[gentoo-commits] gentoo-x86 commit in eclass: toolchain.eclass - gentoo-commits

From:	"Ned Ludd (solar)" <solar@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo-x86 commit in eclass: toolchain.eclass
Date:	Mon, 29 Dec 2008 02:24:22
Message-Id:	`E1LH7nn-00080R-IO@stork.gentoo.org`

1

solar       08/12/29 02:24:19

2

3

  Modified:             toolchain.eclass

4

  Log:

5

  - import gcc:4 pie support towards hardened-gcc. (many thanks to Zorry for putting up with all my crazy requirements)

6

7

Revision  Changes    Path

8

1.369                eclass/toolchain.eclass

9

10

file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/eclass/toolchain.eclass?rev=1.369&view=markup

11

plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/eclass/toolchain.eclass?rev=1.369&content-type=text/plain

12

diff : http://sources.gentoo.org/viewcvs.py/gentoo-x86/eclass/toolchain.eclass?r1=1.368&r2=1.369

13

14

Index: toolchain.eclass

15

===================================================================

16

RCS file: /var/cvsroot/gentoo-x86/eclass/toolchain.eclass,v

17

retrieving revision 1.368

18

retrieving revision 1.369

19

diff -u -r1.368 -r1.369

20

--- toolchain.eclass	22 Dec 2008 18:53:47 -0000	1.368

21

+++ toolchain.eclass	29 Dec 2008 02:24:18 -0000	1.369

22

@@ -1,6 +1,6 @@

23

 # Copyright 1999-2008 Gentoo Foundation

24

 # Distributed under the terms of the GNU General Public License v2

25

-# $Header: /var/cvsroot/gentoo-x86/eclass/toolchain.eclass,v 1.368 2008/12/22 18:53:47 solar Exp $

26

+# $Header: /var/cvsroot/gentoo-x86/eclass/toolchain.eclass,v 1.369 2008/12/29 02:24:18 solar Exp $

27

#

28

 # Maintainer: Toolchain Ninjas <toolchain@g.o>

29

30

@@ -236,6 +236,10 @@

31

 #				old syntax (do not define PIE_CORE anymore):

32

 #					PIE_CORE="gcc-3.4.0-piepatches-v${PIE_VER}.tar.bz2"

33

#

34

+#	SPECS_VER

35

+#	SPECS_GCC_VER

36

+#			This is for the minispecs files included in the hardened gcc-4.x

37

+#

38

 #	PP_VER

39

 #	PP_GCC_VER

40

 #	obsoleted: PP_FVER

41

@@ -280,6 +284,7 @@

42

 	export PIE_GCC_VER=${PIE_GCC_VER:-${GCC_RELEASE_VER}}

43

 	export PP_GCC_VER=${PP_GCC_VER:-${GCC_RELEASE_VER}}

44

 	export HTB_GCC_VER=${HTB_GCC_VER:-${GCC_RELEASE_VER}}

45

+	export SPECS_GCC_VER=${SPECS_GCC_VER:-${GCC_RELEASE_VER}}

46

47

 	[[ -n ${PIE_VER} ]] && \

48

 		PIE_CORE=${PIE_CORE:-gcc-${PIE_GCC_VER}-piepatches-v${PIE_VER}.tar.bz2}

49

@@ -327,6 +332,10 @@

50

 	[[ -n ${PIE_VER} ]] && \

51

 		GCC_SRC_URI="${GCC_SRC_URI} !nopie? ( $(gentoo_urls ${PIE_CORE}) )"

52

53

+	# gcc minispec for the hardened gcc 4 compiler

54

+        [[ -n ${SPECS_VER} ]] && \

55

+                GCC_SRC_URI="${GCC_SRC_URI} !nopie? ( $(gentoo_urls gcc-${SPECS_GCC_VER}-default-specs-${SPECS_VER}.tar.bz2) )"

56

+

57

 	# gcc bounds checking patch

58

 	if [[ -n ${HTB_VER} ]] ; then

59

 		local HTBFILE="bounds-checking-gcc-${HTB_GCC_VER}-${HTB_VER}.patch.bz2"

