summaryrefslogtreecommitdiff
blob: f66cd54c9e647b74125f1d675e32aff47abbc68d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
Title: New 17.0 profiles in the Gentoo repository
Author: Andreas K. Hüttel <dilfridge@gentoo.org>
Posted: 2017-11-30
Revision: 1
News-Item-Format: 2.0
Display-If-Profile: default/linux/amd64/13.0
Display-If-Profile: default/linux/amd64/13.0/selinux
Display-If-Profile: default/linux/amd64/13.0/desktop
Display-If-Profile: default/linux/amd64/13.0/desktop/gnome
Display-If-Profile: default/linux/amd64/13.0/desktop/gnome/systemd
Display-If-Profile: default/linux/amd64/13.0/desktop/plasma
Display-If-Profile: default/linux/amd64/13.0/desktop/plasma/systemd
Display-If-Profile: default/linux/amd64/13.0/developer
Display-If-Profile: default/linux/amd64/13.0/no-multilib
Display-If-Profile: default/linux/amd64/13.0/systemd
Display-If-Profile: default/linux/ia64/13.0
Display-If-Profile: default/linux/ia64/13.0/desktop
Display-If-Profile: default/linux/ia64/13.0/desktop/gnome
Display-If-Profile: default/linux/ia64/13.0/desktop/gnome/systemd
Display-If-Profile: default/linux/ia64/13.0/developer
Display-If-Profile: default/linux/powerpc/ppc32/13.0
Display-If-Profile: default/linux/powerpc/ppc32/13.0/desktop
Display-If-Profile: default/linux/powerpc/ppc32/13.0/desktop/gnome
Display-If-Profile: default/linux/powerpc/ppc32/13.0/desktop/gnome/systemd
Display-If-Profile: default/linux/powerpc/ppc32/13.0/developer
Display-If-Profile: default/linux/powerpc/ppc64/13.0/32bit-userland
Display-If-Profile: default/linux/powerpc/ppc64/13.0/32bit-userland/desktop
Display-If-Profile: default/linux/powerpc/ppc64/13.0/32bit-userland/desktop/gnome
Display-If-Profile: default/linux/powerpc/ppc64/13.0/32bit-userland/desktop/gnome/systemd
Display-If-Profile: default/linux/powerpc/ppc64/13.0/32bit-userland/developer
Display-If-Profile: default/linux/powerpc/ppc64/13.0/64bit-userland
Display-If-Profile: default/linux/powerpc/ppc64/13.0/64bit-userland/desktop
Display-If-Profile: default/linux/powerpc/ppc64/13.0/64bit-userland/desktop/gnome
Display-If-Profile: default/linux/powerpc/ppc64/13.0/64bit-userland/desktop/gnome/systemd
Display-If-Profile: default/linux/powerpc/ppc64/13.0/64bit-userland/developer
Display-If-Profile: default/linux/x86/13.0
Display-If-Profile: default/linux/x86/13.0/selinux
Display-If-Profile: default/linux/x86/13.0/desktop
Display-If-Profile: default/linux/x86/13.0/desktop/gnome
Display-If-Profile: default/linux/x86/13.0/desktop/gnome/systemd
Display-If-Profile: default/linux/x86/13.0/desktop/plasma
Display-If-Profile: default/linux/x86/13.0/desktop/plasma/systemd
Display-If-Profile: default/linux/x86/13.0/developer
Display-If-Profile: default/linux/x86/13.0/no-multilib
Display-If-Profile: default/linux/x86/13.0/systemd

We have just added (for all arches except arm and mips, these follow
later) a new set of profiles with release version 17.0 to the Gentoo 
repository. These bring three changes:
1) The default C++ language version for applications is now C++14.
   This change is mostly relevant to Gentoo developers. It also
   means, however, that compilers earlier than GCC 6 are masked 
   and not supported for use as a system compiler anymore. Feel 
   free to unmask them if you need them for specific applications.
2) Where supported, GCC will now build position-independent
   executables (PIE) by default. This improves the overall
   security fingerprint. The switch from non-PIE to PIE binaries,
   however, requires some steps by users, as detailed below.
3) Up to now, hardened profiles were separate from the default
   profile tree. Now they are moving into the 17.0 profile
   as a feature there, similar to "no-multilib" and "systemd".

Please migrate away from the 13.0 profiles within the six weeks after
GCC 6.4.0 has been stabilized on your architecture. The 13.0 profiles
will be deprecated then and removed in half a year.

If you are not already running a hardened setup with PIE enabled, then
switching the profile involves the following steps: 
If not already done,
* Use gcc-config to select gcc-6.4.0 or later as system compiler
* Re-source /etc/profile:
    . /etc/profile
* Re-emerge libtool
    emerge -1 sys-devel/libtool
Then, 
* Select the new profile with eselect
* Re-emerge, in this sequence, gcc, binutils, and glibc
    emerge -1 sys-devel/gcc:6.4.0
    emerge -1 sys-devel/binutils
    emerge -1 sys-libs/glibc
* Rebuild your entire system
    emerge -e @world

Switching the profile from 13.0 to 17.0 modifies the settings of 
GCC 6 to generate PIE executables by default; thus, you need to do 
the rebuilds even if you have already used GCC 6 beforehand.
If you do not follow these steps you may get spurious build
failures when the linker tries unsuccessfully to combine non-PIE
and PIE code.