Date: Thu, 15 Mar 2012 23:34:55 +0100 From: Jeremie Le Hen <jeremie@le-hen.org> To: Bryan Drewery <bryan@shatow.net> Cc: freebsd-hackers@freebsd.org, jeremie@le-hen.org Subject: Re: compiling ports with SSP (was: [PATCH] Add -lssp_nonshared to GCC's LIB_SPEC unconditionally)= Message-ID: <20120315223454.GA30360@felucia.tataz.chchile.org> In-Reply-To: <4F4AFB53.8020503@shatow.net> References: <4F4AFB53.8020503@shatow.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Bryan On Sun, Feb 26, 2012 at 09:41:07PM -0600, Bryan Drewery wrote: > > Thanks for this patch [1]! > > I've been building my ports tree with -fstack-protector on FreeBSD 6, 7 > and 8. Once I upgraded to 8, I started running into the issue [2] this > patch is fixing. > > I have a situation where non-ports applications are compiling > statically, which ran into this. Specifically, the application is > linking in security/openssl statically, which of course was compiled > with -fstack-protector. Adding the /usr/lib/libc.ld fixed it without > needing to hack at the failing non-port application. > > Would be nice if this, and PR 138228 were finally committed. > > Bryan Drewery > > [1] http://lists.freebsd.org/pipermail/freebsd-hackers/2011-June/035538.html > [2] http://gcc.gnu.org/ml/gcc-help/2006-05/msg00092.html Wow, the perspective provided by those two posts makes me dizzy. This has been a very long standing project. The base system is now compiled with SSP, but doing so for ports still requires some manual hacking unfortenately. I've proposed a patch to compile ports with SSP a few years ago, but some ports with special building strategy suffered the problem described in [2]. Then I learned the possibilities of ld scripts and provided the patch in [1] last year. I think we have all the bits necessary to be able to compile ports with SSP painlessly. First the patch in [1] has to be committed in the base system. I think this can be done in CURRENT without any problem, I run it myself on my own servers without problem. Unfortunately it will probably never appear in RELENG_9 because it may be deemed too dangerous to make such a change in a stable branch. It would be nice to hear what kib@ and kan@ think about this. Next, the patch to bsd.port.mk in this PR [3] has to be applied to be able to compile ports with SSP using a single knob. (Other patches along this one can be thrown away, they were required hacks back when the libc ld script didn't exist.) Then portmgr@ will naturally want to make a full port build with this knob turned on to check, but last time I was told they had very few resource and that this couldn't be scheduled in the next couple of week, IIRC. I admit the situation is partly my fault, because I did the fun technical work but I didn't keep up with the "lobbying" part :). I asked once or twice, without success, and then went to other subjects. I would be really glad if we could proceed with this. FreeBSD-9.0 has just been release, this is probably a good time to step forward. [3] http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/138228 Cheers, -- Jeremie Le Hen Men are born free and equal. Later on, they're on their own. Jean Yanne
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120315223454.GA30360>