toolchain: Build without hardening
authorMichael Tremer <michael.tremer@ipfire.org>
Thu, 13 Apr 2017 14:03:38 +0000 (16:03 +0200)
committerMichael Tremer <michael.tremer@ipfire.org>
Thu, 18 May 2017 10:59:00 +0000 (11:59 +0100)
The toolchain will be built without hardening which makes
the entire bootstrapping process way more complicated than
necessary and sometimes fail on some host distribution.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
lfs/binutils
lfs/ccache
lfs/gcc
tools/make-functions

index ff5fc6f..f168c7c 100644 (file)
@@ -46,7 +46,6 @@ else
 ifeq "$(PASS)" "1"
   CFLAGS := $(patsubst -march=%,,$(CFLAGS))
   CFLAGS := $(patsubst -mfloat-abi=%,,$(CFLAGS))
-  CFLAGS := $(patsubst -fstack-protector-strong,-fstack-protector-all,$(CFLAGS))
   TARGET = $(DIR_INFO)/$(THISAPP)-tools1
   EXTRA_CONFIG = \
        --target=$(CROSSTARGET) \
index c35c670..9fbb728 100644 (file)
@@ -35,7 +35,6 @@ TARGET     = $(DIR_INFO)/$(THISAPP)-pass$(PASS)
 ifeq "$(PASS)" "1"
        CFLAGS := $(patsubst -march=%,,$(CFLAGS))
        CFLAGS := $(patsubst -mfloat-abi=%,,$(CFLAGS))
-       CFLAGS := $(patsubst -fstack-protector-strong,-fstack-protector-all,$(CFLAGS))
 endif
 
 # Set max cache size to 5GB
diff --git a/lfs/gcc b/lfs/gcc
index 927621e..35d305e 100644 (file)
--- a/lfs/gcc
+++ b/lfs/gcc
@@ -59,10 +59,6 @@ ifeq "$(ROOT)" ""
   EXTRA_INSTALL =
 else
 ifeq "$(PASS)" "1"
-  CFLAGS    := $(patsubst -fstack-protector-strong,-fstack-protector-all,$(CFLAGS))
-  CXXFLAGS  := $(patsubst -fstack-protector-strong,-fstack-protector-all,$(CXXFLAGS))
-  CXXFLAGS  += -std=gnu++98
-
   TARGET = $(DIR_INFO)/$(THISAPP)-tools1
   EXTRA_CONFIG = \
        --target=$(CROSSTARGET) \
@@ -135,9 +131,6 @@ else
   EXTRA_INSTALL = 
 endif
 endif
-
-  # Disable stack protection in toolchain.
-  CFLAGS += -fno-stack-protector
 endif
 
 ifeq "$(MACHINE)" "armv5tel"
index 0180ded..cb455a9 100644 (file)
@@ -108,8 +108,10 @@ configure_target() {
        # Old variable names
        MACHINE="${TARGET_ARCH}"
 
-       CFLAGS="-O2 -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fPIC"
-       CFLAGS="${CFLAGS} -fstack-protector-strong --param=ssp-buffer-size=4 ${CFLAGS_ARCH}"
+       # Enables hardening
+       HARDENING_CFLAGS="-Wp,-D_FORTIFY_SOURCE=2 -fstack-protector-strong --param=ssp-buffer-size=4"
+
+       CFLAGS="-O2 -pipe -Wall -fexceptions -fPIC ${CFLAGS_ARCH}"
        CXXFLAGS="${CFLAGS}"
 }
 
@@ -478,7 +480,8 @@ entershell() {
                PATH=/tools/ccache/bin:/bin:/usr/bin:/sbin:/usr/sbin:/tools/bin \
                VERSION=$VERSION CONFIG_ROOT=$CONFIG_ROOT \
                NAME="$NAME" SNAME="$SNAME" SLOGAN="$SLOGAN" \
-               CFLAGS="${CFLAGS}" CXXFLAGS="${CXXFLAGS}" \
+               CFLAGS="${CFLAGS} ${HARDENING_CFLAGS}" \
+               CXXFLAGS="${CXXFLAGS} ${HARDENING_CFLAGS}" \
                CCACHE_DIR=/usr/src/ccache \
                CCACHE_COMPRESS="${CCACHE_COMPRESS}" \
                CCACHE_COMPILERCHECK="${CCACHE_COMPILERCHECK}" \
@@ -604,7 +607,8 @@ lfsmake2() {
                                                SYSTEM_RELEASE="${SYSTEM_RELEASE}" \
                                                CONFIG_ROOT=$CONFIG_ROOT \
                                                NAME="$NAME" SNAME="$SNAME" SLOGAN="$SLOGAN" \
-                                               CFLAGS="${CFLAGS}" CXXFLAGS="${CXXFLAGS}" \
+                                               CFLAGS="${CFLAGS} ${HARDENING_CFLAGS}" \
+                                               CXXFLAGS="${CXXFLAGS} ${HARDENING_CFLAGS}" \
                                                CCACHE_DIR=/usr/src/ccache \
                                                CCACHE_COMPRESS="${CCACHE_COMPRESS}" \
                                                CCACHE_COMPILERCHECK="${CCACHE_COMPILERCHECK}" \
@@ -646,7 +650,8 @@ ipfiremake() {
                                                CONFIG_ROOT=$CONFIG_ROOT \
                                                NAME="$NAME" SNAME="$SNAME" SLOGAN="$SLOGAN" \
                                                SYSTEM_RELEASE="$SYSTEM_RELEASE" \
-                                               CFLAGS="${CFLAGS}" CXXFLAGS="${CXXFLAGS}" \
+                                               CFLAGS="${CFLAGS} ${HARDENING_CFLAGS}" \
+                                               CXXFLAGS="${CXXFLAGS} ${HARDENING_CFLAGS}" \
                                                CCACHE_DIR=/usr/src/ccache \
                                                CCACHE_COMPRESS="${CCACHE_COMPRESS}" \
                                                CCACHE_COMPILERCHECK="${CCACHE_COMPILERCHECK}" \
@@ -686,7 +691,8 @@ ipfiredist() {
                                        VERSION=$VERSION \
                                        CONFIG_ROOT=$CONFIG_ROOT \
                                        NAME="$NAME" SNAME="$SNAME" SLOGAN="$SLOGAN" \
-                                       CFLAGS="${CFLAGS}" CXXFLAGS="${CXXFLAGS}" \
+                                       CFLAGS="${CFLAGS} ${HARDENING_CFLAGS}" \
+                                       CXXFLAGS="${CXXFLAGS} ${HARDENING_CFLAGS}" \
                                        CCACHE_DIR=/usr/src/ccache \
                                        CCACHE_COMPRESS="${CCACHE_COMPRESS}" \
                                        CCACHE_COMPILERCHECK="${CCACHE_COMPILERCHECK}" \
@@ -727,7 +733,8 @@ installmake() {
                                                SYSTEM_RELEASE="${SYSTEM_RELEASE}" \
                                                CONFIG_ROOT=$CONFIG_ROOT \
                                                NAME="$NAME" SNAME="$SNAME" SLOGAN="$SLOGAN" \
-                                               CFLAGS="${CFLAGS}" CXXFLAGS="${CXXFLAGS}" \
+                                               CFLAGS="${CFLAGS} ${HARDENING_CFLAGS}" \
+                                               CXXFLAGS="${CXXFLAGS} ${HARDENING_CFLAGS}" \
                                                CCACHE_DIR=/usr/src/ccache CCACHE_COMPRESS=1 CCACHE_HASHDIR=1 \
                                                KVER=$KVER \
                                                BUILDTARGET="$BUILDTARGET" \