60

@@ -483,7 +492,16 @@

61

 want_split_specs() {

62

 	[[ ${SPLIT_SPECS} == "true" ]] && want_pie

63

}

64

-

65

+want_minispecs() {

66

+	if tc_version_is_at_least 4.3.2 && use hardened ; then

67

+		if [[ -n ${SPECS_VER} ]] ; then

68

+			return 0

69

+		else

70

+			die "For Hardend to work you need the minispecs files"

71

+		fi

72

+	fi

73

+	return 1

74

+}

75

 # This function checks whether or not glibc has the support required to build

76

 # Position Independant Executables with gcc.

77

 glibc_have_pie() {

78

@@ -685,7 +703,29 @@

79

 	# Set which specs file to use

80

 	[[ -n ${gcc_specs_file} ]] && echo "GCC_SPECS=\"${gcc_specs_file}\"" >> ${gcc_envd_file}

81

}

82

-

83

+setup_minispecs_gcc_build_specs() {

84

+	# Setup the "build.specs" file for gcc to use when building.

85

+	if want_minispecs ; then

86

+		if hardened_gcc_works pie ; then

87

+        		cat "${WORKDIR}"/specs/pie.specs >> "${WORKDIR}"/build.specs

88

+		fi

89

+		for s in nostrict znow zrelro; do

90

+			cat "${WORKDIR}"/specs/${s}.specs >> "${WORKDIR}"/build.specs

91

+		done

92

+		export GCC_SPECS="${WORKDIR}"/build.specs

93

+	fi

94

+}

95

+copy_minispecs_gcc_specs() {

96

+	# Build system specs file which, if it exists, must be a complete set of

97

+	# specs as it completely and unconditionally overrides the builtin specs.

98

+	# For gcc 4

99

+	if use hardened && want_minispecs ; then

100

+		$(XGCC) -dumpspecs > "${WORKDIR}"/specs/specs

101

+		cat "${WORKDIR}"/build.specs >> "${WORKDIR}"/specs/specs

102

+		insinto ${LIBPATH}

103

+		doins "${WORKDIR}"/specs/* || die "failed to install specs"

104

+        fi

105

+}

106

 add_profile_eselect_conf() {

107

 	local compiler_config_file=$1

108

 	local abi=$2

109

@@ -961,7 +1001,7 @@

110

 	# the necessary support

111

 	want_pie && use hardened && glibc_have_pie

112

113

-	if use hardened ; then

114

+	if use hardened && !want_minispecs ; then

115

 		einfo "updating configuration to build hardened GCC"

116

 		make_gcc_hard || die "failed to make gcc hard"

117

fi

118

@@ -1585,6 +1625,9 @@

119

 	einfo "CFLAGS=\"${CFLAGS}\""

120

 	einfo "CXXFLAGS=\"${CXXFLAGS}\""

121

122

+	# For hardened gcc 4 for build the hardened specs file to use when building gcc

123

+	setup_minispecs_gcc_build_specs

124

+

125

 	# Build in a separate build tree

126

 	mkdir -p "${WORKDIR}"/build

127

 	pushd "${WORKDIR}"/build > /dev/null

128

@@ -1607,7 +1650,7 @@

129

130

 	# Do not create multiple specs files for PIE+SSP if boundschecking is in

131

 	# USE, as we disable PIE+SSP when it is.

132

-	if [[ ${ETYPE} == "gcc-compiler" ]] && want_split_specs ; then

133

+	if [[ ${ETYPE} == "gcc-compiler" ]] && want_split_specs && !want_minispecs; then

134

 		split_out_specs_files || die "failed to split out specs"

135

fi

136

137

@@ -1711,7 +1754,13 @@

138

 		insinto ${LIBPATH}

139

 		doins "${WORKDIR}"/build/*.specs || die "failed to install specs"

