summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKevin F. Quinn <kevquinn@gentoo.org>2007-03-14 22:35:40 +0000
committerKevin F. Quinn <kevquinn@gentoo.org>2007-03-14 22:35:40 +0000
commitafa52a9837f1211845637401569912582ad83b11 (patch)
treecb3817d40a1786c5541822e814c7bf4e4dac4e99
parentRe-digest folling cleanup (diff)
downloadkevquinn-afa52a9837f1211845637401569912582ad83b11.tar.gz
kevquinn-afa52a9837f1211845637401569912582ad83b11.tar.bz2
kevquinn-afa52a9837f1211845637401569912582ad83b11.zip
Alter glibc behaviour to build ok w/ USE=hardened but normal compiler.
svn path=/; revision=194
-rw-r--r--hardened/toolchain/branches/pieworld/sys-devel/gcc/Manifest8
-rw-r--r--hardened/toolchain/branches/pieworld/sys-devel/gcc/gcc-4.1.2-r1.ebuild3
-rw-r--r--hardened/toolchain/branches/pieworld/sys-libs/glibc/Manifest16
-rw-r--r--hardened/toolchain/branches/pieworld/sys-libs/glibc/files/2.5/glibc-2.5-hardened-pie.patch8
-rw-r--r--hardened/toolchain/branches/pieworld/sys-libs/glibc/glibc-2.5-r1.ebuild48
5 files changed, 44 insertions, 39 deletions
diff --git a/hardened/toolchain/branches/pieworld/sys-devel/gcc/Manifest b/hardened/toolchain/branches/pieworld/sys-devel/gcc/Manifest
index e3953bd..2a39916 100644
--- a/hardened/toolchain/branches/pieworld/sys-devel/gcc/Manifest
+++ b/hardened/toolchain/branches/pieworld/sys-devel/gcc/Manifest
@@ -168,10 +168,10 @@ EBUILD gcc-4.1.1-r3.ebuild 3621 RMD160 6680af1e737c03742241b9e52531d45822a66d49
MD5 beadc390569c05a5d7c0dfe2f73e43e3 gcc-4.1.1-r3.ebuild 3621
RMD160 6680af1e737c03742241b9e52531d45822a66d49 gcc-4.1.1-r3.ebuild 3621
SHA256 aadbf598501f69904bf605c1a1e9c1ad8a57d2a2734093381d04e09d4099f688 gcc-4.1.1-r3.ebuild 3621
-EBUILD gcc-4.1.2-r1.ebuild 3636 RMD160 c4297eb2d4314ea396bcac891ef7e9c6d7eff1d6 SHA1 7be5618cce173632613e443ca0bc1234322afbc6 SHA256 913d229f3020c4f6142959a3dd671a9e1355d126530124454881f6d7c121a78f
-MD5 43b756c19f8fc9efd0f10c8dfae91a27 gcc-4.1.2-r1.ebuild 3636
-RMD160 c4297eb2d4314ea396bcac891ef7e9c6d7eff1d6 gcc-4.1.2-r1.ebuild 3636
-SHA256 913d229f3020c4f6142959a3dd671a9e1355d126530124454881f6d7c121a78f gcc-4.1.2-r1.ebuild 3636
+EBUILD gcc-4.1.2-r1.ebuild 3618 RMD160 565b714a4144b88e33e45efa3fae55ab3ca33a58 SHA1 d55783632d5526ca0edf224f3e26be77709dd947 SHA256 64d0b13824ceb2e8c11e85d1470c63cae75a35bb34fad59af2d4972ab45171b9
+MD5 3153385646f09e5ca9b907917497ec60 gcc-4.1.2-r1.ebuild 3618
+RMD160 565b714a4144b88e33e45efa3fae55ab3ca33a58 gcc-4.1.2-r1.ebuild 3618
+SHA256 64d0b13824ceb2e8c11e85d1470c63cae75a35bb34fad59af2d4972ab45171b9 gcc-4.1.2-r1.ebuild 3618
MD5 f2ae42150d118fee847851b13498c67d files/digest-gcc-3.4.6-r3 1623
