[gentoo-user] Re: grub-0.97-r16 and profile 17.0 change

[Ian Zimmerman]

On 2017-12-04 18:13, Daniel Frey wrote:

> I guess I'll have to remember to use 500M+ /boot partitions now. Sigh.

I don't get it.

 matica!7 rc$ du /boot/grub
2022/boot/grub/i386-pc
1340/boot/grub/fonts
2785/boot/grub/themes/starfield
2786/boot/grub/themes
3163/boot/grub/locale
9317/boot/grub

~10MB.  This is with grub2.

Maybe you use some heavily graphical theme?

-- 
Please don't Cc: me privately on mailing lists and Usenet,
if you also post the followup to the list or newsgroup.
To reply privately _only_ on Usenet, fetch the TXT record for the domain.

Re: [gentoo-user] Re: grub-0.97-r16 and profile 17.0 change

[Michael Orlitzky]

On 12/02/2017 09:18 PM, Ian Zimmerman wrote:
>>
>> You do need to run "emerge -e @world", unless you happened to be using
>> a hardened toolchain already.
> 
> But only if you in fact switch the new profile on, right?

Right.


> There seems to be another thing afoot, though.  All (or nearly so)
> python libraries are due for rebuild because of
> 
> PYTHON_TARGETS="python3_5 -python3_4"
> 
> Where does that come from?  I have never fully understood this and
> similar variables.  It seems to be kind of like USE but also separate
> from USE.  Is it something I can control, as a user?  Where is it
> configured?  Is this change tied to the above profile transition?

Totally unrelated. PYTHON_TARGETS is a so-called USE_EXPAND variable:

  https://wiki.gentoo.org/wiki/Project:Python/PYTHON_TARGETS

It is precisely a bunch of plain-old USE flags under the hood, with a
little bit of syntactic sugar on top so that you can set e.g.

  PYTHON_TARGETS=python3_5

instead of

  USE=python_targets_python3_5

In other words, it automatically namespaces a set of related USE flags.

All of the python stuff is rebuilding because (I guess) the python team
stabilized python-3.5. As a result, you're going to install python-3.5,
and therefore need to rebuild all of your python packages with support
for python-3.5.

[gentoo-user] Re: grub-0.97-r16 and profile 17.0 change

[Ian Zimmerman]

On 2017-12-02 20:14, Michael Orlitzky wrote:

> >> You're seeing a lot of reports because there is a news item telling
> >> people to switch to the new profile and run "emerge -e @world".
> > 
> > Does this mean that "emerge -e @world" should be run or that the
> > news item is wrong in this point?
> 
> You do need to run "emerge -e @world", unless you happened to be using
> a hardened toolchain already.

But only if you in fact switch the new profile on, right?

There seems to be another thing afoot, though.  All (or nearly so)
python libraries are due for rebuild because of

PYTHON_TARGETS="python3_5 -python3_4"

Where does that come from?  I have never fully understood this and
similar variables.  It seems to be kind of like USE but also separate
from USE.  Is it something I can control, as a user?  Where is it
configured?  Is this change tied to the above profile transition?

-- 
Please don't Cc: me privately on mailing lists and Usenet,
if you also post the followup to the list or newsgroup.
To reply privately _only_ on Usenet, fetch the TXT record for the domain.

Re: [gentoo-user] Re: grub-0.97-r16 and profile 17.0 change

[Adam Carter]

> * Select the new profile with eselect
> * Re-emerge, in this sequence, gcc, binutils, and glibc
> emerge -1 sys-devel/gcc:6.4.0
> emerge -1 sys-devel/binutils
> emerge -1 sys-libs/glibc
> * Rebuild your entire system
> emerge -e @world
>

Would emerge -e --exclude gcc --exclude bintuils --exclude glibc @world be
a little more sensible?

Re: [gentoo-user] Re: grub-0.97-r16 and profile 17.0 change

[Michael Orlitzky]

On 12/02/2017 08:07 PM, Heiko Baums wrote:
> Am Sat, 2 Dec 2017 18:33:09 -0500
> schrieb Michael Orlitzky :
> 
>> You're seeing a lot of reports because there is a news item telling
>> people to switch to the new profile and run "emerge -e @world".
> 
> Does this mean that "emerge -e @world" should be run or that the news
> item is wrong in this point?

