On Tue, Oct 10, 2017 at 3:16 PM, Andreas K. Huettel <dilfri...@gentoo.org> wrote:
> ===================================== > Title: New 17.0 profiles in the Gentoo repository > Author: Andreas K. Hüttel <dilfri...@gentoo.org> > Posted: xxxxxxx > Revision: 1 > News-Item-Format: 2.0 > Display-If-Installed: >=sys-devel/gcc-6.4.0 > > We have just added a new set of profiles with release version 17.0 > to the Gentoo repository. These bring three changes: > 1) The default C++ language version for applications is now C++14. > This change is mostly relevant to Gentoo developers. It also > means, however, that compilers earlier than GCC 6 are masked > and not supported for use as a system compiler anymore. Feel > free to unmask them if you need them for specific applications. > 2) Where supported, GCC will now build position-independent > executables (PIE) by default. This improves the overall > security fingerprint. The switch from non-PIE to PIE binaries, > however, requires some steps by users, as detailed below. > 3) Up to now, hardened profiles were separate from the default > profile tree. Now they are moving into the 17.0 profile > as a feature there, similar to "no-multilib" and "systemd". > > Please consider switching from your current 13.0 profile to the > corresponding 17.0 profile soon after GCC 6.4.0 has been > stabilized on your architecture. The 13.0 profiles will be deprecated > and removed in the near future. > Can you commit to a deadline on this? Its OK to be wrong (e.g. say 1 month but remove in 3); but "near future" is not actionable by readers. > > Switching involves the following steps: > If not already done, > * Use gcc-config to select gcc-6.4.0 (or later) as system compiler > * Re-source /etc/profile: > . /etc/profile > * Re-emerge libtool > Then, > * Select the new profile with eselect > * Re-emerge, in this sequence, the selected gcc, binutils, and glibc > emerge -1 sys-devel/gcc:6.4.0 > emerge -1 sys-devel/binutils > emerge -1 sys-libs/glibc > * Rebuild your entire system > emerge -e world > > Switching the profile modifies the use-flags of GCC 6 to generate > PIE executables by default; thus, you need to do the rebuilds > even if you already used GCC 6 beforehand. > > If you do not follow these steps you may get spurious build > failures when the linker tries unsuccessfully to combine non-PIE > and PIE code. > ===================================== > > > > -- > Andreas K. Hüttel > dilfri...@gentoo.org > Gentoo Linux developer (council, perl, libreoffice)