RMD160 61cd90be115485be70bc0c6511848949fd86e3ff files/digest-gcc-3.4.6-r3 1623
SHA256 fb9bc05b7f310a0ce63c7538d07315a3432bced82fc26c656e9ec0d843df2468 files/digest-gcc-3.4.6-r3 1623
diff --git a/hardened/toolchain/branches/pieworld/sys-devel/gcc/gcc-4.1.2-r1.ebuild b/hardened/toolchain/branches/pieworld/sys-devel/gcc/gcc-4.1.2-r1.ebuild
index 73477ef..4e109e6 100644
--- a/hardened/toolchain/branches/pieworld/sys-devel/gcc/gcc-4.1.2-r1.ebuild
+++ b/hardened/toolchain/branches/pieworld/sys-devel/gcc/gcc-4.1.2-r1.ebuild
@@ -95,6 +95,5 @@ src_unpack() {
# Add the crtbeginTS.o file - used for "static PIE" links
epatch "${FILESDIR}"/4.1.1/gcc-4.1.1-crtbeginTS.patch
# Ensure crtfiles are built fno-PIC/fPIC as appropriate, not fPIE
- use hardened &&
- epatch "${FILESDIR}"/4.1.1/gcc-4.1.1-nopie-crtstuff.patch
+ epatch "${FILESDIR}"/4.1.1/gcc-4.1.1-nopie-crtstuff.patch
}
diff --git a/hardened/toolchain/branches/pieworld/sys-libs/glibc/Manifest b/hardened/toolchain/branches/pieworld/sys-libs/glibc/Manifest
index d1cf552..c6b995a 100644
--- a/hardened/toolchain/branches/pieworld/sys-libs/glibc/Manifest
+++ b/hardened/toolchain/branches/pieworld/sys-libs/glibc/Manifest
@@ -10,10 +10,10 @@ AUX 2.5/glibc-2.5-hardened-inittls-nosysenter.patch 9407 RMD160 352112bf4f2d8d58
MD5 310d9d273a19090287c44a38aba92753 files/2.5/glibc-2.5-hardened-inittls-nosysenter.patch 9407
RMD160 352112bf4f2d8d58471f22f623784350baf0bc86 files/2.5/glibc-2.5-hardened-inittls-nosysenter.patch 9407
SHA256 2a912e82445815ae32744d990c59d8758ec74e482b856bd274c292848b9af1fd files/2.5/glibc-2.5-hardened-inittls-nosysenter.patch 9407
-AUX 2.5/glibc-2.5-hardened-pie.patch 1548 RMD160 b33ce25195864ec4e8a63527f3f674aa5fb623da SHA1 0bb184451121d130be9e1888d081c556edcb88d3 SHA256 44e240987859e791095beddd2388fcea705195d1c86310fef4eea0097b9d2a00
-MD5 8d7eadd996eec8fa9939658404ee386d files/2.5/glibc-2.5-hardened-pie.patch 1548
-RMD160 b33ce25195864ec4e8a63527f3f674aa5fb623da files/2.5/glibc-2.5-hardened-pie.patch 1548
-SHA256 44e240987859e791095beddd2388fcea705195d1c86310fef4eea0097b9d2a00 files/2.5/glibc-2.5-hardened-pie.patch 1548
+AUX 2.5/glibc-2.5-hardened-pie.patch 1569 RMD160 35ae4308396d59e37d050a5bedb57dbf3ae50cb3 SHA1 b5d3084ec2351a813b4dece43318a4b9355f2fd3 SHA256 a00285f0a167aae0a31d29ad49a391896d55e04fc8e5fc7f725ced77c702d8cf
+MD5 ae431c3e79196f5c5a92e3c2f0f07092 files/2.5/glibc-2.5-hardened-pie.patch 1569
+RMD160 35ae4308396d59e37d050a5bedb57dbf3ae50cb3 files/2.5/glibc-2.5-hardened-pie.patch 1569
+SHA256 a00285f0a167aae0a31d29ad49a391896d55e04fc8e5fc7f725ced77c702d8cf files/2.5/glibc-2.5-hardened-pie.patch 1569
