| 1 |
On Tue, 09 May 2017 18:58:42 -0500 |
| 2 |
Matthias Maier <tamiko@g.o> wrote: |
| 3 |
|
| 4 |
> This is a reworded news item (assuming we proceed with the plan to |
| 5 |
> default-enable USE=pie). Suggestions for improving the emerge command |
| 6 |
> to fix static archives is highly welcomed. |
| 7 |
> |
| 8 |
|
| 9 |
Really, I think the slot to have pie for gcc 6 has been missed by |
| 10 |
default-enabling it only recently. We should aim for gcc 7 at least and |
| 11 |
have proper testing. |
| 12 |
|
| 13 |
And add a few safety nets: A portage warning when installing non-pie |
| 14 |
binaries, something that dies with FEATURES=strict or stricter, like |
| 15 |
the textrel one we have. That is to avoid the quick n dirty |
| 16 |
'append-ldflags -no-pie' that makes the whole thing about forcing pie |
| 17 |
questionable. If possible, detect static archives that have relocations |
| 18 |
too. |
| 19 |
|
| 20 |
Ideally provide a system scanning tool for the above too. |
| 21 |
|
| 22 |
|
| 23 |
After a few months of masked gcc7 like that we'll have enough data to |
| 24 |
decide on a proper plan. It'll probably be good to get QA in the loop |
| 25 |
and make this a QA goal too. |
Archives