vp-build/common/environment/configure/hardening.sh
Juan RP 882f23cf98 env/hardening: fix hardening on MIPS.
Thanks to @chneukirchen for finding the correct solution:

gcc sets -mno-shared by default when compiling non-PIC, and because
we are overriding the builtin specs, this internal rule set for gnu/mips
does not trigger:

gcc/config/mips/gnu-user.h:/* Default to -mno-shared for non-PIC.  */
gcc/config/mips/gnu-user.h:  " %{mshared|mno-shared|fpic|fPIC|fpie|fPIE:;:-mno-shared}"

So that we now use a specific specs file just for mips that sets -mshared for PIC.

This fixes building packages with hardening enabled for MIPS.
2016-04-27 15:01:40 +02:00

27 lines
988 B
Bash

# Enable SSP and FORITFY_SOURCE=2 by default.
_CFLAGS=" -fstack-protector-strong -D_FORTIFY_SOURCE=2 ${CFLAGS}"
_CXXFLAGS="-fstack-protector-strong -D_FORTIFY_SOURCE=2 ${CXXFLAGS}"
# Enable as-needed and relro by default.
_LDFLAGS="-Wl,--as-needed ${LDFLAGS}"
case "$XBPS_TARGET_MACHINE" in
i686-musl) # SSP currently broken (see https://github.com/voidlinux/void-packages/issues/2902)
_CFLAGS+=" -fno-stack-protector"
_CXXFLAGS+=" -fno-stack-protector"
;;
esac
if [ -z "$nopie" ]; then
_GCCSPECSDIR=${XBPS_COMMONDIR}/environment/configure/gccspecs
case "$XBPS_TARGET_MACHINE" in
mips*) _GCCSPECSFILE=${_GCCSPECSDIR}/hardened-mips-cc1;;
*) _GCCSPECSFILE=${_GCCSPECSDIR}/hardened-cc1;;
esac
CFLAGS="-specs=${_GCCSPECSFILE} ${_CFLAGS}"
CXXFLAGS="-specs=${_GCCSPECSFILE} ${_CXXFLAGS}"
# We pass -z relro -z now here too, because libtool drops -specs...
LDFLAGS="-specs=${_GCCSPECSDIR}/hardened-ld -Wl,-z,relro -Wl,-z,now ${_LDFLAGS}"
fi
unset _CFLAGS _CXXFLAGS _LDFLAGS