commit: 09e1a03094ab84cb1a26dfcc64ac66b2ee412330
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Jan 21 12:46:30 2024 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Jan 21 15:02:44 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=09e1a030
sys-devel/clang-common: use hardening mode for LLVM 18
LLVM 18 introduces hardening mode which got yanked from LLVM 17.
We choose -D_LIBCPP_HARDENING_MODE=_LIBCPP_HARDENING_MODE_EXTENSIVE for now
for USE=hardened. We might do
-D_LIBCPP_HARDENING_MODE=_LIBCPP_HARDENING_MODE_FAST
for non-hardened in future.
Signed-off-by: Sam James <sam <AT> gentoo.org>
sys-devel/clang-common/clang-common-18.0.0.9999.ebuild | 6 ++++--
sys-devel/clang-common/clang-common-18.0.0_pre20240106.ebuild | 4 +++-
sys-devel/clang-common/clang-common-18.0.0_pre20240113.ebuild | 4 +++-
3 files changed, 10 insertions(+), 4 deletions(-)
diff --git a/sys-devel/clang-common/clang-common-18.0.0.9999.ebuild
b/sys-devel/clang-common/clang-common-18.0.0.9999.ebuild
index c70a4d8bd045..dbc4a213e1c4 100644
--- a/sys-devel/clang-common/clang-common-18.0.0.9999.ebuild
+++ b/sys-devel/clang-common/clang-common-18.0.0.9999.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2023 Gentoo Authors
+# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=8
@@ -215,6 +215,8 @@ src_install() {
#endif
EOF
+ # TODO: Maybe -D_LIBCPP_HARDENING_MODE=_LIBCPP_HARDENING_MODE_FAST for
+ # non-hardened?
if use hardened ; then
cat >> "${ED}/etc/clang/gentoo-hardened.cfg" <<-EOF || die
# Options below are conditional on USE=hardened.
@@ -223,7 +225,7 @@ src_install() {
# Analogue to GLIBCXX_ASSERTIONS
#
https://libcxx.llvm.org/UsingLibcxx.html#assertions-mode
#
https://libcxx.llvm.org/Hardening.html#using-hardened-mode
- -D_LIBCPP_ENABLE_HARDENED_MODE=1
+
-D_LIBCPP_HARDENING_MODE=_LIBCPP_HARDENING_MODE_EXTENSIVE
EOF
cat >> "${ED}/etc/clang/gentoo-hardened-ld.cfg" <<-EOF || die
diff --git a/sys-devel/clang-common/clang-common-18.0.0_pre20240106.ebuild
b/sys-devel/clang-common/clang-common-18.0.0_pre20240106.ebuild
index 35e7e46f7c4f..dbc4a213e1c4 100644
--- a/sys-devel/clang-common/clang-common-18.0.0_pre20240106.ebuild
+++ b/sys-devel/clang-common/clang-common-18.0.0_pre20240106.ebuild
@@ -215,6 +215,8 @@ src_install() {
#endif
EOF
+ # TODO: Maybe -D_LIBCPP_HARDENING_MODE=_LIBCPP_HARDENING_MODE_FAST for
+ # non-hardened?
if use hardened ; then
cat >> "${ED}/etc/clang/gentoo-hardened.cfg" <<-EOF || die
# Options below are conditional on USE=hardened.
@@ -223,7 +225,7 @@ src_install() {
# Analogue to GLIBCXX_ASSERTIONS
#
https://libcxx.llvm.org/UsingLibcxx.html#assertions-mode
#
https://libcxx.llvm.org/Hardening.html#using-hardened-mode
- -D_LIBCPP_ENABLE_HARDENED_MODE=1
+
-D_LIBCPP_HARDENING_MODE=_LIBCPP_HARDENING_MODE_EXTENSIVE
EOF
cat >> "${ED}/etc/clang/gentoo-hardened-ld.cfg" <<-EOF || die
diff --git a/sys-devel/clang-common/clang-common-18.0.0_pre20240113.ebuild
b/sys-devel/clang-common/clang-common-18.0.0_pre20240113.ebuild
index 35e7e46f7c4f..dbc4a213e1c4 100644
--- a/sys-devel/clang-common/clang-common-18.0.0_pre20240113.ebuild
+++ b/sys-devel/clang-common/clang-common-18.0.0_pre20240113.ebuild
@@ -215,6 +215,8 @@ src_install() {
#endif
EOF
+ # TODO: Maybe -D_LIBCPP_HARDENING_MODE=_LIBCPP_HARDENING_MODE_FAST for
+ # non-hardened?
if use hardened ; then
cat >> "${ED}/etc/clang/gentoo-hardened.cfg" <<-EOF || die
# Options below are conditional on USE=hardened.
@@ -223,7 +225,7 @@ src_install() {
# Analogue to GLIBCXX_ASSERTIONS
#
https://libcxx.llvm.org/UsingLibcxx.html#assertions-mode
#
https://libcxx.llvm.org/Hardening.html#using-hardened-mode
- -D_LIBCPP_ENABLE_HARDENED_MODE=1
+
-D_LIBCPP_HARDENING_MODE=_LIBCPP_HARDENING_MODE_EXTENSIVE
EOF
cat >> "${ED}/etc/clang/gentoo-hardened-ld.cfg" <<-EOF || die
