| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA1 |
| 3 |
|
| 4 |
Travis Tilley wrote: |
| 5 |
| ...ok, once again not really, but i cant use that trick to get people's |
| 6 |
| attention after today so i figured i might as well use it twice. :) |
| 7 |
| |
| 8 |
| recent gcc ebuilds have been patched to recognise an environment |
| 9 |
| variable, GCC_SPECS, that sets which specs-file should be used. the gcc |
| 10 |
| 3.4.2-r2 ebuild also builds both hardened and non-hardened specs files |
| 11 |
| for all users (though it doesnt make hardened the default specs file for |
| 12 |
| non-hardened users). |
| 13 |
| |
| 14 |
| so, what does this mean? it means that everyone can now assist in fixing |
| 15 |
| hardened toolchain related bugs in the packages they maintain without |
| 16 |
| having to recompile gcc to get a hardened toolchain up. good stuff, eh? :) |
| 17 |
| |
| 18 |
| |
| 19 |
| ayanami root # gcc main.c -o main ; file main |
| 20 |
| main: ELF 64-bit LSB executable, AMD x86-64, version 1 (SYSV), for |
| 21 |
| GNU/Linux 2.4.1, dynamically linked (uses shared libs), not stripped |
| 22 |
| |
| 23 |
| ayanami root # export |
| 24 |
| GCC_SPECS=/usr/lib/gcc/x86_64-pc-linux-gnu/3.4.2/hardened.specs |
| 25 |
| |
| 26 |
| ayanami root # gcc main.c -o main ; file main |
| 27 |
| main: ELF 64-bit LSB shared object, AMD x86-64, version 1 (SYSV), not |
| 28 |
| stripped |
| 29 |
| |
| 30 |
| |
| 31 |
| so now, for anyone interested, helping with hardened now requires the |
| 32 |
| absolute minimum effort possible and shouldnt be a pain for devs who |
| 33 |
| dont want to have a full hardened install. go team! *high-fives Rob |
| 34 |
| Holland for writing the patch* |
| 35 |
| |
| 36 |
| patched ebuilds: |
| 37 |
| gcc-3.3.4-r2 |
| 38 |
| gcc-3.4.1-r3 |
| 39 |
| gcc-3.4.2-r2 |
| 40 |
| |
| 41 |
| |
| 42 |
| Travis Tilley |
| 43 |
| Gentoo/AMD64 |
| 44 |
| |
| 45 |
| -- |
| 46 |
| gentoo-dev@g.o mailing list |
| 47 |
| |
| 48 |
| |
| 49 |
| |
| 50 |
let's add support for this switching into gcc-config and that way people |
| 51 |
won't have to remember the full path to the spec file... it'd know it |
| 52 |
based on the profile info. |
| 53 |
|
| 54 |
- -- |
| 55 |
Doug Goldstein |
| 56 |
http://dev.gentoo.org/~cardoe |
| 57 |
|
| 58 |
Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x179106D0 |
| 59 |
Key fingerprint = 7001 5FBF BACE 9E66 3A1C 55E0 161C FF5C 1791 06D0 |
| 60 |
|
| 61 |
-----BEGIN PGP SIGNATURE----- |
| 62 |
Version: GnuPG v1.2.6 (GNU/Linux) |
| 63 |
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org |
| 64 |
|
| 65 |
iD8DBQFBXgveFhz/XBeRBtARAjn0AJ4wj1dH4XN23npP8BmsRMSfpJiPtgCfe4Pt |
| 66 |
cqzx5S4OwwR87Rh6FI0BAbc= |
| 67 |
=AE8D |
| 68 |
-----END PGP SIGNATURE----- |
| 69 |
|
| 70 |
-- |
| 71 |
gentoo-dev@g.o mailing list |
Archives