[gentoo-commits] proj/hardened-dev:master commit in: sys-devel/gcc/, eclass/ - gentoo-commits

From:	Magnus Granberg <zorry@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] proj/hardened-dev:master commit in: sys-devel/gcc/, eclass/
Date:	Tue, 23 Aug 2016 20:24:48
Message-Id:	`1471983841.d30a8e0729b55b469d1f63ee074655cf21ae84c1.zorry@gentoo`

1

commit:     d30a8e0729b55b469d1f63ee074655cf21ae84c1

2

Author:     Magnus Granberg <zorry <AT> gentoo <DOT> org>

3

AuthorDate: Tue Aug 23 20:24:01 2016 +0000

4

Commit:     Magnus Granberg <zorry <AT> gentoo <DOT> org>

5

CommitDate: Tue Aug 23 20:24:01 2016 +0000

6

URL:        https://gitweb.gentoo.org/proj/hardened-dev.git/commit/?id=d30a8e07

7

8

Bump gcc 6 to 6.2

9

10

 eclass/toolchain.eclass        | 116 ++++++++++++++++++++++++-----------------

11

 sys-devel/gcc/gcc-6.2.0.ebuild |  39 ++++++++++++++

12

 2 files changed, 108 insertions(+), 47 deletions(-)

13

14

diff --git a/eclass/toolchain.eclass b/eclass/toolchain.eclass

15

index 247dcee..130e952 100644

16

--- a/eclass/toolchain.eclass

17

+++ b/eclass/toolchain.eclass

18

@@ -131,7 +131,7 @@ else

19

 	LICENSE="GPL-2+ LGPL-2.1+ FDL-1.1+"

20

fi

21

22

-IUSE="multislot regression-test vanilla"

23

+IUSE="regression-test vanilla"

24

 IUSE_DEF=( nls nptl )

25

26

 if [[ ${PN} != "kgcc64" && ${PN} != gcc-* ]] ; then

27

@@ -152,9 +152,9 @@ if [[ ${PN} != "kgcc64" && ${PN} != gcc-* ]] ; then

28

 	# versions which we dropped.  Since graphite was also experimental in

29

 	# the older versions, we don't want to bother supporting it.  #448024

30

 	tc_version_is_at_least 4.8 && IUSE+=" graphite" IUSE_DEF+=( sanitize )

31

-	tc_version_is_at_least 4.9 && IUSE+=" cilk"

32

-	tc_version_is_at_least 5.0 && IUSE+=" jit pch"

33

-	tc_version_is_at_least 6.0 && IUSE+=" pie +ssp"

34

+	tc_version_is_at_least 4.9 && IUSE+=" cilk +vtv"

35

+	tc_version_is_at_least 5.0 && IUSE+=" jit mpx"

36

+	tc_version_is_at_least 6.0 && IUSE+=" pie +ssp +pch"

37

fi

38

39

 IUSE+=" ${IUSE_DEF[*]/#/+}"

40

@@ -627,20 +627,47 @@ do_gcc_PIE_patches() {

41

 # configure to build with the hardened GCC specs as the default

42

 make_gcc_hard() {

43

44

-	# Gcc >= 6.X we don't need to sed in Makefile

45

-	# It have configurations options to turn pie/ssp on as default

46

+	local gcc_hard_flags=""

47

+	# Gcc >= 6.X we can use configurations options to turn pie/ssp on as default

48

 	if tc_version_is_at_least 6.0 ; then

49

-		if use hardened ; then

50

-			# rebrand to make bug reports easier

51

-			BRANDING_GCC_PKGVERSION=${BRANDING_GCC_PKGVERSION/Gentoo/Gentoo Hardened}

52

-		fi

53

 		if use pie ; then

54

 			einfo "Updating gcc to use automatic PIE building ..."

55

fi

56

 		if use ssp ; then

57

 			einfo "Updating gcc to use automatic SSP building ..."

58

fi

59

-		return 1

60

+		if use hardened ; then

61

+			# Will add some optimatizion as default.

