[pkgsrc/trunk]: pkgsrc/mk Add support for PKGSRC_MKPIE with cwrappers

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/trunk]: pkgsrc/mk Add support for PKGSRC_MKPIE with cwrappers
From: khorben <khorben%pkgsrc.org@localhost>
Date: Wed, 15 Jan 2020 07:44:08 +0000

details:   https://anonhg.NetBSD.org/pkgsrc/rev/c0ca9d406e61
branches:  trunk
changeset: 367150:c0ca9d406e61
user:      khorben <khorben%pkgsrc.org@localhost>
date:      Fri Aug 25 01:43:17 2017 +0000

description:
Add support for PKGSRC_MKPIE with cwrappers

This is based on a patch submitted on 16/04/2017 on tech-pkg@ and
adapted by joerg@ for pkgtools/cwrappers. It only consists in the
missing part to actually generate PIE executables with cwrappers if
configured to do so (currently disabled by default). The aim is really
to produce safer binaries where ASLR is in use.

This part in pkgsrc is only supported on NetBSD (x86) with GCC at the
moment.

Tested on NetBSD/amd64, with and without cwrappers, with and without
PKGSRC_MKPIE (all four combinations).

diffstat:

 mk/compiler/gcc.mk |  8 ++++----
 mk/cwrappers.mk    |  5 ++++-
 2 files changed, 8 insertions(+), 5 deletions(-)

diffs (46 lines):

diff -r 6b2d1e99e660 -r c0ca9d406e61 mk/compiler/gcc.mk
--- a/mk/compiler/gcc.mk        Thu Aug 24 22:52:55 2017 +0000
+++ b/mk/compiler/gcc.mk        Fri Aug 25 01:43:17 2017 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: gcc.mk,v 1.182 2017/08/04 08:53:33 jperkin Exp $
+# $NetBSD: gcc.mk,v 1.183 2017/08/25 01:43:17 khorben Exp $
 #
 # This is the compiler definition for the GNU Compiler Collection.
 #
@@ -336,14 +336,14 @@
 # XXX for executables it should be:
 #_MKPIE_CFLAGS.gcc=    -fPIE
 # XXX for libraries a sink wrapper around gcc is required and used instead
-#_MKPIE_LDFLAGS.gcc=   -pie
+_MKPIE_LDFLAGS.gcc=    -pie
 .endif
 
 .if ${_PKGSRC_MKPIE} == "yes"
 _GCC_CFLAGS+=          ${_MKPIE_CFLAGS.gcc}
-_GCC_LDFLAGS+=         ${_MKPIE_LDFLAGS.gcc}
+#_GCC_LDFLAGS+=                ${_MKPIE_LDFLAGS.gcc}
 CWRAPPERS_APPEND.cc+=  ${_MKPIE_CFLAGS.gcc}
-# XXX this differs for libraries and executables
+# this differs for libraries and executables (handled in mk/cwrappers.mk)
 # CWRAPPERS_APPEND.ld+=        ${_MKPIE_LDFLAGS.gcc}
 .endif
 
diff -r 6b2d1e99e660 -r c0ca9d406e61 mk/cwrappers.mk
--- a/mk/cwrappers.mk   Thu Aug 24 22:52:55 2017 +0000
+++ b/mk/cwrappers.mk   Fri Aug 25 01:43:17 2017 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: cwrappers.mk,v 1.28 2017/05/04 18:30:56 joerg Exp $
+# $NetBSD: cwrappers.mk,v 1.29 2017/08/25 01:43:17 khorben Exp $
 #
 # This Makefile fragment implements integration of pkgtools/cwrappers.
 
@@ -88,6 +88,9 @@
 .  for alias in ${CWRAPPERS_ALIASES.${wrappee}}
        ${RUN}ln -s ${CWRAPPERS_SRC_DIR}/${CWRAPPERS_CONFIG.${wrappee}}-wrapper ${WRAPPER_BINDIR}/${alias}
 .  endfor
+. if ${_PKGSRC_MKPIE} == "yes"
+       ${RUN}echo append_executable=${_MKPIE_LDFLAGS.gcc} >> ${CWRAPPERS_CONFIG_DIR}/${CWRAPPERS_CONFIG.${wrappee}}
+. endif
 .endfor
 
 PREPEND_PATH+=         ${WRAPPER_BINDIR}

Prev by Date: [pkgsrc/trunk]: pkgsrc/devel/py-boost Bump depenency
Next by Date: [pkgsrc/trunk]: pkgsrc/emulators/gxemul the MIPS 4Kc, 4KEc, 5Kc and 5KE cpus ...
Previous by Thread: [pkgsrc/trunk]: pkgsrc/devel/py-boost Bump depenency
Next by Thread: [pkgsrc/trunk]: pkgsrc/emulators/gxemul the MIPS 4Kc, 4KEc, 5Kc and 5KE cpus ...
Indexes:

Home | Main Index | Thread Index | Old Index