summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'hardened/toolchain/branches')
-rw-r--r--hardened/toolchain/branches/pieworld/eclass/flag-o-matic.eclass49
-rw-r--r--hardened/toolchain/branches/pieworld/eclass/toolchain-funcs.eclass1
2 files changed, 40 insertions, 10 deletions
diff --git a/hardened/toolchain/branches/pieworld/eclass/flag-o-matic.eclass b/hardened/toolchain/branches/pieworld/eclass/flag-o-matic.eclass
index 7be1a01..5f642e6 100644
--- a/hardened/toolchain/branches/pieworld/eclass/flag-o-matic.eclass
+++ b/hardened/toolchain/branches/pieworld/eclass/flag-o-matic.eclass
@@ -124,13 +124,44 @@ setup-allowed-flags() {
_manage-hardened() {
local newspec=$1
[[ -z $2 ]] && die "Internal flag-o-matic error ($*) - please report"
- if gcc-specs-exists $newspec; then
+ if gcc-specs-exists ${newspec}.specs; then
[[ -z ${GCC_SPECS} ]] || newspec=":${newspec}"
- export GCC_SPECS="${GCC_SPECS}${newspec}"
+ export GCC_SPECS="${GCC_SPECS}${newspec}.specs"
einfo "Hardened compiler filtered $2 - GCC_SPECS set to ${GCC_SPECS}"
else
- _raw_append_flag $2
- einfo "Hardened compiler filtered $2 - CFLAGS set to ${CFLAGS}"
+ local oldspec=${GCC_SPECS/*\/} newspec=""
+ case $1 in
+ "nopie")
+ case ${oldspec} in
+ "" | "hardened.specs")
+ newspec="hardenednopie.specs";;
+ "hardenednossp.specs")
+ newspec="hardenednopiessp.specs";;
+ esac
+ ;;
+ "nossp" | "nosspall")
+ case ${oldspec} in
+ "" | "hardened.specs")
+ newspec="hardenednossp.specs";;
+ "hardenednopie.specs")
+ newspec="hardenednopiessp.specs";;
+ esac
+ ;;
+ "noznow" | "nozrelro")
+ newspec="vanilla.specs";;
+ *)
+ die "Internal flag-o-matic.eclass error - unrecognised hardened filter $1"
+ ;;
+ esac
+ if [[ -n ${newspec} ]]; then
+ if gcc-specs-exists ${newspec}; then
+ export GCC_SPECS="${newspec}"
+ einfo "Hardened compiler filtered $2 - GCC_SPECS set to ${GCC_SPECS}"
+ fi
+ else
+ _raw_append_flag $2
+ einfo "Hardened compiler filtered $2 - CFLAGS set to ${CFLAGS}"
+ fi
fi
}
@@ -145,19 +176,19 @@ _filter-hardened() {
# thinking about -fPIE.
-fPIC|-fpic|-fPIE|-fpie|-Wl,pie|-pie)
gcc-specs-pie &&
- _manage-hardened nopie.specs -nopie ;;
+ _manage-hardened nopie -nopie ;;
-fstack-protector)
gcc-specs-ssp &&
- _manage-hardened nossp.specs -fno-stack-protector ;;
+ _manage-hardened nossp -fno-stack-protector ;;
-fstack-protector-all)
gcc-specs-ssp-to-all &&
- _manage-hardened nosspall.specs -fno-stack-protector-all ;;
+ _manage-hardened nosspall -fno-stack-protector-all ;;
-now|-Wl,-z,now)
gcc-specs-now &&
- _manage-hardened noznow.specs -nonow ;;
+ _manage-hardened noznow -nonow ;;
-relro|-Wl,-z,relro)
gcc-specs-now &&
- _manage-hardened nozrelro.specs -norelro ;;
+ _manage-hardened nozrelro -norelro ;;
esac
done
}
diff --git a/hardened/toolchain/branches/pieworld/eclass/toolchain-funcs.eclass b/hardened/toolchain/branches/pieworld/eclass/toolchain-funcs.eclass
index 6f12918..8bdccd3 100644
--- a/hardened/toolchain/branches/pieworld/eclass/toolchain-funcs.eclass
+++ b/hardened/toolchain/branches/pieworld/eclass/toolchain-funcs.eclass
@@ -278,7 +278,6 @@ gcc-specs-ssp() {
# Returns true if gcc upgrades fstack-protector to fstack-protector-all
gcc-specs-ssp-to-all() {
local directive
- gcc-specs-ssp || return 1
directive=$(gcc-specs-directive cc1)
return $([[ ${directive/\{!fno-stack-protector-all:} != ${directive} ]])
}