |
| 21 |
more reasonable). This won't resolve the hardened spec-file angle, but I |
| 22 |
can verify that a simple call to flagomatic's filter-ldflags solves the |
| 23 |
following instructions angle, as I have LDFLAGS="-Wl,-z,now" set in |
| 24 |
make.conf, and routinely modify the xorg-server and xf86-video-ati ebuilds |
| 25 |
in my overlay, to invoke the filter-ldflags call. It works. |
| 26 |
|
| 27 |
As for upstream, there's a comment from Ajax on the bug indicating they |
| 28 |
will try to fix it by 7.1, but no promises. Apparently, the elfloader |
| 29 |
compatibility stuff in 7.0 made it essentially impossible. If I'm not |
| 30 |
mistaken (and I might be), 6.9/7.0 was the last release supporting that, |
| 31 |
with 7.1 completing the switch to dlloader and removing the elfloader |
| 32 |
compatibility stuff, thus enabling a solution. |
| 33 |
|
| 34 |
I'm running 7.1-rc2 ATM, and still had to add the filter-ldflags call to |
| 35 |
make it work, so while the solution might be possible with 7.1, it's not |
| 36 |
yet implemented, and 7.2 would be the new target. Whatever solution |
| 37 |
Gentoo comes up with is therefore now known to be needed at least for 7.0 |
| 38 |
and 7.1. Hopefully, by 7.2, the solution will be included upstream. |
| 39 |
|
| 40 |
|
| 41 |
|
| 42 |
-- |
| 43 |
Duncan - List replies preferred. No HTML msgs. |
| 44 |
"Every nonfree program has a lord, a master -- |
| 45 |
and if you use the program, he is your master." Richard Stallman |
| 46 |
|
| 47 |
-- |
| 48 |
gentoo-dev@g.o mailing list |
Archives