Re: [gentoo-dev] [PATCH 1/5] toolchain-funcs.eclass: Add functions for detection of PIE / SSP in way compatible with GCC >=6.

On śro, 2017-06-14 at 18:15 -0500, Matthias Maier wrote: > From: Arfrever Frehtes Taifersar Arahesis > > Newly added tc-enables-pie(), tc-enables-ssp(), tc-enables-ssp-strong() > and tc-enables-ssp-all() check macros instead of specs. > This solution also works with older

[gentoo-portage-dev] [PATCH] const: Change the MANIFEST2_REQUIRED_HASH to SHA512

Following the plan established in GLEP 59, we're long overdue deprecating SHA256. Since we have finally got rid of the last packages lacking SHA512 checksums, we can proceed with that. In order to prepare for it, however, we need to change the required hash to SHA512 and make sure developers

Re: [gentoo-dev] [PATCH 1/5] toolchain-funcs.eclass: Add functions for detection of PIE / SSP in way compatible with GCC >=6.

On czw, 2017-06-15 at 03:09 -0500, Matthias Maier wrote: > > > +# @FUNCTION: tc-enables-pie > > > +# @RETURN: Truth if the current compiler generates position-independent > > > code (PIC) which can be linked into executables > > > +# @DESCRIPTION: > > > +# Return truth if the current compiler

Re: [gentoo-dev] [RFC] Forced/automatic USE flag constraints (codename: ENFORCED_USE)

On Thu, 15 Jun 2017 18:07:00 +0200 Alexis Ballier wrote: > > The best way to convince me is through valid examples. > > It is also easier to be convinced when you try to understand and ask > for clarifications instead of just rejecting without thinking :) The problem with

Re: [gentoo-dev] [RFC] Forced/automatic USE flag constraints (codename: ENFORCED_USE)

On Thu, 15 Jun 2017 17:13:57 +0100 Ciaran McCreesh wrote: > On Thu, 15 Jun 2017 18:07:00 +0200 > Alexis Ballier wrote: > > > The best way to convince me is through valid examples. > > > > It is also easier to be convinced when you try to

Re: [gentoo-dev] [RFC] Forced/automatic USE flag constraints (codename: ENFORCED_USE)

On Thu, 15 Jun 2017 18:19:04 +0200 Alexis Ballier wrote: > On Thu, 15 Jun 2017 17:13:57 +0100 > Ciaran McCreesh wrote: > > On Thu, 15 Jun 2017 18:07:00 +0200 > > Alexis Ballier wrote: > > > > The best way to convince me

Re: [gentoo-dev] [RFC] Forced/automatic USE flag constraints (codename: ENFORCED_USE)

On Thu, 15 Jun 2017 17:22:26 +0100 Ciaran McCreesh wrote: > On Thu, 15 Jun 2017 18:19:04 +0200 > Alexis Ballier wrote: > > On Thu, 15 Jun 2017 17:13:57 +0100 > > Ciaran McCreesh wrote: > > > On Thu, 15 Jun

Re: [gentoo-dev] [RFC] Forced/automatic USE flag constraints (codename: ENFORCED_USE)

On Thu, 15 Jun 2017 18:30:10 +0200 Alexis Ballier wrote: > On Thu, 15 Jun 2017 17:22:26 +0100 > Ciaran McCreesh wrote: > > On Thu, 15 Jun 2017 18:19:04 +0200 > > Alexis Ballier wrote: > > > On Thu, 15 Jun 2017 17:13:57

Re: [gentoo-dev] Hardening a default profile

Hi Michael Am 11.06.2017 um 23:39 schrieb Michael Brinkman: > Hello, so I've been running Gentoo Hardened for a few years on my > laptop, my desktop, and a server made from an older desktop. > > Because of Grsecurity closing access to its source to non-subscribers, > I decided that I would just

Re: [gentoo-dev] [PATCH 01/05] toolchain-funcs.eclass: Add functions for detection of PIE / SSP in way compatible with GCC >=6.

> [[ ${ret} == true ]] > > Would be the canonical bash way. Updated.

Re: [gentoo-dev] [PATCH 01/05] toolchain-funcs.eclass: Add functions for detection of PIE / SSP in way compatible with GCC >=6.

Dnia 15 czerwca 2017 15:45:10 CEST, Matthias Maier napisał(a): >From: Arfrever Frehtes Taifersar Arahesis > >Newly added tc-enables-pie(), tc-enables-ssp(), tc-enables-ssp-strong() >and tc-enables-ssp-all() check macros instead of specs. >This solution

[gentoo-dev] [PATCH 01/05] toolchain-funcs.eclass: Add functions for detection of PIE / SSP in way compatible with GCC >=6.

