Attachment #230049 for bug #318171

View | Details | Raw Unified | Return to bug 318171 | Differences between
Collapse All | Expand All




		IUSE="${IUSE} altivec build fortran nls nocxx"
		[[ -n ${PIE_VER} ]] && IUSE="${IUSE} nopie"
		[[ -n ${PP_VER}	 ]] && IUSE="${IUSE} nossp"
		[[ -n ${SPECS_VER} ]] && IUSE="${IUSE} nossp"
		[[ -n ${HTB_VER} ]] && IUSE="${IUSE} boundschecking"
		[[ -n ${D_VER}	 ]] && IUSE="${IUSE} d"


#
gentoo_urls() {
	local devspace="HTTP~lv/GCC/URI HTTP~eradicator/gcc/URI HTTP~vapier/dist/URI
	HTTP~halcy0n/patches/URI HTTP~zorry/patches/gcc/URI"
	devspace=${devspace//HTTP/http:\/\/dev.gentoo.org\/}
	echo mirror://gentoo/$1 ${devspace//URI/$1}
}

	export HTB_GCC_VER=${HTB_GCC_VER:-${GCC_RELEASE_VER}}
	export SPECS_GCC_VER=${SPECS_GCC_VER:-${GCC_RELEASE_VER}}

	[[ -n ${PIE_VER} ]] && \
		PIE_CORE=${PIE_CORE:-gcc-${PIE_GCC_VER}-piepatches-v${PIE_VER}.tar.bz2}

	# Set where to download gcc itself depending on whether we're using a
	# prerelease, snapshot, or release tarball.
	if [[ -n ${PRERELEASE} ]] ; then


	# strawberry pie, Cappuccino and a Gauloises (it's a good thing)
	[[ -n ${PIE_VER} ]] && \
		PIE_CORE=${PIE_CORE:-gcc-${PIE_GCC_VER}-piepatches-v${PIE_VER}.tar.bz2} && \
		GCC_SRC_URI="${GCC_SRC_URI} $(gentoo_urls ${PIE_CORE})"
		
	# gcc minispec for the hardened gcc 4 compiler
	[[ -n ${SPECS_VER} ]] && \
		GCC_SRC_URI="${GCC_SRC_URI} $(gentoo_urls gcc-${SPECS_GCC_VER}-specs-${SPECS_VER}.tar.bz2)"

	# gcc bounds checking patch
	if [[ -n ${HTB_VER} ]] ; then

		[[ ${CTARGET} == *-freebsd* ]] && return 1

		want_pie || return 1
		tc_version_is_at_least 4.3.2 && use nopie && return 1
		hardened_gcc_is_stable pie && return 0
		if has "~$(tc-arch)" ${ACCEPT_KEYWORDS} ; then
			hardened_gcc_check_unsupported pie && return 1

		fi
		return 1
	elif [[ $1 == "ssp" ]] ; then
		want_ssp || return 1
		hardened_gcc_is_stable ssp && return 0
		if has "~$(tc-arch)" ${ACCEPT_KEYWORDS} ; then
			hardened_gcc_check_unsupported ssp && return 1

	return 1
}
want_boundschecking() { _want_stuff HTB_VER boundschecking ; }
want_pie() {
	if tc_version_is_at_least 4.3.2 ; then
		[[ -n ${PIE_VER} ]] && [[ -n ${SPECS_VER} ]] && return 0 || return 1
	else
		_want_stuff PIE_VER !nopie
	fi
}
want_ssp() {
	if tc_version_is_at_least 4.3.4 ; then
		_want_stuff SPECS_VER !nossp
	else
		_want_stuff PP_VER !nossp
	fi
}

want_split_specs() {
	[[ ${SPLIT_SPECS} == "true" ]] && want_pie
}
want_minispecs() {
	if tc_version_is_at_least 4.3.2 && use hardened ; then
		if ! want_pie ; then
			ewarn "PIE_VER or SPECS_VER is not defiend in the GCC ebuild."
		elif use vanilla ; then
			ewarn "You will not get hardened features if you have the vanilla USE-flag."
		elif use nopie && use nossp ; then
			ewarn "You will not get hardened features if you have the nopie and nossp USE-flag."
		elif ! hardened_gcc_works pie && ! hardened_gcc_works ssp && ! use nopie ; then
			ewarn "Your $(tc-arch) arch is not supported."
		else
			return 0
		fi
		ewarn "Hope you know what you are doing. Hardened will not work."
		return 0
	fi
	return 1
}

