Attachment #231555 for bug #318171




		IUSE="${IUSE} altivec build fortran nls nocxx"
		[[ -n ${PIE_VER} ]] && IUSE="${IUSE} nopie"
		[[ -n ${PP_VER}	 ]] && IUSE="${IUSE} nossp"
		[[ -n ${SPECS_VER} ]] && IUSE="${IUSE} nossp"
		[[ -n ${HTB_VER} ]] && IUSE="${IUSE} boundschecking"
		[[ -n ${D_VER}	 ]] && IUSE="${IUSE} d"


#
gentoo_urls() {
	local devspace="HTTP~lv/GCC/URI HTTP~eradicator/gcc/URI HTTP~vapier/dist/URI
	HTTP~halcy0n/patches/URI HTTP~zorry/patches/gcc/URI"
	devspace=${devspace//HTTP/http:\/\/dev.gentoo.org\/}
	echo mirror://gentoo/$1 ${devspace//URI/$1}
}

	export HTB_GCC_VER=${HTB_GCC_VER:-${GCC_RELEASE_VER}}
	export SPECS_GCC_VER=${SPECS_GCC_VER:-${GCC_RELEASE_VER}}

	[[ -n ${PIE_VER} ]] && \
		PIE_CORE=${PIE_CORE:-gcc-${PIE_GCC_VER}-piepatches-v${PIE_VER}.tar.bz2}

	# Set where to download gcc itself depending on whether we're using a
	# prerelease, snapshot, or release tarball.
	if [[ -n ${PRERELEASE} ]] ; then


	# strawberry pie, Cappuccino and a Gauloises (it's a good thing)
	[[ -n ${PIE_VER} ]] && \
		PIE_CORE=${PIE_CORE:-gcc-${PIE_GCC_VER}-piepatches-v${PIE_VER}.tar.bz2} && \
		GCC_SRC_URI="${GCC_SRC_URI} $(gentoo_urls ${PIE_CORE})"
		
	# gcc minispec for the hardened gcc 4 compiler
	[[ -n ${SPECS_VER} ]] && \
		GCC_SRC_URI="${GCC_SRC_URI} $(gentoo_urls gcc-${SPECS_GCC_VER}-specs-${SPECS_VER}.tar.bz2)"

	# gcc bounds checking patch
	if [[ -n ${HTB_VER} ]] ; then

		[[ ${CTARGET} == *-freebsd* ]] && return 1

		want_pie || return 1
		tc_version_is_at_least 4.3.2 && use nopie && return 1
		hardened_gcc_is_stable pie && return 0
		if has "~$(tc-arch)" ${ACCEPT_KEYWORDS} ; then
			hardened_gcc_check_unsupported pie && return 1

		fi
		return 1
	elif [[ $1 == "ssp" ]] ; then
		[[ -n ${PP_VER} ]] || [[ -n ${SPECS_VER} ]] || return 1
		tc_version_is_at_least 4.3.2 && use nossp && return 1
		hardened_gcc_is_stable ssp && return 0
		if has "~$(tc-arch)" ${ACCEPT_KEYWORDS} ; then
			hardened_gcc_check_unsupported ssp && return 1

	return 1
}
want_boundschecking() { _want_stuff HTB_VER boundschecking ; }
want_pie() {
		! use hardened && [[ -n ${PIE_VER} ]] && use nopie && return 1
		[[ -n ${PIE_VER} ]] && [[ -n ${SPECS_VER} ]] && return 0
		tc_version_is_at_least 4.3.2 && return 1
		_want_stuff PIE_VER !nopie
}
want_ssp() { _want_stuff PP_VER !nossp ; }

want_split_specs() {

}
want_minispecs() {
	if tc_version_is_at_least 4.3.2 && use hardened ; then
		if ! want_pie ; then
			ewarn "PIE_VER or SPECS_VER is not defiend in the GCC ebuild."
		elif use vanilla ; then
			ewarn "You will not get hardened features if you have the vanilla USE-flag."
		elif use nopie && use nossp ; then
			ewarn "You will not get hardened features if you have the nopie and nossp USE-flag."
		elif ! hardened_gcc_works pie && ! hardened_gcc_works ssp && ! use nopie ; then
			ewarn "Your $(tc-arch) arch is not supported."
		else
			return 0
		fi
		ewarn "Hope you know what you are doing. Hardened will not work."
		return 0
	fi
	return 1
}

