I would love every application to be compiled hardened with not problems. However, that day seems not to be close. So it is more realistic that I will compile most applications with hardened but compiling failing applications without hardened. I can change gcc to non-hardened, but this will compile every application as non-hardened and not just the single failing application. I therefore propose a directive in ebuilds that will disable hardening for a single ebuild. This will make it easier for people to start using hardening: If it does not work, insert the directive in the offending ebuild, submit a bugreport and move on. Until a permanent fix is found the ebuild with the directive should be adopted in the ebuild in the normal portage-tree. This will also make it fairly easy for the hardening-group to find the failing ebuilds. Reproducible: Always Steps to Reproduce:
There already exists a method to disable as needed via ebuilds. It's calledCFLAGS/LDFLAGS The following flags are of use. -fno-stack-protector | -fno-stack-protector-all -fno-pie | -fno-PIE -nopie -norelro -nonow