| 1 |
After I posted this we continued to do heavy development, there are more |
| 2 |
cases to work out (-yet_exec -yno_propolice are not supported by a stock |
| 3 |
Gentoo GCC using ssp/pie in CFLAGS). Feel free to join in our discussion |
| 4 |
or pitch in, otherwise we'll keep hacking on this.. |
| 5 |
|
| 6 |
On Fri, 2004-04-02 at 23:13 -0500, Brandon Hale wrote: |
| 7 |
|
| 8 |
> Today swtaylor and I took our best stab at flag-o-matic.eclass wrt |
| 9 |
> PIE/SSP. Currently, most of the functionality is based on hardened-gcc, |
| 10 |
> and is less than flexibile today. Pappy has an updated version on |
| 11 |
> dev.g.o, but this one only accounts for the new "pappy gcc". See |
| 12 |
> http://dev.gentoo.org/~pappy/tmp/flag-o-matic.eclass for pappy's |
| 13 |
> approach. |
| 14 |
> |
| 15 |
> What Scott and I came up with are entirely new functions in flag-o-matic |
| 16 |
> to use as triggers in ebuilds rather than the old "has_version |
| 17 |
> sys-devel/hardened-gcc", which is clearly invalid now. |
| 18 |
> http://dev.gentoo.org/~tseng/pax/flag-o-matic-has-pie_ssp.patch is what |
| 19 |
> we've come up with, and accounts for all PIE/SSP possibilities today, |
| 20 |
> namely CFLAGS, hardened-gcc, and pappy gcc. Note that has_pic and |
| 21 |
> has_pie currently take the same action, but where both added in the case |
| 22 |
> that differing functionality is needed at some point. Please examine our |
| 23 |
> logic, test, or propose any alternative approaches. |
| 24 |
> |
| 25 |
> TIA. |
| 26 |
> |
| 27 |
> -- |
| 28 |
> Brandon Hale |
| 29 |
> Co-lead, Gentoo Desktop |
| 30 |
> Hardened Gentoo |
| 31 |
|
| 32 |
-- |
| 33 |
Brandon Hale |
| 34 |
Co-lead, Gentoo Desktop |
| 35 |
Hardened Gentoo |
Archives