140

fi

141

-

142

+	# Setup the gcc_env_entry for hardened gcc 4 with minispecs

143

+	if want_minispecs ; then

144

+		if hardened_gcc_works pie ; then

145

+		    create_gcc_env_entry hardenednopie

146

+		fi

147

+		create_gcc_env_entry vanilla

148

+	fi

149

 	# Make sure we dont have stuff lying around that

150

 	# can nuke multiple versions of gcc

151

 	cd "${D}"${LIBPATH}

152

@@ -1839,6 +1888,9 @@

153

154

 	# Create config files for eselect-compiler

155

 	create_eselect_conf

156

+

157

+	# Cpoy the needed minispec for hardened gcc 4

158

+	copy_minispecs_gcc_specs

159

}

160

161

 # Move around the libs to the right location.  For some reason,

162

@@ -1909,6 +1961,7 @@

163

 	export PIE_GCC_VER=${PIE_GCC_VER:-${GCC_RELEASE_VER}}

164

 	export PP_GCC_VER=${PP_GCC_VER:-${GCC_RELEASE_VER}}

165

 	export HTB_GCC_VER=${HTB_GCC_VER:-${GCC_RELEASE_VER}}

166

+	export SPECS_GCC_VER=${SPECS_GCC_VER:-${GCC_RELEASE_VER}}

167

168

 	if [[ -n ${GCC_A_FAKEIT} ]] ; then

169

 		unpack ${GCC_A_FAKEIT}

170

@@ -1964,6 +2017,8 @@

171

 		else

172

 			unpack gcc-${PIE_GCC_VER}-piepatches-v${PIE_VER}.tar.bz2

173

fi

174

+		[[ -n ${SPECS_VER} ]] && \

175

+			unpack gcc-${SPECS_GCC_VER}-default-specs-${SPECS_VER}.tar.bz2

176

fi

177

178

 	want_boundschecking && \

179

@@ -2143,13 +2198,13 @@

180

 		# adds default pie support (rs6000 too) if DEFAULT_PIE[_SSP] is defined

181

 		EPATCH_MULTI_MSG="Applying default pie patches ..." \

182

 		epatch "${WORKDIR}"/piepatch/def

183

-	fi

184

185

-	# we want to be able to control the pie patch logic via something other

186

-	# than ALL_CFLAGS...

187

-	sed -e '/^ALL_CFLAGS/iHARD_CFLAGS = ' \

188

-		-e 's|^ALL_CFLAGS = |ALL_CFLAGS = $(HARD_CFLAGS) |' \

189

-		-i "${S}"/gcc/Makefile.in

190

+		# we want to be able to control the pie patch logic via something other

191

+		# than ALL_CFLAGS...

192

+		sed -e '/^ALL_CFLAGS/iHARD_CFLAGS = ' \

193

+			-e 's|^ALL_CFLAGS = |ALL_CFLAGS = $(HARD_CFLAGS) |' \

194

+			-i "${S}"/gcc/Makefile.in

195

+	fi

196

197

 	BRANDING_GCC_PKGVERSION="${BRANDING_GCC_PKGVERSION}, pie-${PIE_VER}"

