1 |
On 05/10/2017 09:52 AM, Alexis Ballier wrote: |
2 |
> On Tue, 09 May 2017 18:58:42 -0500 |
3 |
> Matthias Maier <tamiko@g.o> wrote: |
4 |
> |
5 |
>> This is a reworded news item (assuming we proceed with the plan to |
6 |
>> default-enable USE=pie). Suggestions for improving the emerge command |
7 |
>> to fix static archives is highly welcomed. |
8 |
>> |
9 |
> |
10 |
> Really, I think the slot to have pie for gcc 6 has been missed by |
11 |
> default-enabling it only recently. We should aim for gcc 7 at least and |
12 |
> have proper testing. |
13 |
> |
14 |
> And add a few safety nets: A portage warning when installing non-pie |
15 |
> binaries, something that dies with FEATURES=strict or stricter, like |
16 |
> the textrel one we have. That is to avoid the quick n dirty |
17 |
> 'append-ldflags -no-pie' that makes the whole thing about forcing pie |
18 |
> questionable. If possible, detect static archives that have relocations |
19 |
> too. |
20 |
> |
21 |
> Ideally provide a system scanning tool for the above too. |
22 |
> |
23 |
> |
24 |
> After a few months of masked gcc7 like that we'll have enough data to |
25 |
> decide on a proper plan. It'll probably be good to get QA in the loop |
26 |
> and make this a QA goal too. |
27 |
> |
28 |
|
29 |
Sounds like a reasonable action plan. The consequences of such a change |
30 |
definitely seems to be sufficiently high to merit a proper migration |
31 |
plan which doesn't seem to have been established at this point. Whether |
32 |
that can be added to a later point with gcc6 (e.g by adding a new |
33 |
profile, or a later point release) I don't have strong opinions on, but |
34 |
there should be a plan and proper overview of the consequences. |
35 |
|
36 |
-- |
37 |
Kristian Fiskerstrand |
38 |
OpenPGP keyblock reachable at hkp://pool.sks-keyservers.net |
39 |
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 |