1 |
Today swtaylor and I took our best stab at flag-o-matic.eclass wrt |
2 |
PIE/SSP. Currently, most of the functionality is based on hardened-gcc, |
3 |
and is less than flexibile today. Pappy has an updated version on |
4 |
dev.g.o, but this one only accounts for the new "pappy gcc". See |
5 |
http://dev.gentoo.org/~pappy/tmp/flag-o-matic.eclass for pappy's |
6 |
approach. |
7 |
|
8 |
What Scott and I came up with are entirely new functions in flag-o-matic |
9 |
to use as triggers in ebuilds rather than the old "has_version |
10 |
sys-devel/hardened-gcc", which is clearly invalid now. |
11 |
http://dev.gentoo.org/~tseng/pax/flag-o-matic-has-pie_ssp.patch is what |
12 |
we've come up with, and accounts for all PIE/SSP possibilities today, |
13 |
namely CFLAGS, hardened-gcc, and pappy gcc. Note that has_pic and |
14 |
has_pie currently take the same action, but where both added in the case |
15 |
that differing functionality is needed at some point. Please examine our |
16 |
logic, test, or propose any alternative approaches. |
17 |
|
18 |
TIA. |
19 |
|
20 |
-- |
21 |
Brandon Hale |
22 |
Co-lead, Gentoo Desktop |
23 |
Hardened Gentoo |