Re: [gentoo-dev] hardened flavor of the developer profile
On 5/5/11 10:45 PM, Anthony G. Basile wrote: > We simplified our profiles recently (last Oct-Nov 2010) You're referring to http://archives.gentoo.org/gentoo-dev/msg_d847f6258a398052deecc9786c45c604.xml, right? > and I only > listed hardened/linux/x86 in profiles.desc. You can manually set > > ln -s ../usr/portage/profiles/hardened/linux/x86/developer > /etc/make.profile > > The only thing to be careful of is that there is a lot of cruft under > the hardened profiles, some really old deprecated material that I have > not yet cleared out. You really don't want to use one of that. Just > watch out for any warning about deprecated profiles. Oh, it's a stable system so I wouldn't want to go that route then. Here's what I'm trying to do, maybe you'll have some advice how to do that the best way (or whether to do that at all): I'd like to move more of the hardened features to the defaults. A good start would be to make more developers use them, to detect hardened-related problems earlier, and avoid confusion like "it works on my non-hardened system". Please note that even with hardened gcc one can select the vanilla specs, effectively disabling the hardened features. Hopefully my understanding is correct. A possible idea I was thinking about was to add the hardened profile as a parent of the developer profile... how does that sound to you? Is there some better way? signature.asc Description: OpenPGP digital signature
[gentoo-dev] introspection use flag
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dear all, I was just looking into the meaning of the introspection use-flag and there are many ebuilds that use it so perhaps it should be globalized, which would also give us a chance to improve the naming/description. Current descriptions are: Use dev-libs/gobject-introspection for introspection Enable GObject introspection. Currently it is hard to tell which functionality is enabled through this flag and the meaning of the descriptions for when the flag is off are even more unclear. Does it mean that introspection will not be used or will some other way of introspection be used? Either way, perhaps the people in the know could shed some light on this issue? Thanks, Marijn -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.17 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk3DtAYACgkQp/VmCx0OL2xtgwCfaHiq5xVxQ5w6XOlGqpYVvPMa jLwAn3m51MltrAz7k6QU5v6IuCv5vGHy =9rX7 -END PGP SIGNATURE-
Re: [gentoo-dev] hardened flavor of the developer profile
On 05/06/2011 03:29 AM, "Paweł Hajdan, Jr." wrote: > On 5/5/11 10:45 PM, Anthony G. Basile wrote: >> We simplified our profiles recently (last Oct-Nov 2010) > You're referring to > http://archives.gentoo.org/gentoo-dev/msg_d847f6258a398052deecc9786c45c604.xml, > right? > Yes, that was one of several emails on the subject. >> and I only >> listed hardened/linux/x86 in profiles.desc. You can manually set >> >> ln -s ../usr/portage/profiles/hardened/linux/x86/developer >> /etc/make.profile >> >> The only thing to be careful of is that there is a lot of cruft under >> the hardened profiles, some really old deprecated material that I have >> not yet cleared out. You really don't want to use one of that. Just >> watch out for any warning about deprecated profiles. > Oh, it's a stable system so I wouldn't want to go that route then. > > Here's what I'm trying to do, maybe you'll have some advice how to do > that the best way (or whether to do that at all): I'd like to move more > of the hardened features to the defaults. A good start would be to make > more developers use them, to detect hardened-related problems earlier, > and avoid confusion like "it works on my non-hardened system". All the help we can get is welcomed! BTW, when "it doesn't work on hardened", it usually means some bad coding practice that shouldn't be there in vanilla anyhow. > Please note that even with hardened gcc one can select the vanilla > specs, effectively disabling the hardened features. Hopefully my > understanding is correct. Yes, but be aware that the rest of your system is compiled with at least the following 3 hardening features: 1) stack smashing protection, 2) position independent exec 3) hardening of internal glibc functions (-D_FORTIFY_SOURCES=2). You can switch to vanilla for the binary you are currently building, but it will still link against libs that have the above. Beyond the toolchain there is also kernel hardening. The two interact, but you can have one without the other. So "it doesn't work on hardened" may mean the kernel killed something or the toolchain did. > A possible idea I was thinking about was to add the hardened profile as > a parent of the developer profile... how does that sound to you? Is > there some better way? > The profiles are horribly complex. I would rather put hardened lower on the stacking order than customization at the level of "developer", "desktop", "server" etc. Try it and see what happens. Use this little script to see what order the profiles are being stacked in and remember that the lower ones take priority over the higher: #!/usr/bin/env python import portage for p in portage.settings.profiles: print p -- Anthony G. Basile, Ph.D. Gentoo Linux Developer [Hardened] E-Mail: bluen...@gentoo.org GnuPG FP : 8040 5A4D 8709 21B1 1A88 33CE 979C AF40 D045 5535 GnuPG ID : D0455535
