2015-11-17 17:13:12 +01:00
|
|
|
# Enable SSP and FORITFY_SOURCE=2 by default.
|
2016-04-27 15:01:40 +02:00
|
|
|
_CFLAGS=" -fstack-protector-strong -D_FORTIFY_SOURCE=2 ${CFLAGS}"
|
|
|
|
_CXXFLAGS="-fstack-protector-strong -D_FORTIFY_SOURCE=2 ${CXXFLAGS}"
|
2015-11-17 17:13:12 +01:00
|
|
|
# Enable as-needed and relro by default.
|
2016-04-27 15:01:40 +02:00
|
|
|
_LDFLAGS="-Wl,--as-needed ${LDFLAGS}"
|
2015-11-17 17:13:12 +01:00
|
|
|
|
2015-12-12 08:32:38 +01:00
|
|
|
case "$XBPS_TARGET_MACHINE" in
|
|
|
|
i686-musl) # SSP currently broken (see https://github.com/voidlinux/void-packages/issues/2902)
|
2016-04-27 15:01:40 +02:00
|
|
|
_CFLAGS+=" -fno-stack-protector"
|
|
|
|
_CXXFLAGS+=" -fno-stack-protector"
|
2015-12-12 08:32:38 +01:00
|
|
|
;;
|
|
|
|
esac
|
|
|
|
|
|
|
|
if [ -z "$nopie" ]; then
|
2016-04-27 15:01:40 +02:00
|
|
|
_GCCSPECSDIR=${XBPS_COMMONDIR}/environment/configure/gccspecs
|
2016-04-27 12:46:08 +02:00
|
|
|
case "$XBPS_TARGET_MACHINE" in
|
2016-04-27 15:01:40 +02:00
|
|
|
mips*) _GCCSPECSFILE=${_GCCSPECSDIR}/hardened-mips-cc1;;
|
|
|
|
*) _GCCSPECSFILE=${_GCCSPECSDIR}/hardened-cc1;;
|
2016-04-27 12:46:08 +02:00
|
|
|
esac
|
2016-04-27 15:01:40 +02:00
|
|
|
CFLAGS="-specs=${_GCCSPECSFILE} ${_CFLAGS}"
|
|
|
|
CXXFLAGS="-specs=${_GCCSPECSFILE} ${_CXXFLAGS}"
|
2015-11-17 17:13:12 +01:00
|
|
|
# We pass -z relro -z now here too, because libtool drops -specs...
|
2016-04-27 15:01:40 +02:00
|
|
|
LDFLAGS="-specs=${_GCCSPECSDIR}/hardened-ld -Wl,-z,relro -Wl,-z,now ${_LDFLAGS}"
|
2015-11-17 17:13:12 +01:00
|
|
|
fi
|
2016-04-27 15:01:40 +02:00
|
|
|
|
|
|
|
unset _CFLAGS _CXXFLAGS _LDFLAGS
|