	# the necessary support
	want_pie && use hardened && glibc_have_pie

	if use hardened ; then
		einfo "updating configuration to build hardened GCC"
		make_gcc_hard || die "failed to make gcc hard"
	fi

			confgcc="${confgcc} --disable-libssp"
		fi

		# If we want hardened support with the newer pie-patchset for >=gcc 4.4.3
		if tc_version_is_at_least 4.4.3 && want_minispecs && ! use vanilla ; then
			if hardened_gcc_works ; then 
				confgcc="${confgcc} --enable-esp=all"
			elif ! hardened_gcc_works pie && hardened_gcc_works ssp ; then
				confgcc="${confgcc} --enable-esp=nopie"
			elif ! hardened_gcc_works ssp && hardened_gcc_works pie ; then
				confgcc="${confgcc} --enable-esp=nossp"
			else
				confgcc="${confgcc} --disable-esp"
			fi
		fi

		if tc_version_is_at_least "4.2" ; then
			confgcc="${confgcc} $(use_enable openmp libgomp)"
		fi

	einfo "CFLAGS=\"${CFLAGS}\""
	einfo "CXXFLAGS=\"${CXXFLAGS}\""

	# For hardened gcc 4.3 piepatches to build the hardened specs file to use when building gcc
	! tc_version_is_at_least 4.4.3 && setup_minispecs_gcc_build_specs

	# Build in a separate build tree
	mkdir -p "${WORKDIR}"/build

	dodir /etc/env.d/gcc
	create_gcc_env_entry

	if want_split_specs || want_minispecs ; then
		if use hardened ; then
			create_gcc_env_entry vanilla
		fi
		if ! use hardened && hardened_gcc_works && want_split_specs ; then
			create_gcc_env_entry hardened
		fi
		if hardened_gcc_works || hardened_gcc_works pie ; then
			create_gcc_env_entry hardenednossp
		fi

		create_gcc_env_entry hardenednopiessp

		insinto ${LIBPATH}
		if want_split_specs ; then
			doins "${WORKDIR}"/build/*.specs || die "failed to install specs"
	# Setup the gcc_env_entry for hardened gcc 4 with minispecs
	if want_minispecs ; then
		if hardened_gcc_works pie ; then
		    create_gcc_env_entry hardenednopie
		fi
		if want_minispecs ; then
			doins "${WORKDIR}"/specs/*.specs || die "failed to install specs"
		fi
		# For gcc 4.3 piepatches
		! tc_version_is_at_least 4.4.3 && copy_minispecs_gcc_specs
	fi
	# Make sure we dont have stuff lying around that
	# can nuke multiple versions of gcc

	# Create config files for eselect-compiler
	create_eselect_conf

	# Cpoy the needed minispec for hardened gcc 4
	copy_minispecs_gcc_specs

	# Move pretty-printers to gdb datadir to shut ldconfig up
	gdbdir=/usr/share/gdb/auto-load
	for module in $(find "${D}" -iname "*-gdb.py" -print); do

