diff options
| author |   Kevin F. Quinn <kevquinn@gentoo.org> | 2007-02-13 09:29:12 +0000 |
|---|---|---|
| committer | Kevin F. Quinn <kevquinn@gentoo.org> | 2007-02-13 09:29:12 +0000 |
| commit | 4867d2240882f502d84070a2ecc7e370f022e96c (patch) | |
| tree | e8ec57d58a2429b853d3f862db2e11d5298858e3 | |
| parent | More comments on mutex failures (diff) | |
| download | kevquinn-4867d2240882f502d84070a2ecc7e370f022e96c.tar.gz kevquinn-4867d2240882f502d84070a2ecc7e370f022e96c.tar.bz2 kevquinn-4867d2240882f502d84070a2ecc7e370f022e96c.zip | |
Improve dependency management; build new crtbeginTS.o also when USE=-hardened, so that
switching to gcc/hardened on a normal machine gives a compiler that works (for static-PIE).
svn path=/; revision=177
9 files changed, 95 insertions, 44 deletions
diff --git a/hardened/toolchain/branches/pieworld/eclass/flag-o-matic.eclass b/hardened/toolchain/branches/pieworld/eclass/flag-o-matic.eclass index 64fc778..7be1a01 100644 --- a/hardened/toolchain/branches/pieworld/eclass/flag-o-matic.eclass +++ b/hardened/toolchain/branches/pieworld/eclass/flag-o-matic.eclass @@ -127,8 +127,10 @@ _manage-hardened() { if gcc-specs-exists $newspec; then [[ -z ${GCC_SPECS} ]] || newspec=":${newspec}" export GCC_SPECS="${GCC_SPECS}${newspec}" + einfo "Hardened compiler filtered $2 - GCC_SPECS set to ${GCC_SPECS}" else _raw_append_flag $2 + einfo "Hardened compiler filtered $2 - CFLAGS set to ${CFLAGS}" fi } diff --git a/hardened/toolchain/branches/pieworld/eclass/toolchain-funcs.eclass b/hardened/toolchain/branches/pieworld/eclass/toolchain-funcs.eclass index c098b24..ec0c06b 100644 --- a/hardened/toolchain/branches/pieworld/eclass/toolchain-funcs.eclass +++ b/hardened/toolchain/branches/pieworld/eclass/toolchain-funcs.eclass @@ -153,6 +153,15 @@ tc-arch() { tc-ninja_magic_to_arch portage $@ } +# Returns the version number, n.m... +ld-fullversion() { + $(tc-getLD "$@") -v | grep version | sed -e 's/^.*version //' +} +# Returns the <major>.<minor> version +ld-version() { + ld-fullversion "$@" | cut -f1,2 -d. +} + # Returns the version as by `$CC -dumpversion` gcc-fullversion() { $(tc-getCC "$@") -dumpversion diff --git a/hardened/toolchain/branches/pieworld/pieworld.README b/hardened/toolchain/branches/pieworld/pieworld.README index a4899a3..99cd2e2 100644 --- a/hardened/toolchain/branches/pieworld/pieworld.README +++ b/hardened/toolchain/branches/pieworld/pieworld.README @@ -228,6 +228,10 @@ Things to work out: it has aborted, which it shouldn't have done. The reason the assertion has failed