Hi kpcyrd ,
Arch Linux is generally very invested in binary hardening
Interesting! Also loving the topic. Is there a reference list of binary hardening techniques used at
scale in Arch?
Best,
--Martin Monperrus
On 2/4/26 20:38, kpcyrd wrote:
Hello!
I remember during the summit LTO was mentioned as a possible cause of Reproducible Builds issues,
which raised some questions.
Foxboron has shared some details on the archlinux-dev-public list about this, that I want to share
here too:
> The reason why `lto` needs to be disabled is because there is a `gcc` bug in
the
> LTO streamer backend where bare `#line` macros get prepended a temporary
> directory which does not get stripped by the `prefix-strip` flag. I tried to
> propose a patch to the go compiler, and to gcc, but all of this has stalled.
>
> https://gcc.gnu.org/pipermail/gcc-patches/2024-March/647303.html
> https://github.com/golang/go/pull/53528
>
> I've spent several weekends working through all the this and I'm generally
> unhappy about the state of things.
https://lists.archlinux.org/archives/list/[email protected]/message/BSAAFYOJ3KTYZXACIQ26RP5II4JULLS4/
Arch Linux is generally very invested in binary hardening, which is the reason why cgo is used for
most packages.
cheers,
kpcyrd
