On May 10, 2014, at 3:25 PM, Shawn Webb <latt...@gmail.com> wrote:

> On May 10, 2014 02:14 PM -0600, Warner Losh wrote:
>> On May 10, 2014, at 10:45 AM, Shawn Webb <latt...@gmail.com> wrote:
>>> Hey All,
>>> It seems that the recent changes to the makefiles for building
>>> world/kernel have broken some modifications I have locally for
>>> implementing ASLR+PIE. I'm quite the bsd make newbie, so I thought I'd
>>> ask for a bit of help. I'm sure the solution is quite simple.
>>> My code is up on GitHub. I'll include links at the bottom of the email.
>>> The code in question is in share/mk/bsd.prog.mk, where I'm checking to
>>> see if MK_PIE is not equal to "no". Prior to the recent changes, this
>>> code used to work. (Please note that I know that the way I'm cheking is
>>> a bit bloated, if anyone has any suggestions to trim my code down, let
>>> me know).
>> You?ll need to add PIE to DEFAULT_NO_OPTIONS in bsd.opts.mk since
>> bsd.*.mk files need it.
> Thanks a lot! Adding it to that one worked.
> But what's the difference between the DEFAULT_NO_OPTIONS in src.opts.mk and
> bsd.opts.mk?

Options to build FreeBSD’s /usr/src are defined in src.opts.mk. Options tested 
by bsd.*.mk, which can be used to build other things, are in bsd.opts.mk. 

>>> How this feature is supposed to work is:
>>> 1) PIE is added to the __DEFAULT_NO_OPTIONS to make building
>>> applications as position-independent executables opt-in.
>>> 2) User adds WITH_PIE=1 to /etc/src.conf or /etc/make.conf
>>> 3) The application being built needs to also specify CAN_PIE=1 in its
>>> Makefile. This is because some applications don't support being built as
>>> a position-independent executable.
>>> 4) If MK_PIE is not "no" and CAN_PIE is defined, then add additional
>>> The log from my build is here: http://ix.io/cf0
>>> My code is here:
>>> https://github.com/HardenedBSD/hardenedBSD/blob/hardened/current/aslr/share/mk/bsd.prog.mk#L14-L22
>> Maybe RESCUE should define NO_SHARED=yes since it is building a
>> static binary so you can eliminate a special case that infects the bsd.*.mk 
>> files
>> with defines from our src build?
> That sounds like a good idea. Since that's outside the scope of my ASLR
> work, should I file a PR for that?

Nah, mostly a poke at a 20 year old mistake :)

>> Hate that you are propagating the NO_SHARED=no interface, but can?t
>> offer at better suggestion at the moment. I?d kinda like to kill that?
> In looking at the Makefiles, it seems like NO_*/YES_* is being phased
> out. Once a suitable alternative to NO_SHARED is in place, I'll make
> adjustments on my end.

Yea, NO_SHARED likely is going to be the last to die :) NO_FOO used to be both 
a Makefile command and a user option. I’m eliminating the latter, although some 
of the former may live on.


Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

Reply via email to