AUX nscd 1621 RMD160 f6d20c4c3814f70d7741f3fa2e0b53ba32c37960 SHA1 5751fe798024c2021b7b3ed3e798618e2a38244a SHA256 6165db3a2fcb251d4f3655c0461e018ce9c92a37f7f22a8fd2b75178b5435bc8
MD5 d142c6e0b4fd508f485d0aa9c5d12a91 files/nscd 1621
RMD160 f6d20c4c3814f70d7741f3fa2e0b53ba32c37960 files/nscd 1621
@@ -31,10 +31,10 @@ DIST glibc-2.5.tar.bz2 15321839 RMD160 25a0a460c0db1e5b7c570e5087461696f2096fd2
DIST glibc-libidn-2.5.tar.bz2 102330 RMD160 e10e85e0ee7cdab2e5518a93978cb688ccabee88 SHA1 ee7e019e01aa338e28db1eeb34abb2cb09d2f30a SHA256 de77e49e0beee6061d4c6e480f322566ba25d4e5e018c456a18ea4a8da5c0ede
DIST glibc-linuxthreads-2.5.tar.bz2 242445 RMD160 788484d035d53ac39aac18f6e3409a912eea1cfa SHA1 eb7765e5c0a14c7475f1c8b92cbe1f625a8fd76f SHA256 ee27aeba6124a8b351c720eb898917f0f8874d9a384cc2f17aa111a3d679bd2c
DIST glibc-ports-2.5.tar.bz2 409372 RMD160 e7e29df135a5f0f72760d10e5ad46de038e40725 SHA1 7da6257e641759ed29c4d316700fce6f604bc812 SHA256 80c38a005325e7539012bd665fb8e06af9ee9bfc74efb236ebff121265bfd463
-EBUILD glibc-2.5-r1.ebuild 39299 RMD160 c0d85a895e0d6f83e02348af5f54060dfcbc54af SHA1 06079608991c99008091b9d1c824f541bb82ec9a SHA256 a4a0643cfc7cfdc8e3d946e71eb7d4df04d5f585d495ab87794ffdc983a005e5
-MD5 d96ad308c47b08eec3713cc1a7628edd glibc-2.5-r1.ebuild 39299
-RMD160 c0d85a895e0d6f83e02348af5f54060dfcbc54af glibc-2.5-r1.ebuild 39299
-SHA256 a4a0643cfc7cfdc8e3d946e71eb7d4df04d5f585d495ab87794ffdc983a005e5 glibc-2.5-r1.ebuild 39299
+EBUILD glibc-2.5-r1.ebuild 39497 RMD160 e49564aaf68500232949392b04be245c3a42a0d7 SHA1 ff6c0b18a7afe3269279b988cd1ffd39253c99b5 SHA256 1698515d5096e4e0f837556090bae93b81c93a6b976f60aa148020fcc18a5fbb
+MD5 b8abfff842d21728e45f4ecb032e1530 glibc-2.5-r1.ebuild 39497
+RMD160 e49564aaf68500232949392b04be245c3a42a0d7 glibc-2.5-r1.ebuild 39497
+SHA256 1698515d5096e4e0f837556090bae93b81c93a6b976f60aa148020fcc18a5fbb glibc-2.5-r1.ebuild 39497
MD5 30fc9163b2a49cb4a083d02feace4918 files/digest-glibc-2.5-r1 1280
RMD160 74d079011c9a8d9155cd5f51591ca3a04cb9df26 files/digest-glibc-2.5-r1 1280
SHA256 b0af33330bd44dd7acd6f4aec9039d61b7fe9de005a8cf6edf63ee399cdeaa72 files/digest-glibc-2.5-r1 1280
diff --git a/hardened/toolchain/branches/pieworld/sys-libs/glibc/files/2.5/glibc-2.5-hardened-pie.patch b/hardened/toolchain/branches/pieworld/sys-libs/glibc/files/2.5/glibc-2.5-hardened-pie.patch
index 280d6e1..fe4e5a6 100644
--- a/hardened/toolchain/branches/pieworld/sys-libs/glibc/files/2.5/glibc-2.5-hardened-pie.patch
+++ b/hardened/toolchain/branches/pieworld/sys-libs/glibc/files/2.5/glibc-2.5-hardened-pie.patch
