1 |
After I posted this we continued to do heavy development, there are more |
2 |
cases to work out (-yet_exec -yno_propolice are not supported by a stock |
3 |
Gentoo GCC using ssp/pie in CFLAGS). Feel free to join in our discussion |
4 |
or pitch in, otherwise we'll keep hacking on this.. |
5 |
|
6 |
On Fri, 2004-04-02 at 23:13 -0500, Brandon Hale wrote: |
7 |
|
8 |
> Today swtaylor and I took our best stab at flag-o-matic.eclass wrt |
9 |
> PIE/SSP. Currently, most of the functionality is based on hardened-gcc, |
10 |
> and is less than flexibile today. Pappy has an updated version on |
11 |
> dev.g.o, but this one only accounts for the new "pappy gcc". See |
12 |
> http://dev.gentoo.org/~pappy/tmp/flag-o-matic.eclass for pappy's |
13 |
> approach. |
14 |
> |
15 |
> What Scott and I came up with are entirely new functions in flag-o-matic |
16 |
> to use as triggers in ebuilds rather than the old "has_version |
17 |
> sys-devel/hardened-gcc", which is clearly invalid now. |
18 |
> http://dev.gentoo.org/~tseng/pax/flag-o-matic-has-pie_ssp.patch is what |
19 |
> we've come up with, and accounts for all PIE/SSP possibilities today, |
20 |
> namely CFLAGS, hardened-gcc, and pappy gcc. Note that has_pic and |
21 |
> has_pie currently take the same action, but where both added in the case |
22 |
> that differing functionality is needed at some point. Please examine our |
23 |
> logic, test, or propose any alternative approaches. |
24 |
> |
25 |
> TIA. |
26 |
> |
27 |
> -- |
28 |
> Brandon Hale |
29 |
> Co-lead, Gentoo Desktop |
30 |
> Hardened Gentoo |
31 |
|
32 |
-- |
33 |
Brandon Hale |
34 |
Co-lead, Gentoo Desktop |
35 |
Hardened Gentoo |