62

+			gcc_hard_flags+=" -DHARDENED_OPTIMATIZON"

63

+			# rebrand to make bug reports easier

64

+			BRANDING_GCC_PKGVERSION=${BRANDING_GCC_PKGVERSION/Gentoo/Gentoo Hardened}

65

+		fi

66

+	else

67

+		if use hardened ; then

68

+			# rebrand to make bug reports easier

69

+			BRANDING_GCC_PKGVERSION=${BRANDING_GCC_PKGVERSION/Gentoo/Gentoo Hardened}

70

+			if hardened_gcc_works ; then

71

+				einfo "Updating gcc to use automatic PIE + SSP building ..."

72

+				gcc_hard_flags+=" -DEFAULT_PIE_SSP"

73

+			elif hardened_gcc_works pie ; then

74

+				einfo "Updating gcc to use automatic PIE building ..."

75

+				ewarn "SSP has not been enabled by default"

76

+				gcc_hard_flags+=" -DEFAULT_PIE"

77

+			elif hardened_gcc_works ssp ; then

78

+				einfo "Updating gcc to use automatic SSP building ..."

79

+				ewarn "PIE has not been enabled by default"

80

+				gcc_hard_flags+=" -DEFAULT_SSP"

81

+		else

82

+				# do nothing if hardened isn't supported, but don't die either

83

+				ewarn "hardened is not supported for this arch in this gcc version"

84

+				return 0

85

+			fi

86

+		else

87

+			if hardened_gcc_works ssp ; then

88

+				einfo "Updating gcc to use automatic SSP building ..."

89

+				gcc_hard_flags+=" -DEFAULT_SSP"

90

+			fi

91

+		fi

92

fi

93

94

 	# we want to be able to control the pie patch logic via something other

95

@@ -651,36 +678,8 @@ make_gcc_hard() {

96

 	# Need to add HARD_CFLAGS to ALL_CXXFLAGS on >= 4.7

97

 	if tc_version_is_at_least 4.7 ; then

98

 		sed -e '/^ALL_CXXFLAGS/iHARD_CFLAGS = ' \

99

-                        -e 's|^ALL_CXXFLAGS = |ALL_CXXFLAGS = $(HARD_CFLAGS) |' \

100

-                        -i "${S}"/gcc/Makefile.in

101

-	fi

102

-

103

-	# defaults to enable for all toolchains

104

-	local gcc_hard_flags=""

105

-	if use hardened ; then

106

-		if hardened_gcc_works ; then

107

-			einfo "Updating gcc to use automatic PIE + SSP building ..."

108

-			gcc_hard_flags+=" -DEFAULT_PIE_SSP"

109

-		elif hardened_gcc_works pie ; then

110

-			einfo "Updating gcc to use automatic PIE building ..."

111

-			ewarn "SSP has not been enabled by default"

112

-			gcc_hard_flags+=" -DEFAULT_PIE"

113

-		elif hardened_gcc_works ssp ; then

114

-			einfo "Updating gcc to use automatic SSP building ..."

115

-			ewarn "PIE has not been enabled by default"

116

-			gcc_hard_flags+=" -DEFAULT_SSP"

117

-		else

118

-			# do nothing if hardened isn't supported, but don't die either

119

-			ewarn "hardened is not supported for this arch in this gcc version"

120

-			return 0

121

-		fi

122

-		# rebrand to make bug reports easier

123

-		BRANDING_GCC_PKGVERSION=${BRANDING_GCC_PKGVERSION/Gentoo/Gentoo Hardened}

124

-	else

125

-		if hardened_gcc_works ssp ; then

126

-			einfo "Updating gcc to use automatic SSP building ..."

127

-			gcc_hard_flags+=" -DEFAULT_SSP"

128

-		fi

129

+			-e 's|^ALL_CXXFLAGS = |ALL_CXXFLAGS = $(HARD_CFLAGS) |' \

130

+			-i "${S}"/gcc/Makefile.in

131

fi

132

133

 	sed -i \

134

@@ -1187,6 +1186,17 @@ toolchain_src_configure() {

135

 		confgcc+=( $(use_enable cilk libcilkrts) )

136

fi

137

138

+	if in_iuse mpx ; then

139

+		confgcc+=( $(use_enable mpx libmpx) )

140

+	fi

141

+

142

+	if in_iuse vtv ; then

143

+		confgcc+=(

144

+			$(use_enable vtv vtable-verify)

145

+			$(use_enable vtv libvtv)