198

}

1	solar 08/12/29 02:24:19
2
3	Modified: toolchain.eclass
4	Log:
5	- import gcc:4 pie support towards hardened-gcc. (many thanks to Zorry for putting up with all my crazy requirements)
6
7	Revision Changes Path
8	1.369 eclass/toolchain.eclass
9
10	file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/eclass/toolchain.eclass?rev=1.369&view=markup
11	plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/eclass/toolchain.eclass?rev=1.369&content-type=text/plain
12	diff : http://sources.gentoo.org/viewcvs.py/gentoo-x86/eclass/toolchain.eclass?r1=1.368&r2=1.369
13
14	Index: toolchain.eclass
15	===================================================================
16	RCS file: /var/cvsroot/gentoo-x86/eclass/toolchain.eclass,v
17	retrieving revision 1.368
18	retrieving revision 1.369
19	diff -u -r1.368 -r1.369
20	--- toolchain.eclass 22 Dec 2008 18:53:47 -0000 1.368
21	+++ toolchain.eclass 29 Dec 2008 02:24:18 -0000 1.369
22	@@ -1,6 +1,6 @@
23	# Copyright 1999-2008 Gentoo Foundation
24	# Distributed under the terms of the GNU General Public License v2
25	-# $Header: /var/cvsroot/gentoo-x86/eclass/toolchain.eclass,v 1.368 2008/12/22 18:53:47 solar Exp $
26	+# $Header: /var/cvsroot/gentoo-x86/eclass/toolchain.eclass,v 1.369 2008/12/29 02:24:18 solar Exp $
27	#
28	# Maintainer: Toolchain Ninjas <toolchain@g.o>
29
30	@@ -236,6 +236,10 @@
31	# old syntax (do not define PIE_CORE anymore):
32	# PIE_CORE="gcc-3.4.0-piepatches-v${PIE_VER}.tar.bz2"
33	#
34	+# SPECS_VER
35	+# SPECS_GCC_VER
36	+# This is for the minispecs files included in the hardened gcc-4.x
37	+#
38	# PP_VER
39	# PP_GCC_VER
40	# obsoleted: PP_FVER
41	@@ -280,6 +284,7 @@
42	export PIE_GCC_VER=${PIE_GCC_VER:-${GCC_RELEASE_VER}}
43	export PP_GCC_VER=${PP_GCC_VER:-${GCC_RELEASE_VER}}
44	export HTB_GCC_VER=${HTB_GCC_VER:-${GCC_RELEASE_VER}}
45	+ export SPECS_GCC_VER=${SPECS_GCC_VER:-${GCC_RELEASE_VER}}
46
47	[[ -n ${PIE_VER} ]] && \
48	PIE_CORE=${PIE_CORE:-gcc-${PIE_GCC_VER}-piepatches-v${PIE_VER}.tar.bz2}
49	@@ -327,6 +332,10 @@
50	[[ -n ${PIE_VER} ]] && \
51	GCC_SRC_URI="${GCC_SRC_URI} !nopie? ( $(gentoo_urls ${PIE_CORE}) )"
52
53	+ # gcc minispec for the hardened gcc 4 compiler
54	+ [[ -n ${SPECS_VER} ]] && \
55	+ GCC_SRC_URI="${GCC_SRC_URI} !nopie? ( $(gentoo_urls gcc-${SPECS_GCC_VER}-default-specs-${SPECS_VER}.tar.bz2) )"
56	+
57	# gcc bounds checking patch
58	if [[ -n ${HTB_VER} ]] ; then
59	local HTBFILE="bounds-checking-gcc-${HTB_GCC_VER}-${HTB_VER}.patch.bz2"
60	@@ -483,7 +492,16 @@
61	want_split_specs() {
62	[[ ${SPLIT_SPECS} == "true" ]] && want_pie
63	}
64	-
65	+want_minispecs() {
66	+ if tc_version_is_at_least 4.3.2 && use hardened ; then
67	+ if [[ -n ${SPECS_VER} ]] ; then
68	+ return 0
69	+ else
70	+ die "For Hardend to work you need the minispecs files"
71	+ fi
72	+ fi
73	+ return 1
74	+}
75	# This function checks whether or not glibc has the support required to build
76	# Position Independant Executables with gcc.
77	glibc_have_pie() {
78	@@ -685,7 +703,29 @@
79	# Set which specs file to use
80	[[ -n ${gcc_specs_file} ]] && echo "GCC_SPECS=\"${gcc_specs_file}\"" >> ${gcc_envd_file}
81	}
82	-
83	+setup_minispecs_gcc_build_specs() {
84	+ # Setup the "build.specs" file for gcc to use when building.
85	+ if want_minispecs ; then
86	+ if hardened_gcc_works pie ; then
87	+ cat "${WORKDIR}"/specs/pie.specs >> "${WORKDIR}"/build.specs
88	+ fi
89	+ for s in nostrict znow zrelro; do
90	+ cat "${WORKDIR}"/specs/${s}.specs >> "${WORKDIR}"/build.specs
91	+ done
92	+ export GCC_SPECS="${WORKDIR}"/build.specs
93	+ fi
94	+}
95	+copy_minispecs_gcc_specs() {
96	+ # Build system specs file which, if it exists, must be a complete set of