From: Arfrever Frehtes Taifersar Arahesis Newly added tc-enables-pie(), tc-enables-ssp(), tc-enables-ssp-strong() and tc-enables-ssp-all() check macros instead of specs. This solution also works with older GCC and with Clang. Signed-off-by: Matthias Maier

[gentoo-dev] [RFC v2] toolchain-funcs.eclass / toolchain-glibc.eclass - gcc-6 bugfixes and updates

OK. This is a slightly modified version that uses string comparison to form the result. Best, Matthias

[gentoo-portage-dev] [PATCH] const: Remove unused MANIFEST1_REQUIRED_HASH

The MANIFEST1_REQUIRED_HASH constant is not used anywhere, so it should be possible to remove it safely. --- pym/portage/const.py | 1 - 1 file changed, 1 deletion(-) diff --git a/pym/portage/const.py b/pym/portage/const.py index 7e415ba9c..052d4ca2f 100644 --- a/pym/portage/const.py +++

Re: [gentoo-dev] rfc: new category, app-containers

On Thu, Jun 15, 2017 at 12:42:33AM +0200, Kristian Fiskerstrand wrote: > On 06/14/2017 06:11 PM, William Hubbs wrote: > > Is it time to start thinking about an app-containers category? > > If so, is it ok for me to start an app-containers category with these > > packages then we can look into

Re: [gentoo-dev] [RFC] Forced/automatic USE flag constraints (codename: ENFORCED_USE)

On śro, 2017-06-14 at 16:09 +0200, Alexis Ballier wrote: > On Wed, 14 Jun 2017 15:57:38 +0200 > Michał Górny wrote: > [...] > > > [...] > > > > > > > > [1]:https://wiki.gentoo.org/wiki/User:MGorny/GLEP:ReqUse > > > > > > > > > > > > > > I really don't like the

Re: [gentoo-dev] [RFC] Forced/automatic USE flag constraints (codename: ENFORCED_USE)

On Thu, 15 Jun 2017 17:59:13 +0200 Michał Górny wrote: > On śro, 2017-06-14 at 16:09 +0200, Alexis Ballier wrote: > > On Wed, 14 Jun 2017 15:57:38 +0200 > > Michał Górny wrote: > > [...] > > > > [...] > > > > > > > > >

Re: [gentoo-portage-dev] [PATCH] const: Remove unused MANIFEST1_REQUIRED_HASH

On Thu, Jun 15, 2017 at 12:27 AM, Michał Górny wrote: > The MANIFEST1_REQUIRED_HASH constant is not used anywhere, so it should > be possible to remove it safely. > --- > pym/portage/const.py | 1 - > 1 file changed, 1 deletion(-) > > diff --git a/pym/portage/const.py

Re: [gentoo-dev] [RFC] Forced/automatic USE flag constraints (codename: ENFORCED_USE)

On Thu, 15 Jun 2017 19:38:48 +0200 Michał Górny wrote: > On czw, 2017-06-15 at 18:07 +0200, Alexis Ballier wrote: > > On Thu, 15 Jun 2017 17:59:13 +0200 > > Michał Górny wrote: > > > > > On śro, 2017-06-14 at 16:09 +0200, Alexis Ballier wrote: > > > >

Re: [gentoo-dev] [RFC] Forced/automatic USE flag constraints (codename: ENFORCED_USE)

On Thu, 15 Jun 2017 18:55:45 +0200 Alexis Ballier wrote: > The guarantee comes from the fact that the output is always in the > space of all possible inputs from the user. So, if some output will > kill a kitten, so does some input. USE=minimal USE=mips USE=-ssl -- Ciaran

Re: [gentoo-portage-dev] [PATCH] const: Remove unused MANIFEST1_REQUIRED_HASH

On czw, 2017-06-15 at 09:08 -0700, Zac Medico wrote: > On Thu, Jun 15, 2017 at 12:27 AM, Michał Górny wrote: > > > The MANIFEST1_REQUIRED_HASH constant is not used anywhere, so it should > > be possible to remove it safely. > > --- > > pym/portage/const.py | 1 - > > 1 file

Re: [gentoo-dev] [RFC] Forced/automatic USE flag constraints (codename: ENFORCED_USE)

On Thu, 15 Jun 2017 18:04:35 +0100 Ciaran McCreesh wrote: > On Thu, 15 Jun 2017 18:55:45 +0200 > Alexis Ballier wrote: > > The guarantee comes from the fact that the output is always in the > > space of all possible inputs from the user. So,

Re: [gentoo-dev] [RFC] Forced/automatic USE flag constraints (codename: ENFORCED_USE)

On Thu, 15 Jun 2017 19:30:02 +0200 Alexis Ballier wrote: > On Thu, 15 Jun 2017 18:04:35 +0100 > Ciaran McCreesh wrote: > > On Thu, 15 Jun 2017 18:55:45 +0200 > > Alexis Ballier wrote: > > > The guarantee comes from the