146

+		)

147

+	fi

148

+

149

 	# newer gcc's come with libquadmath, but only fortran uses

150

 	# it, so auto punt it when we don't care

151

 	if tc_version_is_at_least 4.6 && ! is_fortran ; then

152

@@ -1756,13 +1766,29 @@ toolchain_src_install() {

153

 	if ! is_crosscompile ; then

154

 		insinto "${DATAPATH}"

155

 		newins "${GCC_FILESDIR}"/awk/fixlafiles.awk-no_gcc_la fixlafiles.awk || die

156

-		find "${D}/${LIBPATH}" -name libstdc++.la -type f -delete

157

-		find "${D}/${LIBPATH}" -name 'lib*san.la' -type f -delete #487550 #546700

158

 		exeinto "${DATAPATH}"

159

 		doexe "${GCC_FILESDIR}"/fix_libtool_files.sh || die

160

 		doexe "${GCC_FILESDIR}"/c{89,99} || die

161

fi

162

163

+	find "${D}/${LIBPATH}" \

164

+		'(' \

165

+			-name libstdc++.la -o \

166

+			-name libstdc++fs.la -o \

167

+			-name libsupc++.la -o \

168

+			-name libcc1.la -o \

169

+			-name libcc1plugin.la -o \

170

+			-name 'libgomp.la' -o \

171

+			-name 'libgomp-plugin-*.la' -o \

172

+			-name libgfortran.la -o \

173

+			-name libgfortranbegin.la -o \

174

+			-name libmpx.la -o \

175

+			-name libmpxwrappers.la -o \

176

+			-name libitm.la -o \

177

+			-name libvtv.la -o \

178

+			-name 'lib*san.la' \

179

+		')' -type f -delete

180

+

181

 	# Use gid of 0 because some stupid ports don't have

182

 	# the group 'root' set to gid 0.  Send to /dev/null

183

 	# for people who are testing as non-root.

184

@@ -2122,10 +2148,6 @@ should_we_gcc_config() {

185

186

 	local curr_branch_ver=$(get_version_component_range 1-2 ${curr_config_ver})

187

188

-	# If we're using multislot, just run gcc-config if we're installing

189

-	# to the same profile as the current one.

190

-	use multislot && return $([[ ${curr_config_ver} == ${GCC_CONFIG_VER} ]])

191

-

192

 	if [[ ${curr_branch_ver} == ${GCC_BRANCH_VER} ]] ; then

193

 		return 0

194

 	else

195

196

diff --git a/sys-devel/gcc/gcc-6.2.0.ebuild b/sys-devel/gcc/gcc-6.2.0.ebuild

197

new file mode 100644

198

index 0000000..b425590

199

--- /dev/null

200

+++ b/sys-devel/gcc/gcc-6.2.0.ebuild

201

@@ -0,0 +1,39 @@

202

+# Copyright 1999-2016 Gentoo Foundation

203

+# Distributed under the terms of the GNU General Public License v2

204

+# $Id$

205

+

206

+EAPI="4"

207

+

208

+PATCH_VER="1.0"

209

+#UCLIBC_VER="1.0"

210

+

211

+# Hardened gcc 4 stuff

212

+#PIE_VER="0.6.5"

213

+#SPECS_VER="0.2.0"

214

+#SPECS_GCC_VER="4.4.3"

215

+# arch/libc configurations known to be stable with {PIE,SSP}-by-default

216

+#PIE_GLIBC_STABLE="x86 amd64 mips ppc ppc64 arm ia64"

217

+#PIE_UCLIBC_STABLE="x86 arm amd64 mips ppc ppc64"

218

+#SSP_STABLE="amd64 x86 mips ppc ppc64 arm"

219

+# uclibc need tls and nptl support for SSP support

220

+# uclibc need to be >= 0.9.33

221

+#SSP_UCLIBC_STABLE="x86 amd64 mips ppc ppc64 arm"

222

+#end Hardened stuff

223

+

224

+inherit toolchain

225

+

226

+KEYWORDS=""

227

+

228

+RDEPEND=""

229

+DEPEND="${RDEPEND}

230

+	elibc_glibc? ( >=sys-libs/glibc-2.8 )

231

+	>=${CATEGORY}/binutils-2.20"

