[gentoo-commits] repo/gentoo:master commit in: profiles/base/, sys-devel/clang-common/, profiles/arch/amd64/, ...

2024-03-23 Thread Sam James 
commit: 8bfd8afef6dd8c66def48ef52abcb624c0077ad1
Author: Sam James  gentoo  org>
AuthorDate: Sat Mar 23 15:04:34 2024 +
Commit: Sam James  gentoo  org>
CommitDate: Sat Mar 23 15:38:51 2024 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8bfd8afe

sys-devel/clang-common: updates for 23.0

* Promote -Wl,-z,now to vanilla, following GCC (bug #876923)
* Add USE=cet to control -fcf-protection, following GCC (bug #908600, bug 
#927298)

Bug: https://bugs.gentoo.org/876923
Bug: https://bugs.gentoo.org/927298
Closes: https://bugs.gentoo.org/908600
Signed-off-by: Sam James  gentoo.org>

 profiles/arch/amd64/package.use.mask  |  1 +
 profiles/base/package.use.mask|  1 +
 profiles/features/musl/package.use.mask   |  1 +
 ...0_pre20240316.ebuild => clang-common-17.0.6-r2.ebuild} | 15 ++-
 ...0_pre20240316.ebuild => clang-common-18.1.2-r1.ebuild} | 11 +--
 sys-devel/clang-common/clang-common-19.0.0..ebuild| 10 --
 .../clang-common/clang-common-19.0.0_pre20240316.ebuild   | 10 --
 sys-devel/clang-common/metadata.xml   | 10 ++
 8 files changed, 48 insertions(+), 11 deletions(-)

diff --git a/profiles/arch/amd64/package.use.mask 
b/profiles/arch/amd64/package.use.mask
index 62aff0c6a407..72e1245bb5ac 100644
--- a/profiles/arch/amd64/package.use.mask
+++ b/profiles/arch/amd64/package.use.mask
@@ -29,6 +29,7 @@ media-libs/libplacebo -libdovi
 # Only works on amd64 (and x32).
 dev-debug/gdb -cet
 sys-devel/binutils -cet
+sys-devel/clang-common -cet
 sys-devel/gcc -cet
 sys-libs/binutils-libs -cet
 sys-libs/glibc -cet

diff --git a/profiles/base/package.use.mask b/profiles/base/package.use.mask
index 8442575839e0..76b39e86f880 100644
--- a/profiles/base/package.use.mask
+++ b/profiles/base/package.use.mask
@@ -46,6 +46,7 @@ sci-physics/root R
 dev-debug/gdb cet
 sys-devel/binutils cet
 sys-devel/binutils-hppa64 cet
+sys-devel/clang-common cet
 sys-devel/gcc cet
 sys-libs/binutils-libs cet
 sys-libs/glibc cet

diff --git a/profiles/features/musl/package.use.mask 
b/profiles/features/musl/package.use.mask
index 115beec584e2..83facb689f20 100644
--- a/profiles/features/musl/package.use.mask
+++ b/profiles/features/musl/package.use.mask
@@ -6,6 +6,7 @@
 dev-debug/gdb cet
 sys-devel/binutils cet
 sys-devel/binutils-hppa64 cet
+sys-devel/clang-common cet
 sys-devel/gcc cet
 sys-libs/binutils-libs cet
 sys-libs/glibc cet

diff --git a/sys-devel/clang-common/clang-common-19.0.0_pre20240316.ebuild 
b/sys-devel/clang-common/clang-common-17.0.6-r2.ebuild
similarity index 96%
copy from sys-devel/clang-common/clang-common-19.0.0_pre20240316.ebuild
copy to sys-devel/clang-common/clang-common-17.0.6-r2.ebuild
index 80d989986d28..987b7b40aa50 100644
--- a/sys-devel/clang-common/clang-common-19.0.0_pre20240316.ebuild
+++ b/sys-devel/clang-common/clang-common-17.0.6-r2.ebuild
@@ -10,9 +10,10 @@ HOMEPAGE="https://llvm.org/;
 