@@ -4,20 +4,20 @@ Patch by Kevin F. Quinn <kevquinn@gentoo.org>
--- Makeconfig
+++ Makeconfig
-@@ -415,10 +415,10 @@
+@@ -424,10 +424,10 @@
# Command for linking programs with the C library.
ifndef +link
-+link = $(CC) -nostdlib -nostartfiles -o $@ \
++link = $(CC) -nostdlib -nostartfiles -fPIE -pie -o $@ \
$(sysdep-LDFLAGS) $(config-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \
- $(combreloc-LDFLAGS) $(relro-LDFLAGS) \
+ $(combreloc-LDFLAGS) $(relro-LDFLAGS) $(hashstyle-LDFLAGS) \
- $(addprefix $(csu-objpfx),$(start-installed-name)) \
+ $(addprefix $(csu-objpfx),S$(start-installed-name)) \
$(+preinit) $(+prector) \
$(filter-out $(addprefix $(csu-objpfx),start.o \
$(start-installed-name))\
-@@ -429,7 +429,7 @@
+@@ -439,7 +439,7 @@
ifndef +link-static
+link-static = $(CC) -nostdlib -nostartfiles -static -o $@ \
$(sysdep-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \
@@ -26,7 +26,7 @@ Patch by Kevin F. Quinn <kevquinn@gentoo.org>
$(+preinit) $(+prector) \
$(filter-out $(addprefix $(csu-objpfx),start.o \
$(start-installed-name))\
-@@ -528,8 +528,8 @@
+@@ -537,8 +537,8 @@
ifeq ($(elf),yes)
+preinit = $(addprefix $(csu-objpfx),crti.o)
+postinit = $(addprefix $(csu-objpfx),crtn.o)
diff --git a/hardened/toolchain/branches/pieworld/sys-libs/glibc/glibc-2.5-r1.ebuild b/hardened/toolchain/branches/pieworld/sys-libs/glibc/glibc-2.5-r1.ebuild
index 3c4d361..8de05e0 100644
--- a/hardened/toolchain/branches/pieworld/sys-libs/glibc/glibc-2.5-r1.ebuild
+++ b/hardened/toolchain/branches/pieworld/sys-libs/glibc/glibc-2.5-r1.ebuild
@@ -1,6 +1,6 @@
# Copyright 1999-2007 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/glibc-2.5-r1.ebuild,v 1.1 2007/03/13 06:09:44 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/glibc-2.5-r1.ebuild,v 1.2 2007/03/13 08:23:22 vapier Exp $