232

+

233

+if [[ ${CATEGORY} != cross-* ]] ; then

234

+	PDEPEND="${PDEPEND} elibc_glibc? ( >=sys-libs/glibc-2.8 )"

235

+fi

236

+

237

+src_prepare() {

238

+

239

+	toolchain_src_prepare

240

+}

1	commit: d30a8e0729b55b469d1f63ee074655cf21ae84c1
2	Author: Magnus Granberg <zorry <AT> gentoo <DOT> org>
3	AuthorDate: Tue Aug 23 20:24:01 2016 +0000
4	Commit: Magnus Granberg <zorry <AT> gentoo <DOT> org>
5	CommitDate: Tue Aug 23 20:24:01 2016 +0000
6	URL: https://gitweb.gentoo.org/proj/hardened-dev.git/commit/?id=d30a8e07
7
8	Bump gcc 6 to 6.2
9
10	eclass/toolchain.eclass \| 116 ++++++++++++++++++++++++-----------------
11	sys-devel/gcc/gcc-6.2.0.ebuild \| 39 ++++++++++++++
12	2 files changed, 108 insertions(+), 47 deletions(-)
13
14	diff --git a/eclass/toolchain.eclass b/eclass/toolchain.eclass
15	index 247dcee..130e952 100644
16	--- a/eclass/toolchain.eclass
17	+++ b/eclass/toolchain.eclass
18	@@ -131,7 +131,7 @@ else
19	LICENSE="GPL-2+ LGPL-2.1+ FDL-1.1+"
20	fi
21
22	-IUSE="multislot regression-test vanilla"
23	+IUSE="regression-test vanilla"
24	IUSE_DEF=( nls nptl )
25
26	if [[ ${PN} != "kgcc64" && ${PN} != gcc-* ]] ; then
27	@@ -152,9 +152,9 @@ if [[ ${PN} != "kgcc64" && ${PN} != gcc-* ]] ; then
28	# versions which we dropped. Since graphite was also experimental in
29	# the older versions, we don't want to bother supporting it. #448024
30	tc_version_is_at_least 4.8 && IUSE+=" graphite" IUSE_DEF+=( sanitize )
31	- tc_version_is_at_least 4.9 && IUSE+=" cilk"
32	- tc_version_is_at_least 5.0 && IUSE+=" jit pch"
33	- tc_version_is_at_least 6.0 && IUSE+=" pie +ssp"
34	+ tc_version_is_at_least 4.9 && IUSE+=" cilk +vtv"
35	+ tc_version_is_at_least 5.0 && IUSE+=" jit mpx"
36	+ tc_version_is_at_least 6.0 && IUSE+=" pie +ssp +pch"
37	fi
38
39	IUSE+=" ${IUSE_DEF[*]/#/+}"
40	@@ -627,20 +627,47 @@ do_gcc_PIE_patches() {
41	# configure to build with the hardened GCC specs as the default
42	make_gcc_hard() {
43
44	- # Gcc >= 6.X we don't need to sed in Makefile
45	- # It have configurations options to turn pie/ssp on as default
46	+ local gcc_hard_flags=""
47	+ # Gcc >= 6.X we can use configurations options to turn pie/ssp on as default
48	if tc_version_is_at_least 6.0 ; then
49	- if use hardened ; then
50	- # rebrand to make bug reports easier
51	- BRANDING_GCC_PKGVERSION=${BRANDING_GCC_PKGVERSION/Gentoo/Gentoo Hardened}
52	- fi
53	if use pie ; then
54	einfo "Updating gcc to use automatic PIE building ..."
55	fi
56	if use ssp ; then
57	einfo "Updating gcc to use automatic SSP building ..."
58	fi
59	- return 1
60	+ if use hardened ; then
61	+ # Will add some optimatizion as default.
62	+ gcc_hard_flags+=" -DHARDENED_OPTIMATIZON"
63	+ # rebrand to make bug reports easier
64	+ BRANDING_GCC_PKGVERSION=${BRANDING_GCC_PKGVERSION/Gentoo/Gentoo Hardened}
65	+ fi
66	+ else
67	+ if use hardened ; then
68	+ # rebrand to make bug reports easier
69	+ BRANDING_GCC_PKGVERSION=${BRANDING_GCC_PKGVERSION/Gentoo/Gentoo Hardened}
