Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Upgrade to profile 17/hardened from hardened/no-multilib
View unanswered posts
View posts from last 24 hours

Goto page 1, 2  Next  
Reply to topic    Gentoo Forums Forum Index Portage & Programming
View previous topic :: View next topic  
Author Message
mas-
Apprentice
Apprentice


Joined: 07 Jun 2011
Posts: 160

PostPosted: Sat Dec 02, 2017 1:39 pm    Post subject: Upgrade to profile 17/hardened from hardened/no-multilib Reply with quote

I saw yesterday the newly stable 17-version profiles.

So I first updated my desktop, which was running from default/linux/amd64/13.0/desktop/plasma to default/linux/amd64/17.0/desktop/plasma. That worked without problems (except the long recompile).

Then I decided to give also the miniserver a try. So far running on hardened/linux/amd64/no-multilib. But seeing that the default profile now also includes hardened I switched to default/linux/amd64/17.0/hardened.
That got cought on a compile error for glibc then:

/usr/include/gnu/stubs.h:7:27: fatal error: gnu/stubs-32.h: No such file or directory

I think this is connected to the profile change and the multilib respectively no-multilib. Hmm, is there a way around this? Or would it be anyway recommendable to stay on the non-default profile?

Does someone know the exact difference between hardened/linux/amd64/no-multilib and default/linux/amd64/17.0? Are both equally current and maintained?
Back to top
View user's profile Send private message
Elleni
Guru
Guru


Joined: 23 May 2006
Posts: 414

PostPosted: Sat Dec 02, 2017 9:01 pm    Post subject: Reply with quote

Switched same profiles, and can confirm this error too.
Back to top
View user's profile Send private message
asturm
Developer
Developer


Joined: 05 Apr 2007
Posts: 5571
Location: Austria

PostPosted: Sat Dec 02, 2017 9:32 pm    Post subject: Reply with quote

You can't just switch from no-multilib to multilib like that, what do you expect? The new profile will assume multilib deps where there are none.
_________________
backend.cpp:92:2: warning: #warning TODO - this error message is about as useful as a cooling unit in the arctic
Back to top
View user's profile Send private message
Elleni
Guru
Guru


Joined: 23 May 2006
Posts: 414

PostPosted: Sat Dec 02, 2017 9:51 pm    Post subject: Reply with quote

I understand, but how are we supposed to switch to hardened profile of new profile series? Aparentely there is no hardened no-multilib profile in the 17 profiles. Will hardened / no-multilib be added to these new 17.0 profiles or does that mean that having a hardened install in the future will make multilib installation necessary?
Back to top
View user's profile Send private message
asturm
Developer
Developer


Joined: 05 Apr 2007
Posts: 5571
Location: Austria

PostPosted: Sat Dec 02, 2017 10:08 pm    Post subject: Reply with quote

My guess is that the no-multilib stuff is just somewhere down the todo-list and will appear with some delay.

If you are concerned however, you could either search/file a bug or seek information on the mailing list. I would be surprised if it isn't discussed, somewhere, already.
_________________
backend.cpp:92:2: warning: #warning TODO - this error message is about as useful as a cooling unit in the arctic
Back to top
View user's profile Send private message
Elleni
Guru
Guru


Joined: 23 May 2006
Posts: 414

PostPosted: Sat Dec 02, 2017 10:16 pm    Post subject: Reply with quote

ok, thank you very much for your quick response. :D
Back to top
View user's profile Send private message
Moonboots
Tux's lil' helper
Tux's lil' helper


Joined: 02 Dec 2006
Posts: 101

PostPosted: Sun Dec 03, 2017 11:16 am    Post subject: Reply with quote

I've made a bug request https://bugs.gentoo.org/639596
Not that it's too desperate at the moment as we have 6 months grace :)
Back to top
View user's profile Send private message
fedeliallalinea
Bodhisattva
Bodhisattva


Joined: 08 Mar 2003
Posts: 16906
Location: here

PostPosted: Sun Dec 03, 2017 11:30 am    Post subject: Reply with quote

There is a discussion in gentoo mailing list
_________________
Questions are guaranteed in life; Answers aren't.
Back to top
View user's profile Send private message
Moonboots
Tux's lil' helper
Tux's lil' helper


Joined: 02 Dec 2006
Posts: 101

PostPosted: Sun Dec 03, 2017 11:49 am    Post subject: Reply with quote

fedeliallalinea wrote:
There is a discussion in gentoo mailing list


Thanks for the info. The gentoo mailing lists are not my usual port of call :wink:

Although i would disagree with Michał Górny comment "1) there's barely any use for it" By that same logic "normal" no-multilib profile would fail in to that category ?

