On Tue, 22 Jun 2021 10:35:12 +0100 Marek Szuba <mare...@gentoo.org> wrote:
> Dear everyone, > > Seeing as in the end this USE flag is not going anywhere in spite of > Gentoo no longer providing PaX-capable kernel sources, could we please > rename it (e.g. to 'pax-kernel') so that it no longer contains a > disallowed character. I understand the main reason this hasn't been done > yet is that we expected it might disappear altogether. Just renaming pax_kernel to pax-kernel for dev-libs/libffi will likely brick a system on W^X kernel on first world update. python will probably start crashing instantly. Unless user explicitly notices that they need to enable a new flag. Other packages should be less problematic to just switch over. One of the steps forward for libffi would be to add extra USE=pax-kernel with REQUIRED_USE="pax_kernel? ( pax-kernel )" or 'die' equivalent. The specifics should ideally be handled by hardened@ team. Otherwise we can do 'use pax_kernel || die' libffi experiment if nobody objects. Say, in a few days. -- Sergei