70	+ if hardened_gcc_works ; then
71	+ einfo "Updating gcc to use automatic PIE + SSP building ..."
72	+ gcc_hard_flags+=" -DEFAULT_PIE_SSP"
73	+ elif hardened_gcc_works pie ; then
74	+ einfo "Updating gcc to use automatic PIE building ..."
75	+ ewarn "SSP has not been enabled by default"
76	+ gcc_hard_flags+=" -DEFAULT_PIE"
77	+ elif hardened_gcc_works ssp ; then
78	+ einfo "Updating gcc to use automatic SSP building ..."
79	+ ewarn "PIE has not been enabled by default"
80	+ gcc_hard_flags+=" -DEFAULT_SSP"
81	+ else
82	+ # do nothing if hardened isn't supported, but don't die either
83	+ ewarn "hardened is not supported for this arch in this gcc version"
84	+ return 0
85	+ fi
86	+ else
87	+ if hardened_gcc_works ssp ; then
88	+ einfo "Updating gcc to use automatic SSP building ..."
89	+ gcc_hard_flags+=" -DEFAULT_SSP"
90	+ fi
91	+ fi
92	fi
93
94	# we want to be able to control the pie patch logic via something other
95	@@ -651,36 +678,8 @@ make_gcc_hard() {
96	# Need to add HARD_CFLAGS to ALL_CXXFLAGS on >= 4.7
97	if tc_version_is_at_least 4.7 ; then
98	sed -e '/^ALL_CXXFLAGS/iHARD_CFLAGS = ' \
99	- -e 's\|^ALL_CXXFLAGS = \|ALL_CXXFLAGS = $(HARD_CFLAGS) \|' \
100	- -i "${S}"/gcc/Makefile.in
101	- fi
102	-
103	- # defaults to enable for all toolchains
104	- local gcc_hard_flags=""
105	- if use hardened ; then
106	- if hardened_gcc_works ; then
107	- einfo "Updating gcc to use automatic PIE + SSP building ..."
108	- gcc_hard_flags+=" -DEFAULT_PIE_SSP"
109	- elif hardened_gcc_works pie ; then
110	- einfo "Updating gcc to use automatic PIE building ..."
111	- ewarn "SSP has not been enabled by default"
112	- gcc_hard_flags+=" -DEFAULT_PIE"
113	- elif hardened_gcc_works ssp ; then
114	- einfo "Updating gcc to use automatic SSP building ..."
115	- ewarn "PIE has not been enabled by default"
116	- gcc_hard_flags+=" -DEFAULT_SSP"
117	- else
118	- # do nothing if hardened isn't supported, but don't die either
119	- ewarn "hardened is not supported for this arch in this gcc version"
120	- return 0
121	- fi
122	- # rebrand to make bug reports easier
123	- BRANDING_GCC_PKGVERSION=${BRANDING_GCC_PKGVERSION/Gentoo/Gentoo Hardened}
124	- else
125	- if hardened_gcc_works ssp ; then
126	- einfo "Updating gcc to use automatic SSP building ..."
127	- gcc_hard_flags+=" -DEFAULT_SSP"
128	- fi
129	+ -e 's\|^ALL_CXXFLAGS = \|ALL_CXXFLAGS = $(HARD_CFLAGS) \|' \
130	+ -i "${S}"/gcc/Makefile.in
131	fi
132
133	sed -i \
134	@@ -1187,6 +1186,17 @@ toolchain_src_configure() {
135	confgcc+=( $(use_enable cilk libcilkrts) )
136	fi
137
138	+ if in_iuse mpx ; then
139	+ confgcc+=( $(use_enable mpx libmpx) )
140	+ fi
141	+
142	+ if in_iuse vtv ; then
143	+ confgcc+=(
144	+ $(use_enable vtv vtable-verify)
145	+ $(use_enable vtv libvtv)
146	+ )
147	+ fi
148	+
149	# newer gcc's come with libquadmath, but only fortran uses
150	# it, so auto punt it when we don't care
