| Summary: | gcc-4.0 going into ~arch | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Mark Loeser (RETIRED) <halcy0n> |
| Component: | [OLD] Core system | Assignee: | The Gentoo Linux Hardened Team <hardened> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | pageexec, Protonic86, ps.m |
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
|
Description
Mark Loeser (RETIRED)
2006-01-05 18:20:22 UTC
could at least enable the split-specs option and add the pie stable/unstable defines because these features are "builtin"
For pie enabling you need to build objects in libiberty.a in any case as PIC and the current libiberty-pic.patch has to be
replaced w/ sed -i 's:^PICFLAG =:PICFLAG = -fPIC:' ${S}/libiberty/Makefile.in
Maybe the specs-env patch should be replaced w/ kevquinn's
Nice that ppl are expecting miracles, but keep no promises:
1. split spec option solving (curiously not even seeing that it works as of 4.0.2-r2)
2. glibc updating to latest rh tarball (is FEDORA_VER=2004xx, should be 20051x)
the latter is a requirement to backport SSP from 4.1
gcc4 SSP will work only w/ newer glibc being patched w/ parts targeted for glibc-2.4
It works w/ current uClibc-svn, but not 0.9.28 (this is though easier to do as glibc)
Here's my 2c :) Since there's no SSP, or if there is I understand it's only partial (no C++) then we should mask for the hardened profile. Certainly it doesn't make sense to delay going ~x86 for non-hardened just for us. I'd like to see the GCC_SPECS update go in - http://dev.gentoo.org/~kevquinn/gcc/new-gcc-spec-env.patch - so that the ':'-separated lists of specs files will work from ~x86 4.0 onwards. It's harmless enough so shouldn't affect anyone, unless people use ':' in filenames which would be a bit daft. Perhaps in hardened we could delay and think a little more about how we do things - in particular how the compiler libraries are built. It might be useful to build the .so libraries with and without SSP, and the .a archives as normal, PIE, SSP, PIE+SSP. It'd be nice to have things so that things are identical on hardened & non-hardened, apart from the default config. (In reply to comment #2) > Since there's no SSP, or if there is I understand it's only partial (no C++) > then we should mask for the hardened profile. Certainly it doesn't make sense > to delay going ~x86 for non-hardened just for us. Sounds good. > I'd like to see the GCC_SPECS update go in - > http://dev.gentoo.org/~kevquinn/gcc/new-gcc-spec-env.patch - so that the > ':'-separated lists of specs files will work from ~x86 4.0 onwards. It's > harmless enough so shouldn't affect anyone, unless people use ':' in filenames > which would be a bit daft. Patch looks fine, but we don't generate split specs currently since the way we were doing it was "broken". (Just try using gcc-3.4.4 to compile 4.x and you should see it break if you re-enable split specs) If someone could figure out the best way to generate those, that'd be great. I have enabled SPLIT_SPECS, added PIE_STABLE* to the ebuild and did the -fPIC change proposed to libiberty/Makefile.in and gcc-3.4.5 (hardened profile selected) can build gcc-4.0.2-r3. the created specs are correct. another possibility that could be used is to run make CC="stage1/xgcc -B./" SPECS=newname this would create file <newname>. this would be cleaner, but I dont know if it would work on gcc-3 Well, the mask has been added, so your users shouldn't have any problems until you decide to migrate them. |