Re: [gentoo-dev] [RFC] News item: GCC 6 defaults to USE="pie ssp", v2

2017-05-11 Thread Matthias Maier
> Has anyone checked 32-bit systems? "emerge -pv =sys-devel/gcc-6.3.0" > on a 2008 Core2duo 32-bit install (my GCC 6.3.0 testbed) shows "(-pie)". > I read that as the "pie" USE flag being hard-masked out. On my 64-bit > desktop, "pie" is the default. Yes, we are aware of this. Unfortunately,

Re: [gentoo-dev] [RFC] News item: GCC 6 defaults to USE="pie ssp", v2

2017-05-11 Thread Walter Dnes
On Tue, May 09, 2017 at 06:58:42PM -0500, Matthias Maier wrote > This is a reworded news item (assuming we proceed with the plan to > default-enable USE=pie). Suggestions for improving the emerge command to > fix static archives is highly welcomed. > > Matthias > > > > Title: GCC 6 defaults to

Re: New profiles for default-pie transition (was: Re: [gentoo-dev] [RFC] News item: GCC 6 defaults to USE="pie ssp", v2)

2017-05-10 Thread Hanno Böck
On Wed, 10 May 2017 15:29:19 +0200 "Andreas K. Huettel" wrote: > * generate a new set of profiles 17.0 where it's package.use.forced > * tell people they may have to rebuild world when they switch Do we really need to rebuild world? From what I understand problems arise if

New profiles for default-pie transition (was: Re: [gentoo-dev] [RFC] News item: GCC 6 defaults to USE="pie ssp", v2)

2017-05-10 Thread Andreas K. Huettel
Am Mittwoch, 10. Mai 2017, 13:58:56 CEST schrieb Dirkjan Ochtman: > On Wed, May 10, 2017 at 11:19 AM, Kristian Fiskerstrand wrote: > > Sounds like a reasonable action plan. The consequences of such a change > > definitely seems to be sufficiently high to merit a proper migration

Re: [gentoo-dev] [RFC] News item: GCC 6 defaults to USE="pie ssp"

2017-05-10 Thread Chí-Thanh Christopher Nguyễn
Mike Gilbert schrieb: I disagree. We might want to default the "pie" USE flag differently depending on the profile, but there's no need to force it. I think we should force the pie USE flag on/off depending on the profile. My proposal: For all profiles except hardened, introduce a pie/nopie

Re: [gentoo-dev] [RFC] News item: GCC 6 defaults to USE="pie ssp", v2

2017-05-10 Thread Dirkjan Ochtman
On Wed, May 10, 2017 at 11:19 AM, Kristian Fiskerstrand wrote: > Sounds like a reasonable action plan. The consequences of such a change > definitely seems to be sufficiently high to merit a proper migration > plan which doesn't seem to have been established at this point.

Re: [gentoo-dev] [RFC] News item: GCC 6 defaults to USE="pie ssp"

2017-05-10 Thread Kent Fredric
On Wed, 10 May 2017 09:23:04 +0200 Alexis Ballier wrote: > https://bugzilla.redhat.com/show_bug.cgi?id=1238804 (building perl with > pie seems to make some perl packages fail at runtime) If that's really the case, can we *not* do this right now? There's one thing Perl team

Re: [gentoo-dev] [RFC] News item: GCC 6 defaults to USE="pie ssp", v2

2017-05-10 Thread Kristian Fiskerstrand
On 05/10/2017 09:52 AM, Alexis Ballier wrote: > On Tue, 09 May 2017 18:58:42 -0500 > Matthias Maier wrote: > >> This is a reworded news item (assuming we proceed with the plan to >> default-enable USE=pie). Suggestions for improving the emerge command >> to fix static archives

Re: [gentoo-dev] [RFC] News item: GCC 6 defaults to USE="pie ssp", v2

2017-05-10 Thread Alexis Ballier
On Tue, 09 May 2017 18:58:42 -0500 Matthias Maier wrote: > This is a reworded news item (assuming we proceed with the plan to > default-enable USE=pie). Suggestions for improving the emerge command > to fix static archives is highly welcomed. > Really, I think the slot to

Re: [gentoo-dev] [RFC] News item: GCC 6 defaults to USE="pie ssp"

2017-05-10 Thread Alexis Ballier
On Tue, 09 May 2017 18:13:06 -0500 Matthias Maier wrote: > > For a transition we can probably build everything with -fPIE but not > > link with -pie. If we want that to happen fast, gcc-6 might do that > > and gcc-7 add the -pie option. > > I am not entirely convinced that

Re: [gentoo-dev] [RFC] News item: GCC 6 defaults to USE="pie ssp"

2017-05-10 Thread Alexis Ballier
On Wed, 10 May 2017 01:40:36 +0200 "Andreas K. Huettel" wrote: > Am Mittwoch, 10. Mai 2017, 00:47:30 CEST schrieb Alexis Ballier: > > On Tue, 9 May 2017 23:18:20 +0200 Hanno Böck > > wrote: > > > I really think it's about time that pie becomes the

Re: [gentoo-dev] [RFC] News item: GCC 6 defaults to USE="pie ssp"

2017-05-10 Thread Alexis Ballier
On Wed, 10 May 2017 01:44:06 +0200 "Andreas K. Huettel" wrote: > > > > While I believe it might be a bit too early to default-enable pie, > > why not, but the news item *must* contain instructions that people > > should 'emerge -e world' in order for it to work. > > > >