151	if tc_version_is_at_least 4.6 && ! is_fortran ; then
152	@@ -1756,13 +1766,29 @@ toolchain_src_install() {
153	if ! is_crosscompile ; then
154	insinto "${DATAPATH}"
155	newins "${GCC_FILESDIR}"/awk/fixlafiles.awk-no_gcc_la fixlafiles.awk \|\| die
156	- find "${D}/${LIBPATH}" -name libstdc++.la -type f -delete
157	- find "${D}/${LIBPATH}" -name 'lib*san.la' -type f -delete #487550 #546700
158	exeinto "${DATAPATH}"
159	doexe "${GCC_FILESDIR}"/fix_libtool_files.sh \|\| die
160	doexe "${GCC_FILESDIR}"/c{89,99} \|\| die
161	fi
162
163	+ find "${D}/${LIBPATH}" \
164	+ '(' \
165	+ -name libstdc++.la -o \
166	+ -name libstdc++fs.la -o \
167	+ -name libsupc++.la -o \
168	+ -name libcc1.la -o \
169	+ -name libcc1plugin.la -o \
170	+ -name 'libgomp.la' -o \
171	+ -name 'libgomp-plugin-*.la' -o \
172	+ -name libgfortran.la -o \
173	+ -name libgfortranbegin.la -o \
174	+ -name libmpx.la -o \
175	+ -name libmpxwrappers.la -o \
176	+ -name libitm.la -o \
177	+ -name libvtv.la -o \
178	+ -name 'lib*san.la' \
179	+ ')' -type f -delete
180	+
181	# Use gid of 0 because some stupid ports don't have
182	# the group 'root' set to gid 0. Send to /dev/null
183	# for people who are testing as non-root.
184	@@ -2122,10 +2148,6 @@ should_we_gcc_config() {
185
186	local curr_branch_ver=$(get_version_component_range 1-2 ${curr_config_ver})
187
188	- # If we're using multislot, just run gcc-config if we're installing
189	- # to the same profile as the current one.
190	- use multislot && return $([[ ${curr_config_ver} == ${GCC_CONFIG_VER} ]])
191	-
192	if [[ ${curr_branch_ver} == ${GCC_BRANCH_VER} ]] ; then
193	return 0
194	else
195
196	diff --git a/sys-devel/gcc/gcc-6.2.0.ebuild b/sys-devel/gcc/gcc-6.2.0.ebuild
197	new file mode 100644
198	index 0000000..b425590
199	--- /dev/null
200	+++ b/sys-devel/gcc/gcc-6.2.0.ebuild
201	@@ -0,0 +1,39 @@
202	+# Copyright 1999-2016 Gentoo Foundation
203	+# Distributed under the terms of the GNU General Public License v2
204	+# $Id$
205	+
206	+EAPI="4"
207	+
208	+PATCH_VER="1.0"
209	+#UCLIBC_VER="1.0"
210	+
211	+# Hardened gcc 4 stuff
212	+#PIE_VER="0.6.5"
213	+#SPECS_VER="0.2.0"
214	+#SPECS_GCC_VER="4.4.3"
215	+# arch/libc configurations known to be stable with {PIE,SSP}-by-default
216	+#PIE_GLIBC_STABLE="x86 amd64 mips ppc ppc64 arm ia64"
217	+#PIE_UCLIBC_STABLE="x86 arm amd64 mips ppc ppc64"
218	+#SSP_STABLE="amd64 x86 mips ppc ppc64 arm"
219	+# uclibc need tls and nptl support for SSP support
220	+# uclibc need to be >= 0.9.33
221	+#SSP_UCLIBC_STABLE="x86 amd64 mips ppc ppc64 arm"
222	+#end Hardened stuff
223	+
224	+inherit toolchain
225	+
226	+KEYWORDS=""
227	+
228	+RDEPEND=""
229	+DEPEND="${RDEPEND}
230	+ elibc_glibc? ( >=sys-libs/glibc-2.8 )
231	+ >=${CATEGORY}/binutils-2.20"
232	+
233	+if [[ ${CATEGORY} != cross-* ]] ; then
234	+ PDEPEND="${PDEPEND} elibc_glibc? ( >=sys-libs/glibc-2.8 )"
235	+fi
236	+
237	+src_prepare() {
238	+
239	+ toolchain_src_prepare
240	+}

Gentoo Archives: gentoo-commits