Attachment #233053 for bug #318171

Lines 143-148 Link Here

(-)a/eclass/toolchain.eclass (-37 / +75 lines)
143	IUSE="${IUSE} altivec build fortran nls nocxx"	143	IUSE="${IUSE} altivec build fortran nls nocxx"
144	[[ -n ${PIE_VER} ]] && IUSE="${IUSE} nopie"	144	[[ -n ${PIE_VER} ]] && IUSE="${IUSE} nopie"
145	[[ -n ${PP_VER} ]] && IUSE="${IUSE} nossp"	145	[[ -n ${PP_VER} ]] && IUSE="${IUSE} nossp"
		146	[[ -n ${SPECS_VER} ]] && IUSE="${IUSE} nossp"
146	[[ -n ${HTB_VER} ]] && IUSE="${IUSE} boundschecking"	147	[[ -n ${HTB_VER} ]] && IUSE="${IUSE} boundschecking"
147	[[ -n ${D_VER} ]] && IUSE="${IUSE} d"	148	[[ -n ${D_VER} ]] && IUSE="${IUSE} d"
148		149
Lines 243-248 Link Here
243	# SPECS_VER	244	# SPECS_VER
244	# SPECS_GCC_VER	245	# SPECS_GCC_VER
245	# This is for the minispecs files included in the hardened gcc-4.x	246	# This is for the minispecs files included in the hardened gcc-4.x
		247	# The specs files for hardenedno*, vanilla and for building the "specs" file.
		248	# SPECS_VER is expected to be the version of this patch, SPECS_GCC_VER
		249	# the gcc version of the patch.
		250	# An example:
		251	# SPECS_VER="8.7.6.5"
		252	# SPECS_GCC_VER="3.4.0"
		253	# The resulting filename of this tarball will be:
		254	# gcc-${SPECS_GCC_VER:-${GCC_RELEASE_VER}}-specs-${SPECS_VER}.tar.bz2
246	#	255	#
247	# PP_VER	256	# PP_VER
248	# PP_GCC_VER	257	# PP_GCC_VER
Lines 278-284 Link Here
278	#	279	#
279	gentoo_urls() {	280	gentoo_urls() {
280	local devspace="HTTP~lv/GCC/URI HTTP~eradicator/gcc/URI HTTP~vapier/dist/URI	281	local devspace="HTTP~lv/GCC/URI HTTP~eradicator/gcc/URI HTTP~vapier/dist/URI
281	HTTP~halcy0n/patches/URI"	282	HTTP~halcy0n/patches/URI HTTP~zorry/patches/gcc/URI"
282	devspace=${devspace//HTTP/http:\/\/dev.gentoo.org\/}	283	devspace=${devspace//HTTP/http:\/\/dev.gentoo.org\/}
283	echo mirror://gentoo/$1 ${devspace//URI/$1}	284	echo mirror://gentoo/$1 ${devspace//URI/$1}
284	}	285	}
Lines 290-298 Link Here
290	export HTB_GCC_VER=${HTB_GCC_VER:-${GCC_RELEASE_VER}}	291	export HTB_GCC_VER=${HTB_GCC_VER:-${GCC_RELEASE_VER}}
291	export SPECS_GCC_VER=${SPECS_GCC_VER:-${GCC_RELEASE_VER}}	292	export SPECS_GCC_VER=${SPECS_GCC_VER:-${GCC_RELEASE_VER}}
292		293
293	[[ -n ${PIE_VER} ]] && \
294	PIE_CORE=${PIE_CORE:-gcc-${PIE_GCC_VER}-piepatches-v${PIE_VER}.tar.bz2}
295
296	# Set where to download gcc itself depending on whether we're using a	294	# Set where to download gcc itself depending on whether we're using a
297	# prerelease, snapshot, or release tarball.	295	# prerelease, snapshot, or release tarball.