Re: [gentoo-dev] [RFC] News item: GCC 6 defaults to USE="pie ssp"

2017-05-09 Thread Matthias Maier
On Wed, May 10, 2017, at 00:07 CDT, Jason Zaman wrote: > I just want to make sure im understanding this right, only .a files that > were compiled without -pie will cause issues if you compile the later > thing that uses the .a with -pie? > So: > 1) people on hardened

Re: [gentoo-dev] [RFC] News item: GCC 6 defaults to USE="pie ssp"

2017-05-09 Thread Jason Zaman
On Wed, May 10, 2017 at 01:44:06AM +0200, Andreas K. Huettel wrote: > Am Dienstag, 9. Mai 2017, 22:10:21 CEST schrieb Alexis Ballier: > > > > Do you realize that this breaks linking against about any static lib > > ever built before upgrading ? And I'm not even considering people > > toggling the

Re: [gentoo-dev] [RFC] News item: GCC 6 defaults to USE="pie ssp", v2

2017-05-09 Thread Matthias Maier
This is a reworded news item (assuming we proceed with the plan to default-enable USE=pie). Suggestions for improving the emerge command to fix static archives is highly welcomed. Matthias Title: GCC 6 defaults to USE="pie ssp" Author: Matthias Maier Content-Type:

Re: [gentoo-dev] [RFC] News item: GCC 6 defaults to USE="pie ssp"

2017-05-09 Thread Andreas K. Huettel
Am Dienstag, 9. Mai 2017, 22:10:21 CEST schrieb Alexis Ballier: > > Do you realize that this breaks linking against about any static lib > ever built before upgrading ? And I'm not even considering people > toggling the flag. Toggling the flag is definitely bad. So it should be either on or off.

Re: [gentoo-dev] [RFC] News item: GCC 6 defaults to USE="pie ssp"

2017-05-09 Thread Andreas K. Huettel
Am Mittwoch, 10. Mai 2017, 00:47:30 CEST schrieb Alexis Ballier: > On Tue, 9 May 2017 23:18:20 +0200 Hanno Böck wrote: > > I really think it's about time that pie becomes the default in Gentoo. > > For a transition we can probably build everything with -fPIE but not > link with

Re: [gentoo-dev] [RFC] News item: GCC 6 defaults to USE="pie ssp"

2017-05-09 Thread Matthias Maier
> For a transition we can probably build everything with -fPIE but not > link with -pie. If we want that to happen fast, gcc-6 might do that and > gcc-7 add the -pie option. I am not entirely convinced that a transition period of one gcc version is enough for a smooth transition [1]. It might be

Re: [gentoo-dev] [RFC] News item: GCC 6 defaults to USE="pie ssp"

2017-05-09 Thread Alexis Ballier
On Tue, 9 May 2017 23:18:20 +0200 Hanno Böck wrote: > Hi, > > On Tue, 09 May 2017 15:55:36 -0500 > Matthias Maier wrote: > > > Well, Alexis certainly makes a strong point. Breaking installed > > static archives by changing a use flag shouldn't be as easy

Re: [gentoo-dev] [RFC] News item: GCC 6 defaults to USE="pie ssp"

2017-05-09 Thread Hanno Böck
Hi, On Tue, 09 May 2017 15:55:36 -0500 Matthias Maier wrote: > Well, Alexis certainly makes a strong point. Breaking installed static > archives by changing a use flag shouldn't be as easy as changing a > useflag. So we might simply use.force the pie use flag depending on >

Re: [gentoo-dev] [RFC] News item: GCC 6 defaults to USE="pie ssp"

2017-05-09 Thread Matthias Maier
On Tue, May 9, 2017, at 15:10 CDT, Alexis Ballier wrote: > There is a *huge* difference between: > Disable PIE support (NOT FOR GENERAL USE) > and the negation of: > pie - Build programs as Position Independent Executables (a security > hardening technique) > > Enabling

Re: [gentoo-dev] [RFC] News item: GCC 6 defaults to USE="pie ssp"

2017-05-09 Thread Mike Gilbert
On Tue, May 9, 2017 at 4:10 PM, Alexis Ballier wrote: > Also, I don't believe default-pie should even be a useflag. It's always > been forced-on for hardened and forced-off for non-hardened I think. > Switching between the two types of profiles has always been difficult >

Re: [gentoo-dev] [RFC] News item: GCC 6 defaults to USE="pie ssp"

2017-05-09 Thread Alexis Ballier
On Tue, 09 May 2017 12:26:48 -0500 Matthias Maier wrote: > Title: GCC 6 defaults to USE="pie ssp" > Author: Matthias Maier > Content-Type: text/plain > Posted: 2017-05-07 > Revision: 1 > News-Item-Format: 1.0 > Display-If-Installed: >=sys-devel/gcc-6.3.0 >

[gentoo-dev] [RFC] News item: GCC 6 defaults to USE="pie ssp"

2017-05-09 Thread Matthias Maier
Title: GCC 6 defaults to USE="pie ssp" Author: Matthias Maier Content-Type: text/plain Posted: 2017-05-07 Revision: 1 News-Item-Format: 1.0 Display-If-Installed: >=sys-devel/gcc-6.3.0 Display-If-Keyword: amd64 In Gentoo, several GCC features can be default disabled or enabled