}
setup_minispecs_gcc_build_specs() {
	# Setup the "build.specs" file for gcc to use when building.
	if want_minispecs && ! tc_version_is_at_least 4.4.3 ; then
		if hardened_gcc_works pie ; then
			cat "${WORKDIR}"/specs/pie.specs >> "${WORKDIR}"/build.specs
		fi
		if hardened_gcc_works ssp ; then
			for s in ssp sspall ; do
				cat "${WORKDIR}"/specs/${s}.specs >> "${WORKDIR}"/build.specs
			done
		fi
		for s in nostrict znow ; do
			cat "${WORKDIR}"/specs/${s}.specs >> "${WORKDIR}"/build.specs
		done
		export GCC_SPECS="${WORKDIR}"/build.specs

	# Build system specs file which, if it exists, must be a complete set of
	# specs as it completely and unconditionally overrides the builtin specs.
	# For gcc 4
	if want_minispecs ; then
		$(XGCC) -dumpspecs > "${WORKDIR}"/specs/specs
		cat "${WORKDIR}"/build.specs >> "${WORKDIR}"/specs/specs
		insinto ${LIBPATH}
		if ! tc_version_is_at_least 4.4.3 ; then
			$(XGCC) -dumpspecs > "${WORKDIR}"/specs/specs
			cat "${WORKDIR}"/build.specs >> "${WORKDIR}"/specs/specs
			doins "${WORKDIR}"/specs/specs || die "failed to install specs"
		fi
		doins "${WORKDIR}"/specs/*.specs || die "failed to install specs"
	fi
}
add_profile_eselect_conf() {


	want_libssp && libc_has_ssp && \
		die "libssp cannot be used with a glibc that has been patched to provide ssp symbols"
	want_minispecs

	unset LANGUAGES #265283
}

		make_gcc_hard || die "failed to make gcc hard"
	fi

	# Rebrand to make bug reports easier
	want_minispecs && BRANDING_GCC_PKGVERSION=${BRANDING_GCC_PKGVERSION/Gentoo/Gentoo Hardened}

	if is_libffi ; then
		# move the libffi target out of gcj and into all
		sed -i \

			confgcc="${confgcc} --disable-libssp"
		fi

		# If we want hardened support with the newer pie-patchset for >=gcc 4.4.3
		if tc_version_is_at_least 4.4.3 && want_minispecs && ! use vanilla ; then
			if hardened_gcc_works ; then 
				confgcc="${confgcc} --enable-esp=all"
			elif ! hardened_gcc_works pie && hardened_gcc_works ssp ; then
				confgcc="${confgcc} --enable-esp=nopie"
			elif ! hardened_gcc_works ssp && hardened_gcc_works pie ; then
				confgcc="${confgcc} --enable-esp=nossp"
			else
				confgcc="${confgcc} --disable-esp"
			fi
		fi

		if tc_version_is_at_least "4.2" ; then
			confgcc="${confgcc} $(use_enable openmp libgomp)"
		fi

	fi
	# Setup the gcc_env_entry for hardened gcc 4 with minispecs
	if want_minispecs ; then
		if hardened_gcc_works ; then
			create_gcc_env_entry hardenednopiessp
		fi
		if hardened_gcc_works pie ; then
			create_gcc_env_entry hardenednopie
		fi
		if hardened_gcc_works ssp ; then
			create_gcc_env_entry hardenednossp
		fi
		create_gcc_env_entry vanilla
	fi

