[gentoo-dev] [PATCH] profiles: Mask pie useflag for >=sys-devel/gcc-6 - gentoo-dev

From:	Matthias Maier <tamiko@g.o>
To:	gentoo-dev@l.g.o
Cc:	toolchain@g.o, embedded@g.o
Subject:	[gentoo-dev] [PATCH] profiles: Mask pie useflag for >=sys-devel/gcc-6
Date:	Tue, 09 May 2017 20:59:36
Message-Id:	`20170509205917.14698-1-tamiko@gentoo.org`
In Reply to:	Re: [gentoo-dev] [RFC] News item: GCC 6 defaults to USE="pie ssp" by Matthias Maier

1

- Mask sys-devel/gcc pie useflag globally in /base

2

3

  - Selectively unmask pie useflag for

4

      hardened/linux

5

      hardened/linux/musl

6

    profiles

7

8

  - Ensure pie useflag is forced for hardened profiles

9

---

10

 profiles/arch/amd64/package.use.mask                | 4 ----

11

 profiles/arch/base/package.use.mask                 | 4 ----

12

 profiles/base/package.use.mask                      | 4 ++++

13

 profiles/hardened/linux/musl/amd64/package.use.mask | 6 ------

14

 profiles/hardened/linux/musl/package.use.mask       | 4 ++++

15

 profiles/hardened/linux/musl/use.force              | 4 ++++

16

 profiles/hardened/linux/package.use.mask            | 4 ++++

17

 profiles/hardened/linux/use.force                   | 2 +-

18

 8 files changed, 17 insertions(+), 15 deletions(-)

19

 delete mode 100644 profiles/hardened/linux/musl/amd64/package.use.mask

20

21

diff --git a/profiles/arch/amd64/package.use.mask b/profiles/arch/amd64/package.use.mask

22

index 4548392..2fe5376 100644

23

--- a/profiles/arch/amd64/package.use.mask

24

+++ b/profiles/arch/amd64/package.use.mask

25

@@ -30,10 +30,6 @@ dev-lang/ocaml -spacetime

26

 # nvidia drivers are unmasked here

27

 media-video/ffmpeg -nvenc

28

29

-# Magnus Granberg <zorry@g.o> (18 Jan 2017)

30

-# masked in base, unmask for amd64

31

->=sys-devel/gcc-6.3.0 -pie

32

-

33

 # Luke Dashjr <luke-jr+gentoobugs@×××××××.org> (04 Jan 2017)

34

 # Assembly optimisations are supported on amd64 for all versions

35

 dev-libs/libsecp256k1 -asm

36

diff --git a/profiles/arch/base/package.use.mask b/profiles/arch/base/package.use.mask

37

index f2d3a9b..8442d97 100644

38

--- a/profiles/arch/base/package.use.mask

39

+++ b/profiles/arch/base/package.use.mask

40

@@ -18,10 +18,6 @@ media-video/ffmpeg nvenc

41

 # media-libs/raspberrypi-userland not keyworded

42

 media-video/motion mmal

43

44

-# Magnus Granberg <zorry@g.o> (18 Jan 2017)

45

-# Mask it globally, unmask it on supported arch

46

->=sys-devel/gcc-6.2.0 pie

47

-

48

 # Luke Dashjr <luke-jr+gentoobugs@×××××××.org> (04 Jan 2017)

49

 # Mask assembly optimisations that are platform-specific

50

 dev-libs/libsecp256k1 asm

51

diff --git a/profiles/base/package.use.mask b/profiles/base/package.use.mask

52

index 9f55b27..c8faec7 100644

53

--- a/profiles/base/package.use.mask

54

+++ b/profiles/base/package.use.mask

55

@@ -7,6 +7,10 @@

56

 # This file is only for generic masks. For arch-specific masks (i.e.

57

 # mask everywhere, unmask on arch/*) use arch/base.

58

59

+# Matthias Maier <tamiko@g.o> (09 May 2017)

60

+# Mask pie useflag globally and unmask + use.force on hardened profiles.

61

+sys-devel/gcc pie

62

+

63

 # Mike Gilbert <floppym@g.o> (28 Apr 2017)

64

 # Needs sandbox-2.11 (masked)

65

 >=www-client/chromium-59 tcmalloc

66

diff --git a/profiles/hardened/linux/musl/amd64/package.use.mask b/profiles/hardened/linux/musl/amd64/package.use.mask

67

deleted file mode 100644

68

index e2d77b0..00000000

69

--- a/profiles/hardened/linux/musl/amd64/package.use.mask

70

+++ /dev/null

71

@@ -1,6 +0,0 @@

72

-# Copyright 1999-2017 Gentoo Foundation.

