On 30.01.2018 16:48, Gabriel C wrote:
Hey guys,
Maybe some of you noticed , I started to bump our tool chain.
It was not planed to-be-yet bumped however while strange
Meltdown && Spectre times we are kind *forced* to do it now.
This time we'll have major changes , major bumps and _everything_ need
be rebuild. Beacuse that we cannot let current open since every package
touched in -current will conflict in tool chain repo at some point.
Please note the repo need *special handling* and you cannot build in
it with your current development setup.
So aks on IRC for a quick howto.
TODAY evening , probably around 22:00 CET -current is closed for pushes
and uploads. If you really need to update something do it until then.
The -current repo is readonly now until toolchain repo is done..
Now a quick info on what is done in the tool chain repo.
Updates:
gcc 7.3.0
glibc 2.26.9000 ( is what will be 2.27 soon )
binutils 2.30
mpfr 4.0.0
libmpc 1.1.0
ncurses 6.1
readline 7.0
python3 3.6.4
tcl/tk 8.6.8
boost 1.66.0
ruby 2.5.0
perl 2.16.1
mono 5.10.0.69
kernel 4.15 ( WIP done by Dex )
all lib/* with a so name , API/ABI bumped.
missing: mariadb and libjpeg-turbo ( WIP by Dex )
Core changes:
Added to C/CXX FLAGS: -fstack-protector-strong -fno-plt ( no options yet )
Option 'noprotect' got added but it won't do any magic by itself.
With that option set you are able to disable -fstack-protector-strong from
FrugalBuild withou makepkg to error out.
-Wp,-D_FORTIFY_SOURCE=2 ( with a option to disable ,
'nofortify' )
Added to LDFLAGS : -z,relro and -z,now ( with a option to disable
,'norelro' )
Now a new nonow option got added so we can handle both.
NOTE: workarounds for any kind flags in makepkg are not just warning _anymore_.
Wrong hash-sytle linker option will error out erarly as well missing
-fstack-protector-*
flags without 'noprotect' option.
Any other linker flags are wrong or not set causes the chroot build to be
flagged 'custom'
so it cannot be upload anymore.
That means we need fixup helicon mnually and devels with wrong setup need fixup
their setups.
On TODO: nopie option and a per-repo-makepkg.conf..
Some of you may think .. wth is this guy about and why all this ?.. small
example :
bash from current :
crazy@ant:~$ ~/bin/tc-check /bin/bash.OLD
/bin/bash.OLD:
Position Independent Executable: no, normal executable!
Stack protected: no, not found!
Fortify Source functions: no, not found!
Read-only relocations: yes
Immediate binding: no, not found!
and now bash from the toolchain repo :
crazy@ant:~$ ~/bin/tc-check /bin/bash
/bin/bash:
Position Independent Executable: yes
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
Should clear now ?:)
A tool chain only chroot is working , however I still need ro re-build some
things in base/core.
Everything should work now .. I run the repo on my main build server without
problems.
Also we build in the repo *without* ,current so -t multilib *only*.
That means everything need be rebuild agaist right packages .. example :
package1 depends on 'libfoo' and makedepends on 'libbar'
'libbar' depends on 'libbaz'..
So before you can build 'package1' so need build:
libbaz
then libbar against libbaz
then libfoo against libbar
then package1
Packages with lots subpackages , packages with circular depends
or packages depends on self are special.
There we may rebuild first round multilib,current then second round
on multilib only.
Right now I count 577 fpm's ( +/- 14% ) in multilib , so a LOT work to be done
:)
NOTE: do _not_ run the repo on a Workstation need X/GUI, that is not yet done..
Also feel free to poke me on IRC for more informations.. :)
_______________________________________________
Frugalware-devel mailing list
[email protected]
http://frugalware.org/mailman/listinfo/frugalware-devel