is the 'oldval ^ 0x40000000' bit, which is FUTEX_OWNER_DIED. This is consistent with the child process aborting, instead of going to an idle state waiting to be cleaned up when the parent finishes. + + Now I've repeated, always getting these failures on a non-hardened kernel, when built with gcc/vanilla + on both hardened and non-hardened kernels. Yet I don't get them on my athlon-xp machine. + Investigation ongoing... 2) Why x86 passes elf/tst-tls{1,2}-static when all other arches fail it diff --git a/hardened/toolchain/branches/pieworld/sys-devel/gcc/Manifest b/hardened/toolchain/branches/pieworld/sys-devel/gcc/Manifest index a4d6f70..2db6e07 100644 --- a/hardened/toolchain/branches/pieworld/sys-devel/gcc/Manifest +++ b/hardened/toolchain/branches/pieworld/sys-devel/gcc/Manifest @@ -54,10 +54,14 @@ AUX 4.1.0/gcc-4.1.0-fast-math-i386-Os-workaround.patch 1686 RMD160 420e02e85e261 MD5 ab66a2c85bc3324fe4f0729927f63072 files/4.1.0/gcc-4.1.0-fast-math-i386-Os-workaround.patch 1686 RMD160 420e02e85e261759154daf5e3c149344be57af76 files/4.1.0/gcc-4.1.0-fast-math-i386-Os-workaround.patch 1686 SHA256 7547293b945808f63b70aafed644a43c99e19f82aaf1d2f2df8502d87ab3f01d files/4.1.0/gcc-4.1.0-fast-math-i386-Os-workaround.patch 1686 -AUX 4.1.1/gcc-4.1.1-nopie-crtstuff.patch 3175 RMD160 6fb7284e92d0ad45e4c7893ee03a6ccd53b5fcf9 SHA1 26ac6aaf342d89ecd36046b0cb372746aed27c97 SHA256 4fd4a0ff57e538bd08907b02474e14bdfb2d6653b2bd972b6c497d69fab5bea7 -MD5 1b6432af4fa17d57f50d7c2b56d21457 files/4.1.1/gcc-4.1.1-nopie-crtstuff.patch 3175 -RMD160 6fb7284e92d0ad45e4c7893ee03a6ccd53b5fcf9 files/4.1.1/gcc-4.1.1-nopie-crtstuff.patch 3175 -SHA256 4fd4a0ff57e538bd08907b02474e14bdfb2d6653b2bd972b6c497d69fab5bea7 files/4.1.1/gcc-4.1.1-nopie-crtstuff.patch 3175 +AUX 4.1.1/gcc-4.1.1-crtbeginTS.patch 1293 RMD160 4e56be277d3e40320c36667f30b8fc3a74b9090c SHA1 a715920107a2ed8547af4afd47366f734f9afc17 SHA256 3c825362838b0cc6bddb49054aee3b0f0b77b0fd3f95dfea9eabcb0f561f1961 +MD5 50656aaa92e4c3a7ce9a24df7b5a0246 files/4.1.1/gcc-4.1.1-crtbeginTS.patch 1293 +RMD160 4e56be277d3e40320c36667f30b8fc3a74b9090c files/4.1.1/gcc-4.1.1-crtbeginTS.patch 1293 +SHA256 3c825362838b0cc6bddb49054aee3b0f0b77b0fd3f95dfea9eabcb0f561f1961 files/4.1.1/gcc-4.1.1-crtbeginTS.patch 1293 +AUX 4.1.1/gcc-4.1.1-nopie-crtstuff.patch 2592 RMD160 86d7164aa29cc78f778a8459fd3dbe96e906e181 SHA1 88b8935d98755355162deaf64fb7e6c432fc7335 SHA256 5a507c94691e185abb2afdf068a4def49451d384735a4c7711176ecfc7d9de91 +MD5 b5e9f0b77badc87920fa780f986c2e5c files/4.1.1/gcc-4.1.1-nopie-crtstuff.patch 