diff options
author | Ned Ludd <solar@gentoo.org> | 2008-12-29 02:24:18 +0000 |
---|---|---|
committer | Ned Ludd <solar@gentoo.org> | 2008-12-29 02:24:18 +0000 |
commit | 5c14054444efbd17009d2ed271651e59b6b189eb (patch) | |
tree | c5da6d8c80dd01b1e0be62df17316f73f7b45fd8 /eclass/toolchain.eclass | |
parent | Version bump and old version cleanup (diff) | |
download | gentoo-2-5c14054444efbd17009d2ed271651e59b6b189eb.tar.gz gentoo-2-5c14054444efbd17009d2ed271651e59b6b189eb.tar.bz2 gentoo-2-5c14054444efbd17009d2ed271651e59b6b189eb.zip |
- import gcc:4 pie support towards hardened-gcc. (many thanks to Zorry for putting up with all my crazy requirements)
Diffstat (limited to 'eclass/toolchain.eclass')
-rw-r--r-- | eclass/toolchain.eclass | 79 |
1 files changed, 67 insertions, 12 deletions
diff --git a/eclass/toolchain.eclass b/eclass/toolchain.eclass index 6b6ee7d1517c..b005a6623954 100644 --- a/eclass/toolchain.eclass +++ b/eclass/toolchain.eclass @@ -1,6 +1,6 @@ # Copyright 1999-2008 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/eclass/toolchain.eclass,v 1.368 2008/12/22 18:53:47 solar Exp $ +# $Header: /var/cvsroot/gentoo-x86/eclass/toolchain.eclass,v 1.369 2008/12/29 02:24:18 solar Exp $ # # Maintainer: Toolchain Ninjas <toolchain@gentoo.org> @@ -236,6 +236,10 @@ gcc_get_s_dir() { # old syntax (do not define PIE_CORE anymore): # PIE_CORE="gcc-3.4.0-piepatches-v${PIE_VER}.tar.bz2" # +# SPECS_VER +# SPECS_GCC_VER +# This is for the minispecs files included in the hardened gcc-4.x +# # PP_VER # PP_GCC_VER # obsoleted: PP_FVER @@ -280,6 +284,7 @@ get_gcc_src_uri() { export PIE_GCC_VER=${PIE_GCC_VER:-${GCC_RELEASE_VER}} export PP_GCC_VER=${PP_GCC_VER:-${GCC_RELEASE_VER}} export HTB_GCC_VER=${HTB_GCC_VER:-${GCC_RELEASE_VER}} + export SPECS_GCC_VER=${SPECS_GCC_VER:-${GCC_RELEASE_VER}} [[ -n ${PIE_VER} ]] && \ PIE_CORE=${PIE_CORE:-gcc-${PIE_GCC_VER}-piepatches-v${PIE_VER}.tar.bz2} @@ -327,6 +332,10 @@ get_gcc_src_uri() { [[ -n ${PIE_VER} ]] && \ GCC_SRC_URI="${GCC_SRC_URI} !nopie? ( $(gentoo_urls ${PIE_CORE}) )" + # gcc minispec for the hardened gcc 4 compiler + [[ -n ${SPECS_VER} ]] && \ + GCC_SRC_URI="${GCC_SRC_URI} !nopie? ( $(gentoo_urls gcc-${SPECS_GCC_VER}-default-specs-${SPECS_VER}.tar.bz2) )" + # gcc bounds checking patch if [[ -n ${HTB_VER} ]] ; then local HTBFILE="bounds-checking-gcc-${HTB_GCC_VER}-${HTB_VER}.patch.bz2" @@ -483,7 +492,16 @@ want_ssp() { _want_stuff PP_VER !nossp ; } want_split_specs() { [[ ${SPLIT_SPECS} == "true" ]] && want_pie } - +want_minispecs() { + if tc_version_is_at_least 4.3.2 && use hardened ; then + if [[ -n ${SPECS_VER} ]] ; then + return 0 + else + die "For Hardend to work you need the minispecs files" + fi + fi + return 1 +} # This function checks whether or not glibc has the support required to build # Position Independant Executables with gcc. glibc_have_pie() { @@ -685,7 +703,29 @@ create_gcc_env_entry() { # Set which specs file to use [[ -n ${gcc_specs_file} ]] && echo "GCC_SPECS=\"${gcc_specs_file}\"" >> ${gcc_envd_file} } - +setup_minispecs_gcc_build_specs() { + # Setup the "build.specs" file for gcc to use when building. + if want_minispecs ; then + if hardened_gcc_works pie ; then + cat "${WORKDIR}"/specs/pie.specs >> "${WORKDIR}"/build.specs + fi + for s in nostrict znow zrelro; do + cat "${WORKDIR}"/specs/${s}.specs >> "${WORKDIR}"/build.specs + done + export GCC_SPECS="${WORKDIR}"/build.specs + fi +} +copy_minispecs_gcc_specs() { + # Build