 LICENSE="Apache-2.0-with-LLVM-exceptions UoI-NCSA"
 SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc ~ppc64 ~riscv ~sparc ~x86 
~amd64-linux ~arm64-macos ~ppc-macos ~x64-macos"
 IUSE="
default-compiler-rt default-libcxx default-lld
-   bootstrap-prefix hardened llvm-libunwind
+   bootstrap-prefix cet hardened llvm-libunwind
 "
 
 PDEPEND="
@@ -174,6 +175,12 @@ src_install() {
-include "${EPREFIX}/usr/include/gentoo/fortify.h"
EOF
 
+   if use amd64; then
+   cat >> "${ED}/etc/clang/gentoo-hardened.cfg" <<-EOF || die
+   -fcf-protection=$(usex cet full none)
+   EOF
+   fi
+
if use kernel_Darwin; then
newins - gentoo-hardened-ld.cfg <<-EOF
# There was -Wl,-z,relro here, but it's not supported 
on Mac
@@ -184,6 +191,7 @@ src_install() {
# Some of these options are added unconditionally, 
regardless of
# USE=hardened, for parity with sys-devel/gcc.
-Wl,-z,relro
+   -Wl,-z,now
EOF
fi
 
@@ -228,8 +236,6 @@ src_install() {
#endif
EOF
 
-   # TODO: Maybe -D_LIBCPP_HARDENING_MODE=_LIBCPP_HARDENING_MODE_FAST for
-   # non-hardened?
if use hardened ; then
cat >> "${ED}/etc/clang/gentoo-hardened.cfg" <<-EOF || die
# Options below are conditional on USE=hardened.
@@ -238,12 +244,11 @@ src_install() {
# Analogue to GLIBCXX_ASSERTIONS
# 
https://libcxx.llvm.org/UsingLibcxx.html#assertions-mode
# 
https://libcxx.llvm.org/Hardening.html#using-hardened-mode
-   
-D_LIBCPP_HARDENING_MODE=_LIBCPP_HARDENING_MODE_EXTENSIVE
+   -D_LIBCPP_ENABLE_ASSERTIONS=1
EOF
 
cat >>

[gentoo-commits] repo/gentoo:master commit in: profiles/base/, sys-devel/clang/

2022-02-11 Thread Sam James 
commit: 00d9440c039ac30069e462d75556b5eff7f4592b
Author: Sam James  gentoo  org>
AuthorDate: Fri Feb 11 19:59:16 2022 +
Commit: Sam James  gentoo  org>
CommitDate: Sat Feb 12 01:04:55 2022 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=00d9440c

sys-devel/clang: add USE=+pie (forced-on) for >= 14.0.0_rc1

Forced on, just like GCC. Available in 14.0.0+.

Signed-off-by: Sam James  gentoo.org>

 profiles/base/package.use.force  | 4 
 sys-devel/clang/clang-14.0.0..ebuild | 3 ++-
 sys-devel/clang/clang-14.0.0_rc1.ebuild  | 3 ++-
 sys-devel/clang/clang-15.0.0..ebuild | 3 ++-
 4 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/profiles/base/package.use.force b/profiles/base/package.use.force
index 84aed2df339e..a87054de1b13 100644
--- a/profiles/base/package.use.force
+++ b/profiles/base/package.use.force
@@ -1,6 +1,10 @@
 # Copyright 1999-2022 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
+# Sam James  (2022-02-11)
+# Always build with PIE-default, just like GCC.
+sys-devel/clang pie
+
 # Arthur Zamarin  (2022-01-13)
 # Force to use installed openjdk{,-bin} for bootstrapping
 dev-java/openjdk:11 system-bootstrap

diff --git a/sys-devel/clang/clang-14.0.0..ebuild 
b/sys-devel/clang/clang-14.0.0..ebuild
index a8bf728e022e..81598e69a80e 100644
--- a/sys-devel/clang/clang-14.0.0..ebuild
+++ b/sys-devel/clang/clang-14.0.0..ebuild
@@ -17,7 +17,7 @@ LICENSE="Apache-2.0-with-LLVM-exceptions UoI-NCSA MIT"
 SLOT="$(ver_cut 1)"
 KEYWORDS=""
 IUSE="debug default-compiler-rt default-libcxx default-lld
-   doc llvm-libunwind +static-analyzer test xml"
+   doc llvm-libunwind +pie +static-analyzer test xml"
 REQUIRED_USE="${PYTHON_REQUIRED_USE}"
 RESTRICT="!test? ( test )"
 