2592 +RMD160 86d7164aa29cc78f778a8459fd3dbe96e906e181 files/4.1.1/gcc-4.1.1-nopie-crtstuff.patch 2592 +SHA256 5a507c94691e185abb2afdf068a4def49451d384735a4c7711176ecfc7d9de91 files/4.1.1/gcc-4.1.1-nopie-crtstuff.patch 2592 AUX awk/fixlafiles.awk 7865 RMD160 6283a91bfa309a91f46cbff3c1c4f0d848312ba4 SHA1 0bd923243492496eceb8ec1407ed9f4ac5ad8c1a SHA256 9fccd7f4ee7170a8f05d21777974efc3f23072f501cb7d2a8e9eeea15e541249 MD5 fed3620378df7a876d6709ddf3f7bbec files/awk/fixlafiles.awk 7865 RMD160 6283a91bfa309a91f46cbff3c1c4f0d848312ba4 files/awk/fixlafiles.awk 7865 @@ -156,14 +160,10 @@ EBUILD gcc-3.4.6-r3.ebuild 5025 RMD160 2058cb7bcf3a63d0676584cae76081161d03ea2e MD5 e7e1819986cf0ecdffbb5f1f59ba6b16 gcc-3.4.6-r3.ebuild 5025 RMD160 2058cb7bcf3a63d0676584cae76081161d03ea2e gcc-3.4.6-r3.ebuild 5025 SHA256 51a5e8aa4e23fea87d17508638016a7651961d4bffd0cd15335f1ce493c206e3 gcc-3.4.6-r3.ebuild 5025 -EBUILD gcc-4.1.1-r3.ebuild 3238 RMD160 61bc5ef31f71504832e32aee2fd4e02da7d30989 SHA1 cf3628356d67bdce912786adc316753f895eed68 SHA256 4a3a3fbefd894613d7dfb695c26d39ddf668f0c4347b6e309e6d1612f3821ffb -MD5 214dc0b70981d25fcd4c1cf01acde246 gcc-4.1.1-r3.ebuild 3238 -RMD160 61bc5ef31f71504832e32aee2fd4e02da7d30989 gcc-4.1.1-r3.ebuild 3238 -SHA256 4a3a3fbefd894613d7dfb695c26d39ddf668f0c4347b6e309e6d1612f3821ffb gcc-4.1.1-r3.ebuild 3238 -MISC gcc-4.1.1-r3.ebuild.orig 3240 RMD160 d1d508b81b57f31a4e3b4e5e121347fba664fdd5 SHA1 3214ed339c180b6ca0369000c28cbf3bede48db6 SHA256 60cb092602bd71e98f35ce5adcf3ae3de9c6146513dc4946550da0cebd43b513 -MD5 f7c3b04e407eaba0b68184e67dc39df6 gcc-4.1.1-r3.ebuild.orig 3240 -RMD160 d1d508b81b57f31a4e3b4e5e121347fba664fdd5 gcc-4.1.1-r3.ebuild.orig 3240 -SHA256 60cb092602bd71e98f35ce5adcf3ae3de9c6146513dc4946550da0cebd43b513 gcc-4.1.1-r3.ebuild.orig 3240 +EBUILD gcc-4.1.1-r3.ebuild 3621 RMD160 89b6af828756386a83d91dd9fff437164e0a044a SHA1 615ad86cb053461bcfe9bf585e155dbc1cf7d189 SHA256 8d58b105231eda32e561f0a1fc5df4ff19699d00cf22cd2d2ceef93a49810622 +MD5 f4bee87dc3a8e94cdea5f90934b381fe gcc-4.1.1-r3.ebuild 3621 +RMD160 89b6af828756386a83d91dd9fff437164e0a044a gcc-4.1.1-r3.ebuild 3621 +SHA256 8d58b105231eda32e561f0a1fc5df4ff19699d00cf22cd2d2ceef93a49810622 gcc-4.1.1-r3.ebuild 3621 MD5 f2ae42150d118fee847851b13498c67d files/digest-gcc-3.4.6-r3 1623 RMD160 61cd90be115485be70bc0c6511848949fd86e3ff files/digest-gcc-3.4.6-r3 1623 SHA256 fb9bc05b7f310a0ce63c7538d07315a3432bced82fc26c656e9ec0d843df2468 files/digest-gcc-3.4.6-r3 1623 diff --git a/hardened/toolchain/branches/pieworld/sys-devel/gcc/files/4.1.1/gcc-4.1.1-crtbeginTS.patch