	# Create config files for eselect-compiler
	create_eselect_conf

	# Copy the needed minispec for hardened gcc 4
	copy_minispecs_gcc_specs

	# Move pretty-printers to gdb datadir to shut ldconfig up

	[[ -n ${UCLIBC_VER} ]] && \
		unpack gcc-${UCLIBC_GCC_VER}-uclibc-patches-${UCLIBC_VER}.tar.bz2

	if want_ssp && [[ -z ${SPECS_VER} ]] ; then
		if [[ -n ${PP_FVER} ]] ; then
			# The gcc 3.4 propolice versions are meant to be unpacked to ${S}
			pushd "${S}" > /dev/null

		do_gcc_stub ssp
		return 0
	fi
	[[ -z ${SPECS_VER} ]] || return 0

	local ssppatch
	local sspdocs

Return to bug 318171

Lines 143-148 Link Here

(-)a/eclass/toolchain.eclass (-22 / +74 lines)
143	IUSE="${IUSE} altivec build fortran nls nocxx"	143	IUSE="${IUSE} altivec build fortran nls nocxx"
144	[[ -n ${PIE_VER} ]] && IUSE="${IUSE} nopie"	144	[[ -n ${PIE_VER} ]] && IUSE="${IUSE} nopie"
145	[[ -n ${PP_VER} ]] && IUSE="${IUSE} nossp"	145	[[ -n ${PP_VER} ]] && IUSE="${IUSE} nossp"
		146	[[ -n ${SPECS_VER} ]] && IUSE="${IUSE} nossp"
146	[[ -n ${HTB_VER} ]] && IUSE="${IUSE} boundschecking"	147	[[ -n ${HTB_VER} ]] && IUSE="${IUSE} boundschecking"
147	[[ -n ${D_VER} ]] && IUSE="${IUSE} d"	148	[[ -n ${D_VER} ]] && IUSE="${IUSE} d"
148		149
Lines 278-284 Link Here
278	#	279	#
279	gentoo_urls() {	280	gentoo_urls() {
280	local devspace="HTTP~lv/GCC/URI HTTP~eradicator/gcc/URI HTTP~vapier/dist/URI	281	local devspace="HTTP~lv/GCC/URI HTTP~eradicator/gcc/URI HTTP~vapier/dist/URI
281	HTTP~halcy0n/patches/URI"	282	HTTP~halcy0n/patches/URI HTTP~zorry/patches/gcc/URI"
282	devspace=${devspace//HTTP/http:\/\/dev.gentoo.org\/}	283	devspace=${devspace//HTTP/http:\/\/dev.gentoo.org\/}
283	echo mirror://gentoo/$1 ${devspace//URI/$1}	284	echo mirror://gentoo/$1 ${devspace//URI/$1}
284	}	285	}
Lines 290-298 Link Here
290	export HTB_GCC_VER=${HTB_GCC_VER:-${GCC_RELEASE_VER}}	291	export HTB_GCC_VER=${HTB_GCC_VER:-${GCC_RELEASE_VER}}
291	export SPECS_GCC_VER=${SPECS_GCC_VER:-${GCC_RELEASE_VER}}	292	export SPECS_GCC_VER=${SPECS_GCC_VER:-${GCC_RELEASE_VER}}
292		293
293	[[ -n ${PIE_VER} ]] && \
294	PIE_CORE=${PIE_CORE:-gcc-${PIE_GCC_VER}-piepatches-v${PIE_VER}.tar.bz2}
295
296	# Set where to download gcc itself depending on whether we're using a	294	# Set where to download gcc itself depending on whether we're using a
297	# prerelease, snapshot, or release tarball.	295	# prerelease, snapshot, or release tarball.
298	if [[ -n ${PRERELEASE} ]] ; then	296	if [[ -n ${PRERELEASE} ]] ; then
Lines 334-344 Link Here
334		332
335	# strawberry pie, Cappuccino and a Gauloises (it's a good thing)	333	# strawberry pie, Cappuccino and a Gauloises (it's a good thing)
336	[[ -n ${PIE_VER} ]] && \	334	[[ -n ${PIE_VER} ]] && \
337	GCC_SRC_URI="${GCC_SRC_URI} !nopie? ( $(gentoo_urls ${PIE_CORE}) )"	335	PIE_CORE=${PIE_CORE:-gcc-${PIE_GCC_VER}-piepatches-v${PIE_VER}.tar.bz2} && \
338		336	GCC_SRC_URI="${GCC_SRC_URI} $(gentoo_urls ${PIE_CORE})"
		337
339	# gcc minispec for the hardened gcc 4 compiler	338	# gcc minispec for the hardened gcc 4 compiler