Return to bug 318171

Lines 143-148 Link Here

(-)a/eclass/toolchain.eclass (-27 / +53 lines)
143	IUSE="${IUSE} altivec build fortran nls nocxx"	143	IUSE="${IUSE} altivec build fortran nls nocxx"
144	[[ -n ${PIE_VER} ]] && IUSE="${IUSE} nopie"	144	[[ -n ${PIE_VER} ]] && IUSE="${IUSE} nopie"
145	[[ -n ${PP_VER} ]] && IUSE="${IUSE} nossp"	145	[[ -n ${PP_VER} ]] && IUSE="${IUSE} nossp"
		146	[[ -n ${SPECS_VER} ]] && IUSE="${IUSE} nossp"
146	[[ -n ${HTB_VER} ]] && IUSE="${IUSE} boundschecking"	147	[[ -n ${HTB_VER} ]] && IUSE="${IUSE} boundschecking"
147	[[ -n ${D_VER} ]] && IUSE="${IUSE} d"	148	[[ -n ${D_VER} ]] && IUSE="${IUSE} d"
148		149
Lines 278-284 Link Here
278	#	279	#
279	gentoo_urls() {	280	gentoo_urls() {
280	local devspace="HTTP~lv/GCC/URI HTTP~eradicator/gcc/URI HTTP~vapier/dist/URI	281	local devspace="HTTP~lv/GCC/URI HTTP~eradicator/gcc/URI HTTP~vapier/dist/URI
281	HTTP~halcy0n/patches/URI"	282	HTTP~halcy0n/patches/URI HTTP~zorry/patches/gcc/URI"
282	devspace=${devspace//HTTP/http:\/\/dev.gentoo.org\/}	283	devspace=${devspace//HTTP/http:\/\/dev.gentoo.org\/}
283	echo mirror://gentoo/$1 ${devspace//URI/$1}	284	echo mirror://gentoo/$1 ${devspace//URI/$1}
284	}	285	}
Lines 290-298 Link Here
290	export HTB_GCC_VER=${HTB_GCC_VER:-${GCC_RELEASE_VER}}	291	export HTB_GCC_VER=${HTB_GCC_VER:-${GCC_RELEASE_VER}}
291	export SPECS_GCC_VER=${SPECS_GCC_VER:-${GCC_RELEASE_VER}}	292	export SPECS_GCC_VER=${SPECS_GCC_VER:-${GCC_RELEASE_VER}}
292		293
293	[[ -n ${PIE_VER} ]] && \
294	PIE_CORE=${PIE_CORE:-gcc-${PIE_GCC_VER}-piepatches-v${PIE_VER}.tar.bz2}
295
296	# Set where to download gcc itself depending on whether we're using a	294	# Set where to download gcc itself depending on whether we're using a
297	# prerelease, snapshot, or release tarball.	295	# prerelease, snapshot, or release tarball.
298	if [[ -n ${PRERELEASE} ]] ; then	296	if [[ -n ${PRERELEASE} ]] ; then
Lines 334-344 Link Here
334		332
335	# strawberry pie, Cappuccino and a Gauloises (it's a good thing)	333	# strawberry pie, Cappuccino and a Gauloises (it's a good thing)
336	[[ -n ${PIE_VER} ]] && \	334	[[ -n ${PIE_VER} ]] && \
337	GCC_SRC_URI="${GCC_SRC_URI} !nopie? ( $(gentoo_urls ${PIE_CORE}) )"	335	PIE_CORE=${PIE_CORE:-gcc-${PIE_GCC_VER}-piepatches-v${PIE_VER}.tar.bz2} && \
338		336	GCC_SRC_URI="${GCC_SRC_URI} $(gentoo_urls ${PIE_CORE})"
		337
339	# gcc minispec for the hardened gcc 4 compiler	338	# gcc minispec for the hardened gcc 4 compiler
340	[[ -n ${SPECS_VER} ]] && \	339	[[ -n ${SPECS_VER} ]] && \
341	GCC_SRC_URI="${GCC_SRC_URI} !nopie? ( $(gentoo_urls gcc-${SPECS_GCC_VER}-specs-${SPECS_VER}.tar.bz2) )"	340	GCC_SRC_URI="${GCC_SRC_URI} $(gentoo_urls gcc-${SPECS_GCC_VER}-specs-${SPECS_VER}.tar.bz2)"
342		341
343	# gcc bounds checking patch	342	# gcc bounds checking patch
344	if [[ -n ${HTB_VER} ]] ; then	343	if [[ -n ${HTB_VER} ]] ; then
Lines 392-397 Link Here
392	[[ ${CTARGET} == -freebsd ]] && return 1	393	[[ ${CTARGET} == -freebsd ]] && return 1
393		394
394	want_pie \|\| return 1	395	want_pie \|\| return 1
		396	tc_version_is_at_least 4.3.2 && use nopie && return 1
395	hardened_gcc_is_stable pie && return 0	397	hardened_gcc_is_stable pie && return 0
396	if has "~$(tc-arch)" ${ACCEPT_KEYWORDS} ; then	398	if has "~$(tc-arch)" ${ACCEPT_KEYWORDS} ; then