b/hardened/toolchain/branches/pieworld/sys-devel/gcc/files/4.1.1/gcc-4.1.1-crtbeginTS.patch new file mode 100644 index 0000000..c06abab --- /dev/null +++ b/hardened/toolchain/branches/pieworld/sys-devel/gcc/files/4.1.1/gcc-4.1.1-crtbeginTS.patch @@ -0,0 +1,30 @@ + Build a new file, crtbeginTS.o, for linking in "static PIEs". + Kevin F. Quinn <kevquinn@gentoo.org> 12 Feb 2007 + +--- gcc/Makefile.in.orig 2007-01-30 20:12:09.000000000 +0100 ++++ gcc/Makefile.in 2007-01-30 20:13:48.000000000 +0100 +@@ -1447,6 +1447,13 @@ + -c $(srcdir)/crtstuff.c -DCRT_BEGIN -DCRTSTUFFT_O \ + -o $(T)crtbeginT$(objext) + ++# This is a version of crtbegin for -static -fPIE links. ++$(T)crtbeginTS.o: crtstuff.c $(GCC_PASSES) $(TCONFIG_H) auto-host.h \ ++ gbl-ctors.h stmp-int-hdrs tsystem.h coretypes.h $(TM_H) ++ $(GCC_FOR_TARGET) $(CRTSTUFF_CFLAGS) $(CRTSTUFF_T_CFLAGS_S) \ ++ -c $(srcdir)/crtstuff.c -DCRT_BEGIN -DCRTSTUFFT_O -DCRTSTUFFS_O \ ++ -o $(T)crtbeginTS$(objext) ++ + # Compile the start modules crt0.o and mcrt0.o that are linked with + # every program + crt0.o: s-crt0 ; @true +--- gcc/config.gcc.orig 2007-01-30 20:12:35.000000000 +0100 ++++ gcc/config.gcc 2007-01-30 20:12:53.000000000 +0100 +@@ -445,7 +445,7 @@ + ;; + *-*-linux* | frv-*-*linux* | *-*-kfreebsd*-gnu | *-*-knetbsd*-gnu) + # Must come before *-*-gnu* (because of *-*-linux-gnu* systems). +- extra_parts="crtbegin.o crtbeginS.o crtbeginT.o crtend.o crtendS.o" ++ extra_parts="crtbegin.o crtbeginS.o crtbeginT.o crtbeginTS.o crtend.o crtendS.o" + gas=yes + gnu_ld=yes + case ${enable_threads} in diff --git a/hardened/toolchain/branches/pieworld/sys-devel/gcc/files/4.1.1/gcc-4.1.1-nopie-crtstuff.patch b/hardened/toolchain/branches/pieworld/sys-devel/gcc/files/4.1.1/gcc-4.1.1-nopie-crtstuff.patch index 663a256..707f70e 100644 --- a/hardened/toolchain/branches/pieworld/sys-devel/gcc/files/4.1.1/gcc-4.1.1-nopie-crtstuff.patch +++ b/hardened/toolchain/branches/pieworld/sys-devel/gcc/files/4.1.1/gcc-4.1.1-nopie-crtstuff.patch @@ -1,11 +1,10 @@ Ensure that crtbegin.o/crtend.o/crtbeginT.o are built -fno-PIE, and - crtbeginS.o/crtendS.o are built -fPIC. Build a new file, crtbeginTS.o, - for linking in "static PIEs". - Kevin F. Quinn <kevquinn@gentoo.org> 30 Jan 2007 + crtbeginS.o/crtendS.o/crtbeginTS.o are built -fPIC. + Kevin F. Quinn <kevquinn@gentoo.org> 12 Feb 2007 --- gcc/Makefile.in.orig 2007-01-30 20:12:09.000000000 +0100 +++ gcc/Makefile.in 2007-01-30 20:13:48.000000000 +0100 -@@ -1417,36 +1417,43 @@ +@@ -1417,40 +1417,40 @@ # constructors. $(T)crtbegin.o: crtstuff.c $(GCC_PASSES) $(TCONFIG_H) auto-host.h \ gbl-ctors.h stmp-int-hdrs tsystem.h coretypes.h $(TM_H) @@ -44,24 +43,11 @@ -c $(srcdir)/crtstuff.c -DCRT_BEGIN -DCRTSTUFFT_O \ -o $(T)crtbeginT$(objext) -+# This is a version of crtbegin for -static -fPIE links. -+$(T)crtbeginTS.o: crtstuff.c $(GCC_PASSES) $(TCONFIG_H) auto-host.h \ -+ gbl-ctors.h stmp-int-hdrs tsystem.h coretypes.h $(TM_H) + # This is a version of crtbegin for -static -fPIE links. + $(T)crtbeginTS.o: crtstuff.c $(GCC_PASSES) $(TCONFIG_H) auto-host.h \ + gbl-ctors.h stmp-int-hdrs tsystem.h coretypes.h $(TM_H) +- $(GCC_FOR_TARGET) $(CRTSTUFF_CFLAGS) $(CRTSTUFF_T_CFLAGS_S) \ + $(GCC_FOR_TARGET) -fno-PIE $(CRTSTUFF_CFLAGS) $(CRTSTUFF_T_CFLAGS_S) \ -+ -c $(srcdir)/crtstuff.c -DCRT_BEGIN -DCRTSTUFFT_O -DCRTSTUFFS_O \ -+ -o $(T)crtbeginTS$(objext) -+ - # Compile the start modules crt0.o and mcrt0.o that are linked with - # every program - crt0.o: s-crt0 ; @true ---- gcc/config.gcc.orig 2007-01-30 20:12:35.000000000 +0100 -+++ gcc/config.gcc 2007-01-30 20:12:53.000000000 +0100 -@@ -445,7 +445,7 @@ - ;; - *-*-linux* | frv-*-*linux* | *-*-kfreebsd*-gnu | *-*-knetbsd*-gnu) - # Must come before *-*-gnu* (because of *-*-linux-gnu* systems). -- extra_parts="crtbegin.o crtbeginS.o crtbeginT.o crtend.o crtendS.o" -+ extra_parts="crtbegin.o crtbeginS.o crtbeginT.o crtbeginTS.o crtend.o crtendS.o" - gas=yes - gnu_ld=yes - case ${enable_threads} in + -c $(srcdir)/crtstuff.c -DCRT_BEGIN -DCRTSTUFFT_O -DCRTSTUFFS_O \ + -o $(T)crtbeginTS$(objext) + diff --git a/hardened/toolchain/branches/pieworld/sys-devel/gcc/gcc-4.1.1-r3.ebuild b/hardened/toolchain/branches/pieworld/sys-devel/gcc/gcc-4.1.1-r3.ebuild index b5043b2..cbe84ee 100644 --- a/hardened/toolchain/branches/pieworld/sys-devel/gcc/gcc-4.1.1-r3.ebuild +++ b/hardened/toolchain/branches/pieworld/sys-devel/gcc/gcc-4.1.1-r3.ebuild @@ -15,7 +15,7 @@ SSP_UCLIBC_STABLE="ppc sparc x86" PIE_GLIBC_STABLE="amd64 ppc ppc64 sparc x86" PIE_UCLIBC_STABLE="mips ppc x86" -# arch/libc configurations known to be broken with {PIE,SSP}-by-default +# arch/libc configurations known to be broken with {PIE,SSP}-by-default. # gcc-4 SSP is only available on FRAME_GROWS_DOWNWARD arches; so it's not # available on pa, c4x, ia64, alpha, iq2000, m68hc11, stormy16 # (the options are parsed, but they're effectively no-ops). @@ -27,8 +27,8 @@ PIE_UCLIBC_UNSUPPORTED="alpha amd64 arm hppa ia64 m68k ppc64 s390 sh sparc" PIE_GLIBC_UNSUPPORTED="hppa" # This patch is obsoleted by stricter control over how one builds a hardened -# compiler from a vanilla compiler - by forbidding changing from normal to -# hardened between stages, this is no longer necessary. +# compiler from a vanilla compiler. By forbidding changing from normal to +# hardened between gcc stages, this is no longer necessary. GENTOO_PATCH_EXCLUDE="51_all_gcc-3.4-libiberty-pic.patch" # whether we should split out specs files for multiple {PIE,SSP}-by-default @@ -60,9 +60,12 @@ RDEPEND=">=sys-libs/zlib-1.1.4 ) >=sys-libs/ncurses-5.2-r2 nls? ( sys-devel/gettext ) - hardened? ( >=sys-libs/glibc-2.4 ) )" +# Hardened gcc builds with SSP enabled on itself, so requires a +# gcc-4-SSP-compatible glibc installed, from gcc's stage1 onwards. +# We assume uclibc users know what they're doing. DEPEND="${RDEPEND} + hardened? ( elibc_glibc? ( >=sys-libs/glibc-2.4 ) ) test? ( sys-devel/autogen dev-util/dejagnu ) >=sys-apps/texinfo-4.2-r4 >=sys-devel/bison-1.875 @@ -88,6 +91,9 @@ src_unpack() { epatch "${FILESDIR}"/4.1.0/gcc-4.1.0-fast-math-i386-Os-workaround.patch + # Add the crtbeginTS.o file - used for "static PIE" links + epatch "${FILESDIR}"/4.1.1/gcc-4.1.1-crtbeginTS.patch + # Ensure crtfiles are built fno-PIC/fPIC as appropriate, not fPIE use hardened && epatch "${FILESDIR}"/4.1.1/gcc-4.1.1-nopie-crtstuff.patch } diff --git a/hardened/toolchain/branches/pieworld/sys-libs/glibc/Manifest b/hardened/toolchain/branches/pieworld/sys-libs/glibc/Manifest index fee9af8..0b9dc71 100644 --- a/hardened/toolchain/branches/pieworld/sys-libs/glibc/Manifest +++ b/hardened/toolchain/branches/pieworld/sys-libs/glibc/Manifest @@ -35,10 +35,10 @@ DIST glibc-2.5.tar.bz2 15321839 RMD160 25a0a460c0db1e5b7c570e5087461696f2096fd2 DIST glibc-libidn-2.5.tar.bz2 102330 RMD160 e10e85e0ee7cdab2e5518a93978cb688ccabee88 SHA1 ee7e019e01aa338e28db1eeb34abb2cb09d2f30a SHA256 de77e49e0beee6061d4c6e480f322566ba25d4e5e018c456a18ea4a8da5c0ede DIST glibc-linuxthreads-2.5.tar.bz2 242445 RMD160 788484d035d53ac39aac18f6e3409a912eea1cfa SHA1 eb7765e5c0a14c7475f1c8b92cbe1f625a8fd76f SHA256 ee27aeba6124a8b351c720eb898917f0f8874d9a384cc2f17aa111a3d679bd2c DIST glibc-ports-2.5.tar.bz2 409372 RMD160 e7e29df135a5f0f72760d10e5ad46de038e40725 SHA1 7da6257e641759ed29c4d316700fce6f604bc812 SHA256 80c38a005325e7539012bd665fb8e06af9ee9bfc74efb236ebff121265bfd463 -EBUILD glibc-2.5.ebuild 39302 RMD160 af749af37c91d7c6d7c0117f73899d9a90c87c12 SHA1 aa4c638cd0f076cc8a5a947f81e67c2afc73716b SHA256 5b249e83a7b99b60c62eedea1d2999c2797626324c4acd8d99fa0bb557022fc6 -MD5 d1971d33895571971ddb4695dbc77c61 glibc-2.5.ebuild 39302 -RMD160 