Skip to content

Commit

Permalink
cbuild: remove handling of relro and as-needed
Browse files Browse the repository at this point in the history
These are in the default toolchain now and always enabled.
  • Loading branch information
q66 committed Oct 27, 2022
1 parent 57f85ae commit 9b78e55
Show file tree
Hide file tree
Showing 3 changed files with 4 additions and 21 deletions.
6 changes: 3 additions & 3 deletions Packaging.md
Original file line number Diff line number Diff line change
Expand Up @@ -1418,13 +1418,13 @@ for subpackages separately if needed:
### Hardening Options

The `cbuild` system implements an automatic way to deal with toggling
different hardening options.
different hardening options. Several hardening options are implicit
as a part of our toolchain and do not have toggleable options; those
include FORTIFY and RELRO.

Currently the following options are always enabled by default:

* `fortify` Toggles `-D_FORTIFY_SOURCE=2`.
* `pie` Position-independent executables.
* `relro` Full RELRO.
* `ssp` Enables `-fstack-protector-strong`.

The following options are only enabled on targets where the toolchain
Expand Down
8 changes: 1 addition & 7 deletions src/cbuild/core/profile.py
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,6 @@
# recognized hardening options
hardening_fields = {
"pie": True,
"relro": True,
"ssp": True, # this should really be compiler default
"scp": True, # stack-clash-protection
}
Expand All @@ -21,7 +20,6 @@
# they become noop
supported_hardening = {
"pie": True,
"relro": True,
"ssp": True,
"scp": False,
}
Expand Down Expand Up @@ -72,13 +70,9 @@ def _get_hcflags(sharden, tharden):
return hflags

def _get_hldflags(sharden, tharden):
hflags = ["-Wl,--as-needed"]
hflags = []
hard = _get_harden(sharden, tharden)

if hard["relro"]:
hflags.append("-Wl,-z,now")
hflags.append("-Wl,-z,relro")

if not hard["pie"]:
hflags.append("-no-pie")

Expand Down
11 changes: 0 additions & 11 deletions src/cbuild/util/gnu_configure.py
Original file line number Diff line number Diff line change
Expand Up @@ -111,17 +111,6 @@ def configure(
eenv.update(pkg.configure_env)
eenv.update(env)

# http://lists.gnu.org/archive/html/libtool-patches/2004-06/msg00002.html
with open(rscript) as f:
with open(rscript.with_suffix(".tmp"), "w") as tf:
for ln in f:
tf.write(re.sub(
r"^([ \t]*tmp_sharedflag)='-shared'",
r"\1='-shared -Wl,--as-needed'", ln
))

rscript.unlink()
rscript.with_suffix(".tmp").rename(rscript)
rscript.chmod(0o755)

pkg.do(
Expand Down

0 comments on commit 9b78e55

Please sign in to comment.