397	hardened_gcc_check_unsupported pie && return 1	399	hardened_gcc_check_unsupported pie && return 1
Lines 400-406 Link Here
400	fi	400	fi
401	return 1	401	return 1
402	elif [[ $1 == "ssp" ]] ; then	402	elif [[ $1 == "ssp" ]] ; then
403	[[ -z ${PP_VER} ]] && return 1	403	[[ -n ${PP_VER} ]] \|\| [[ -n ${SPECS_VER} ]] \|\| return 1
		404	tc_version_is_at_least 4.3.2 && use nossp && return 1
404	hardened_gcc_is_stable ssp && return 0	405	hardened_gcc_is_stable ssp && return 0
405	if has "~$(tc-arch)" ${ACCEPT_KEYWORDS} ; then	406	if has "~$(tc-arch)" ${ACCEPT_KEYWORDS} ; then
406	hardened_gcc_check_unsupported ssp && return 1	407	hardened_gcc_check_unsupported ssp && return 1
Lines 490-496 Link Here
490	return 1	490	return 1
491	}	491	}
492	want_boundschecking() { _want_stuff HTB_VER boundschecking ; }	492	want_boundschecking() { _want_stuff HTB_VER boundschecking ; }
493	want_pie() { _want_stuff PIE_VER !nopie ; }	493	want_pie() {
		494	! use hardened && [[ -n ${PIE_VER} ]] && use nopie && return 1
		495	[[ -n ${PIE_VER} ]] && [[ -n ${SPECS_VER} ]] && return 0
		496	tc_version_is_at_least 4.3.2 && return 1
		497	_want_stuff PIE_VER !nopie
		498	}
494	want_ssp() { _want_stuff PP_VER !nossp ; }	499	want_ssp() { _want_stuff PP_VER !nossp ; }
495		500
496	want_split_specs() {	501	want_split_specs() {
Lines 498-508 Link Here
498	}	503	}
499	want_minispecs() {	504	want_minispecs() {
500	if tc_version_is_at_least 4.3.2 && use hardened ; then	505	if tc_version_is_at_least 4.3.2 && use hardened ; then
501	if [[ -n ${SPECS_VER} ]] ; then	506	if ! want_pie ; then
502	return 0	507	ewarn "PIE_VER or SPECS_VER is not defiend in the GCC ebuild."
		508	elif use vanilla ; then
		509	ewarn "You will not get hardened features if you have the vanilla USE-flag."
		510	elif use nopie && use nossp ; then
		511	ewarn "You will not get hardened features if you have the nopie and nossp USE-flag."
		512	elif ! hardened_gcc_works pie && ! hardened_gcc_works ssp && ! use nopie ; then
		513	ewarn "Your $(tc-arch) arch is not supported."
503	else	514	else
504	die "For Hardened to work you need the minispecs files"	515	return 0
505	fi	516	fi
		517	ewarn "Hope you know what you are doing. Hardened will not work."
		518	return 0
506	fi	519	fi
507	return 1	520	return 1
508	}	521	}
Lines 1010-1016 Link Here
1010	# the necessary support	1030	# the necessary support
1011	want_pie && use hardened && glibc_have_pie	1031	want_pie && use hardened && glibc_have_pie
1012		1032
1013	if use hardened && ! want_minispecs ; then	1033	if use hardened ; then
1014	einfo "updating configuration to build hardened GCC"	1034	einfo "updating configuration to build hardened GCC"
1015	make_gcc_hard \|\| die "failed to make gcc hard"	1035	make_gcc_hard \|\| die "failed to make gcc hard"
1016	fi	1036	fi
Lines 1201-1206 Link Here
1201	confgcc="${confgcc} --disable-libssp"	1233	confgcc="${confgcc} --disable-libssp"
1202	fi	1234	fi
1203		1235
		1236	# If we want hardened support with the newer pie-patchset for >=gcc 4.4.3
		1237	if tc_version_is_at_least 4.4.3 && want_minispecs && ! use vanilla ; then
		1238	if hardened_gcc_works ; then
		1239	confgcc="${confgcc} --enable-esp=all"
		1240	elif ! hardened_gcc_works pie && hardened_gcc_works ssp ; then
		1241	confgcc="${confgcc} --enable-esp=nopie"
		1242	elif ! hardened_gcc_works ssp && hardened_gcc_works pie ; then
