Change Details

Toolchain upgrade (W12, 2022) [x] Pt0. BUILD BASH AS SHARED OR EVERYTHING WILL BREAK!!! Explanation: static linked executables that use glibc NSS get borked on a glibc upgrade if there are changes to NSS. Leave as shared as this is defeating the point of it being static. Pt1. Default to -fno-plt [x] Add -fno-plt to c/cxx flags in package-management [x] Add optimize : plt option to ypkg for the few packages that rely on it Explanation: we already skip the PLT for the majority of packages as we build with BIND_NOW and -Bsymbolic-functions by default. The PLT mostly sits useless, removing it marginally decreases package sizes and improves startup time. A few oddball packages that employ lazy linking still use the PLT (xorg) or programs doing funky stuff (valgrind). If a package disables BIND_NOW it must enable the PLT, but the vice versa is not true. Pt2. Rebootstrap toolchain [x] Update linux-headers to 5.15 [x] Update glibc to 2.35, bump min kernel comp to 4.14 and enable default pie [x] Update binutils to 2.38 [x] Rebuild gcc, enable default pie, disable pgo build and link against static libs for isl abi bump [x] Update isl to 0.24 [x] Rebuild gcc against isl 0.24 and build with pgo + lto-lean [x] Rebootstrap glibc [x] Rebootstrap binutils & enable pgo + lto build [x] Rebootstrap gcc [] Final glibc rebootstrap (optional, if needed) [] Final binutils rebootstrap (optional, if needed) [] Final gcc rebootstrap (optional, if needed) Explaination: We already enable the majority of security features, however, PIE is notably missing. On x86_64 the performance impact is marginal. On i386 it's a different story but we don't ship i386 binaries anyway only libraries, so we need not worry. Now that glibc is starting to default to pie and clang-14 will likely default to pie, it's about time we enable it. Additionally, Glibc 2.36 will support DT_RELR and will likely default to it. To get the most from DT_RELR we need to ship PIE binaries. PIC/PIE and -Bsymbolic-functions normally generates a lot of relative relocations, DT_RELR will decrease package sizes by packing together relative relocations, which in turn will help performance. Pt3. binutils rebuilds [x] linux-tools [x] amule [x] ocaml [x] openclonk Pt4. Add PLT to packages that need it [] Any others Pt5. LLVM toolchain interoperability [x] Enable PIE by default for clang (backport patch from llvm14) [x] Rebootstrap with PIE'd LLVM Pt6. Ensure compatibility, test, test, test, check steam, etc. Pt7. ncurses and readline rebuilds [x] 1. readline rebuilds [x] 3. ncurses rebuilds (potentially) [] 4. Handle steam compatibility for old abi version Pt8. Safety rebuilds (mostly targetting glibc abi "deletions" as we don't have the tooling for a full repo rebuild) [] 1. libc deletions [] 2. librt (just a stub to libc now, all the symbols have been moved to libc) [] 3. libutil (just a stub to libc now, all the symbols have been moved to libc) [] 4. libpthread (just a stub to libc now, all the symbols have been moved to libc) [] 5. libdl (just a stub to libc now, all the symbols have been moved to libc) Pt9. Fix pie binaries occasionally being added to `abi_libs` [] https://github.com/DataDrake/abi-wizard/issues/5

