From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-commits+bounces-111986-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1LH7nq-0001WO-9z
	for garchives@archives.gentoo.org; Mon, 29 Dec 2008 02:24:22 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id AF120E030F;
	Mon, 29 Dec 2008 02:24:20 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	by pigeon.gentoo.org (Postfix) with ESMTP id 641D2E030F
	for <gentoo-commits@lists.gentoo.org>; Mon, 29 Dec 2008 02:24:20 +0000 (UTC)
Received: from stork.gentoo.org (stork.gentoo.org [64.127.104.133])
	(using TLSv1 with cipher AES256-SHA (256/256 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTP id E5D0E6464E
	for <gentoo-commits@lists.gentoo.org>; Mon, 29 Dec 2008 02:24:19 +0000 (UTC)
Received: from solar by stork.gentoo.org with local (Exim 4.69)
	(envelope-from <solar@gentoo.org>)
	id 1LH7nn-00080R-IO
	for gentoo-commits@lists.gentoo.org; Mon, 29 Dec 2008 02:24:19 +0000
From: "Ned Ludd (solar)" <solar@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Reply-To: gentoo-dev@lists.gentoo.org, solar@gentoo.org
Subject: [gentoo-commits] gentoo-x86 commit in eclass: toolchain.eclass
X-VCS-Repository: gentoo-x86
X-VCS-Files: toolchain.eclass
X-VCS-Directories: eclass
X-VCS-Committer: solar
X-VCS-Committer-Name: Ned Ludd
Content-Type: text/plain; charset=utf8
Message-Id: <E1LH7nn-00080R-IO@stork.gentoo.org>
Sender: Ned Ludd <solar@stork.gentoo.org>
Date: Mon, 29 Dec 2008 02:24:19 +0000
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: quoted-printable
X-Archives-Salt: 8d15eeba-3e0b-441d-96ed-15227bfbdd26
X-Archives-Hash: b370f2ea55164cca0ccddb5ad19e806e

solar       08/12/29 02:24:19

  Modified:             toolchain.eclass
  Log:
  - import gcc:4 pie support towards hardened-gcc. (many thanks to Zorry =
for putting up with all my crazy requirements)

Revision  Changes    Path
1.369                eclass/toolchain.eclass

file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/eclass/toolchain.e=
class?rev=3D1.369&view=3Dmarkup
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/eclass/toolchain.e=
class?rev=3D1.369&content-type=3Dtext/plain
diff : http://sources.gentoo.org/viewcvs.py/gentoo-x86/eclass/toolchain.e=
class?r1=3D1.368&r2=3D1.369