340	[[ -n ${SPECS_VER} ]] && \	339	[[ -n ${SPECS_VER} ]] && \
341	GCC_SRC_URI="${GCC_SRC_URI} !nopie? ( $(gentoo_urls gcc-${SPECS_GCC_VER}-specs-${SPECS_VER}.tar.bz2) )"	340	GCC_SRC_URI="${GCC_SRC_URI} $(gentoo_urls gcc-${SPECS_GCC_VER}-specs-${SPECS_VER}.tar.bz2)"
342		341
343	# gcc bounds checking patch	342	# gcc bounds checking patch
344	if [[ -n ${HTB_VER} ]] ; then	343	if [[ -n ${HTB_VER} ]] ; then
Lines 392-397 Link Here
392	[[ ${CTARGET} == -freebsd ]] && return 1	393	[[ ${CTARGET} == -freebsd ]] && return 1
393		394
394	want_pie \|\| return 1	395	want_pie \|\| return 1
		396	tc_version_is_at_least 4.3.2 && use nopie && return 1
395	hardened_gcc_is_stable pie && return 0	397	hardened_gcc_is_stable pie && return 0
396	if has "~$(tc-arch)" ${ACCEPT_KEYWORDS} ; then	398	if has "~$(tc-arch)" ${ACCEPT_KEYWORDS} ; then
397	hardened_gcc_check_unsupported pie && return 1	399	hardened_gcc_check_unsupported pie && return 1
Lines 400-406 Link Here
400	fi	402	fi
401	return 1	403	return 1
402	elif [[ $1 == "ssp" ]] ; then	404	elif [[ $1 == "ssp" ]] ; then
403	[[ -z ${PP_VER} ]] && return 1	405	want_ssp \|\| return 1
404	hardened_gcc_is_stable ssp && return 0	406	hardened_gcc_is_stable ssp && return 0
405	if has "~$(tc-arch)" ${ACCEPT_KEYWORDS} ; then	407	if has "~$(tc-arch)" ${ACCEPT_KEYWORDS} ; then
406	hardened_gcc_check_unsupported ssp && return 1	408	hardened_gcc_check_unsupported ssp && return 1
Lines 490-508 Link Here
490	return 1	490	return 1
491	}	491	}
492	want_boundschecking() { _want_stuff HTB_VER boundschecking ; }	492	want_boundschecking() { _want_stuff HTB_VER boundschecking ; }
493	want_pie() { _want_stuff PIE_VER !nopie ; }	493	want_pie() {
494	want_ssp() { _want_stuff PP_VER !nossp ; }	494	if tc_version_is_at_least 4.3.2 ; then
		495	[[ -n ${PIE_VER} ]] && [[ -n ${SPECS_VER} ]] && return 0 \|\| return 1
		496	else
		497	_want_stuff PIE_VER !nopie
		498	fi
		499	}
		500	want_ssp() {
		501	if tc_version_is_at_least 4.3.4 ; then
		502	_want_stuff SPECS_VER !nossp
		503	else
		504	_want_stuff PP_VER !nossp
		505	fi
		506	}
495		507
496	want_split_specs() {	508	want_split_specs() {
497	[[ ${SPLIT_SPECS} == "true" ]] && want_pie	509	[[ ${SPLIT_SPECS} == "true" ]] && want_pie
498	}	510	}
499	want_minispecs() {	511	want_minispecs() {
500	if tc_version_is_at_least 4.3.2 && use hardened ; then	512	if tc_version_is_at_least 4.3.2 && use hardened ; then
501	if [[ -n ${SPECS_VER} ]] ; then	513	if ! want_pie ; then
502	return 0	514	ewarn "PIE_VER or SPECS_VER is not defiend in the GCC ebuild."
		515	elif use vanilla ; then
		516	ewarn "You will not get hardened features if you have the vanilla USE-flag."
		517	elif use nopie && use nossp ; then
		518	ewarn "You will not get hardened features if you have the nopie and nossp USE-flag."
		519	elif ! hardened_gcc_works pie && ! hardened_gcc_works ssp && ! use nopie ; then
		520	ewarn "Your $(tc-arch) arch is not supported."
503	else	521	else
504	die "For Hardened to work you need the minispecs files"	522	return 0
