Subject: Using gcc-ssp for pkgsrc builds?
To: None <firstname.lastname@example.org>
From: Luke Maurits <email@example.com>
Date: 07/01/2005 12:56:06
I was wondering if anybody could give me some guidance on setting up
pkgsrc to use the stack-smashing protected gcc (lang/gcc-ssp) by default
when building packages.
I believe this should simply involve telling pkgsrc:
1) To use /usr/pkg/gcc-ssp-220.127.116.11/bin/gcc instead of /usr/bin/gcc
2) To use -fstack-protector for each build,
I'm just not certain where/how I need to specify these things.
I've looked through /usr/pkgsrc/mk/compiler.mk, which seemed a likely
place. It mentions being able to set PKGSRC_COMPILER in /etc/mk.conf,
which seems to be the answer to 1), but the list of valid values does not
include gcc-ssp. I can only imagine pkgsrc is in some way "aware" of the
listed values there (ie: knows their path, etc) - can I "introduce" pkgsrc
to gcc-ssp somewhere, so that PKGSRC_COMPILER="gcc-ssp" will work? Or do
I have to go about it in a different way entirely?
As for 2), will setting CFLAGS+="-fstack-protector" in /etc/mk.conf be
sufficient? I'm a little confused about the relevancy of the PKGMAKECONF
variable, as described in "man packages". It states that if PKGMAKECONF
is not set explicitly, it is set to /dev/null to avoid picking up settings
used by builds in /usr/src. From this I assume that pkgsrc ignores
/etc/mk.conf unless explicitly told to listen to it, so that one can have
separate configurations for pkgsrc builds and builds in /usr/src? If this
is so, why does /usr/pkgsrc/mk/compiler.mk state that PKGSRC_COMPILER
should only be set in /etc/mk.conf, where it would by default be ignored?
Any advice anyone can give me (including whether I should even be trying
to do this in the first place - can I expect gcc-ssp to build most
packages without breaking?) would be much appreciated.