Re: [gentoo-dev] introspection use flag
Le vendredi 06 mai 2011 à 10:40 +0200, Marijn a écrit : > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Dear all, > > I was just looking into the meaning of the introspection use-flag and > there are many ebuilds that use it so perhaps it should be globalized, > which would also give us a chance to improve the naming/description. > Current descriptions are: > > Use dev-libs/gobject-introspection for introspection > Enable GObject introspection. > > Currently it is hard to tell which functionality is enabled through this > flag and the meaning of the descriptions for when the flag is off are > even more unclear. Does it mean that introspection will not be used or > will some other way of introspection be used? Either way, perhaps the > people in the know could shed some light on this issue? > > Thanks, > > Marijn See original thread on this mailing list: From: Arun Raghavan Subject:[gentoo-dev] New global USE flag: introspection Date: Sun, 20 Jun 2010 20:12:58 +0530 (20/06/2010 16:42:58) Message-ID: -- Gilles Dartiguelongue Gentoo
Re: [gentoo-dev] introspection use flag
On Fri, May 6, 2011 at 2:10 PM, Marijn wrote: > Current descriptions are: > > Use dev-libs/gobject-introspection for introspection > Enable GObject introspection. > > Currently it is hard to tell which functionality is enabled through this > flag and the meaning of the descriptions for when the flag is off are > even more unclear. Does it mean that introspection will not be used or > will some other way of introspection be used? Either way, perhaps the > people in the know could shed some light on this issue? > All uses of this USE-flag are identical, and mean that Introspection girs and typelibs will be built using gobject-introspection for usage with bindings, etc. If the use-flag is off, this data is not built. -- ~Nirbheek Chauhan Gentoo GNOME+Mozilla Team
Re: [gentoo-dev] introspection use flag
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 05/06/11 14:25, Gilles Dartiguelongue wrote: > Le vendredi 06 mai 2011 à 10:40 +0200, Marijn a écrit : >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA1 >> >> Dear all, >> >> I was just looking into the meaning of the introspection use-flag and >> there are many ebuilds that use it so perhaps it should be globalized, >> which would also give us a chance to improve the naming/description. >> Current descriptions are: >> >> Use dev-libs/gobject-introspection for introspection >> Enable GObject introspection. >> >> Currently it is hard to tell which functionality is enabled through this >> flag and the meaning of the descriptions for when the flag is off are >> even more unclear. Does it mean that introspection will not be used or >> will some other way of introspection be used? Either way, perhaps the >> people in the know could shed some light on this issue? >> >> Thanks, >> >> Marijn > > See original thread on this mailing list: > > From: Arun Raghavan > Subject: [gentoo-dev] New global USE flag: introspection > Date: Sun, 20 Jun 2010 20:12:58 +0530 (20/06/2010 16:42:58) > Message-ID: > > Thanks for the pointer![1] Having just read that discussion it seems that even back then many developers found that the name "introspection" is too broad/imprecise. Several alternatives were proposed, like gintrospection, gobject-introspection, gir, api-introspection. I think any of these would have been better than the current name. And what happened to the proposed description: introspection: Add gobject-introspection support, allowing for the dynamic generation of bindings for various languages which at least contains a hint of what the purpose is of this flag? But maybe someone can do even better than that now that this technology has been in use for a while? Marijn [1]:http://marc.info/?l=gentoo-dev&m=127704501818312&w=2 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.17 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk3D9RwACgkQp/VmCx0OL2wFYwCffN8xniGaK1ExXCsi90hPX3pJ SlkAn3yScPxj88ttiycYABe36ZVaJ46g =kd6G -END PGP SIGNATURE-
Re: [gentoo-dev] introspection use flag