# Here's how the cross-compile logic breaks down ...
# CTARGET - machine that will target the binaries
@@ -39,7 +39,7 @@ DESCRIPTION="GNU libc6 (also called glibc2) C library"
HOMEPAGE="http://www.gnu.org/software/libc/libc.html"
LICENSE="LGPL-2"
-IUSE="nls build nptl nptlonly hardened multilib selinux glibc-omitfp profile glibc-compat20 debug"
+IUSE="build debug nls nptl nptlonly hardened multilib selinux glibc-omitfp profile glibc-compat20"
export CBUILD=${CBUILD:-${CHOST}}
export CTARGET=${CTARGET:-${CHOST}}
@@ -221,12 +221,12 @@ toolchain-glibc_src_unpack() {
if use hardened ; then
cd "${S}"
einfo "Patching to get working PIE binaries on PIE (hardened) platforms"
- epatch "${FILESDIR}"/2.5/glibc-2.5-hardened-pie.patch
+ gcc-specs-pie && epatch "${FILESDIR}"/2.5/glibc-2.5-hardened-pie.patch
epatch "${FILESDIR}"/2.5/glibc-2.5-hardened-configure-picdefault.patch
epatch "${FILESDIR}"/2.5/glibc-2.5-hardened-inittls-nosysenter.patch
einfo "Installing Hardened Gentoo SSP handler"
- cp -f "${FILESDIR}"/2.5/glibc-2.4-gentoo-stack_chk_fail.c \
+ cp -f "${FILESDIR}"/2.5/glibc-2.5-gentoo-stack_chk_fail.c \
debug/stack_chk_fail.c || die
if use debug ; then
@@ -245,16 +245,16 @@ toolchain-glibc_src_unpack() {
nscd/Makefile \
|| die "Failed to ensure nscd builds with ssp-all"
- # Fixup use of PIC to choose PIC variants when built -fPIE.
- # Prepends all files that have "#ifdef PIC" or similar, with
- # preprocessor macros to define PIC if the compiler has
- # defined __PIC__.
- find ${S} -name '*.[h|S]' | \
- xargs grep -l '^[[:space:]]*#[[:space:]]*if.*\bPIC\b' | \
- xargs sed -i -e '1i#if defined __PIC__ && !defined PIC\
-# define PIC\
-#endif\
-'
+# # Fixup use of PIC to choose PIC variants when built -fPIE.
+# # Prepends all files that have "#ifdef PIC" or similar, with
+# # preprocessor macros to define PIC if the compiler has
+# # defined __PIC__.
+# find ${S} -name '*.[h|S]' | \
+# xargs grep -l '^[[:space:]]*#[[:space:]]*if.*\bPIC\b' | \
+# xargs sed -i -e '1i#if defined __PIC__ && !defined PIC\
+## define PIC\
+##endif\
+#'
fi
@@ -310,7 +310,7 @@ toolchain-glibc_src_test() {
cd "${WORKDIR}"/build-${ABI}-${CTARGET}-$1 || die "cd build-${ABI}-${CTARGET}-$1"
unset LD_ASSUME_KERNEL
make check && return 0
- einfo "make check failed - re-running with --keep-going to get the rest of the results."
+ einfo "make check failed - re-running with --keep-going to get the rest of the results"
make -k check
ewarn "make check failed for ${ABI}-${CTARGET}-$1"
return 1
@@ -736,8 +736,16 @@ setup_flags() {
# to the glibc build process. See bug #94325
filter-flags -fstack-protector
- # Don't let the compiler automatically build PIEs unless USE=hardened.
- use hardened || filter-flags -fPIE
+ if use hardened && gcc-specs-pie ; then
+ # Force PIC macro definition for all compilations, since they're all
+ # either -fPIC or -fPIE with the default-PIE compiler.
+ append-flags -DPIC
+ export ASFLAGS="${ASFLAGS} -DPIC"
+ else
+ # Don't build -fPIE without the default-PIE compiler and the
+ # hardened-pie patch
+ filter-flags -fPIE
+ fi
}
check_kheader_version() {
@@ -1097,10 +1105,8 @@ pkg_setup() {
die "install pax-utils"
fi
- if gcc-specs-pie && ! use hardened; then
- eerror "USE=hardened must be set to build glibc with a hardened compiler"
- die "set USE=hardened (or gcc-config to gcc-vanilla)"
- fi
+ use hardened && ! gcc-specs-pie && \
+ ewarn "PIE hardening not applied, as your compiler doesn't default to PIE"
}
src_unpack() {