From ea96fc3ccea0335eac71027250915307b783a3d6 Mon Sep 17 00:00:00 2001 From: Christian Neukirchen Date: Sat, 7 Mar 2015 20:52:28 +0100 Subject: [PATCH] xbps-src: pass PIE flags via -specs mechanism, avoids breaking static build. --- common/environment/configure/build-pie.sh | 6 ++++-- common/environment/configure/gccspecs/hardened-cc1 | 2 ++ common/environment/configure/gccspecs/hardened-ld | 5 +++++ 3 files changed, 11 insertions(+), 2 deletions(-) create mode 100644 common/environment/configure/gccspecs/hardened-cc1 create mode 100644 common/environment/configure/gccspecs/hardened-ld diff --git a/common/environment/configure/build-pie.sh b/common/environment/configure/build-pie.sh index 56e85de4b0a..7f0b2fbd5f7 100644 --- a/common/environment/configure/build-pie.sh +++ b/common/environment/configure/build-pie.sh @@ -1,4 +1,6 @@ +_GCCSPECSDIR=${XBPS_COMMONDIR}/environment/configure/gccspecs + if [ -n "$build_pie" ]; then - CFLAGS+=" -fPIE" - LDFLAGS+=" -pie" + CFLAGS+=" -specs=$_GCCSPECSDIR/hardened-cc1" + LDFLAGS+=" -specs=$_GCCSPECSDIR/hardened-ld" fi diff --git a/common/environment/configure/gccspecs/hardened-cc1 b/common/environment/configure/gccspecs/hardened-cc1 new file mode 100644 index 00000000000..47b47925553 --- /dev/null +++ b/common/environment/configure/gccspecs/hardened-cc1 @@ -0,0 +1,2 @@ +*cc1_options: ++ %{!fpie:%{!fPIE:%{!fpic:%{!fPIC:%{!fno-pic:-fPIE}}}}} diff --git a/common/environment/configure/gccspecs/hardened-ld b/common/environment/configure/gccspecs/hardened-ld new file mode 100644 index 00000000000..fdfa18574a4 --- /dev/null +++ b/common/environment/configure/gccspecs/hardened-ld @@ -0,0 +1,5 @@ +*self_spec: ++ %{static|Bstatic|shared|Bshareable|i|r|pie|nopie:;:-pie} + +*link: ++ %{!static:-z relro}