| 1 |
Today swtaylor and I took our best stab at flag-o-matic.eclass wrt |
| 2 |
PIE/SSP. Currently, most of the functionality is based on hardened-gcc, |
| 3 |
and is less than flexibile today. Pappy has an updated version on |
| 4 |
dev.g.o, but this one only accounts for the new "pappy gcc". See |
| 5 |
http://dev.gentoo.org/~pappy/tmp/flag-o-matic.eclass for pappy's |
| 6 |
approach. |
| 7 |
|
| 8 |
What Scott and I came up with are entirely new functions in flag-o-matic |
| 9 |
to use as triggers in ebuilds rather than the old "has_version |
| 10 |
sys-devel/hardened-gcc", which is clearly invalid now. |
| 11 |
http://dev.gentoo.org/~tseng/pax/flag-o-matic-has-pie_ssp.patch is what |
| 12 |
we've come up with, and accounts for all PIE/SSP possibilities today, |
| 13 |
namely CFLAGS, hardened-gcc, and pappy gcc. Note that has_pic and |
| 14 |
has_pie currently take the same action, but where both added in the case |
| 15 |
that differing functionality is needed at some point. Please examine our |
| 16 |
logic, test, or propose any alternative approaches. |
| 17 |
|
| 18 |
TIA. |
| 19 |
|
| 20 |
-- |
| 21 |
Brandon Hale |
| 22 |
Co-lead, Gentoo Desktop |
| 23 |
Hardened Gentoo |
Archives