Re: [gentoo-dev] [RFC] Forced/automatic USE flag constraints (codename: ENFORCED_USE)

On Thu, 15 Jun 2017 18:48:42 +0100 Ciaran McCreesh wrote: > On Thu, 15 Jun 2017 19:30:02 +0200 > Alexis Ballier wrote: > > On Thu, 15 Jun 2017 18:04:35 +0100 > > Ciaran McCreesh wrote: > > > On Thu, 15 Jun

Re: [gentoo-portage-dev] [PATCH] const: Change the MANIFEST2_REQUIRED_HASH to SHA512

On czw, 2017-06-15 at 09:49 -0700, Zac Medico wrote: > On Thu, Jun 15, 2017 at 12:42 AM, Michał Górny wrote: > > > > Following the plan established in GLEP 59, we're long overdue > > deprecating SHA256. Since we have finally got rid of the last packages > > lacking SHA512

Re: [gentoo-dev] [RFC] Forced/automatic USE flag constraints (codename: ENFORCED_USE)

On czw, 2017-06-15 at 18:07 +0200, Alexis Ballier wrote: > On Thu, 15 Jun 2017 17:59:13 +0200 > Michał Górny wrote: > > > On śro, 2017-06-14 at 16:09 +0200, Alexis Ballier wrote: > > > On Wed, 14 Jun 2017 15:57:38 +0200 > > > Michał Górny wrote: > > > [...]

Re: [gentoo-dev] Hardening a default profile

On 6/15/17 11:20 AM, Matthias Maier wrote: > Hi Michael, > > On Sun, Jun 11, 2017, at 16:39 CDT, Michael Brinkman > wrote: > >> So I was just wondering if ~arch is ready for more secure defaults on >> the 17.0 profiles in the linker flags. There are several >>

Re: [gentoo-dev] New 17.0 release profiles

Am Sonntag, 11. Juni 2017, 20:39:00 CEST schrieb Walter Dnes: > On Sat, Jun 10, 2017 at 05:15:05PM +0200, Andreas K. Huettel wrote > > > -> The new profiles will NOT have any entries in profiles.desc > > yet. For "normal people" that means DO NOT SWITCH to these profiles > > yet. <- > > > >

Re: [gentoo-dev] Hardening a default profile

> there should be a way of turning these off systematically. the > advantage of the current hardened gcc specs is that one can switch > between them using gcc-config. if these are forced on for the default > profile then there will be no easy way to systematically turn them off. No - there

Re: [gentoo-dev] New 17.0 release profiles

On Thu, Jun 15, 2017 at 11:41:11PM +0200, Andreas K. Huettel wrote > Am Sonntag, 11. Juni 2017, 20:39:00 CEST schrieb Walter Dnes: > > 1) Should I be doing bug reports on the Gentoo bugzilla or upstream? > > Gentoo please, though also submitting stuff upstream and linking to > it in the Gentoo

Re: [gentoo-dev] Hardening a default profile

Hi Michael, On Sun, Jun 11, 2017, at 16:39 CDT, Michael Brinkman wrote: > So I was just wondering if ~arch is ready for more secure defaults on > the 17.0 profiles in the linker flags. There are several > distributions which ship RELRO by default and I am not

Re: [gentoo-dev] [RFC] Forced/automatic USE flag constraints (codename: ENFORCED_USE)

On Thu, 15 Jun 2017 17:32:40 +0100 Ciaran McCreesh wrote: > On Thu, 15 Jun 2017 18:30:10 +0200 > Alexis Ballier wrote: > > On Thu, 15 Jun 2017 17:22:26 +0100 > > Ciaran McCreesh wrote: > > > On Thu, 15 Jun

Re: [gentoo-dev] [RFC] Forced/automatic USE flag constraints (codename: ENFORCED_USE)

On Thu, 15 Jun 2017 18:37:16 +0200 Alexis Ballier wrote: > > So you're saying that at the end of this, there's an ENFORCED_USE > > solver that spits out some answer that may or may not be in any way > > a sane solution to the conflict. > > > > I don't see how that's helpful

Re: [gentoo-portage-dev] [PATCH] const: Change the MANIFEST2_REQUIRED_HASH to SHA512

On Thu, Jun 15, 2017 at 12:42 AM, Michał Górny wrote: > > Following the plan established in GLEP 59, we're long overdue > deprecating SHA256. Since we have finally got rid of the last packages > lacking SHA512 checksums, we can proceed with that. In order to prepare > for it,

Re: [gentoo-dev] [RFC] Forced/automatic USE flag constraints (codename: ENFORCED_USE)

On Thu, 15 Jun 2017 17:45:09 +0100 Ciaran McCreesh wrote: > On Thu, 15 Jun 2017 18:37:16 +0200 > Alexis Ballier wrote: > > > So you're saying that at the end of this, there's an ENFORCED_USE > > > solver that spits out some answer that may or