Commit graph

10 commits

Author SHA1 Message Date
Leah Neukirchen
6b81302e38 environment/configure/hardening.sh: enable -fstack-clash-protection
This flag will make GCC 8 touch all space allocated using alloca(3)
and thus detect code jumping over the "stack gap".
2019-01-11 16:20:18 +01:00
Jürgen Buchmüller
b55932255d configure/hardening.sh: use PIE and SSP by default, drop -specs hacks. 2017-11-02 15:57:31 +01:00
Juan RP
882f23cf98 env/hardening: fix hardening on MIPS.
Thanks to @chneukirchen for finding the correct solution:

gcc sets -mno-shared by default when compiling non-PIC, and because
we are overriding the builtin specs, this internal rule set for gnu/mips
does not trigger:

gcc/config/mips/gnu-user.h:/* Default to -mno-shared for non-PIC.  */
gcc/config/mips/gnu-user.h:  " %{mshared|mno-shared|fpic|fPIC|fpie|fPIE:;:-mno-shared}"

So that we now use a specific specs file just for mips that sets -mshared for PIC.

This fixes building packages with hardening enabled for MIPS.
2016-04-27 15:01:40 +02:00
Juan RP
7e117fb96d env/hardening: reenable hardening for MIPS.
I just booted a full PIE base-system successfully on my CI20 Creator.

For now we set -fPIE again in C{,XX}FLAGS to fix the build in attr/acl/coreutils, etc.
2016-04-27 12:47:56 +02:00
Juan RP
d55d16482d env/hardening: disable PIE generally for MIPS.
PIE is currently broken in MIPS.
2016-04-26 09:41:28 +02:00
Juan RP
3a40219469 env/hardening: fix inverted nopie setting on mips*-musl. 2015-12-12 08:36:51 +01:00
Juan RP
b53ac251ea env/hardening: handle {i686,mips,mipsel}-musl in a common place. 2015-12-12 08:32:38 +01:00
Christian Neukirchen
5745ea5b82 configure/hardening.sh: disable hardening on mipsel-musl. 2015-11-27 18:29:19 +01:00
Juan RP
744acd0308 xbps-src: env/hardening: make sure to put pkg overrides at the end. 2015-11-17 17:24:54 +01:00
Juan RP
784f75931d xbps-src: move compiler/linker defaults to env/hardening.sh.
The user can still set his/her defaults via etc/conf, and per
package in the templates.
2015-11-17 17:13:12 +01:00