Subject: Using gcc-ssp for pkgsrc builds?
To: None <>
From: Luke Maurits <>
List: tech-pkg
Date: 07/01/2005 12:56:06

I was wondering if anybody could give me some guidance on setting up 
pkgsrc to use the stack-smashing protected gcc (lang/gcc-ssp) by default 
when building packages.

I believe this should simply involve telling pkgsrc:

1)  To use /usr/pkg/gcc-ssp- instead of /usr/bin/gcc
2)  To use -fstack-protector for each build,

I'm just not certain where/how I need to specify these things.

I've looked through /usr/pkgsrc/mk/, which seemed a likely 
place.  It mentions being able to set PKGSRC_COMPILER in /etc/mk.conf, 
which seems to be the answer to 1), but the list of valid values does not 
include gcc-ssp.  I can only imagine pkgsrc is in some way "aware" of the 
listed values there (ie: knows their path, etc) - can I "introduce" pkgsrc 
to gcc-ssp somewhere, so that PKGSRC_COMPILER="gcc-ssp" will work?  Or do 
I have to go about it in a different way entirely?

As for 2), will setting CFLAGS+="-fstack-protector" in /etc/mk.conf be 
sufficient?  I'm a little confused about the relevancy of the PKGMAKECONF 
variable, as described in "man packages".  It states that if PKGMAKECONF 
is not set explicitly, it is set to /dev/null to avoid picking up settings 
used by builds in /usr/src.  From this I assume that pkgsrc ignores 
/etc/mk.conf unless explicitly told to listen to it, so that one can have 
separate configurations for pkgsrc builds and builds in /usr/src?  If this 
is so, why does /usr/pkgsrc/mk/ state that PKGSRC_COMPILER 
should only be set in /etc/mk.conf, where it would by default be ignored?

Any advice anyone can give me (including whether I should even be trying 
to do this in the first place - can I expect gcc-ssp to build most 
packages without breaking?) would be much appreciated.