@@ -256,6 +256,7 @@ multilib_src_configure() {
-DCLANG_DEFAULT_CXX_STDLIB=$(usex default-libcxx libc++ "")
-DCLANG_DEFAULT_RTLIB=$(usex default-compiler-rt compiler-rt "")
-DCLANG_DEFAULT_LINKER=$(usex default-lld lld "")
+   -DCLANG_DEFAULT_PIE_ON_LINUX=$(usex pie)
-DCLANG_DEFAULT_UNWINDLIB=$(usex default-compiler-rt libunwind 
"")
 
-DCLANG_ENABLE_ARCMT=$(usex static-analyzer)

diff --git a/sys-devel/clang/clang-14.0.0_rc1.ebuild 
b/sys-devel/clang/clang-14.0.0_rc1.ebuild
index a8bf728e022e..81598e69a80e 100644
--- a/sys-devel/clang/clang-14.0.0_rc1.ebuild
+++ b/sys-devel/clang/clang-14.0.0_rc1.ebuild
@@ -17,7 +17,7 @@ LICENSE="Apache-2.0-with-LLVM-exceptions UoI-NCSA MIT"
 SLOT="$(ver_cut 1)"
 KEYWORDS=""
 IUSE="debug default-compiler-rt default-libcxx default-lld
-   doc llvm-libunwind +static-analyzer test xml"
+   doc llvm-libunwind +pie +static-analyzer test xml"
 REQUIRED_USE="${PYTHON_REQUIRED_USE}"
 RESTRICT="!test? ( test )"
 
@@ -256,6 +256,7 @@ multilib_src_configure() {
-DCLANG_DEFAULT_CXX_STDLIB=$(usex default-libcxx libc++ "")
-DCLANG_DEFAULT_RTLIB=$(usex default-compiler-rt compiler-rt "")
-DCLANG_DEFAULT_LINKER=$(usex default-lld lld "")
+   -DCLANG_DEFAULT_PIE_ON_LINUX=$(usex pie)
-DCLANG_DEFAULT_UNWINDLIB=$(usex default-compiler-rt libunwind 
"")
 
-DCLANG_ENABLE_ARCMT=$(usex static-analyzer)

diff --git a/sys-devel/clang/clang-15.0.0..ebuild 
b/sys-devel/clang/clang-15.0.0..ebuild
index a8bf728e022e..81598e69a80e 100644
--- a/sys-devel/clang/clang-15.0.0..ebuild
+++ b/sys-devel/clang/clang-15.0.0..ebuild
@@ -17,7 +17,7 @@ LICENSE="Apache-2.0-with-LLVM-exceptions UoI-NCSA MIT"
 SLOT="$(ver_cut 1)"
 KEYWORDS=""
 IUSE="debug default-compiler-rt default-libcxx default-lld
-   doc llvm-libunwind +static-analyzer test xml"
+   doc llvm-libunwind +pie +static-analyzer test xml"
 REQUIRED_USE="${PYTHON_REQUIRED_USE}"
 RESTRICT="!test? ( test )"
 
@@ -256,6 +256,7 @@ multilib_src_configure() {
-DCLANG_DEFAULT_CXX_STDLIB=$(usex default-libcxx libc++ "")
-DCLANG_DEFAULT_RTLIB=$(usex default-compiler-rt compiler-rt "")
-DCLANG_DEFAULT_LINKER=$(usex default-lld lld "")
+   -DCLANG_DEFAULT_PIE_ON_LINUX=$(usex pie)
-DCLANG_DEFAULT_UNWINDLIB=$(usex default-compiler-rt libunwind 
"")
 
-DCLANG_ENABLE_ARCMT=$(usex static-analyzer)