73

-# Distributed under the terms of the GNU General Public License v2

74

-

75

-# Matthias Maier <tamiko@××××××.org> (07 May 2017)

76

-# masked in arch/base, unmask for hardened/musl/amd64

77

->=sys-devel/gcc-6.3.0 -pie

78

diff --git a/profiles/hardened/linux/musl/package.use.mask b/profiles/hardened/linux/musl/package.use.mask

79

index 9078b7c..46857dc 100644

80

--- a/profiles/hardened/linux/musl/package.use.mask

81

+++ b/profiles/hardened/linux/musl/package.use.mask

82

@@ -1,6 +1,10 @@

83

 # Copyright 1999-2015 Gentoo Foundation.

84

 # Distributed under the terms of the GNU General Public License v2

85

86

+# Matthias Maier <tamiko@g.o> (09 May 2017)

87

+# Unmask the pie useflag on hardened/linux/musl profiles.

88

+sys-devel/gcc -pie

89

+

90

 # See bug #504200

91

 sys-devel/gcc sanitize

92

93

diff --git a/profiles/hardened/linux/musl/use.force b/profiles/hardened/linux/musl/use.force

94

index 79e5575..debacff 100644

95

--- a/profiles/hardened/linux/musl/use.force

96

+++ b/profiles/hardened/linux/musl/use.force

97

@@ -2,3 +2,7 @@

98

 # Distributed under the terms of the GNU General Public License v2

99

100

 elibc_musl

101

+

102

+# Make sure people don't accidentally turn off ssp/pie in important packages.

103

+pie

104

+ssp

105

diff --git a/profiles/hardened/linux/package.use.mask b/profiles/hardened/linux/package.use.mask

106

index 4178151..aa2adc5 100644

107

--- a/profiles/hardened/linux/package.use.mask

108

+++ b/profiles/hardened/linux/package.use.mask

109

@@ -1,6 +1,10 @@

110

 # Copyright 1999-2017 Gentoo Foundation

111

 # Distributed under the terms of the GNU General Public License v2

112

113

+# Matthias Maier <tamiko@g.o> (09 May 2017)

114

+# Unmask the pie useflag on hardened profiles.

115

+sys-devel/gcc -pie

116

+

117

 # Ilya Tumaykin <itumaykin+gentoo@×××××.com> (19 Jan 2017)

118

 # Requires x11-drivers/nvidia-drivers. Needs testing first.

119

 media-video/mpv cuda

120

diff --git a/profiles/hardened/linux/use.force b/profiles/hardened/linux/use.force

121

index 35e5653..ec5509c 100644

122

--- a/profiles/hardened/linux/use.force

123

+++ b/profiles/hardened/linux/use.force

124

@@ -1,6 +1,6 @@

125

 # Copyright 1999-2015 Gentoo Foundation

126

 # Distributed under the terms of the GNU General Public License v2

127

128

-# Make sure people don't accidentally turn of ssp/pie in important packages.

129

+# Make sure people don't accidentally turn off ssp/pie in important packages.