		1243	confgcc="${confgcc} --enable-esp=nossp"
		1244	else
		1245	confgcc="${confgcc} --disable-esp"
		1246	fi
		1247	fi
		1248
1204	if tc_version_is_at_least "4.2" ; then	1249	if tc_version_is_at_least "4.2" ; then
1205	confgcc="${confgcc} $(use_enable openmp libgomp)"	1250	confgcc="${confgcc} $(use_enable openmp libgomp)"
1206	fi	1251	fi
Lines 1682-1689 Link Here
1682	einfo "CFLAGS=\"${CFLAGS}\""	1715	einfo "CFLAGS=\"${CFLAGS}\""
1683	einfo "CXXFLAGS=\"${CXXFLAGS}\""	1716	einfo "CXXFLAGS=\"${CXXFLAGS}\""
1684		1717
1685	# For hardened gcc 4 for build the hardened specs file to use when building gcc	1718	# For hardened gcc 4.3 piepatches to build the hardened specs file to use when building gcc
1686	setup_minispecs_gcc_build_specs	1719	! tc_version_is_at_least 4.4.3 && setup_minispecs_gcc_build_specs
1687		1720
1688	# Build in a separate build tree	1721	# Build in a separate build tree
1689	mkdir -p "${WORKDIR}"/build	1722	mkdir -p "${WORKDIR}"/build
Lines 1791-1801 Link Here
1791	dodir /etc/env.d/gcc	1826	dodir /etc/env.d/gcc
1792	create_gcc_env_entry	1827	create_gcc_env_entry
1793		1828
1794	if want_split_specs ; then	1829	if want_split_specs \|\| want_minispecs ; then
1795	if use hardened ; then	1830	if use hardened ; then
1796	create_gcc_env_entry vanilla	1831	create_gcc_env_entry vanilla
1797	fi	1832	fi
1798	! use hardened && hardened_gcc_works && create_gcc_env_entry hardened	1833	if ! use hardened && hardened_gcc_works && want_split_specs ; then
		1834	create_gcc_env_entry hardened
		1835	fi
1799	if hardened_gcc_works \|\| hardened_gcc_works pie ; then	1836	if hardened_gcc_works \|\| hardened_gcc_works pie ; then
1800	create_gcc_env_entry hardenednossp	1837	create_gcc_env_entry hardenednossp
1801	fi	1838	fi
Lines 1805-1818 Link Here
1805	create_gcc_env_entry hardenednopiessp	1840	create_gcc_env_entry hardenednopiessp
1806		1841
1807	insinto ${LIBPATH}	1842	insinto ${LIBPATH}
1808	doins "${WORKDIR}"/build/*.specs \|\| die "failed to install specs"	1843	if want_split_specs ; then
1809	fi	1844	doins "${WORKDIR}"/build/*.specs \|\| die "failed to install specs"
1810	# Setup the gcc_env_entry for hardened gcc 4 with minispecs
1811	if want_minispecs ; then
1812	if hardened_gcc_works pie ; then
1813	create_gcc_env_entry hardenednopie
1814	fi	1845	fi
1815	create_gcc_env_entry vanilla	1846	if want_minispecs ; then
		1847	doins "${WORKDIR}"/specs/*.specs \|\| die "failed to install specs"
		1848	fi
		1849	# For gcc 4.3 piepatches
		1850	! tc_version_is_at_least 4.4.3 && copy_minispecs_gcc_specs
1816	fi	1851	fi
1817	# Make sure we dont have stuff lying around that	1852	# Make sure we dont have stuff lying around that
1818	# can nuke multiple versions of gcc	1853	# can nuke multiple versions of gcc
Lines 1918-1926 Link Here
1918	# Create config files for eselect-compiler	1950	# Create config files for eselect-compiler
1919	create_eselect_conf	1951	create_eselect_conf
1920		1952
1921	# Cpoy the needed minispec for hardened gcc 4
1922	copy_minispecs_gcc_specs
1923
1924	# Move pretty-printers to gdb datadir to shut ldconfig up	1953	# Move pretty-printers to gdb datadir to shut ldconfig up
1925	gdbdir=/usr/share/gdb/auto-load	1954	gdbdir=/usr/share/gdb/auto-load
1926	for module in $(find "${D}" -iname "*-gdb.py" -print); do	1955	for module in $(find "${D}" -iname "*-gdb.py" -print); do