505	fi	523	fi
		524	ewarn "Hope you know what you are doing. Hardened will not work."
		525	return 0
506	fi	526	fi
507	return 1	527	return 1
508	}	528	}
Lines 709-719 Link Here
709	}	729	}
710	setup_minispecs_gcc_build_specs() {	730	setup_minispecs_gcc_build_specs() {
711	# Setup the "build.specs" file for gcc to use when building.	731	# Setup the "build.specs" file for gcc to use when building.
712	if want_minispecs ; then	732	if want_minispecs && ! tc_version_is_at_least 4.4.3 ; then
713	if hardened_gcc_works pie ; then	733	if hardened_gcc_works pie ; then
714	cat "${WORKDIR}"/specs/pie.specs >> "${WORKDIR}"/build.specs	734	cat "${WORKDIR}"/specs/pie.specs >> "${WORKDIR}"/build.specs
715	fi	735	fi
716	for s in nostrict znow; do	736	if hardened_gcc_works ssp ; then
		737	for s in ssp sspall ; do
		738	cat "${WORKDIR}"/specs/${s}.specs >> "${WORKDIR}"/build.specs
		739	done
		740	fi
		741	for s in nostrict znow ; do
717	cat "${WORKDIR}"/specs/${s}.specs >> "${WORKDIR}"/build.specs	742	cat "${WORKDIR}"/specs/${s}.specs >> "${WORKDIR}"/build.specs
718	done	743	done
719	export GCC_SPECS="${WORKDIR}"/build.specs	744	export GCC_SPECS="${WORKDIR}"/build.specs
Lines 723-733 Link Here
723	# Build system specs file which, if it exists, must be a complete set of	748	# Build system specs file which, if it exists, must be a complete set of
724	# specs as it completely and unconditionally overrides the builtin specs.	749	# specs as it completely and unconditionally overrides the builtin specs.
725	# For gcc 4	750	# For gcc 4
726	if use hardened && want_minispecs ; then	751	if want_minispecs ; then
727	$(XGCC) -dumpspecs > "${WORKDIR}"/specs/specs
728	cat "${WORKDIR}"/build.specs >> "${WORKDIR}"/specs/specs
729	insinto ${LIBPATH}	752	insinto ${LIBPATH}
730	doins "${WORKDIR}"/specs/* \|\| die "failed to install specs"	753	if ! tc_version_is_at_least 4.4.3 ; then
		754	$(XGCC) -dumpspecs > "${WORKDIR}"/specs/specs
		755	cat "${WORKDIR}"/build.specs >> "${WORKDIR}"/specs/specs
		756	doins "${WORKDIR}"/specs/specs \|\| die "failed to install specs"
		757	fi
		758	doins "${WORKDIR}"/specs/*.specs \|\| die "failed to install specs"
731	fi	759	fi
732	}	760	}
733	add_profile_eselect_conf() {	761	add_profile_eselect_conf() {
Lines 885-890 Link Here
885		913
886	want_libssp && libc_has_ssp && \	914	want_libssp && libc_has_ssp && \
887	die "libssp cannot be used with a glibc that has been patched to provide ssp symbols"	915	die "libssp cannot be used with a glibc that has been patched to provide ssp symbols"
		916	want_minispecs
888		917
889	unset LANGUAGES #265283	918	unset LANGUAGES #265283
890	}	919	}
Lines 1015-1020 Link Here
1015	make_gcc_hard \|\| die "failed to make gcc hard"	1044	make_gcc_hard \|\| die "failed to make gcc hard"
1016	fi	1045	fi
1017		1046
		1047	# Rebrand to make bug reports easier
		1048	want_minispecs && BRANDING_GCC_PKGVERSION=${BRANDING_GCC_PKGVERSION/Gentoo/Gentoo Hardened}
		1049
1018	if is_libffi ; then	1050	if is_libffi ; then