Toolchain upgrade (W12, 2022) [x] Pt0. BUILD BASH AS SHARED OR EVERYTHING WILL BREAK!!! Explanation: static linked executables that use glibc NSS get borked on a glibc upgrade if there are changes to NSS. Leave as shared as this is defeating the point of it being static. Pt1. Default to -fno-plt [x] Add -fno-plt to c/cxx flags in package-management [x] Add optimize : plt option to ypkg for the few packages that rely on it Explanation: we already skip the PLT for the majority of packages as we build with BIND_NOW and -Bsymbolic-functions by default. The PLT mostly sits useless, removing it marginally decreases package sizes and improves startup time. A few oddball packages that employ lazy linking still use the PLT (xorg) or programs doing funky stuff (valgrind). If a package disables BIND_NOW it must enable the PLT, but the vice versa is not true. Pt2. Rebootstrap toolchain [x] Update linux-headers to 5.15 [x] Update glibc to 2.35, bump min kernel comp to 4.14 and enable default pie [x] Update binutils to 2.38 [x] Rebuild gcc, enable default pie, disable pgo build and link against static libs for isl abi bump [x] Update isl to 0.24 [x] Rebuild gcc against isl 0.24 and build with pgo + lto-lean [x] Rebootstrap glibc [x] Rebootstrap binutils & enable pgo + lto build [x] Rebootstrap gcc [] Final glibc rebootstrap (optional, if needed) [] Final binutils rebootstrap (optional, if needed) [] Final gcc rebootstrap (optional, if needed) Explaination: We already enable the majority of security features, however, PIE is notably missing. On x86_64 the performance impact is marginal. On i386 it's a different story but we don't ship i386 binaries anyway only libraries, so we need not worry. Now that glibc is starting to default to pie and clang-14 will likely default to pie, it's about time we enable it. Additionally, Glibc 2.36 will support DT_RELR and will likely default to it. To get the most from DT_RELR we need to ship PIE binaries. PIC/PIE and -Bsymbolic-functions normally generates a lot of relative relocations, DT_RELR will decrease package sizes by packing together relative relocations, which in turn will help performance. Pt3. binutils rebuilds [x] linux-tools [x] amule [x] ocaml [x] openclonk Pt4. Add PLT to packages that need it [] Any others Pt5. LLVM toolchain interoperability [x] Enable PIE by default for clang (backport patch from llvm14) [x] Rebootstrap with PIE'd LLVM Pt6. Ensure compatibility, test, test, test, check steam, etc. Pt7. ncurses and readline rebuilds [x] 1. readline rebuilds [x] 3. ncurses rebuilds (potentially) [x] 4. Handle steam compatibility for old abi version Pt8. Safety rebuilds (mostly targetting glibc abi "deletions" as we don't have the tooling for a full repo rebuild) [] 1. libc deletions [] 2. librt (just a stub to libc now, all the symbols have been moved to libc) [] 3. libutil (just a stub to libc now, all the symbols have been moved to libc) [] 4. libpthread (just a stub to libc now, all the symbols have been moved to libc) [] 5. libdl (just a stub to libc now, all the symbols have been moved to libc) Pt9. Fix pie binaries occasionally being added to `abi_libs` [] https://github.com/DataDrake/abi-wizard/issues/5

Toolchain upgrade (W12, 2022) [x] Pt0. BUILD BASH AS SHARED OR EVERYTHING WILL BREAK!!! Explanation: static linked executables that use glibc NSS get borked on a glibc upgrade if there are changes to NSS. Leave as shared as this is defeating the point of it being static. Pt1. Default to -fno-plt [x] Add -fno-plt to c/cxx flags in package-management [x] Add optimize : plt option to ypkg for the few packages that rely on it Explanation: we already skip the PLT for the majority of packages as we build with BIND_NOW and -Bsymbolic-functions by default. The PLT mostly sits useless, removing it marginally decreases package sizes and improves startup time. A few oddball packages that employ lazy linking still use the PLT (xorg) or programs doing funky stuff (valgrind). If a package disables BIND_NOW it must enable the PLT, but the vice versa is not true. Pt2. Rebootstrap toolchain [x] Update linux-headers to 5.15 [x] Update glibc to 2.35, bump min kernel comp to 4.14 and enable default pie [x] Update binutils to 2.38 [x] Rebuild gcc, enable default pie, disable pgo build and link against static libs for isl abi bump [x] Update isl to 0.24 [x] Rebuild gcc against isl 0.24 and build with pgo + lto-lean [x] Rebootstrap glibc [x] Rebootstrap binutils & enable pgo + lto build [x] Rebootstrap gcc [] Final glibc rebootstrap (optional, if needed) [] Final binutils rebootstrap (optional, if needed) [] Final gcc rebootstrap (optional, if needed) Explaination: We already enable the majority of security features, however, PIE is notably missing. On x86_64 the performance impact is marginal. On i386 it's a different story but we don't ship i386 binaries anyway only libraries, so we need not worry. Now that glibc is starting to default to pie and clang-14 will likely default to pie, it's about time we enable it. Additionally, Glibc 2.36 will support DT_RELR and will likely default to it. To get the most from DT_RELR we need to ship PIE binaries. PIC/PIE and -Bsymbolic-functions normally generates a lot of relative relocations, DT_RELR will decrease package sizes by packing together relative relocations, which in turn will help performance. Pt3. binutils rebuilds [x] linux-tools [x] amule [x] ocaml [x] openclonk Pt4. Add PLT to packages that need it [] Any others Pt5. LLVM toolchain interoperability [x] Enable PIE by default for clang (backport patch from llvm14) [x] Rebootstrap with PIE'd LLVM Pt6. Ensure compatibility, test, test, test, check steam, etc. Pt7. ncurses and readline rebuilds [x] 1. readline rebuilds [x] 3. ncurses rebuilds (potentially) [x] 4. Handle steam compatibility for old abi version Pt8. Safety rebuilds (mostly targetting glibc abi "deletions" as we don't have the tooling for a full repo rebuild) [] 1. libc deletions [] 2. librt (just a stub to libc now, all the symbols have been moved to libc) [] 3. libutil (just a stub to libc now, all the symbols have been moved to libc) [] 4. libpthread (just a stub to libc now, all the symbols have been moved to libc) [] 5. libdl (just a stub to libc now, all the symbols have been moved to libc) Pt9. Fix pie binaries occasionally being added to `abi_libs` [] https://github.com/DataDrake/abi-wizard/issues/5