298	if [[ -n ${PRERELEASE} ]] ; then	296	if [[ -n ${PRERELEASE} ]] ; then
Lines 334-344 Link Here
334		332
335	# strawberry pie, Cappuccino and a Gauloises (it's a good thing)	333	# strawberry pie, Cappuccino and a Gauloises (it's a good thing)
336	[[ -n ${PIE_VER} ]] && \	334	[[ -n ${PIE_VER} ]] && \
337	GCC_SRC_URI="${GCC_SRC_URI} !nopie? ( $(gentoo_urls ${PIE_CORE}) )"	335	PIE_CORE=${PIE_CORE:-gcc-${PIE_GCC_VER}-piepatches-v${PIE_VER}.tar.bz2} && \
338		336	GCC_SRC_URI="${GCC_SRC_URI} $(gentoo_urls ${PIE_CORE})"
		337
339	# gcc minispec for the hardened gcc 4 compiler	338	# gcc minispec for the hardened gcc 4 compiler
340	[[ -n ${SPECS_VER} ]] && \	339	[[ -n ${SPECS_VER} ]] && \
341	GCC_SRC_URI="${GCC_SRC_URI} !nopie? ( $(gentoo_urls gcc-${SPECS_GCC_VER}-specs-${SPECS_VER}.tar.bz2) )"	340	GCC_SRC_URI="${GCC_SRC_URI} $(gentoo_urls gcc-${SPECS_GCC_VER}-specs-${SPECS_VER}.tar.bz2)"
342		341
343	# gcc bounds checking patch	342	# gcc bounds checking patch
344	if [[ -n ${HTB_VER} ]] ; then	343	if [[ -n ${HTB_VER} ]] ; then
Lines 392-397 Link Here
392	[[ ${CTARGET} == -freebsd ]] && return 1	393	[[ ${CTARGET} == -freebsd ]] && return 1
393		394
394	want_pie \|\| return 1	395	want_pie \|\| return 1
		396	tc_version_is_at_least 4.3.2 && use nopie && return 1
395	hardened_gcc_is_stable pie && return 0	397	hardened_gcc_is_stable pie && return 0
396	if has "~$(tc-arch)" ${ACCEPT_KEYWORDS} ; then	398	if has "~$(tc-arch)" ${ACCEPT_KEYWORDS} ; then
397	hardened_gcc_check_unsupported pie && return 1	399	hardened_gcc_check_unsupported pie && return 1
Lines 400-406 Link Here
400	fi	400	fi
401	return 1	401	return 1
402	elif [[ $1 == "ssp" ]] ; then	402	elif [[ $1 == "ssp" ]] ; then
403	[[ -z ${PP_VER} ]] && return 1	403	[[ -n ${PP_VER} ]] \|\| [[ -n ${SPECS_VER} ]] \|\| return 1
		404	tc_version_is_at_least 4.3.2 && use nossp && return 1
404	hardened_gcc_is_stable ssp && return 0	405	hardened_gcc_is_stable ssp && return 0
405	if has "~$(tc-arch)" ${ACCEPT_KEYWORDS} ; then	406	if has "~$(tc-arch)" ${ACCEPT_KEYWORDS} ; then
406	hardened_gcc_check_unsupported ssp && return 1	407	hardened_gcc_check_unsupported ssp && return 1
Lines 490-496 Link Here
490	return 1	490	return 1
491	}	491	}
492	want_boundschecking() { _want_stuff HTB_VER boundschecking ; }	492	want_boundschecking() { _want_stuff HTB_VER boundschecking ; }
493	want_pie() { _want_stuff PIE_VER !nopie ; }	493	want_pie() {
		494	! use hardened && [[ -n ${PIE_VER} ]] && use nopie && return 1
		495	[[ -n ${PIE_VER} ]] && [[ -n ${SPECS_VER} ]] && return 0
		496	tc_version_is_at_least 4.3.2 && return 1
		497	_want_stuff PIE_VER !nopie
		498	}
494	want_ssp() { _want_stuff PP_VER !nossp ; }	499	want_ssp() { _want_stuff PP_VER !nossp ; }
495		500
496	want_split_specs() {	501	want_split_specs() {
Lines 498-508 Link Here
498	}	503	}
499	want_minispecs() {	504	want_minispecs() {
500	if tc_version_is_at_least 4.3.2 && use hardened ; then	505	if tc_version_is_at_least 4.3.2 && use hardened ; then
501	if [[ -n ${SPECS_VER} ]] ; then	506	if ! want_pie ; then
502	return 0	507	ewarn "PIE_VER or SPECS_VER is not defiend in the GCC ebuild."
		508	elif use vanilla ; then
		509	ewarn "You will not get hardened features if you have the vanilla USE-flag."
		510	elif use nopie && use nossp ; then
		511	ewarn "You will not get hardened features if you have the nopie and nossp USE-flag."
		512	elif ! hardened_gcc_works pie && ! hardened_gcc_works ssp && ! use nopie ; then
		513	ewarn "Your $(tc-arch) arch is not supported."
503	else	514	else
504	die "For Hardened to work you need the minispecs files"	515	return 0
505	fi	516	fi
		517	ewarn "Hope you know what you are doing. Hardened will not work."