130

pie

131

ssp

132

--

133

2.10.2

1	- Mask sys-devel/gcc pie useflag globally in /base
2
3	- Selectively unmask pie useflag for
4	hardened/linux
5	hardened/linux/musl
6	profiles
7
8	- Ensure pie useflag is forced for hardened profiles
9	---
10	profiles/arch/amd64/package.use.mask \| 4 ----
11	profiles/arch/base/package.use.mask \| 4 ----
12	profiles/base/package.use.mask \| 4 ++++
13	profiles/hardened/linux/musl/amd64/package.use.mask \| 6 ------
14	profiles/hardened/linux/musl/package.use.mask \| 4 ++++
15	profiles/hardened/linux/musl/use.force \| 4 ++++
16	profiles/hardened/linux/package.use.mask \| 4 ++++
17	profiles/hardened/linux/use.force \| 2 +-
18	8 files changed, 17 insertions(+), 15 deletions(-)
19	delete mode 100644 profiles/hardened/linux/musl/amd64/package.use.mask
20
21	diff --git a/profiles/arch/amd64/package.use.mask b/profiles/arch/amd64/package.use.mask
22	index 4548392..2fe5376 100644
23	--- a/profiles/arch/amd64/package.use.mask
24	+++ b/profiles/arch/amd64/package.use.mask
25	@@ -30,10 +30,6 @@ dev-lang/ocaml -spacetime
26	# nvidia drivers are unmasked here
27	media-video/ffmpeg -nvenc
28
29	-# Magnus Granberg <zorry@g.o> (18 Jan 2017)
30	-# masked in base, unmask for amd64
31	->=sys-devel/gcc-6.3.0 -pie
32	-
33	# Luke Dashjr <luke-jr+gentoobugs@×××××××.org> (04 Jan 2017)
34	# Assembly optimisations are supported on amd64 for all versions
35	dev-libs/libsecp256k1 -asm
36	diff --git a/profiles/arch/base/package.use.mask b/profiles/arch/base/package.use.mask
37	index f2d3a9b..8442d97 100644
38	--- a/profiles/arch/base/package.use.mask
39	+++ b/profiles/arch/base/package.use.mask
40	@@ -18,10 +18,6 @@ media-video/ffmpeg nvenc
41	# media-libs/raspberrypi-userland not keyworded
42	media-video/motion mmal
43
44	-# Magnus Granberg <zorry@g.o> (18 Jan 2017)
45	-# Mask it globally, unmask it on supported arch
46	->=sys-devel/gcc-6.2.0 pie
47	-
48	# Luke Dashjr <luke-jr+gentoobugs@×××××××.org> (04 Jan 2017)
49	# Mask assembly optimisations that are platform-specific
50	dev-libs/libsecp256k1 asm
51	diff --git a/profiles/base/package.use.mask b/profiles/base/package.use.mask
52	index 9f55b27..c8faec7 100644
53	--- a/profiles/base/package.use.mask
54	+++ b/profiles/base/package.use.mask
55	@@ -7,6 +7,10 @@
56	# This file is only for generic masks. For arch-specific masks (i.e.
57	# mask everywhere, unmask on arch/*) use arch/base.
58
59	+# Matthias Maier <tamiko@g.o> (09 May 2017)
60	+# Mask pie useflag globally and unmask + use.force on hardened profiles.
61	+sys-devel/gcc pie
62	+
63	# Mike Gilbert <floppym@g.o> (28 Apr 2017)
64	# Needs sandbox-2.11 (masked)
65	>=www-client/chromium-59 tcmalloc
66	diff --git a/profiles/hardened/linux/musl/amd64/package.use.mask b/profiles/hardened/linux/musl/amd64/package.use.mask
67	deleted file mode 100644
68	index e2d77b0..00000000
69	--- a/profiles/hardened/linux/musl/amd64/package.use.mask
70	+++ /dev/null
71	@@ -1,6 +0,0 @@
72	-# Copyright 1999-2017 Gentoo Foundation.
73	-# Distributed under the terms of the GNU General Public License v2
74	-
75	-# Matthias Maier <tamiko@××××××.org> (07 May 2017)
76	-# masked in arch/base, unmask for hardened/musl/amd64
77	->=sys-devel/gcc-6.3.0 -pie
78	diff --git a/profiles/hardened/linux/musl/package.use.mask b/profiles/hardened/linux/musl/package.use.mask
79	index 9078b7c..46857dc 100644
80	--- a/profiles/hardened/linux/musl/package.use.mask
81	+++ b/profiles/hardened/linux/musl/package.use.mask
82	@@ -1,6 +1,10 @@
83	# Copyright 1999-2015 Gentoo Foundation.
84	# Distributed under the terms of the GNU General Public License v2
85
86	+# Matthias Maier <tamiko@g.o> (09 May 2017)
87	+# Unmask the pie useflag on hardened/linux/musl profiles.
88	+sys-devel/gcc -pie
89	+
90	# See bug #504200
91	sys-devel/gcc sanitize
92
93	diff --git a/profiles/hardened/linux/musl/use.force b/profiles/hardened/linux/musl/use.force
94	index 79e5575..debacff 100644
95	--- a/profiles/hardened/linux/musl/use.force
96	+++ b/profiles/hardened/linux/musl/use.force
97	@@ -2,3 +2,7 @@
98	# Distributed under the terms of the GNU General Public License v2
99
100	elibc_musl
101	+
102	+# Make sure people don't accidentally turn off ssp/pie in important packages.
103	+pie
104	+ssp
105	diff --git a/profiles/hardened/linux/package.use.mask b/profiles/hardened/linux/package.use.mask
106	index 4178151..aa2adc5 100644
107	--- a/profiles/hardened/linux/package.use.mask
108	+++ b/profiles/hardened/linux/package.use.mask
109	@@ -1,6 +1,10 @@
110	# Copyright 1999-2017 Gentoo Foundation
111	# Distributed under the terms of the GNU General Public License v2
112
113	+# Matthias Maier <tamiko@g.o> (09 May 2017)
114	+# Unmask the pie useflag on hardened profiles.
115	+sys-devel/gcc -pie
116	+
117	# Ilya Tumaykin <itumaykin+gentoo@×××××.com> (19 Jan 2017)
118	# Requires x11-drivers/nvidia-drivers. Needs testing first.
119	media-video/mpv cuda
120	diff --git a/profiles/hardened/linux/use.force b/profiles/hardened/linux/use.force
121	index 35e5653..ec5509c 100644
122	--- a/profiles/hardened/linux/use.force
123	+++ b/profiles/hardened/linux/use.force
124	@@ -1,6 +1,6 @@
125	# Copyright 1999-2015 Gentoo Foundation
126	# Distributed under the terms of the GNU General Public License v2
127
128	-# Make sure people don't accidentally turn of ssp/pie in important packages.
129	+# Make sure people don't accidentally turn off ssp/pie in important packages.
130	pie
131	ssp
132	--
133	2.10.2

Gentoo Archives: gentoo-dev