Le vendredi 06 mai 2011 à 15:18 +0200, Marijn a écrit : > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 05/06/11 14:25, Gilles Dartiguelongue wrote: > > Le vendredi 06 mai 2011 à 10:40 +0200, Marijn a écrit : > >> -BEGIN PGP SIGNED MESSAGE- > >> Hash: SHA1 > >> > >> Dear all, > >> > >> I was just looking into the meaning of the introspection use-flag and > >> there are many ebuilds that use it so perhaps it should be globalized, > >> which would also give us a chance to improve the naming/description. > >> Current descriptions are: > >> > >> Use dev-libs/gobject-introspection for introspection > >> Enable GObject introspection. > >> > >> Currently it is hard to tell which functionality is enabled through this > >> flag and the meaning of the descriptions for when the flag is off are > >> even more unclear. Does it mean that introspection will not be used or > >> will some other way of introspection be used? Either way, perhaps the > >> people in the know could shed some light on this issue? > >> > >> Thanks, > >> > >> Marijn > > > > See original thread on this mailing list: > > > > From: Arun Raghavan > > Subject:[gentoo-dev] New global USE flag: introspection > > Date: Sun, 20 Jun 2010 20:12:58 +0530 (20/06/2010 16:42:58) > > Message-ID: > > > > > > Thanks for the pointer![1] Having just read that discussion it seems > that even back then many developers found that the name "introspection" > is too broad/imprecise. Several alternatives were proposed, like > gintrospection, gobject-introspection, gir, api-introspection. I think > any of these would have been better than the current name. The gnome team agreed to disagree. There is no point in renaming a flag that is widely used across gnome packages for a single common purpose and not anywhere else in the tree. All alternatives are based on a what-if but months later, what-ifs are still nowhere to be found. > And what happened to the proposed description: > > introspection: Add gobject-introspection support, allowing for the > dynamic generation of bindings for various languages > > which at least contains a hint of what the purpose is of this flag? But > maybe someone can do even better than that now that this technology has > been in use for a while? That can be applied, it would of course be easier to manage if the flag was global. -- Gilles Dartiguelongue Gentoo
Re: [gentoo-dev] Unmasking boost-1.46
On Tue, Apr 26, 2011 at 11:16:06PM +0400, Maxim Koltsov wrote: > Are you planning to move to modular boost? I mean, separate ebuild for > boost-filesystem, boost-spirit, etc. > Maxim. > Boost has be unleashed to the public. Enjoy -- Markos Chandras / Gentoo Linux Developer / Key ID: B4AFF2C2 pgpzLxXln0MlC.pgp Description: PGP signature
Re: [gentoo-dev] introspection use flag
On Friday 06 of May 2011 15:18:20 Marijn wrote: > On 05/06/11 14:25, Gilles Dartiguelongue wrote: > > Le vendredi 06 mai 2011 à 10:40 +0200, Marijn a écrit : > >> -BEGIN PGP SIGNED MESSAGE- > >> Hash: SHA1 > >> > >> Dear all, > >> > >> I was just looking into the meaning of the introspection use-flag and > >> there are many ebuilds that use it so perhaps it should be globalized, > >> which would also give us a chance to improve the naming/description. > >> Current descriptions are: > >> > >> Use dev-libs/gobject-introspection for introspection > >> Enable GObject introspection. > >> > >> Currently it is hard to tell which functionality is enabled through this > >> flag and the meaning of the descriptions for when the flag is off are > >> even more unclear. Does it mean that introspection will not be used or > >> will some other way of introspection be used? Either way, perhaps the > >> people in the know could shed some light on this issue? > >> > >> Thanks, > >> > >> Marijn > > > > See original thread on this mailing list: > > > > From: Arun Raghavan > > Subject:[gentoo-dev] New global USE flag: introspection > > Date: Sun, 20 Jun 2010 20:12:58 +0530 (20/06/2010 16:42:58) > > Message-ID: > > > > Thanks for the pointer![1] Having just read that discussion it seems > that even back then many developers found that the name "introspection" > is too broad/imprecise. Several alternatives were proposed, like > gintrospection, gobject-introspection, gir, api-introspection. I think > any of these would have been better than the current name. > > And what happened to the proposed description: > > introspection: Add gobject-introspection support, allowing for the > dynamic generation of bindings for various languages No. http://www.mail-archive.com/gentoo-dev@lists.gentoo.org/msg40069.html > which at least contains a hint of what the purpose is of this flag? But > maybe someone can do even better than that now that this technology has > been in use for a while? > > Marijn > > [1]:http://marc.info/?l=gentoo-dev&m=127704501818312&w=2 -- regards MM signature.asc Description: This is a digitally signed message part.
Re: [gentoo-dev] introspection use flag
On Fri, May 6, 2011 at 11:34 PM, Maciej Mrozowski wrote: > On Friday 06 of May 2011 15:18:20 Marijn wrote: >> And what happened to the proposed description: >> >> introspection: Add gobject-introspection support, allowing for the >> dynamic generation of bindings for various languages > > No. > > http://www.mail-archive.com/gentoo-dev@lists.gentoo.org/msg40069.html > It's things like this that convinced us that there's no real advantage in having it as a global use-flag. Maybe 3 years later when there is *still* nothing else in the tree that uses "introspection" besides gobject-introspection, we'll revisit this and finally make it a global use-flag. -- ~Nirbheek Chauhan Gentoo GNOME+Mozilla Team