You do need to run "emerge -e @world", unless you happened to be using a
hardened toolchain already.

So the news item is correct, but having everyone build test the whole
tree at once is unearthing some latent build system bugs.

Re: [gentoo-user] Re: grub-0.97-r16 and profile 17.0 change

[Heiko Baums]

Am Sat, 2 Dec 2017 18:33:09 -0500
schrieb Michael Orlitzky :

> You're seeing a lot of reports because there is a news item telling
> people to switch to the new profile and run "emerge -e @world".

Does this mean that "emerge -e @world" should be run or that the news
item is wrong in this point?

Heiko

Re: [gentoo-user] Re: grub-0.97-r16 and profile 17.0 change

[Michael Orlitzky]

On 12/02/2017 04:28 PM, Ian Zimmerman wrote:
> This profile change seems to have hit a few people in sensitive
> locations.
> 
> What is the upshot of this change?  Can I eyeball the diff _before_ I
> sync ?
> 

The new 17.0 profile switches the default C++ version to C++14, and
enables PIE/SSP by default with real upstream support for those
features. As a result, it requires gcc-6.x. Most build failures are due
to that -- basically ancient stable versions that never got tested with
a modern compiler/features until now.

Syncing is safe, nothing bad will happen unless you `eselect profile`
one of the new 17.0 profiles.

You're seeing a lot of reports because there is a news item telling
people to switch to the new profile and run "emerge -e @world".

Re: [gentoo-user] Re: grub-0.97-r16 and profile 17.0 change

[Mick]

On 02-12-2017 ,13:28:37, Ian Zimmerman wrote:
> This profile change seems to have hit a few people in sensitive
> locations.
> 
> What is the upshot of this change?  Can I eyeball the diff _before_ I
> sync ?

This is what the news item states:
=
~ $ eselect news read new
2017-11-30-new-17-profiles
  Title New 17.0 profiles in the Gentoo repository
  AuthorAndreas K. Hüttel 
  Posted2017-11-30
  Revision  1

We have just added (for all arches except arm and mips, these follow
later) a new set of profiles with release version 17.0 to the Gentoo
repository. These bring three changes:
1) The default C++ language version for applications is now C++14.
   This change is mostly relevant to Gentoo developers. It also
   means, however, that compilers earlier than GCC 6 are masked
   and not supported for use as a system compiler anymore. Feel
   free to unmask them if you need them for specific applications.
2) Where supported, GCC will now build position-independent
   executables (PIE) by default. This improves the overall
   security fingerprint. The switch from non-PIE to PIE binaries,
   however, requires some steps by users, as detailed below.
3) Up to now, hardened profiles were separate from the default
   profile tree. Now they are moving into the 17.0 profile
   as a feature there, similar to "no-multilib" and "systemd".

Please migrate away from the 13.0 profiles within the six weeks after
GCC 6.4.0 has been stabilized on your architecture. The 13.0 profiles
will be deprecated then and removed in half a year.

If you are not already running a hardened setup with PIE enabled, then
switching the profile involves the following steps:
If not already done,
* Use gcc-config to select gcc-6.4.0 or later as system compiler
* Re-source /etc/profile:
. /etc/profile
* Re-emerge libtool
emerge -1 sys-devel/libtool
Then,
* Select the new profile with eselect
* Re-emerge, in this sequence, gcc, binutils, and glibc
emerge -1 sys-devel/gcc:6.4.0
emerge -1 sys-devel/binutils
emerge -1 sys-libs/glibc
* Rebuild your entire system
emerge -e @world

Switching the profile from 13.0 to 17.0 modifies the settings of
GCC 6 to generate PIE executables by default; thus, you need to do
the rebuilds even if you have already used GCC 6 beforehand.
If you do not follow these steps you may get spurious build
failures when the linker tries unsuccessfully to combine non-PIE
and PIE code.

[gentoo-user] Re: grub-0.97-r16 and profile 17.0 change

[Ian Zimmerman]

This profile change seems to have hit a few people in sensitive
locations.

What is the upshot of this change?  Can I eyeball the diff _before_ I
sync ?

-- 
Please don't Cc: me privately on mailing lists and Usenet,
if you also post the followup to the list or newsgroup.
To reply privately _only_ on Usenet, fetch the TXT record for the domain.