Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 80307

Summary: (toolchain) Easy way to disable hardening in separate ebuilds
Product: Gentoo Linux Reporter: Ole Tange <bugs.gentoo.org>
Component: HardenedAssignee: The Gentoo Linux Hardened Team <hardened>
Status: RESOLVED WONTFIX    
Severity: enhancement    
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Ole Tange 2005-02-01 02:20:08 UTC 
I would love every application to be compiled hardened with not problems. However, that day seems not to be close. So it is more realistic that I will compile most applications with hardened but compiling failing applications without hardened.

I can change gcc to non-hardened, but this will compile every application as non-hardened and not just the single failing application.

I therefore propose a directive in ebuilds that will disable hardening for a single ebuild. This will make it easier for people to start using hardening: If it does not work, insert the directive in the offending ebuild, submit a bugreport and move on.

Until a permanent fix is found the ebuild with the directive should be adopted in the ebuild in the normal portage-tree. This will also make it fairly easy for the hardening-group to find the failing ebuilds.


Reproducible: Always
Steps to Reproduce:
Comment 1 solar (RETIRED) gentoo-dev 2005-02-09 11:44:09 UTC 
There already exists a method to disable as needed via ebuilds. 
It's calledCFLAGS/LDFLAGS

The following flags are of use.

-fno-stack-protector | -fno-stack-protector-all
-fno-pie | -fno-PIE

-nopie
-norelro
-nonow