1019	# move the libffi target out of gcj and into all	1051	# move the libffi target out of gcj and into all
1020	sed -i \	1052	sed -i \
Lines 1201-1206 Link Here
1201	confgcc="${confgcc} --disable-libssp"	1233	confgcc="${confgcc} --disable-libssp"
1202	fi	1234	fi
1203		1235
		1236	# If we want hardened support with the newer pie-patchset for >=gcc 4.4.3
		1237	if tc_version_is_at_least 4.4.3 && want_minispecs && ! use vanilla ; then
		1238	if hardened_gcc_works ; then
		1239	confgcc="${confgcc} --enable-esp=all"
		1240	elif ! hardened_gcc_works pie && hardened_gcc_works ssp ; then
		1241	confgcc="${confgcc} --enable-esp=nopie"
		1242	elif ! hardened_gcc_works ssp && hardened_gcc_works pie ; then
		1243	confgcc="${confgcc} --enable-esp=nossp"
		1244	else
		1245	confgcc="${confgcc} --disable-esp"
		1246	fi
		1247	fi
		1248
1204	if tc_version_is_at_least "4.2" ; then	1249	if tc_version_is_at_least "4.2" ; then
1205	confgcc="${confgcc} $(use_enable openmp libgomp)"	1250	confgcc="${confgcc} $(use_enable openmp libgomp)"
1206	fi	1251	fi
Lines 1808-1815 Link Here
1808	fi	1853	fi
1809	# Setup the gcc_env_entry for hardened gcc 4 with minispecs	1854	# Setup the gcc_env_entry for hardened gcc 4 with minispecs
1810	if want_minispecs ; then	1855	if want_minispecs ; then
		1856	if hardened_gcc_works ; then
		1857	create_gcc_env_entry hardenednopiessp
		1858	fi
1811	if hardened_gcc_works pie ; then	1859	if hardened_gcc_works pie ; then
1812	create_gcc_env_entry hardenednopie	1860	create_gcc_env_entry hardenednopie
		1861	fi
		1862	if hardened_gcc_works ssp ; then
		1863	create_gcc_env_entry hardenednossp
1813	fi	1864	fi
1814	create_gcc_env_entry vanilla	1865	create_gcc_env_entry vanilla
1815	fi	1866	fi
Lines 1917-1923 Link Here
1917	# Create config files for eselect-compiler	1968	# Create config files for eselect-compiler
1918	create_eselect_conf	1969	create_eselect_conf
1919		1970
1920	# Cpoy the needed minispec for hardened gcc 4	1971	# Copy the needed minispec for hardened gcc 4
1921	copy_minispecs_gcc_specs	1972	copy_minispecs_gcc_specs
1922		1973
1923	# Move pretty-printers to gdb datadir to shut ldconfig up	1974	# Move pretty-printers to gdb datadir to shut ldconfig up
Lines 2072-2078 Link Here
2072	[[ -n ${UCLIBC_VER} ]] && \	2123	[[ -n ${UCLIBC_VER} ]] && \
2073	unpack gcc-${UCLIBC_GCC_VER}-uclibc-patches-${UCLIBC_VER}.tar.bz2	2124	unpack gcc-${UCLIBC_GCC_VER}-uclibc-patches-${UCLIBC_VER}.tar.bz2
2074		2125
2075	if want_ssp ; then	2126	if want_ssp && [[ -z ${SPECS_VER} ]] ; then
2076	if [[ -n ${PP_FVER} ]] ; then	2127	if [[ -n ${PP_FVER} ]] ; then
2077	# The gcc 3.4 propolice versions are meant to be unpacked to ${S}	2128	# The gcc 3.4 propolice versions are meant to be unpacked to ${S}
2078	pushd "${S}" > /dev/null	2129	pushd "${S}" > /dev/null
Lines 2162-2167 Link Here
2162	do_gcc_stub ssp	2213	do_gcc_stub ssp
2163	return 0	2214	return 0
2164	fi	2215	fi
		2216	[[ -z ${SPECS_VER} ]] \|\| return 0
2165		2217
2166	local ssppatch	2218	local ssppatch
2167	local sspdocs	2219	local sspdocs