I'm would be interested who many hardened users use the sub-profile no-multilib ?
Back to top
View user's profile Send private message
fillerbunny
n00b
n00b


Joined: 21 May 2002
Posts: 27

PostPosted: Mon Dec 04, 2017 4:42 pm    Post subject: Reply with quote

Moonboots wrote:
fedeliallalinea wrote:
There is a discussion in gentoo mailing list


Thanks for the info. The gentoo mailing lists are not my usual port of call :wink:

Although i would disagree with Michał Górny comment "1) there's barely any use for it" By that same logic "normal" no-multilib profile would fail in to that category ?

I'm would be interested who many hardened users use the sub-profile no-multilib ?


I use the hardened/no-multilib profile on my server and have the same dilema about which 17 profile to move to...
Back to top
View user's profile Send private message
jemxpat
n00b
n00b


Joined: 01 May 2016
Posts: 4

PostPosted: Wed Dec 06, 2017 12:30 am    Post subject: Reply with quote

Agree. hardened/no-multilib is essential. I have at least 25 machines now using hardened/linux/amd64/no-multilib.

Must have default/linux/amd64/17.0/hardened/no-multilib to migrate to 17.0. No other profile is appropriate.

I am stunned at the comment that there is little demand for this, it seems obviously best for most server applications.

-jem
Back to top
View user's profile Send private message
1clue
Advocate
Advocate


Joined: 05 Feb 2006
Posts: 2039

PostPosted: Wed Dec 06, 2017 12:52 am    Post subject: Reply with quote

+1 on hardened/no-multilib. The box I just converted I chose no-multilib because I didn't see a way around it. If they had offered a combo I would surely have taken it.
Back to top
View user's profile Send private message
1clue
Advocate
Advocate


Joined: 05 Feb 2006
Posts: 2039

PostPosted: Wed Dec 06, 2017 1:01 am    Post subject: Reply with quote

Moonboots wrote:
fedeliallalinea wrote:
There is a discussion in gentoo mailing list


Thanks for the info. The gentoo mailing lists are not my usual port of call :wink:

Although i would disagree with Michał Górny comment "1) there's barely any use for it" By that same logic "normal" no-multilib profile would fail in to that category ?

I'm would be interested who many hardened users use the sub-profile no-multilib ?


I'd rather not subscribe to that list just to tell Michał Górny that I have lots of use for that profile. It appears that I'm not alone, so perhaps somebody who has subscribed could link him to this thread?
Back to top
View user's profile Send private message
zorry
Developer
Developer


Joined: 30 Mar 2008
Posts: 379
Location: Umeå The north part of scandinavia

PostPosted: Thu Dec 07, 2017 2:17 am    Post subject: Reply with quote

no-multilib/hardened has been added to the 17.0 profile
_________________
gcc version 6.1.0 (Gentoo Hardened 6.1.0 p1.1)
Back to top
View user's profile Send private message
1clue
Advocate
Advocate


Joined: 05 Feb 2006
Posts: 2039

PostPosted: Thu Dec 07, 2017 4:37 am    Post subject: Reply with quote

Thanks!
Back to top
View user's profile Send private message
Moonboots
Tux's lil' helper
Tux's lil' helper


Joined: 02 Dec 2006
Posts: 101

PostPosted: Thu Dec 07, 2017 6:50 am    Post subject: Reply with quote

zorry wrote:
no-multilib/hardened has been added to the 17.0 profile


Many thanks Magnus :D
Back to top
View user's profile Send private message
1clue
Advocate
Advocate


Joined: 05 Feb 2006
Posts: 2039

PostPosted: Thu Dec 07, 2017 3:00 pm    Post subject: Reply with quote

How long does it take for a profile to trickle through to us? I did an emerge-webrsync and default/linux/amd64/17.0/no-multilib/hardened still is not there.
Back to top
View user's profile Send private message
Moonboots
Tux's lil' helper
Tux's lil' helper


Joined: 02 Dec 2006
Posts: 101

PostPosted: Thu Dec 07, 2017 4:21 pm    Post subject: Reply with quote

1clue wrote:
How long does it take for a profile to trickle through to us? I did an emerge-webrsync and default/linux/amd64/17.0/no-multilib/hardened still is not there.