system specs file which, if it exists, must be a complete set of + # specs as it completely and unconditionally overrides the builtin specs. + # For gcc 4 + if use hardened && want_minispecs ; then + $(XGCC) -dumpspecs > "${WORKDIR}"/specs/specs + cat "${WORKDIR}"/build.specs >> "${WORKDIR}"/specs/specs + insinto ${LIBPATH} + doins "${WORKDIR}"/specs/* || die "failed to install specs" + fi +} add_profile_eselect_conf() { local compiler_config_file=$1 local abi=$2 @@ -961,7 +1001,7 @@ gcc-compiler_src_unpack() { # the necessary support want_pie && use hardened && glibc_have_pie - if use hardened ; then + if use hardened && !want_minispecs ; then einfo "updating configuration to build hardened GCC" make_gcc_hard || die "failed to make gcc hard" fi @@ -1585,6 +1625,9 @@ gcc_src_compile() { einfo "CFLAGS=\"${CFLAGS}\"" einfo "CXXFLAGS=\"${CXXFLAGS}\"" + # For hardened gcc 4 for build the hardened specs file to use when building gcc + setup_minispecs_gcc_build_specs + # Build in a separate build tree mkdir -p "${WORKDIR}"/build pushd "${WORKDIR}"/build > /dev/null @@ -1607,7 +1650,7 @@ gcc_src_compile() { # Do not create multiple specs files for PIE+SSP if boundschecking is in # USE, as we disable PIE+SSP when it is. - if [[ ${ETYPE} == "gcc-compiler" ]] && want_split_specs ; then + if [[ ${ETYPE} == "gcc-compiler" ]] && want_split_specs && !want_minispecs; then split_out_specs_files || die "failed to split out specs" fi @@ -1711,7 +1754,13 @@ gcc-compiler_src_install() { insinto ${LIBPATH} doins "${WORKDIR}"/build/*.specs || die "failed to install specs" fi - + # Setup the gcc_env_entry for hardened gcc 4 with minispecs + if want_minispecs ; then + if hardened_gcc_works pie ; then + create_gcc_env_entry hardenednopie + fi + create_gcc_env_entry vanilla + fi # Make sure we dont have stuff lying around that # can nuke multiple versions of gcc cd "${D}"${LIBPATH} @@ -1839,6 +1888,9 @@ gcc-compiler_src_install() { # Create config files for eselect-compiler create_eselect_conf + + # Cpoy the needed minispec for hardened gcc 4 + copy_minispecs_gcc_specs } # Move around the libs to the right location. For some reason, @@ -1909,6 +1961,7 @@ gcc_quick_unpack() { export PIE_GCC_VER=${PIE_GCC_VER:-${GCC_RELEASE_VER}} export PP_GCC_VER=${PP_GCC_VER:-${GCC_RELEASE_VER}} export HTB_GCC_VER=${HTB_GCC_VER:-${GCC_RELEASE_VER}} + export SPECS_GCC_VER=${SPECS_GCC_VER:-${GCC_RELEASE_VER}} if [[ -n ${GCC_A_FAKEIT} ]] ; then unpack ${GCC_A_FAKEIT} @@ -1964,6 +2017,8 @@ gcc_quick_unpack() { else unpack gcc-${PIE_GCC_VER}-piepatches-v${PIE_VER}.tar.bz2 fi + [[ -n ${SPECS_VER} ]] && \ + unpack gcc-${SPECS_GCC_VER}-default-specs-${SPECS_VER}.tar.bz2 fi want_boundschecking && \ @@ -2143,13 +2198,13 @@ do_gcc_PIE_patches() { # adds default pie support (rs6000 too) if DEFAULT_PIE[_SSP] is defined EPATCH_MULTI_MSG="Applying default pie patches ..." \ epatch "${WORKDIR}"/piepatch/def - fi - # we want to be able to control the pie patch logic via something other - # than ALL_CFLAGS... - sed -e '/^ALL_CFLAGS/iHARD_CFLAGS = ' \ - -e 's|^ALL_CFLAGS = |ALL_CFLAGS = $(HARD_CFLAGS) |' \ - -i "${S}"/gcc/Makefile.in + # we want to be able to control the pie patch logic via something other + # than ALL_CFLAGS... + sed -e '/^ALL_CFLAGS/iHARD_CFLAGS = ' \ + -e 's|^ALL_CFLAGS = |ALL_CFLAGS = $(HARD_CFLAGS) |' \ + -i "${S}"/gcc/Makefile.in + fi BRANDING_GCC_PKGVERSION="${BRANDING_GCC_PKGVERSION}, pie-${PIE_VER}" } |