From e259f335ae8ced4253d5c65631afa6a7450fea6a Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Thu, 13 Apr 2017 16:03:38 +0200 Subject: [PATCH] toolchain: Build without hardening The toolchain will be built without hardening which makes the entire bootstrapping process way more complicated than necessary and sometimes fail on some host distribution. Signed-off-by: Michael Tremer --- lfs/binutils | 1 - lfs/ccache | 1 - lfs/gcc | 7 ------- tools/make-functions | 21 ++++++++++++++------- 4 files changed, 14 insertions(+), 16 deletions(-) diff --git a/lfs/binutils b/lfs/binutils index ff5fc6f850..f168c7c290 100644 --- a/lfs/binutils +++ b/lfs/binutils @@ -46,7 +46,6 @@ else ifeq "$(PASS)" "1" CFLAGS := $(patsubst -march=%,,$(CFLAGS)) CFLAGS := $(patsubst -mfloat-abi=%,,$(CFLAGS)) - CFLAGS := $(patsubst -fstack-protector-strong,-fstack-protector-all,$(CFLAGS)) TARGET = $(DIR_INFO)/$(THISAPP)-tools1 EXTRA_CONFIG = \ --target=$(CROSSTARGET) \ diff --git a/lfs/ccache b/lfs/ccache index c35c6705dc..9fbb728226 100644 --- a/lfs/ccache +++ b/lfs/ccache @@ -35,7 +35,6 @@ TARGET = $(DIR_INFO)/$(THISAPP)-pass$(PASS) ifeq "$(PASS)" "1" CFLAGS := $(patsubst -march=%,,$(CFLAGS)) CFLAGS := $(patsubst -mfloat-abi=%,,$(CFLAGS)) - CFLAGS := $(patsubst -fstack-protector-strong,-fstack-protector-all,$(CFLAGS)) endif # Set max cache size to 5GB diff --git a/lfs/gcc b/lfs/gcc index 927621e853..35d305e2ed 100644 --- a/lfs/gcc +++ b/lfs/gcc @@ -59,10 +59,6 @@ ifeq "$(ROOT)" "" EXTRA_INSTALL = else ifeq "$(PASS)" "1" - CFLAGS := $(patsubst -fstack-protector-strong,-fstack-protector-all,$(CFLAGS)) - CXXFLAGS := $(patsubst -fstack-protector-strong,-fstack-protector-all,$(CXXFLAGS)) - CXXFLAGS += -std=gnu++98 - TARGET = $(DIR_INFO)/$(THISAPP)-tools1 EXTRA_CONFIG = \ --target=$(CROSSTARGET) \ @@ -135,9 +131,6 @@ else EXTRA_INSTALL = endif endif - - # Disable stack protection in toolchain. - CFLAGS += -fno-stack-protector endif ifeq "$(MACHINE)" "armv5tel" diff --git a/tools/make-functions b/tools/make-functions index 0180ded179..cb455a94a3 100644 --- a/tools/make-functions +++ b/tools/make-functions @@ -108,8 +108,10 @@ configure_target() { # Old variable names MACHINE="${TARGET_ARCH}" - CFLAGS="-O2 -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fPIC" - CFLAGS="${CFLAGS} -fstack-protector-strong --param=ssp-buffer-size=4 ${CFLAGS_ARCH}" + # Enables hardening + HARDENING_CFLAGS="-Wp,-D_FORTIFY_SOURCE=2 -fstack-protector-strong --param=ssp-buffer-size=4" + + CFLAGS="-O2 -pipe -Wall -fexceptions -fPIC ${CFLAGS_ARCH}" CXXFLAGS="${CFLAGS}" } @@ -478,7 +480,8 @@ entershell() { PATH=/tools/ccache/bin:/bin:/usr/bin:/sbin:/usr/sbin:/tools/bin \ VERSION=$VERSION CONFIG_ROOT=$CONFIG_ROOT \ NAME="$NAME" SNAME="$SNAME" SLOGAN="$SLOGAN" \ - CFLAGS="${CFLAGS}" CXXFLAGS="${CXXFLAGS}" \ + CFLAGS="${CFLAGS} ${HARDENING_CFLAGS}" \ + CXXFLAGS="${CXXFLAGS} ${HARDENING_CFLAGS}" \ CCACHE_DIR=/usr/src/ccache \ CCACHE_COMPRESS="${CCACHE_COMPRESS}" \ CCACHE_COMPILERCHECK="${CCACHE_COMPILERCHECK}" \ @@ -604,7 +607,8 @@ lfsmake2() { SYSTEM_RELEASE="${SYSTEM_RELEASE}" \ CONFIG_ROOT=$CONFIG_ROOT \ NAME="$NAME" SNAME="$SNAME" SLOGAN="$SLOGAN" \ - CFLAGS="${CFLAGS}" CXXFLAGS="${CXXFLAGS}" \ + CFLAGS="${CFLAGS} ${HARDENING_CFLAGS}" \ + CXXFLAGS="${CXXFLAGS} ${HARDENING_CFLAGS}" \ CCACHE_DIR=/usr/src/ccache \ CCACHE_COMPRESS="${CCACHE_COMPRESS}" \ CCACHE_COMPILERCHECK="${CCACHE_COMPILERCHECK}" \ @@ -646,7 +650,8 @@ ipfiremake() { CONFIG_ROOT=$CONFIG_ROOT \ NAME="$NAME" SNAME="$SNAME" SLOGAN="$SLOGAN" \ SYSTEM_RELEASE="$SYSTEM_RELEASE" \ - CFLAGS="${CFLAGS}" CXXFLAGS="${CXXFLAGS}" \ + CFLAGS="${CFLAGS} ${HARDENING_CFLAGS}" \ + CXXFLAGS="${CXXFLAGS} ${HARDENING_CFLAGS}" \ CCACHE_DIR=/usr/src/ccache \ CCACHE_COMPRESS="${CCACHE_COMPRESS}" \ CCACHE_COMPILERCHECK="${CCACHE_COMPILERCHECK}" \ @@ -686,7 +691,8 @@ ipfiredist() { VERSION=$VERSION \ CONFIG_ROOT=$CONFIG_ROOT \ NAME="$NAME" SNAME="$SNAME" SLOGAN="$SLOGAN" \ - CFLAGS="${CFLAGS}" CXXFLAGS="${CXXFLAGS}" \ + CFLAGS="${CFLAGS} ${HARDENING_CFLAGS}" \ + CXXFLAGS="${CXXFLAGS} ${HARDENING_CFLAGS}" \ CCACHE_DIR=/usr/src/ccache \ CCACHE_COMPRESS="${CCACHE_COMPRESS}" \ CCACHE_COMPILERCHECK="${CCACHE_COMPILERCHECK}" \ @@ -727,7 +733,8 @@ installmake() { SYSTEM_RELEASE="${SYSTEM_RELEASE}" \ CONFIG_ROOT=$CONFIG_ROOT \ NAME="$NAME" SNAME="$SNAME" SLOGAN="$SLOGAN" \ - CFLAGS="${CFLAGS}" CXXFLAGS="${CXXFLAGS}" \ + CFLAGS="${CFLAGS} ${HARDENING_CFLAGS}" \ + CXXFLAGS="${CXXFLAGS} ${HARDENING_CFLAGS}" \ CCACHE_DIR=/usr/src/ccache CCACHE_COMPRESS=1 CCACHE_HASHDIR=1 \ KVER=$KVER \ BUILDTARGET="$BUILDTARGET" \ -- 2.39.2