vp-build/common/environment/configure/hardening.sh

# Enable SSP and FORITFY_SOURCE=2 by default.
CFLAGS=" -fstack-protector-strong -D_FORTIFY_SOURCE=2 $CFLAGS"
CXXFLAGS="-fstack-protector-strong -D_FORTIFY_SOURCE=2 $CXXFLAGS"
# Enable as-needed and relro by default.
LDFLAGS="-Wl,--as-needed -Wl,-z,relro $LDFLAGS"

if [ -z "$nopie" ] && [ "$XBPS_TARGET_ARCH" != mipsel-musl ]; then
	_GCCSPECSDIR=${XBPS_COMMONDIR}/environment/configure/gccspecs
	CFLAGS="-specs=${_GCCSPECSDIR}/hardened-cc1 $CFLAGS"
	CXXFLAGS="-specs=${_GCCSPECSDIR}/hardened-cc1 $CXXFLAGS"
	# We pass -z relro -z now here too, because libtool drops -specs...
	LDFLAGS="-specs=${_GCCSPECSDIR}/hardened-ld -Wl,-z,relro -Wl,-z,now $LDFLAGS"
fi
xbps-src: move compiler/linker defaults to env/hardening.sh. The user can still set his/her defaults via etc/conf, and per package in the templates. 2015-11-17 17:13:12 +01:00			`# Enable SSP and FORITFY_SOURCE=2 by default.`
xbps-src: env/hardening: make sure to put pkg overrides at the end. 2015-11-17 17:24:54 +01:00			`CFLAGS=" -fstack-protector-strong -D_FORTIFY_SOURCE=2 $CFLAGS"`
			`CXXFLAGS="-fstack-protector-strong -D_FORTIFY_SOURCE=2 $CXXFLAGS"`
xbps-src: move compiler/linker defaults to env/hardening.sh. The user can still set his/her defaults via etc/conf, and per package in the templates. 2015-11-17 17:13:12 +01:00			`# Enable as-needed and relro by default.`
xbps-src: env/hardening: make sure to put pkg overrides at the end. 2015-11-17 17:24:54 +01:00			`LDFLAGS="-Wl,--as-needed -Wl,-z,relro $LDFLAGS"`
xbps-src: move compiler/linker defaults to env/hardening.sh. The user can still set his/her defaults via etc/conf, and per package in the templates. 2015-11-17 17:13:12 +01:00
configure/hardening.sh: disable hardening on mipsel-musl. 2015-11-27 12:02:13 +01:00			`if [ -z "$nopie" ] && [ "$XBPS_TARGET_ARCH" != mipsel-musl ]; then`
xbps-src: move compiler/linker defaults to env/hardening.sh. The user can still set his/her defaults via etc/conf, and per package in the templates. 2015-11-17 17:13:12 +01:00			`_GCCSPECSDIR=${XBPS_COMMONDIR}/environment/configure/gccspecs`
xbps-src: env/hardening: make sure to put pkg overrides at the end. 2015-11-17 17:24:54 +01:00			`CFLAGS="-specs=${_GCCSPECSDIR}/hardened-cc1 $CFLAGS"`
			`CXXFLAGS="-specs=${_GCCSPECSDIR}/hardened-cc1 $CXXFLAGS"`
xbps-src: move compiler/linker defaults to env/hardening.sh. The user can still set his/her defaults via etc/conf, and per package in the templates. 2015-11-17 17:13:12 +01:00			`# We pass -z relro -z now here too, because libtool drops -specs...`
xbps-src: env/hardening: make sure to put pkg overrides at the end. 2015-11-17 17:24:54 +01:00			`LDFLAGS="-specs=${_GCCSPECSDIR}/hardened-ld -Wl,-z,relro -Wl,-z,now $LDFLAGS"`
xbps-src: move compiler/linker defaults to env/hardening.sh. The user can still set his/her defaults via etc/conf, and per package in the templates. 2015-11-17 17:13:12 +01:00			`fi`