		518	return 0
506	fi	519	fi
507	return 1	520	return 1
508	}	521	}
Lines 708-734 Link Here
708	[[ -n ${gcc_specs_file} ]] && echo "GCC_SPECS=\"${gcc_specs_file}\"" >> ${gcc_envd_file}	730	[[ -n ${gcc_specs_file} ]] && echo "GCC_SPECS=\"${gcc_specs_file}\"" >> ${gcc_envd_file}
709	}	731	}
710	setup_minispecs_gcc_build_specs() {	732	setup_minispecs_gcc_build_specs() {
711	# Setup the "build.specs" file for gcc to use when building.	733	# Setup the "build.specs" file for gcc 4.3 to use when building.
712	if want_minispecs ; then	734	if hardened_gcc_works pie ; then
713	if hardened_gcc_works pie ; then	735	cat "${WORKDIR}"/specs/pie.specs >> "${WORKDIR}"/build.specs
714	cat "${WORKDIR}"/specs/pie.specs >> "${WORKDIR}"/build.specs	736	fi
715	fi	737	if hardened_gcc_works ssp ; then
716	for s in nostrict znow; do	738	for s in ssp sspall ; do
717	cat "${WORKDIR}"/specs/${s}.specs >> "${WORKDIR}"/build.specs	739	cat "${WORKDIR}"/specs/${s}.specs >> "${WORKDIR}"/build.specs
718	done	740	done
719	export GCC_SPECS="${WORKDIR}"/build.specs
720	fi	741	fi
		742	for s in nostrict znow ; do
		743	cat "${WORKDIR}"/specs/${s}.specs >> "${WORKDIR}"/build.specs
		744	done
		745	export GCC_SPECS="${WORKDIR}"/build.specs
721	}	746	}
722	copy_minispecs_gcc_specs() {	747	copy_minispecs_gcc_specs() {
		748	# setup the -hardenedno* specs files and the vanilla specs file.
		749	if hardened_gcc_works ; then
		750	create_gcc_env_entry hardenednopiessp
		751	fi
		752	if hardened_gcc_works pie ; then
		753	create_gcc_env_entry hardenednopie
		754	fi
		755	if hardened_gcc_works ssp ; then
		756	create_gcc_env_entry hardenednossp
		757	fi
		758	create_gcc_env_entry vanilla
		759	insinto ${LIBPATH}
		760	doins "${WORKDIR}"/specs/*.specs \|\| die "failed to install specs"
723	# Build system specs file which, if it exists, must be a complete set of	761	# Build system specs file which, if it exists, must be a complete set of
724	# specs as it completely and unconditionally overrides the builtin specs.	762	# specs as it completely and unconditionally overrides the builtin specs.
725	# For gcc 4	763	# For gcc 4.3
726	if use hardened && want_minispecs ; then	764	if ! tc_version_is_at_least 4.4 ; then
727	$(XGCC) -dumpspecs > "${WORKDIR}"/specs/specs	765	$(XGCC) -dumpspecs > "${WORKDIR}"/specs/specs
728	cat "${WORKDIR}"/build.specs >> "${WORKDIR}"/specs/specs	766	cat "${WORKDIR}"/build.specs >> "${WORKDIR}"/specs/specs
729	insinto ${LIBPATH}	767	doins "${WORKDIR}"/specs/specs \|\| die "failed to install the specs file"
730	doins "${WORKDIR}"/specs/* \|\| die "failed to install specs"	768	fi
731	fi
732	}	769	}
733	add_profile_eselect_conf() {	770	add_profile_eselect_conf() {
734	local compiler_config_file=$1	771	local compiler_config_file=$1
Lines 885-890 Link Here
885		902
886	want_libssp && libc_has_ssp && \	903	want_libssp && libc_has_ssp && \
887	die "libssp cannot be used with a glibc that has been patched to provide ssp symbols"	904	die "libssp cannot be used with a glibc that has been patched to provide ssp symbols"
		905	want_minispecs
888		906
889	unset LANGUAGES #265283	907	unset LANGUAGES #265283
890	}	908	}
Lines 1010-1016 Link Here
1010	# the necessary support	1030	# the necessary support
1011	want_pie && use hardened && glibc_have_pie	1031	want_pie && use hardened && glibc_have_pie
1012		1032
1013	if use hardened && ! want_minispecs ; then	1033	if use hardened ; then
1014	einfo "updating configuration to build hardened GCC"	1034	einfo "updating configuration to build hardened GCC"
1015	make_gcc_hard \|\| die "failed to make gcc hard"	1035	make_gcc_hard \|\| die "failed to make gcc hard"
1016	fi	1036	fi
Lines 1201-1206 Link Here
1201	confgcc="${confgcc} --disable-libssp"	1219	confgcc="${confgcc} --disable-libssp"
1202	fi	1220	fi
1203		1221
		1222	# If we want hardened support with the newer pie-patchset for >=gcc 4.4
		1223	if tc_version_is_at_least 4.4 && want_minispecs ; then
		1224	confgcc="${confgcc} $(use_enable hardened esp)"
		1225	fi
		1226
1204	if tc_version_is_at_least "4.2" ; then	1227	if tc_version_is_at_least "4.2" ; then
1205	confgcc="${confgcc} $(use_enable openmp libgomp)"	1228	confgcc="${confgcc} $(use_enable openmp libgomp)"
1206	fi	1229	fi
Lines 1682-1690 Link Here
1682	einfo "CFLAGS=\"${CFLAGS}\""	1719	einfo "CFLAGS=\"${CFLAGS}\""
1683	einfo "CXXFLAGS=\"${CXXFLAGS}\""	1720	einfo "CXXFLAGS=\"${CXXFLAGS}\""
1684		1721
1685	# For hardened gcc 4 for build the hardened specs file to use when building gcc	1722	# For hardened gcc 4.3 piepatchset to build the hardened specs
1686	setup_minispecs_gcc_build_specs	1723	# file (build.specs) to use when building gcc.
