View previous topic :: View next topic |
Author |
Message |
msst Apprentice
Joined: 07 Jun 2011 Posts: 259
|
Posted: Sat Dec 02, 2017 1:39 pm Post subject: Upgrade to profile 17/hardened from hardened/no-multilib |
|
|
I saw yesterday the newly stable 17-version profiles.
So I first updated my desktop, which was running from default/linux/amd64/13.0/desktop/plasma to default/linux/amd64/17.0/desktop/plasma. That worked without problems (except the long recompile).
Then I decided to give also the miniserver a try. So far running on hardened/linux/amd64/no-multilib. But seeing that the default profile now also includes hardened I switched to default/linux/amd64/17.0/hardened.
That got cought on a compile error for glibc then:
/usr/include/gnu/stubs.h:7:27: fatal error: gnu/stubs-32.h: No such file or directory
I think this is connected to the profile change and the multilib respectively no-multilib. Hmm, is there a way around this? Or would it be anyway recommendable to stay on the non-default profile?
Does someone know the exact difference between hardened/linux/amd64/no-multilib and default/linux/amd64/17.0? Are both equally current and maintained? |
|
Back to top |
|
|
Elleni Veteran
Joined: 23 May 2006 Posts: 1270
|
Posted: Sat Dec 02, 2017 9:01 pm Post subject: |
|
|
Switched same profiles, and can confirm this error too. |
|
Back to top |
|
|
asturm Developer
Joined: 05 Apr 2007 Posts: 8936
|
Posted: Sat Dec 02, 2017 9:32 pm Post subject: |
|
|
You can't just switch from no-multilib to multilib like that, what do you expect? The new profile will assume multilib deps where there are none. |
|
Back to top |
|
|
Elleni Veteran
Joined: 23 May 2006 Posts: 1270
|
Posted: Sat Dec 02, 2017 9:51 pm Post subject: |
|
|
I understand, but how are we supposed to switch to hardened profile of new profile series? Aparentely there is no hardened no-multilib profile in the 17 profiles. Will hardened / no-multilib be added to these new 17.0 profiles or does that mean that having a hardened install in the future will make multilib installation necessary? |
|
Back to top |
|
|
asturm Developer
Joined: 05 Apr 2007 Posts: 8936
|
Posted: Sat Dec 02, 2017 10:08 pm Post subject: |
|
|
My guess is that the no-multilib stuff is just somewhere down the todo-list and will appear with some delay.
If you are concerned however, you could either search/file a bug or seek information on the mailing list. I would be surprised if it isn't discussed, somewhere, already. |
|
Back to top |
|
|
Elleni Veteran
Joined: 23 May 2006 Posts: 1270
|
Posted: Sat Dec 02, 2017 10:16 pm Post subject: |
|
|
ok, thank you very much for your quick response. |
|
Back to top |
|
|
Moonboots Apprentice
Joined: 02 Dec 2006 Posts: 161
|
Posted: Sun Dec 03, 2017 11:16 am Post subject: |
|
|
I've made a bug request https://bugs.gentoo.org/639596
Not that it's too desperate at the moment as we have 6 months grace |
|
Back to top |
|
|
fedeliallalinea Administrator
Joined: 08 Mar 2003 Posts: 30917 Location: here
|
|
Back to top |
|
|
Moonboots Apprentice
Joined: 02 Dec 2006 Posts: 161
|
Posted: Sun Dec 03, 2017 11:49 am Post subject: |
|
|
Thanks for the info. The gentoo mailing lists are not my usual port of call
Although i would disagree with Michał Górny comment "1) there's barely any use for it" By that same logic "normal" no-multilib profile would fail in to that category ?
I'm would be interested who many hardened users use the sub-profile no-multilib ? |
|
Back to top |
|
|
fillerbunny n00b
Joined: 21 May 2002 Posts: 27
|
Posted: Mon Dec 04, 2017 4:42 pm Post subject: |
|
|
Moonboots wrote: |
Thanks for the info. The gentoo mailing lists are not my usual port of call
Although i would disagree with Michał Górny comment "1) there's barely any use for it" By that same logic "normal" no-multilib profile would fail in to that category ?
I'm would be interested who many hardened users use the sub-profile no-multilib ? |
I use the hardened/no-multilib profile on my server and have the same dilema about which 17 profile to move to... |
|
Back to top |
|
|
jemxpat n00b
Joined: 01 May 2016 Posts: 4
|
Posted: Wed Dec 06, 2017 12:30 am Post subject: |
|
|
Agree. hardened/no-multilib is essential. I have at least 25 machines now using hardened/linux/amd64/no-multilib.
Must have default/linux/amd64/17.0/hardened/no-multilib to migrate to 17.0. No other profile is appropriate.
I am stunned at the comment that there is little demand for this, it seems obviously best for most server applications.
-jem |
|
Back to top |
|
|
1clue Advocate
Joined: 05 Feb 2006 Posts: 2569
|
Posted: Wed Dec 06, 2017 12:52 am Post subject: |
|
|
+1 on hardened/no-multilib. The box I just converted I chose no-multilib because I didn't see a way around it. If they had offered a combo I would surely have taken it. |
|
Back to top |
|
|
1clue Advocate
Joined: 05 Feb 2006 Posts: 2569
|
Posted: Wed Dec 06, 2017 1:01 am Post subject: |
|
|
Moonboots wrote: |
Thanks for the info. The gentoo mailing lists are not my usual port of call
Although i would disagree with Michał Górny comment "1) there's barely any use for it" By that same logic "normal" no-multilib profile would fail in to that category ?
