Date: Sat, 10 May 2014 15:29:53 -0600 From: Warner Losh <imp@bsdimp.com> To: Shawn Webb <lattera@gmail.com> Cc: freebsd-current@freebsd.org Subject: Re: Recent Changes to WITH_*/WITHOUT_* in src Message-ID: <F5E246EB-BCB7-48A4-9540-935D8D9B1F05@bsdimp.com> In-Reply-To: <20140510212531.GT3063@pwnie.vrt.sourcefire.com> References: <20140510164512.GS3063@pwnie.vrt.sourcefire.com> <73589111-84D9-40EA-89F1-330396E853DA@bsdimp.com> <20140510212531.GT3063@pwnie.vrt.sourcefire.com>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] On May 10, 2014, at 3:25 PM, Shawn Webb <lattera@gmail.com> wrote: > On May 10, 2014 02:14 PM -0600, Warner Losh wrote: >> >> On May 10, 2014, at 10:45 AM, Shawn Webb <lattera@gmail.com> wrote: >> >>> Hey All, >>> >>> It seems that the recent changes to the makefiles for building >>> world/kernel have broken some modifications I have locally for >>> implementing ASLR+PIE. I'm quite the bsd make newbie, so I thought I'd >>> ask for a bit of help. I'm sure the solution is quite simple. >>> >>> My code is up on GitHub. I'll include links at the bottom of the email. >>> >>> The code in question is in share/mk/bsd.prog.mk, where I'm checking to >>> see if MK_PIE is not equal to "no". Prior to the recent changes, this >>> code used to work. (Please note that I know that the way I'm cheking is >>> a bit bloated, if anyone has any suggestions to trim my code down, let >>> me know). >> >> You?ll need to add PIE to DEFAULT_NO_OPTIONS in bsd.opts.mk since >> bsd.*.mk files need it. >> > > Thanks a lot! Adding it to that one worked. > > But what's the difference between the DEFAULT_NO_OPTIONS in src.opts.mk and > bsd.opts.mk? Options to build FreeBSD’s /usr/src are defined in src.opts.mk. Options tested by bsd.*.mk, which can be used to build other things, are in bsd.opts.mk. >>> How this feature is supposed to work is: >>> 1) PIE is added to the __DEFAULT_NO_OPTIONS to make building >>> applications as position-independent executables opt-in. >>> 2) User adds WITH_PIE=1 to /etc/src.conf or /etc/make.conf >>> 3) The application being built needs to also specify CAN_PIE=1 in its >>> Makefile. This is because some applications don't support being built as >>> a position-independent executable. >>> 4) If MK_PIE is not "no" and CAN_PIE is defined, then add additional >>> CFLAGS. >>> >>> The log from my build is here: http://ix.io/cf0 >>> >>> My code is here: >>> https://github.com/HardenedBSD/hardenedBSD/blob/hardened/current/aslr/share/mk/bsd.prog.mk#L14-L22 >> >> Maybe RESCUE should define NO_SHARED=yes since it is building a >> static binary so you can eliminate a special case that infects the bsd.*.mk files >> with defines from our src build? >> > > That sounds like a good idea. Since that's outside the scope of my ASLR > work, should I file a PR for that? Nah, mostly a poke at a 20 year old mistake :) >> Hate that you are propagating the NO_SHARED=no interface, but can?t >> offer at better suggestion at the moment. I?d kinda like to kill that? > > In looking at the Makefiles, it seems like NO_*/YES_* is being phased > out. Once a suitable alternative to NO_SHARED is in place, I'll make > adjustments on my end. Yea, NO_SHARED likely is going to be the last to die :) NO_FOO used to be both a Makefile command and a user option. I’m eliminating the latter, although some of the former may live on. Warner [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJTbppSAAoJEGwc0Sh9sBEAoyoQAJn9yoFuxuJMWon/MF77le+/ UVSXGs++45iocY6GupqW3dPqSYNQvJlw1Yh2eRcErc0DfEzME7QfhPpgqW41Vb5m Zp2eduJUA4NgfolvbeCp/wtQeUsC9tWWUl2CxwfaFnYxAsmYOaEGAK55jQ6y9zzi v6BgTFlLcH2F+lTquPPyQ8+rPUKneOoAzZCqKyjZiplP3CQRekYM46yWcLhB8S+e JLbbB2lSc440VZ7UNc3GVa9UnoQVpueQaGzIQSKUamf7qMayArwLfm41MnahRXur X4aKiUmU6QBhrfdPzen61f6e0oE1ny7KKdXPRZtTMRMliUISWuZC6NNcTrqzxA+X FaKtRHpUa3VEMgdAlnzmZnsOM5rVYqRINEqGjo0GdS5vFyAjm2/A5hQPk8uzc7ec k9c1cu7QZcp4ApUs4PUy/i6c2RmgAEJOmI4WF0/9IO2+XxSjGVIykKiBIKlodRoM ECeiNqWHNYN7fx8rn5iT9qwTDMdMmEktFz+zT4kT5lmiN9Mi1uq1IPnOm0gFD+1v UFnhixPDNCF4b8gXOXJb2lbDcghyqJjwBIQf40r7JPE11ImrSPJ85e5AhOdHCPx/ YxTmOGetXh66Gy1n3ADiQk1gtxnZj0pkezgaViswQjHriKkrN1JiLuHeSSftXmze zaFgHIjFqhc2fwmPZSgl =YITc -----END PGP SIGNATURE-----help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F5E246EB-BCB7-48A4-9540-935D8D9B1F05>