1687		1724	if ! tc_version_is_at_least 4.4 && want_minispecs ; then
		1725	setup_minispecs_gcc_build_specs
		1726	fi
1688	# Build in a separate build tree	1727	# Build in a separate build tree
1689	mkdir -p "${WORKDIR}"/build	1728	mkdir -p "${WORKDIR}"/build
1690	pushd "${WORKDIR}"/build > /dev/null	1729	pushd "${WORKDIR}"/build > /dev/null
Lines 1809-1818 Link Here
1809	fi	1848	fi
1810	# Setup the gcc_env_entry for hardened gcc 4 with minispecs	1849	# Setup the gcc_env_entry for hardened gcc 4 with minispecs
1811	if want_minispecs ; then	1850	if want_minispecs ; then
1812	if hardened_gcc_works pie ; then	1851	copy_minispecs_gcc_specs
1813	create_gcc_env_entry hardenednopie
1814	fi
1815	create_gcc_env_entry vanilla
1816	fi	1852	fi
1817	# Make sure we dont have stuff lying around that	1853	# Make sure we dont have stuff lying around that
1818	# can nuke multiple versions of gcc	1854	# can nuke multiple versions of gcc
Lines 1918-1926 Link Here
1918	# Create config files for eselect-compiler	1950	# Create config files for eselect-compiler
1919	create_eselect_conf	1951	create_eselect_conf
1920		1952
1921	# Cpoy the needed minispec for hardened gcc 4
1922	copy_minispecs_gcc_specs
1923
1924	# Move pretty-printers to gdb datadir to shut ldconfig up	1953	# Move pretty-printers to gdb datadir to shut ldconfig up
1925	gdbdir=/usr/share/gdb/auto-load	1954	gdbdir=/usr/share/gdb/auto-load
1926	for module in $(find "${D}" -iname "*-gdb.py" -print); do	1955	for module in $(find "${D}" -iname "*-gdb.py" -print); do
Lines 2271-2283 Link Here
2271	# adds default pie support (rs6000 too) if DEFAULT_PIE[_SSP] is defined	2297	# adds default pie support (rs6000 too) if DEFAULT_PIE[_SSP] is defined
2272	EPATCH_MULTI_MSG="Applying default pie patches ..." \	2298	EPATCH_MULTI_MSG="Applying default pie patches ..." \
2273	epatch "${WORKDIR}"/piepatch/def	2299	epatch "${WORKDIR}"/piepatch/def
2274		2300	fi
2275	# we want to be able to control the pie patch logic via something other	2301	# we want to be able to control the pie patch logic via something other
2276	# than ALL_CFLAGS...	2302	# than ALL_CFLAGS...
2277	sed -e '/^ALL_CFLAGS/iHARD_CFLAGS = ' \	2303	sed -e '/^ALL_CFLAGS/iHARD_CFLAGS = ' \
2278	-e 's\|^ALL_CFLAGS = \|ALL_CFLAGS = $(HARD_CFLAGS) \|' \	2304	-e 's\|^ALL_CFLAGS = \|ALL_CFLAGS = $(HARD_CFLAGS) \|' \
2279	-i "${S}"/gcc/Makefile.in	2305	-i "${S}"/gcc/Makefile.in
2280	fi
2281		2306
2282	BRANDING_GCC_PKGVERSION="${BRANDING_GCC_PKGVERSION}, pie-${PIE_VER}"	2307	BRANDING_GCC_PKGVERSION="${BRANDING_GCC_PKGVERSION}, pie-${PIE_VER}"
2283	}	2308	}

Return to bug 318171