af749af37c91d7c6d7c0117f73899d9a90c87c12 glibc-2.5.ebuild 39302 -SHA256 5b249e83a7b99b60c62eedea1d2999c2797626324c4acd8d99fa0bb557022fc6 glibc-2.5.ebuild 39302 +EBUILD glibc-2.5.ebuild 39974 RMD160 f7863e4124f27df293d5aaf7e7222f68b6f5bfed SHA1 f41b9a0bc8c80d70920d874b6faf9ab1c178a49e SHA256 74c1c0017b1aa8bcddc697f34a153c35296f57c8380b636bda7a574e44e1618d +MD5 2404225205ba4727eea65b4a3c5aadaa glibc-2.5.ebuild 39974 +RMD160 f7863e4124f27df293d5aaf7e7222f68b6f5bfed glibc-2.5.ebuild 39974 +SHA256 74c1c0017b1aa8bcddc697f34a153c35296f57c8380b636bda7a574e44e1618d glibc-2.5.ebuild 39974 MD5 932be0453d928552fa24d590453bc0cd files/digest-glibc-2.5 1286 RMD160 ffa1a53d76e1ffb602701f2919ecb63db3e36275 files/digest-glibc-2.5 1286 SHA256 834a359d2717ef8252d541b9440c91681efc3248bb7f75a2abec96798d862359 files/digest-glibc-2.5 1286 diff --git a/hardened/toolchain/branches/pieworld/sys-libs/glibc/glibc-2.5.ebuild b/hardened/toolchain/branches/pieworld/sys-libs/glibc/glibc-2.5.ebuild index a7c6623..de28388 100644 --- a/hardened/toolchain/branches/pieworld/sys-libs/glibc/glibc-2.5.ebuild +++ b/hardened/toolchain/branches/pieworld/sys-libs/glibc/glibc-2.5.ebuild @@ -1028,12 +1028,15 @@ RESTRICT="nostrip multilib-pkg-force" # General: We need a new-enough binutils for as-needed # arch: we need to make sure our binutils/gcc supports TLS +# hardened: when built by a hardened gcc-4 compiler, need +# binutils-2.17 to allow -fPIE with -static. DEPEND=">=sys-devel/gcc-3.4.4 arm? ( >=sys-devel/binutils-2.16.90 >=sys-devel/gcc-4.1.0 ) ppc? ( >=sys-devel/gcc-4.1.0 ) ppc64? ( >=sys-devel/gcc-4.1.0 ) nptl? ( || ( >=sys-kernel/mips-headers-${NPTL_KERNEL_VERSION} >=sys-kernel/linux-headers-${NPTL_KERNEL_VERSION} ) ) >=sys-devel/binutils-2.15.94 + hardened? ( >=sys-devel/binutils-2.17 ) || ( >=sys-devel/gcc-config-1.3.12 app-admin/eselect-compiler ) >=app-misc/pax-utils-0.1.10 virtual/os-headers @@ -1087,6 +1090,17 @@ pkg_setup() { eerror "You do not have pax-utils installed." die "install pax-utils" fi + + # Building glibc with the default-PIE compiler requires binutils-2.17. The + # dependency is brought in conditional on USE=hardened. + if gcc-specs-pie && ! use hardened; then + eerror "USE=hardened must be set to build glibc with a hardened compiler" + die "set USE=hardened (or gcc-config to gcc/vanilla)" + fi + if use hardened && ! version_is_at_least $(ld-version) "2.17"; then + eerror "Need binutils-2.17 or higher active to build glibc hardened" + die "install >=sys-devel/binutils-2.17 (or binutils-config to it)" + fi } src_unpack() { |