diff options
| author |   Sam James <sam@gentoo.org> | 2023-08-17 04:18:19 +0100 |
|---|---|---|
| committer | Sam James <sam@gentoo.org> | 2023-08-18 02:30:16 +0100 |
| commit | b540f017cacb9d8c293648dcb1ab209d43d1ca79 (patch) | |
| tree | 46eeaafc219ef8639573a4a2f98c3bf64e010c22 /eclass/flag-o-matic.eclass | |
| parent | toolchain-funcs.eclass: tc-enables-fortify-source: update for newer libcxx (diff) | |
| download | gentoo-b540f017cacb9d8c293648dcb1ab209d43d1ca79.tar.gz gentoo-b540f017cacb9d8c293648dcb1ab209d43d1ca79.tar.bz2 gentoo-b540f017cacb9d8c293648dcb1ab209d43d1ca79.zip | |
flag-o-matic.eclass: update _filter-hardened
_filter-hardened is used by filter-flags to negate defaults, e.g. it makes
filter-flags -fstack-protector correctly then disable -fstack-protector as well
if the toolchain enables SSP by default.
Modernise the tests it uses with the tc-enables-* functions rather than
just gcc-specs-*. We haven't done hardening via specs for ages.
Signed-off-by: Sam James <sam@gentoo.org>
Diffstat (limited to 'eclass/flag-o-matic.eclass')
| -rw-r--r-- | eclass/flag-o-matic.eclass | 26 |
1 files changed, 20 insertions, 6 deletions
diff --git a/eclass/flag-o-matic.eclass b/eclass/flag-o-matic.eclass index 0558e639b981..7ea29334bba8 100644 --- a/eclass/flag-o-matic.eclass +++ b/eclass/flag-o-matic.eclass @@ -147,7 +147,10 @@ _filter-hardened() { # not -fPIC or -fpic, but too many places filter -fPIC without # thinking about -fPIE. -fPIC|-fpic|-fPIE|-fpie|-Wl,pie|-pie) - gcc-specs-pie || continue + if ! gcc-specs-pie && ! tc-enables-pie ; then + continue + fi + if ! is-flagq -nopie && ! is-flagq -no-pie ; then # Support older Gentoo form first (-nopie) before falling # back to the official gcc-6+ form (-no-pie). @@ -158,15 +161,26 @@ _filter-hardened() { fi fi ;; + -fstack-protector) - gcc-specs-ssp || continue - is-flagq -fno-stack-protector || append-flags $(test-flags -fno-stack-protector);; + if ! gcc-specs-ssp && ! tc-enables-ssp ; then + continue + fi + + is-flagq -fno-stack-protector || append-flags $(test-flags -fno-stack-protector) + ;; -fstack-protector-all) - gcc-specs-ssp-to-all || continue - is-flagq -fno-stack-protector-all || append-flags $(test-flags -fno-stack-protector-all);; + if ! gcc-specs-ssp-to-all && ! tc-enables-ssp-all ; then + continue + fi + + is-flagq -fno-stack-protector-all || append-flags $(test-flags -fno-stack-protector-all) + ;; -fno-strict-overflow) gcc-specs-nostrict || continue - is-flagq -fstrict-overflow || append-flags $(test-flags -fstrict-overflow);; + + is-flagq -fstrict-overflow || append-flags $(test-flags -fstrict-overflow) + ;; esac done } |