zimoun schreef op ma 21-03-2022 om 14:34 [+0100]: > > * gcc can be compiled with `--enable-default-ssp --enable-default- > > pie` > > to enforce ssp and pic > > You wrote [1]: > > --8<---------------cut here---------------start------------->8--- > (define-public gcc > (package > (inherit gcc) > (arguments > (substitute-keyword-arguments (package-arguments gcc) > ((#:configure-flags flags > `(append (list "--enable-default-ssp" "--enable-default-pie") > ,flags))))))) > --8<---------------cut here---------------end--------------->8---
I think it would be a lot simpler to just add this to the 'standard' gcc configure flags, in (gnu packages gcc), given that probably the idea is to do this hardening for all packages? Needs a world-rebuild though. Alternatively, the ssp and order hardening flags can be set in CFLAGS for individual packages, maybe by default in 'gnu-build-system' and the like. Alternatively, you could look into how "--with-c-toolchain" does things. Greetings, Maxime.
signature.asc
Description: This is a digitally signed message part
