palemoon ebuild should be adjusted for PIE

[l29ah]

from #palemoon at freenode:

17:30:59]<MoonchildPM> L29Ah: are you using the recommended toolchain to build Pale Moon?
17:32:19]<L29Ah> gcc (Gentoo Hardened 5.4.0-r3 p1.4, pie-0.6.5) 5.4.0
17:32:49]<L29Ah> it didn't change its behaviour when i moved from 4.9.3
17:32:50]<MoonchildPM> That's a no, then
17:34:18]<MoonchildPM> Please try using gcc 4.9.7; also if you want to build with pie, you must use the --enable-pie config option, not exporting the flags directly.
17:36:39]<L29Ah> i don't export any flags, actually i don't understand how pie is enabled in gentoo since .spec files are gone and $C*FLAGS don't have anything about it
17:37:28]<NewTobinParadigm> mozconfig.. configure options
17:38:40]<L29Ah> i mean, afaik all the executables generated by this compiler are pie by default
17:39:23]<NewTobinParadigm> pastebin or screenshot about:buildconfig for your last build
...
17:39:47]<MoonchildPM> NewTobinParadigm: what he's saying is that the gcc version is use is baking in pie into everything
17:40:11]<NewTobinParadigm> that ... shouldn't be happening
17:41:34]<L29Ah> The Gentoo hardened GCC automatically builds PIEs when building application code, unless explicitly requested not to (with a few built-in exceptions for cases where it is undesirable). The chapter " #PIE describes the toolchain modifications to make this happen, and issues that may arise. 
17:42:12]<NewTobinParadigm> our build system isn't aware of pie by default
17:42:35]<NewTobinParadigm> and I have no idea what the effect pie has on the linked code
17:42:46]<NewTobinParadigm> especially for gcc5+

I'll have a stab at this, but may forget it since it doesn't crash. palemoon-9999 became a lot slower about two weeks ago for me tho.

[Bfgeshka]

Understandable, but:

• Is there any need to use PIE globally at all in a first place?
  You're saying that browser is working slow now, i'd rather blame PIE for it: PIE actually makes generated code slower.

• I haven't hardened environment to test compilation on it, so I'm requesting a PR from you (or anyone interested) with confirmation that everything works.

[l29ah]

On Sat, Sep 30, 2017 at 01:35:54AM -0700, OMG Eto Zhe BFG wrote: - Is there any need to use PIE globally at all in a first place? You're saying that browser is working slow now, i'd rather blame PIE for it: PIE actually makes generated code slower.

Hardened Gentoo's toolchain does this by default, so the ebuild should be adjusted to disable it.

…

-- () ascii ribbon campaign - against html mail /\ http://arc.pasp.de/ - against proprietary attachments

[Bfgeshka]

Yes, I get it, but you may disable it globally (if you want) via adding -no-pie to compiler flags, then it wouldn't be a default behavior anymore.

Anyway, I'll be waiting for PR on this regard.

[Bfgeshka]

Gentoo 17.x profiles do enable PIE in GCC by default, compiles fine.