97	+ # specs as it completely and unconditionally overrides the builtin specs.
98	+ # For gcc 4
99	+ if use hardened && want_minispecs ; then
100	+ $(XGCC) -dumpspecs > "${WORKDIR}"/specs/specs
101	+ cat "${WORKDIR}"/build.specs >> "${WORKDIR}"/specs/specs
102	+ insinto ${LIBPATH}
103	+ doins "${WORKDIR}"/specs/* \|\| die "failed to install specs"
104	+ fi
105	+}
106	add_profile_eselect_conf() {
107	local compiler_config_file=$1
108	local abi=$2
109	@@ -961,7 +1001,7 @@
110	# the necessary support
111	want_pie && use hardened && glibc_have_pie
112
113	- if use hardened ; then
114	+ if use hardened && !want_minispecs ; then
115	einfo "updating configuration to build hardened GCC"
116	make_gcc_hard \|\| die "failed to make gcc hard"
117	fi
118	@@ -1585,6 +1625,9 @@
119	einfo "CFLAGS=\"${CFLAGS}\""
120	einfo "CXXFLAGS=\"${CXXFLAGS}\""
121
122	+ # For hardened gcc 4 for build the hardened specs file to use when building gcc
123	+ setup_minispecs_gcc_build_specs
124	+
125	# Build in a separate build tree
126	mkdir -p "${WORKDIR}"/build
127	pushd "${WORKDIR}"/build > /dev/null
128	@@ -1607,7 +1650,7 @@
129
130	# Do not create multiple specs files for PIE+SSP if boundschecking is in
131	# USE, as we disable PIE+SSP when it is.
132	- if [[ ${ETYPE} == "gcc-compiler" ]] && want_split_specs ; then
133	+ if [[ ${ETYPE} == "gcc-compiler" ]] && want_split_specs && !want_minispecs; then
134	split_out_specs_files \|\| die "failed to split out specs"
135	fi
136
137	@@ -1711,7 +1754,13 @@
138	insinto ${LIBPATH}
139	doins "${WORKDIR}"/build/*.specs \|\| die "failed to install specs"
140	fi
141	-
142	+ # Setup the gcc_env_entry for hardened gcc 4 with minispecs
143	+ if want_minispecs ; then
144	+ if hardened_gcc_works pie ; then
145	+ create_gcc_env_entry hardenednopie
146	+ fi
147	+ create_gcc_env_entry vanilla
148	+ fi
149	# Make sure we dont have stuff lying around that
150	# can nuke multiple versions of gcc
151	cd "${D}"${LIBPATH}
152	@@ -1839,6 +1888,9 @@
153
154	# Create config files for eselect-compiler
155	create_eselect_conf
156	+
157	+ # Cpoy the needed minispec for hardened gcc 4
158	+ copy_minispecs_gcc_specs
159	}
160
161	# Move around the libs to the right location. For some reason,
162	@@ -1909,6 +1961,7 @@
163	export PIE_GCC_VER=${PIE_GCC_VER:-${GCC_RELEASE_VER}}
164	export PP_GCC_VER=${PP_GCC_VER:-${GCC_RELEASE_VER}}
165	export HTB_GCC_VER=${HTB_GCC_VER:-${GCC_RELEASE_VER}}
166	+ export SPECS_GCC_VER=${SPECS_GCC_VER:-${GCC_RELEASE_VER}}
167
168	if [[ -n ${GCC_A_FAKEIT} ]] ; then
169	unpack ${GCC_A_FAKEIT}
170	@@ -1964,6 +2017,8 @@
171	else
172	unpack gcc-${PIE_GCC_VER}-piepatches-v${PIE_VER}.tar.bz2
173	fi
174	+ [[ -n ${SPECS_VER} ]] && \
175	+ unpack gcc-${SPECS_GCC_VER}-default-specs-${SPECS_VER}.tar.bz2
176	fi
177
178	want_boundschecking && \
179	@@ -2143,13 +2198,13 @@
180	# adds default pie support (rs6000 too) if DEFAULT_PIE[_SSP] is defined
181	EPATCH_MULTI_MSG="Applying default pie patches ..." \
182	epatch "${WORKDIR}"/piepatch/def
183	- fi
184
185	- # we want to be able to control the pie patch logic via something other
186	- # than ALL_CFLAGS...
187	- sed -e '/^ALL_CFLAGS/iHARD_CFLAGS = ' \
188	- -e 's\|^ALL_CFLAGS = \|ALL_CFLAGS = $(HARD_CFLAGS) \|' \
189	- -i "${S}"/gcc/Makefile.in
190	+ # we want to be able to control the pie patch logic via something other
191	+ # than ALL_CFLAGS...
192	+ sed -e '/^ALL_CFLAGS/iHARD_CFLAGS = ' \
193	+ -e 's\|^ALL_CFLAGS = \|ALL_CFLAGS = $(HARD_CFLAGS) \|' \
194	+ -i "${S}"/gcc/Makefile.in
195	+ fi
196
197	BRANDING_GCC_PKGVERSION="${BRANDING_GCC_PKGVERSION}, pie-${PIE_VER}"
198	}

Gentoo Archives: gentoo-commits