X-Git-Url: http://git.ipfire.org/?a=blobdiff_plain;f=docs%2FDISTRO_PORTING.md;h=2e4782f40197b4a8848ed057f5bebf115b264f7b;hb=18d9cee002fdbce61cadc85ade57af7bca176509;hp=0099a1334aed6473231a5abf087f1a173aa03374;hpb=5c5c21835a606542f2da6b6705cf2994c8c57d2d;p=thirdparty%2Fsystemd.git

diff --git a/docs/DISTRO_PORTING.md b/docs/DISTRO_PORTING.md
index 0099a1334ae..2e4782f4019 100644
--- a/docs/DISTRO_PORTING.md
+++ b/docs/DISTRO_PORTING.md
@@ -1,5 +1,7 @@
 ---
 title: Porting systemd To New Distributions
+category: Concepts
+layout: default
 ---
 
 # Porting systemd To New Distributions
@@ -15,7 +17,6 @@ distribution:
    * `-Dsysvinit-path=`
    * `-Dsysvrcnd-path=`
    * `-Drc-local=`
-   * `-Dhalt-local=`
    * `-Dloadkeys-path=`
    * `-Dsetfont-path=`
    * `-Dtty-gid=`
@@ -31,6 +32,20 @@ distribution:
    print the initial transaction it would execute during boot-up.
    This will also inform you about ordering loops and suchlike.
 
+## Compilation options
+
+The default configuration does not enable any optimization or hardening
+options. This is suitable for development and testing, but not for end-user
+installations.
+
+For deployment, optimization (`-O2` or `-O3` compiler options), link time
+optimization (`-Db_lto=true` meson option), and hardening (e.g.
+`-D_FORTIFY_SOURCE=2`, `-fstack-protector-strong`, `-fstack-clash-protection`,
+`-fcf-protection`, `-pie` compiler options, and `-z relro`, `-z now`,
+`--as-needed` linker options) are recommended. The most appropriate set of
+options depends on the architecture and distribution specifics so no default is
+provided.
+
 ## NTP Pool
 
 By default, systemd-timesyncd uses the Google Public NTP servers