xbps-src: move compiler/linker defaults to env/hardening.sh.

The user can still set his/her defaults via etc/conf, and per package in the templates.
2015-11-17 17:13:12 +01:00 · 2015-11-17 17:13:12 +01:00 · 784f75931d
parent 8257e5cdba
commit 784f75931d
5 changed files with 17 additions and 14 deletions
--- a/common/environment/build/build-pie.sh
+++ b/common/environment/build/build-pie.sh
@ -1 +0,0 @@
-../configure/build-pie.sh
--- a/common/environment/build/hardening.sh
+++ b/common/environment/build/hardening.sh
@ -0,0 +1 @@
+../configure/hardening.sh
--- a/common/environment/configure/build-pie.sh
+++ b/common/environment/configure/build-pie.sh
@ -1,8 +0,0 @@
-_GCCSPECSDIR=${XBPS_COMMONDIR}/environment/configure/gccspecs
-
-if [ -z "$nopie" ]; then
-	CFLAGS+=" -specs=$_GCCSPECSDIR/hardened-cc1"
-	CXXFLAGS+=" -specs=$_GCCSPECSDIR/hardened-cc1"
-	# We pass -z relro -z now here too, because libtool drops -specs...
-	LDFLAGS+=" -specs=$_GCCSPECSDIR/hardened-ld -Wl,-z,relro -Wl,-z,now"
-fi
--- a/common/environment/configure/hardening.sh
+++ b/common/environment/configure/hardening.sh
@ -0,0 +1,13 @@
+# Enable SSP and FORITFY_SOURCE=2 by default.
+XBPS_CFLAGS+=" -fstack-protector-strong -D_FORTIFY_SOURCE=2"
+XBPS_CXXFLAGS+=" ${XBPS_CFLAGS}"
+# Enable as-needed and relro by default.
+XBPS_LDFLAGS+=" -Wl,--as-needed -Wl,-z,relro"
+
+if [ -z "$nopie" ]; then
+	_GCCSPECSDIR=${XBPS_COMMONDIR}/environment/configure/gccspecs
+	XBPS_CFLAGS+=" -specs=${_GCCSPECSDIR}/hardened-cc1"
+	XBPS_CXXFLAGS+=" -specs=${_GCCSPECSDIR}/hardened-cc1"
+	# We pass -z relro -z now here too, because libtool drops -specs...
+	XBPS_LDFLAGS+=" -specs=${_GCCSPECSDIR}/hardened-ld -Wl,-z,relro -Wl,-z,now"
+fi
--- a/etc/defaults.conf
+++ b/etc/defaults.conf
@ -23,15 +23,13 @@ XBPS_INSTALL_ARGS="--repository=http://repo.voidlinux.eu/current --repository=ht
 # Native Compilation/Preprocessor flags for C and C++. Additional settings
 # for the target architecture are also declared in common/build-profiles/<arch>.sh.
 #
-XBPS_CFLAGS="-O2 -pipe -fstack-protector-strong -D_FORTIFY_SOURCE=2"
+XBPS_CFLAGS="-O2 -pipe"
 XBPS_CXXFLAGS="${XBPS_CFLAGS}"

 # [OPTIONAL]
-# Linker flags passed to the compiler. By default we use --as-needed to
-# avoid linking extra libraries into binaries. See the following link
-# for info: http://www.gentoo.org/proj/en/qa/asneeded.xml
+# Linker flags passed to the compiler.
 #
-XBPS_LDFLAGS="-Wl,--as-needed -Wl,-z,relro"
+#XBPS_LDFLAGS=""

 # [REQUIRED]
 # Command to execute to gain root privileges when using the `update-sys`