Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 355383

Summary: Step missing after emerge --oneshot binutils gcc virtual/libc
Product: [OLD] Docs on www.gentoo.org Reporter: J.C. Wren <jcwren>
Component: Other documentsAssignee: The Gentoo Linux Hardened Team <hardened>
Status: RESOLVED FIXED    
Severity: normal    
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.gentoo.org/proj/en/hardened/hardenedfaq.xml#hardenedprofile
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 346803    

Description J.C. Wren 2011-02-18 04:07:01 UTC 
Based on my experience with switching to the hardened profile, after running "emerge --oneshot binutils gcc virtual/libc", shouldn't "gcc-config -l" followed by "gcc-config <version>" be performed to as to emerge system and world with the compiler that has PIE enabled?

Although I had 4.5.2 installed prior, 4.4.3 was still selected.  4.5.2 was rebuilt with PIE enabled, but the 4.4.3 compiler was being used for all work.  I believe a step should be added to ensure the compiler built with PIE is selected, and also that "gcc -v" should be run and have the user verify that the compiler reports something to the effect of "gcc version 4.5.2 (Gentoo Hardened 4.5.2 p1.1, pie-0.4.5)".

Reproducible: Always

Steps to Reproduce:
1.Follow instructions in code listing 2.3
2.
3.

Actual Results:  
Currently selected gcc-config compiler will be used

Expected Results:  
Compiled with PIE-enabled compiler
Comment 1 Francisco Blas Izquierdo Riera (RETIRED) gentoo-dev 2011-02-18 07:12:01 UTC 
Thanks for the comment,

I have updated it on the git repository so if the rest of the team agrees we will push this after the next meeting (if not earlier).

Here is a preview of the current status:
http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-docs.git;a=blob_plain;f=html/hardenedfaq.html;hb=HEAD#hardenedprofile
Comment 2 J.C. Wren 2011-02-18 14:36:37 UTC 
Looks good.  My only suggestion might be to make SURE the user runs "source /etc/profile" if they have to select a new compiler with gcc-config.  gcc-config does tell you to do this as part of it's output, but if they don't then the newly selected version of gcc won't be picked up for the system and world emerges.

Of course, if you're doing the conversion to hardened, you should probably know enough to follow the instructions from any output anyway, right? :)
Comment 3 Francisco Blas Izquierdo Riera (RETIRED) gentoo-dev 2011-02-18 23:18:59 UTC 
Fixed that too: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-docs.git;a=blob_plain;f=html/hardenedfaq.html;h=1d6bbea895628ea1e4510beca7b747b7515164b9;hb=HEAD

Thanks for the suggestions it is very reconforting hearing that somebody does read the docs :D
Comment 4 Francisco Blas Izquierdo Riera (RETIRED) gentoo-dev 2011-04-05 02:15:00 UTC 
Since the fix is already published on the official docs I asked blueness to close this. Thanks blueness :D