[gentoo-dev] RFC v2: news item for the 17.0 profiles

Tue, 10 Oct 2017 12:16:55 -0700 

=====================================
Title: New 17.0 profiles in the Gentoo repository
Author: Andreas K. Hüttel <dilfri...@gentoo.org>
Posted: xxxxxxx
Revision: 1
News-Item-Format: 2.0
Display-If-Installed: >=sys-devel/gcc-6.4.0

We have just added a new set of profiles with release version 17.0
to the Gentoo repository. These bring three changes:
1) The default C++ language version for applications is now C++14.
   This change is mostly relevant to Gentoo developers. It also
   means, however, that compilers earlier than GCC 6 are masked
   and not supported for use as a system compiler anymore. Feel
   free to unmask them if you need them for specific applications.
2) Where supported, GCC will now build position-independent
   executables (PIE) by default. This improves the overall
   security fingerprint. The switch from non-PIE to PIE binaries,
   however, requires some steps by users, as detailed below.
3) Up to now, hardened profiles were separate from the default
   profile tree. Now they are moving into the 17.0 profile
   as a feature there, similar to "no-multilib" and "systemd".

Please consider switching from your current 13.0 profile to the
corresponding 17.0 profile soon after GCC 6.4.0 has been
stabilized on your architecture. The 13.0 profiles will be deprecated
and removed in the near future.

Switching involves the following steps:
If not already done,
* Use gcc-config to select gcc-6.4.0 (or later) as system compiler
* Re-source /etc/profile:
    . /etc/profile
* Re-emerge libtool
Then,
* Select the new profile with eselect
* Re-emerge, in this sequence, the selected gcc, binutils, and glibc
    emerge -1 sys-devel/gcc:6.4.0
    emerge -1 sys-devel/binutils
    emerge -1 sys-libs/glibc
* Rebuild your entire system
    emerge -e world

Switching the profile modifies the use-flags of GCC 6 to generate
PIE executables by default; thus, you need to do the rebuilds
even if you already used GCC 6 beforehand.

If you do not follow these steps you may get spurious build
failures when the linker tries unsuccessfully to combine non-PIE
and PIE code.
=====================================



-- 
Andreas K. Hüttel
dilfri...@gentoo.org
Gentoo Linux developer (council, perl, libreoffice)

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply via email to