1 |
commit: c439961a06625b27d39d683beee00e8c3a54005f |
2 |
Author: Oskari Pirhonen <xxc3ncoredxx <AT> gmail <DOT> com> |
3 |
AuthorDate: Thu Jan 13 05:08:03 2022 +0000 |
4 |
Commit: Sam James <sam <AT> gentoo <DOT> org> |
5 |
CommitDate: Sun Feb 20 02:04:16 2022 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/crossdev.git/commit/?id=c439961a |
7 |
|
8 |
crossdev: use package.use.{mask,force} for pie/ssp |
9 |
|
10 |
A hardened host profile forces the pie and ssp USE flags which is |
11 |
overriding GUSE="-pie -ssp". Use package.use.mask and package.use.force |
12 |
to control the flags. |
13 |
|
14 |
Closes: https://bugs.gentoo.org/831165 |
15 |
Signed-off-by: Oskari Pirhonen <xxc3ncoredxx <AT> gmail.com> |
16 |
Signed-off-by: Sam James <sam <AT> gentoo.org> |
17 |
|
18 |
crossdev | 45 +++++++++++++++++++++++++++++---------------- |
19 |
1 file changed, 29 insertions(+), 16 deletions(-) |
20 |
|
21 |
diff --git a/crossdev b/crossdev |
22 |
index e2e01e8..fcf6a65 100755 |
23 |
--- a/crossdev |
24 |
+++ b/crossdev |
25 |
@@ -409,9 +409,11 @@ parse_target() { |
26 |
pie_support=no |
27 |
;; |
28 |
esac |
29 |
+ # Running a hardened profile on the host forces pie #831165 |
30 |
if [[ $pie_support = "no" ]]; then |
31 |
# pie is >=gcc-6, nopie is <gcc-6 |
32 |
- GUSE+=" -pie nopie" |
33 |
+ GMASK+=" pie -nopie" |
34 |
+ GFORCE+=" nopie" |
35 |
fi |
36 |
|
37 |
local ssp_support=yes |
38 |
@@ -423,9 +425,11 @@ parse_target() { |
39 |
# check as '$CC -fstack-protector -c -x c - </dev/null' |
40 |
alpha*|avr*|hppa*|ia64*|mmix*|nios2*) ssp_support=no;; |
41 |
esac |
42 |
+ # Running a hardened profile on the host forces ssp #831165 |
43 |
if [[ $ssp_support = "no" ]]; then |
44 |
# ssp is >=gcc-6, nossp is <gcc-6 |
45 |
- GUSE+=" -ssp nossp" |
46 |
+ GMASK+=" ssp -nossp" |
47 |
+ GFORCE+=" nossp" |
48 |
fi |
49 |
} |
50 |
|
51 |
@@ -726,6 +730,8 @@ for_each_extra_pkg() { |
52 |
XUSE=${XUSES[i]} \ |
53 |
XENV=${XENVS[i]} \ |
54 |
XOVL=${XOVLS[i]} \ |
55 |
+ XMASK=${XMASKS[i]} \ |
56 |
+ XFORCE=${XFORCES[i]} \ |
57 |
"$@" |
58 |
done |
59 |
} |
60 |
@@ -775,12 +781,13 @@ MULTILIB_USE="" |
61 |
HOST_ABI="default" |
62 |
STAGE="" |
63 |
AENV="" |
64 |
-BCAT="sys-devel" ; BPKG="binutils" ; BVER="" BUSE="" BENV="" BOVL="" |
65 |
-GCAT="sys-devel" ; GPKG="gcc" ; GVER="" GUSE="" GENV="" GOVL="" |
66 |
-KCAT="sys-kernel" ; KPKG="linux-headers" ; KVER="" KUSE="" KENV="" KOVL="" |
67 |
-LCAT="sys-libs" ; LPKG="[none]" ; LVER="" LUSE="" LENV="" LOVL="" |
68 |
-DCAT="sys-devel" ; DPKG="gdb" ; DVER="" DUSE="" DENV="" DOVL="" |
69 |
-XPKGS=() XVERS=() XUSES=() XENVS=() XOVLS=() |
70 |
+# Only GMASK/GFORCE are currently used |
71 |
+BCAT="sys-devel" ; BPKG="binutils" ; BVER="" BUSE="" BENV="" BOVL="" BMASK="" BFORCE="" |
72 |
+GCAT="sys-devel" ; GPKG="gcc" ; GVER="" GUSE="" GENV="" GOVL="" GMASK="" GFORCE="" |
73 |
+KCAT="sys-kernel" ; KPKG="linux-headers" ; KVER="" KUSE="" KENV="" KOVL="" KMASK="" KFORCE="" |
74 |
+LCAT="sys-libs" ; LPKG="[none]" ; LVER="" LUSE="" LENV="" LOVL="" LMASK="" LFORCE="" |
75 |
+DCAT="sys-devel" ; DPKG="gdb" ; DVER="" DUSE="" DENV="" DOVL="" DMASK="" DFORCE="" |
76 |
+XPKGS=() XVERS=() XUSES=() XENVS=() XOVLS=() XMASKS=() XFORCES=() |
77 |
DEFAULT_VER="[latest]" |
78 |
SEARCH_OVERLAYS="" |
79 |
CROSSDEV_OVERLAY="" |
80 |
@@ -1273,9 +1280,9 @@ set_env() { |
81 |
} |
82 |
set_portage() { |
83 |
local l=$1 |
84 |
- eval set -- \${${l}CAT} \${${l}PKG} \"\${${l}VER}\" \"\${${l}ENV}\" \"\${${l}OVL}\" |
85 |
- local cat=$1 pkg=$2 ver=$3 env=$4 ovl=$5 |
86 |
- shift 5 |
87 |
+ eval set -- \${${l}CAT} \${${l}PKG} \"\${${l}VER}\" \"\${${l}ENV}\" \"\${${l}OVL}\" \"\${${l}MASK}\" \"\${${l}FORCE}\" |
88 |
+ local cat=$1 pkg=$2 ver=$3 env=$4 ovl=$5 mask=$6 force=$7 |
89 |
+ shift 7 |
90 |
local use=$* |
91 |
|
92 |
[[ ${pkg} == "[none]" ]] && return 0 |
93 |
@@ -1283,14 +1290,20 @@ set_portage() { |
94 |
case ${CTARGET} in |
95 |
# avr requires multilib, that provides |
96 |
# libgcc for all sub-architectures #378387 |
97 |
- avr*) set_use_force ${pkg} multilib |
98 |
- set_use_mask ${pkg} -multilib;; |
99 |
+ avr*) |
100 |
+ mask+=" -multilib" |
101 |
+ force+=" multilib" |
102 |
+ ;; |
103 |
*-newlib|*-elf|*-eabi) |
104 |
- set_use_force ${pkg} multilib; |
105 |
- set_use_mask ${pkg} -multilib;; |
106 |
- *) set_use_force ${pkg} -multilib;; |
107 |
+ mask+=" -multilib" |
108 |
+ force+=" multilib" |
109 |
+ ;; |
110 |
+ *) |
111 |
+ mask+=" multilib";; |
112 |
esac |
113 |
|
114 |
+ set_use_mask ${pkg} "${mask}" |
115 |
+ set_use_force ${pkg} "${force}" |
116 |
set_keywords ${pkg} ${ver} |
117 |
set_use ${pkg} ${use} |
118 |
set_links ${cat} ${pkg} "${ovl}" |