I'm would be interested who many hardened users use the sub-profile no-multilib ? |
I'd rather not subscribe to that list just to tell Michał Górny that I have lots of use for that profile. It appears that I'm not alone, so perhaps somebody who has subscribed could link him to this thread? |
|
Back to top |
|
|
zorry Developer
Joined: 30 Mar 2008 Posts: 380 Location: Umeå The north part of scandinavia
|
Posted: Thu Dec 07, 2017 2:17 am Post subject: |
|
|
no-multilib/hardened has been added to the 17.0 profile _________________ gcc version 6.1.0 (Gentoo Hardened 6.1.0 p1.1) |
|
Back to top |
|
|
1clue Advocate
Joined: 05 Feb 2006 Posts: 2569
|
Posted: Thu Dec 07, 2017 4:37 am Post subject: |
|
|
Thanks! |
|
Back to top |
|
|
Moonboots Apprentice
Joined: 02 Dec 2006 Posts: 161
|
Posted: Thu Dec 07, 2017 6:50 am Post subject: |
|
|
zorry wrote: | no-multilib/hardened has been added to the 17.0 profile |
Many thanks Magnus |
|
Back to top |
|
|
1clue Advocate
Joined: 05 Feb 2006 Posts: 2569
|
Posted: Thu Dec 07, 2017 3:00 pm Post subject: |
|
|
How long does it take for a profile to trickle through to us? I did an emerge-webrsync and default/linux/amd64/17.0/no-multilib/hardened still is not there. |
|
Back to top |
|
|
Moonboots Apprentice
Joined: 02 Dec 2006 Posts: 161
|
Posted: Thu Dec 07, 2017 4:21 pm Post subject: |
|
|
1clue wrote: | How long does it take for a profile to trickle through to us? I did an emerge-webrsync and default/linux/amd64/17.0/no-multilib/hardened still is not there. |
If Magnus did it today , then it should be in the portage-snapshot of 7th December and will be available on the 8th December for emerge-webrsync. |
|
Back to top |
|
|
1clue Advocate
Joined: 05 Feb 2006 Posts: 2569
|
Posted: Thu Dec 07, 2017 8:27 pm Post subject: |
|
|
Since several people here have already voiced an interest, let me add a couple more questions:
I switched from hardened/linux/amd64/no-multilib to default/linux/amd64/17.0/no-multilib when the recent eselect news item came out.
What's the necessary steps to switch to the new 17.0/hardened/no-multilib profile from there?
- Do I need to re-emerge libtool? (I think no)
- Do I need to rebuild gcc/binutils/glibc?
- Do I need to rebuild the world?
Thanks. |
|
Back to top |
|
|
Moonboots Apprentice
Joined: 02 Dec 2006 Posts: 161
|
Posted: Fri Dec 08, 2017 4:47 am Post subject: |
|
|
Depends what you did after switching from hardened/linux/amd64/no-multilib to default/linux/amd64/17.0/no-multilib ? |
|
Back to top |
|
|
1clue Advocate
Joined: 05 Feb 2006 Posts: 2569
|
Posted: Fri Dec 08, 2017 5:16 am Post subject: |
|
|
Moonboots wrote: | Depends what you did after switching from hardened/linux/amd64/no-multilib to default/linux/amd64/17.0/no-multilib ? |
I followed tbe instructions on the eselect news article. Since then I've done an emerge -aDNuv every day. And used my system normally. |
|
Back to top |
|
|
Moonboots Apprentice
Joined: 02 Dec 2006 Posts: 161
|
Posted: Fri Dec 08, 2017 5:56 am Post subject: |
|
|
You need to follow the instructions converting a non-hardened to hardened profile from Gentoo-Wiki.
Your orignal hardened/linux/amd64/no-multilib was a clean install ? |
|
Back to top |
|
|
1clue Advocate
Joined: 05 Feb 2006 Posts: 2569
|
Posted: Fri Dec 08, 2017 3:55 pm Post subject: |
|
|
Moonboots wrote: | You need to follow the instructions converting a non-hardened to hardened profile from Gentoo-Wiki.
Your orignal hardened/linux/amd64/no-multilib was a clean install ? |
It was a few years ago. |
|
Back to top |
|
|
1clue Advocate
Joined: 05 Feb 2006 Posts: 2569
|
Posted: Mon Dec 11, 2017 9:03 pm Post subject: |
|
|
So when it comes to configuring gcc:
Code: |
# gcc-config -l
[1] x86_64-pc-linux-gnu-5.4.0
[2] x86_64-pc-linux-gnu-5.4.0-hardenednopie
[3] x86_64-pc-linux-gnu-5.4.0-hardenednopiessp
[4] x86_64-pc-linux-gnu-5.4.0-hardenednossp
[5] x86_64-pc-linux-gnu-5.4.0-vanilla
[6] x86_64-pc-linux-gnu-6.4.0 *
|
It looks like there's only one 6.4.0 gcc available, so is it safe to say this is a hardened gcc? Or do we get to recompile everything again in a few days?
Thanks. |
|
Back to top |
|
|
toralf Developer
Joined: 01 Feb 2004 Posts: 3922 Location: Hamburg
|
Posted: Tue Dec 12, 2017 12:29 pm Post subject: |
|
|
1clue wrote: | It looks like there's only one 6.4.0 gcc available, so is it safe to say this is a hardened gcc? Or do we get to recompile everything again in a few days?
| It is a hardened gcc (you can check it with "emerge -qpv gcc") and yes, recompiling (eg.:due to changed USE flag "sanitize") was needed in the past, but should already be incorporated in your build. |
|
Back to top |
|
|
|