Toolchain upgrade (W12, 2022)
- Pt0. BUILD BASH AS SHARED OR EVERYTHING WILL BREAK!!!
Explanation: static linked executables that use glibc NSS get borked on a glibc upgrade if there are changes to NSS. Leave as shared as this is defeating the point of it being static.
Pt1. Default to -fno-plt
- Add -fno-plt to c/cxx flags in package-management
- Add optimize : plt option to ypkg for the few packages that rely on it
Explanation: we already skip the PLT for the majority of packages as we build with BIND_NOW and -Bsymbolic-functions by default. The PLT mostly sits useless, removing it marginally decreases package sizes and improves startup time. A few oddball packages that employ lazy linking still use the PLT (xorg) or programs doing funky stuff (valgrind). If a package disables BIND_NOW it must enable the PLT, but the vice versa is not true.
Pt2. Rebootstrap toolchain
- Update linux-headers to 5.15
- Update glibc to 2.35, bump min kernel comp to 4.14 and enable default pie
- Update binutils to 2.38
- Rebuild gcc, enable default pie, disable pgo build and link against static libs for isl abi bump
- Update isl to 0.24
- Rebuild gcc against isl 0.24 and build with pgo + lto-lean
- Rebootstrap glibc
- Rebootstrap binutils & enable pgo + lto build
- Rebootstrap gcc
- Final glibc rebootstrap (optional, if needed)
- Final binutils rebootstrap (optional, if needed)
- Final gcc rebootstrap (optional, if needed)
Explaination: We already enable the majority of security features, however, PIE is notably missing. On x86_64 the performance impact is marginal. On i386 it's a different story but we don't ship i386 binaries anyway only libraries, so we need not worry. Now that glibc is starting to default to pie and clang-14 will likely default to pie, it's about time we enable it. Additionally, Glibc 2.36 will support DT_RELR and will likely default to it. To get the most from DT_RELR we need to ship PIE binaries. PIC/PIE and -Bsymbolic-functions normally generates a lot of relative relocations, DT_RELR will decrease package sizes by packing together relative relocations, which in turn will help performance.
Pt3. binutils rebuilds
- linux-tools
- amule
- ocaml
- openclonk
Pt4. Add PLT to packages that need it
- Any others
Pt5. LLVM toolchain interoperability
- Enable PIE by default for clang (backport patch from llvm14)
- Rebootstrap with PIE'd LLVM
Pt6. Ensure compatibility, test, test, test, check steam, etc.
Pt7. ncurses and readline rebuilds
- 1. readline rebuilds
- 3. ncurses rebuilds (potentially)
- 4. Handle steam compatibility for old abi version
Pt8. Safety rebuilds (mostly targetting glibc abi "deletions" as we don't have the tooling for a full repo rebuild)
- 1. libc deletions
- 2. librt (just a stub to libc now, all the symbols have been moved to libc)
- 3. libutil (just a stub to libc now, all the symbols have been moved to libc)
- 4. libpthread (just a stub to libc now, all the symbols have been moved to libc)
- 5. libdl (just a stub to libc now, all the symbols have been moved to libc)
Pt9. Fix pie binaries occasionally being added to abi_libs