diff options
Diffstat (limited to 'hardened/toolchain/branches/pieworld/sys-libs/glibc/glibc-2.5-r1.ebuild')
-rw-r--r-- | hardened/toolchain/branches/pieworld/sys-libs/glibc/glibc-2.5-r1.ebuild | 61 |
1 files changed, 26 insertions, 35 deletions
diff --git a/hardened/toolchain/branches/pieworld/sys-libs/glibc/glibc-2.5-r1.ebuild b/hardened/toolchain/branches/pieworld/sys-libs/glibc/glibc-2.5-r1.ebuild index 6feb1dc..3c4d361 100644 --- a/hardened/toolchain/branches/pieworld/sys-libs/glibc/glibc-2.5-r1.ebuild +++ b/hardened/toolchain/branches/pieworld/sys-libs/glibc/glibc-2.5-r1.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2007 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/glibc-2.5.ebuild,v 1.38 2007/03/01 02:21:06 vapier Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/glibc-2.5-r1.ebuild,v 1.1 2007/03/13 06:09:44 vapier Exp $ # Here's how the cross-compile logic breaks down ... # CTARGET - machine that will target the binaries @@ -16,7 +16,7 @@ # CHOST = CTARGET - install into / # CHOST != CTARGET - install into /usr/CTARGET/ -KEYWORDS="-* ~alpha ~amd64 ~arm ~ia64 ~mips ~ppc ~ppc64 ~sh ~sparc ~x86" +KEYWORDS="-* ~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sh ~sparc ~x86" BRANCH_UPDATE="" @@ -27,7 +27,7 @@ GLIBC_MANPAGE_VERSION="none" GLIBC_INFOPAGE_VERSION="none" # Gentoo patchset -PATCH_VER="1.3.2" +PATCH_VER="1.4" GENTOO_TOOLCHAIN_BASE_URI="mirror://gentoo" GENTOO_TOOLCHAIN_DEV_URI="http://dev.gentoo.org/~azarah/glibc/XXX http://dev.gentoo.org/~vapier/dist/XXX" @@ -218,33 +218,32 @@ toolchain-glibc_src_unpack() { echo "Gentoo patchset ${PATCH_VER}" > csu/Banner fi - if use hardened; then + if use hardened ; then + cd "${S}" einfo "Patching to get working PIE binaries on PIE (hardened) platforms" - # This patch forces all links to use the PIC crtfiles, to build PIEs. - epatch ${FILESDIR}/2.5/glibc-2.5-hardened-pie.patch - # This patch fixes the PIC detector to ignore PIE - epatch ${FILESDIR}/2.4/glibc-2.4-hardened-configure-picdefault.patch - # This patch ensures PIC code is used for syscalls always, and - # re-orders initialisation so that the TLS is initialised before - # it is used, and that the TLS initialisation uses non-sysenter - # variants of syscalls. - epatch ${FILESDIR}/2.4/glibc-2.4-hardened-inittls-nosysenter.patch + epatch "${FILESDIR}"/2.5/glibc-2.5-hardened-pie.patch + epatch "${FILESDIR}"/2.5/glibc-2.5-hardened-configure-picdefault.patch + epatch "${FILESDIR}"/2.5/glibc-2.5-hardened-inittls-nosysenter.patch einfo "Installing Hardened Gentoo SSP handler" - cp -f ${FILESDIR}/2.4/glibc-2.4-gentoo-stack_chk_fail.c \ - ${S}/debug/stack_chk_fail.c + cp -f "${FILESDIR}"/2.5/glibc-2.4-gentoo-stack_chk_fail.c \ + debug/stack_chk_fail.c || die - if use debug; then + if use debug ; then # When using Hardened Gentoo stack handler, have smashes dump core for - # analysis - debug only, as core could be an information leak. - sed -i -e '/^CFLAGS-backtrace.c/ iCFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ - ${S}/debug/Makefile || - die "Failed to modify debug/Makefile for debug stack handler" + # analysis - debug only, as core could be an information leak + # (paranoia). + sed -i \ + -e '/^CFLAGS-backtrace.c/ iCFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ + debug/Makefile \ + || die "Failed to modify debug/Makefile for debug stack handler" fi # Build nscd with ssp-all - sed -i -e 's:-fstack-protector$:-fstack-protector-all:' ${S}/nscd/Makefile || - die "Failed to ensure nscd builds with ssp-all" + sed -i \ + -e 's:-fstack-protector$:-fstack-protector-all:' \ + nscd/Makefile \ + || die "Failed to ensure nscd builds with ssp-all" # Fixup use of PIC to choose PIC variants when built -fPIE. # Prepends all files that have "#ifdef PIC" or similar, with @@ -456,11 +455,11 @@ toolchain-glibc_src_install() { case $(tc-arch) in amd64) [[ ! -e ${D}/lib ]] && dosym $(get_abi_LIBDIR amd64) /lib - dosym /$(get_abi_LIBDIR x86)/ld-linux.so.2 /lib/ld-linux.so.2 + dosym ../$(get_abi_LIBDIR x86)/ld-linux.so.2 /lib/ld-linux.so.2 ;; ppc64) [[ ! -e ${D}/lib ]] && dosym $(get_abi_LIBDIR ppc64) /lib - dosym /$(get_abi_LIBDIR ppc)/ld.so.1 /lib/ld.so.1 + dosym ../$(get_abi_LIBDIR ppc)/ld.so.1 /lib/ld.so.1 ;; esac fi @@ -861,7 +860,7 @@ glibc_do_configure() { use nls || myconf="${myconf} --disable-nls" myconf="${myconf} $(use_enable hardened stackguard-randomization)" - if [[ $(<"${S}"/.ssp.compat) == "yes" ]] ; then + if [[ $(<"${T}"/.ssp.compat) == "yes" ]] ; then myconf="${myconf} --enable-old-ssp-compat" else myconf="${myconf} --disable-old-ssp-compat" @@ -1061,7 +1060,7 @@ if [[ ${CATEGORY/cross-} != ${CATEGORY} ]] ; then fi fi else - DEPEND="${DEPEND} sys-libs/timezone-data" + DEPEND="${DEPEND} >=sys-libs/timezone-data-2007c" RDEPEND="${RDEPEND} sys-libs/timezone-data" fi @@ -1114,7 +1113,7 @@ src_unpack() { # For now, we force everyone to have the extra symbols # einfon "Scanning system for __guard to see if we need SSP compat ... " # if [[ -n $(scanelf -qyls__guard -F'#s%F' | grep -v '^/lib.*/libc-2.*.so$') ]] ; then - echo "yes" > "${S}"/.ssp.compat + echo "yes" > "${T}"/.ssp.compat # else # # ok, a quick scan didnt find it, so lets do a deep scan ... # if [[ -n $(scanelf -qyRlps__guard -F'#s%F' | grep -v '^/lib.*/libc-2.*.so$') ]] ; then @@ -1134,14 +1133,6 @@ src_unpack() { sed -i -e 's:-lgcc_eh::' Makeconfig || die "sed gcc_eh" fi - # Some configure checks fail on the first emerge through because they - # try to link. This doesn't work well if we don't have a libc yet. - # http://sourceware.org/ml/libc-alpha/2005-02/msg00042.html - if is_crosscompile && use build; then - rm "${S}"/sysdeps/sparc/sparc64/elf/configure{,.in} - rm "${S}"/nptl/sysdeps/pthread/configure{,.in} - fi - cd "${WORKDIR}" find . -type f '(' -size 0 -o -name "*.orig" ')' -exec rm -f {} \; find . -name configure -exec touch {} \; |