If Magnus did it today , then it should be in the portage-snapshot of 7th December and will be available on the 8th December for emerge-webrsync.
Back to top
View user's profile Send private message
1clue
Advocate
Advocate


Joined: 05 Feb 2006
Posts: 2039

PostPosted: Thu Dec 07, 2017 8:27 pm    Post subject: Reply with quote

Since several people here have already voiced an interest, let me add a couple more questions:

I switched from hardened/linux/amd64/no-multilib to default/linux/amd64/17.0/no-multilib when the recent eselect news item came out.

What's the necessary steps to switch to the new 17.0/hardened/no-multilib profile from there?

  1. Do I need to re-emerge libtool? (I think no)
  2. Do I need to rebuild gcc/binutils/glibc?
  3. Do I need to rebuild the world?


Thanks.
Back to top
View user's profile Send private message
Moonboots
Tux's lil' helper
Tux's lil' helper


Joined: 02 Dec 2006
Posts: 101

PostPosted: Fri Dec 08, 2017 4:47 am    Post subject: Reply with quote

Depends what you did after switching from hardened/linux/amd64/no-multilib to default/linux/amd64/17.0/no-multilib ?
Back to top
View user's profile Send private message
1clue
Advocate
Advocate


Joined: 05 Feb 2006
Posts: 2039

PostPosted: Fri Dec 08, 2017 5:16 am    Post subject: Reply with quote

Moonboots wrote:
Depends what you did after switching from hardened/linux/amd64/no-multilib to default/linux/amd64/17.0/no-multilib ?


I followed tbe instructions on the eselect news article. Since then I've done an emerge -aDNuv every day. And used my system normally.
Back to top
View user's profile Send private message
Moonboots
Tux's lil' helper
Tux's lil' helper


Joined: 02 Dec 2006
Posts: 101

PostPosted: Fri Dec 08, 2017 5:56 am    Post subject: Reply with quote

You need to follow the instructions converting a non-hardened to hardened profile from Gentoo-Wiki.
Your orignal hardened/linux/amd64/no-multilib was a clean install ?
Back to top
View user's profile Send private message
1clue
Advocate
Advocate


Joined: 05 Feb 2006
Posts: 2039

PostPosted: Fri Dec 08, 2017 3:55 pm    Post subject: Reply with quote

Moonboots wrote:
You need to follow the instructions converting a non-hardened to hardened profile from Gentoo-Wiki.
Your orignal hardened/linux/amd64/no-multilib was a clean install ?


It was a few years ago.
Back to top
View user's profile Send private message
1clue
Advocate
Advocate


Joined: 05 Feb 2006
Posts: 2039

PostPosted: Mon Dec 11, 2017 9:03 pm    Post subject: Reply with quote

So when it comes to configuring gcc:

Code:

# gcc-config -l
 [1] x86_64-pc-linux-gnu-5.4.0
 [2] x86_64-pc-linux-gnu-5.4.0-hardenednopie
 [3] x86_64-pc-linux-gnu-5.4.0-hardenednopiessp
 [4] x86_64-pc-linux-gnu-5.4.0-hardenednossp
 [5] x86_64-pc-linux-gnu-5.4.0-vanilla
 [6] x86_64-pc-linux-gnu-6.4.0 *


It looks like there's only one 6.4.0 gcc available, so is it safe to say this is a hardened gcc? Or do we get to recompile everything again in a few days?

Thanks.
Back to top
View user's profile Send private message
toralf
Developer
Developer


Joined: 01 Feb 2004
Posts: 3481
Location: Hamburg

PostPosted: Tue Dec 12, 2017 12:29 pm    Post subject: Reply with quote

1clue wrote:
It looks like there's only one 6.4.0 gcc available, so is it safe to say this is a hardened gcc? Or do we get to recompile everything again in a few days?
It is a hardened gcc (you can check it with "emerge -qpv gcc") and yes, recompiling (eg.:due to changed USE flag "sanitize") was needed in the past, but should already be incorporated in your build.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Portage & Programming All times are GMT
Goto page 1, 2  Next
Page 1 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum