[SOLVED]just for curiosity

klas · Last edited by klas on Sun Dec 17, 2017 5:38 pm; edited 1 time in total

Hi
From eselect profile command , what does 17.0 means here?
What is the difference between

asturm · Developer Joined: 05 Apr 2007 Posts: 9280

13.0 is old, 17.0 is new, there is a news item in portage as well as multiple threads in https://forums.gentoo.org/viewforum-f-8.html already.

brendlefly62 · Apprentice Joined: 19 Dec 2009 Posts: 150

The news item is entitled "2017-11-30-new-17-profiles," and it says the 17 profiles depend on GCC 6, which produces position independent executables by default. Thus the news item includes the several-step procedure for the upgrade. The news item also requests:

SP2340 · n00b Joined: 01 Nov 2016 Posts: 50 Location: KeyStoneState

After having issues with updating my system I looked at the profile list also and seen the same thing and also had the same question as the OP.
But I'm not find any reference in news for this on my system

brendlefly62 · Apprentice Joined: 19 Dec 2009 Posts: 150

SP2340 - what arch is your system? And what is your ver of gcc?

bunder · Bodhisattva Joined: 10 Apr 2004 Posts: 5937

SP2340 · n00b Joined: 01 Nov 2016 Posts: 50 Location: KeyStoneState

amd64 and gcc is 5.4.0-r3

I haven't been able to update my system because of the python issue that everyone is having presently.
_________________
--
Regards
Robert

Smile, it increases your face value.

brendlefly62 · Apprentice Joined: 19 Dec 2009 Posts: 150

Ok. Thanks. GCC 6.4.0 is stable for your Arch. Maybe you will get the profile news when you upgrade GCC since you can't use the new profile until you do that upgrade

klas · Posted: Sun Dec 03, 2017 7:38 pm Post subject:

cool ,
I updated. It s now.

brendlefly62 · Apprentice Joined: 19 Dec 2009 Posts: 150

Cool. I assume you also got the news item now?

After upgrading GCC, I typically make a deliberate effort to check "gcc-config -l" to ensure the new compiler has been selected. If not, I select it and follow the advice of output to source /etc/profile Then I deliberately run fix_libtoo_files.sh with the old gcc version number (e.g. fix_libtool_files.sh 5.4.0 last time I did it). Then, usually I have found that the old compiler version is removed when I run emerge -av --depclean as part of my routine update sequence (which I know you didn't ask about, but I have listed the basics of, below)

Ant P. · Watchman Joined: 18 Apr 2009 Posts: 6920

Nobody's given the boring answer to the original question yet, so for posterity…

"17.0" means year 2017, version 0. Before that we had 13.0 and 10.0, really old ones (if we had any that long ago) weren't year-based. Times change, and sane defaults change with them. The main feature of this one is making GCC use PIE by default, for a bit more security that previously only hardened users had. It may or may not make prelinking slightly more effective. One of either 13.0 or 10.0 changed the default LDFLAGS to "-O1 --as-needed" which went a long way to fixing the nightmare that revdep-rebuild used to be. (Maybe we'll get a 21.0 that'll split use flags by ABI, because right now things like steam/wine are just as much of a headache…)

klas · Posted: Mon Dec 04, 2017 9:48 pm Post subject:

Thanks brendlefly62 and Ant P. for the detailed cool answer. I really appreciate

by the way , what is rlpkg ? what does it do? and how can I install it ? Excuse my ignorance

brendlefly62 · Apprentice Joined: 19 Dec 2009 Posts: 150

rlpkg is relevant only if you use SELinux. It will "relabel" your filesystem. I am NOT a SELinux expert, others would probably have better advice if you plan to go there

klas · Posted: Tue Dec 05, 2017 7:20 pm Post subject:

Hi
I am not using hardened sources . Is it possible to switch to hardened and still having my kde desktop ? I heard hardened is for servers ? If it s possible are there any link that point on the steps to do so . Cheers

1clue · Advocate Joined: 05 Feb 2006 Posts: 2569

brendlefly62 · Apprentice Joined: 19 Dec 2009 Posts: 150

sys-kernel/hardened-sources is going away {i.e. hardened KERNEL} -- there is a separate news item covering that.

the hardening features supported by Gentoo's hardened PROFILE remain -- as we can see in the original post here, option [14] now provides "hardened" under "default/linux/<arch>/17.0/"; options [24] - [30] & [32] also still provide the traditional "hardened/" alternative to the "default/" profiles. I presume the latter is a temporary arrangement to support legacy hardened users until they can migrate.

additionally, since GCC 6 produces PIC by default, systems based on the 17.0 profiles (which depend on GCC 6) should all be somewhat "harder" than their 13.0-based predecessors

fwiw - from experience, I found that some of the grsec features of the hardened KERNEL always broke desktop, but I somewhat-successfully ran KDE5/Plasma with a pax kernel from hardened-sources on a system built on the legacy "hardened" PROFILE. I used emerge --info with both the "default/.../plasma" and the "hardened" profile to identify global USE differences, and I scoured the per-package USE settings in the plasma profile tree in order to build my own package.use/plasma USE file [I've since learned that you can run emerge -pve @world under each profile to find these per-package differences more easily]. this was a very tedious experiment, and polkitd was never happy with it. presumably you could do something similar using 17.0/hardened and 17.0/desktop profiles -- to find both the global and per-package differences, but I'd recommend just sticking to the 17.0/desktop profiles if you want a desktop that works

klas · Posted: Tue Dec 05, 2017 11:10 pm Post subject:

Thanks for the advice brendlefly62.
I will stick to my desktop profile from now, no need for hardening things as gcc is upgraded. By the way I do not need much hustle