Index: toolchain.eclass
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
RCS file: /var/cvsroot/gentoo-x86/eclass/toolchain.eclass,v
retrieving revision 1.368
retrieving revision 1.369
diff -u -r1.368 -r1.369
--- toolchain.eclass	22 Dec 2008 18:53:47 -0000	1.368
+++ toolchain.eclass	29 Dec 2008 02:24:18 -0000	1.369
@@ -1,6 +1,6 @@
 # Copyright 1999-2008 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/eclass/toolchain.eclass,v 1.368 2008/=
12/22 18:53:47 solar Exp $
+# $Header: /var/cvsroot/gentoo-x86/eclass/toolchain.eclass,v 1.369 2008/=
12/29 02:24:18 solar Exp $
 #
 # Maintainer: Toolchain Ninjas <toolchain@gentoo.org>
=20
@@ -236,6 +236,10 @@
 #				old syntax (do not define PIE_CORE anymore):
 #					PIE_CORE=3D"gcc-3.4.0-piepatches-v${PIE_VER}.tar.bz2"
 #
+#	SPECS_VER
+#	SPECS_GCC_VER
+#			This is for the minispecs files included in the hardened gcc-4.x
+#
 #	PP_VER
 #	PP_GCC_VER
 #	obsoleted: PP_FVER
@@ -280,6 +284,7 @@
 	export PIE_GCC_VER=3D${PIE_GCC_VER:-${GCC_RELEASE_VER}}
 	export PP_GCC_VER=3D${PP_GCC_VER:-${GCC_RELEASE_VER}}
 	export HTB_GCC_VER=3D${HTB_GCC_VER:-${GCC_RELEASE_VER}}
+	export SPECS_GCC_VER=3D${SPECS_GCC_VER:-${GCC_RELEASE_VER}}
=20
 	[[ -n ${PIE_VER} ]] && \
 		PIE_CORE=3D${PIE_CORE:-gcc-${PIE_GCC_VER}-piepatches-v${PIE_VER}.tar.b=
z2}
@@ -327,6 +332,10 @@
 	[[ -n ${PIE_VER} ]] && \
 		GCC_SRC_URI=3D"${GCC_SRC_URI} !nopie? ( $(gentoo_urls ${PIE_CORE}) )"
=20
+	# gcc minispec for the hardened gcc 4 compiler
+        [[ -n ${SPECS_VER} ]] && \
+                GCC_SRC_URI=3D"${GCC_SRC_URI} !nopie? ( $(gentoo_urls gc=
c-${SPECS_GCC_VER}-default-specs-${SPECS_VER}.tar.bz2) )"
+
 	# gcc bounds checking patch
 	if [[ -n ${HTB_VER} ]] ; then
 		local HTBFILE=3D"bounds-checking-gcc-${HTB_GCC_VER}-${HTB_VER}.patch.b=
z2"
@@ -483,7 +492,16 @@
 want_split_specs() {
 	[[ ${SPLIT_SPECS} =3D=3D "true" ]] && want_pie
 }
-
+want_minispecs() {
+	if tc_version_is_at_least 4.3.2 && use hardened ; then
+		if [[ -n ${SPECS_VER} ]] ; then
+			return 0
+		else
+			die "For Hardend to work you need the minispecs files"
+		fi
+	fi
+	return 1
+}
 # This function checks whether or not glibc has the support required to =
build
 # Position Independant Executables with gcc.
 glibc_have_pie() {
@@ -685,7 +703,29 @@
 	# Set which specs file to use
 	[[ -n ${gcc_specs_file} ]] && echo "GCC_SPECS=3D\"${gcc_specs_file}\"" =
>> ${gcc_envd_file}
 }
-
+setup_minispecs_gcc_build_specs() {
+	# Setup the "build.specs" file for gcc to use when building.
+	if want_minispecs ; then
+		if hardened_gcc_works pie ; then
+        		cat "${WORKDIR}"/specs/pie.specs >> "${WORKDIR}"/build.specs
+		fi
+		for s in nostrict znow zrelro; do
+			cat "${WORKDIR}"/specs/${s}.specs >> "${WORKDIR}"/build.specs
+		done
+		export GCC_SPECS=3D"${WORKDIR}"/build.specs
+	fi
+}
+copy_minispecs_gcc_specs() {
+	# Build system specs file which, if it exists, must be a complete set o=
f
+	# specs as it completely and unconditionally overrides the builtin spec=
s.
+	# For gcc 4
+	if use hardened && want_minispecs ; then
+		$(XGCC) -dumpspecs > "${WORKDIR}"/specs/specs
+		cat "${WORKDIR}"/build.specs >> "${WORKDIR}"/specs/specs
+		insinto ${LIBPATH}
+		doins "${WORKDIR}"/specs/* || die "failed to install specs"
+        fi
+}
 add_profile_eselect_conf() {
 	local compiler_config_file=3D$1
 	local abi=3D$2
@@ -961,7 +1001,7 @@
 	# the necessary support
 	want_pie && use hardened && glibc_have_pie
=20
-	if use hardened ; then
+	if use hardened && !want_minispecs ; then
 		einfo "updating configuration to build hardened GCC"
 		make_gcc_hard || die "failed to make gcc hard"
 	fi
@@ -1585,6 +1625,9 @@
 	einfo "CFLAGS=3D\"${CFLAGS}\""
 	einfo "CXXFLAGS=3D\"${CXXFLAGS}\""
=20
+	# For hardened gcc 4 for build the hardened specs file to use when buil=
ding gcc
+	setup_minispecs_gcc_build_specs
+
 	# Build in a separate build tree
 	mkdir -p "${WORKDIR}"/build
 	pushd "${WORKDIR}"/build > /dev/null
@@ -1607,7 +1650,7 @@
=20
 	# Do not create multiple specs files for PIE+SSP if boundschecking is i=
n
 	# USE, as we disable PIE+SSP when it is.
-	if [[ ${ETYPE} =3D=3D "gcc-compiler" ]] && want_split_specs ; then
+	if [[ ${ETYPE} =3D=3D "gcc-compiler" ]] && want_split_specs && !want_mi=
nispecs; then
 		split_out_specs_files || die "failed to split out specs"
 	fi
=20
@@ -1711,7 +1754,13 @@
 		insinto ${LIBPATH}
 		doins "${WORKDIR}"/build/*.specs || die "failed to install specs"
 	fi
-
+	# Setup the gcc_env_entry for hardened gcc 4 with minispecs
+	if want_minispecs ; then
+		if hardened_gcc_works pie ; then
+		    create_gcc_env_entry hardenednopie
+		fi
+		create_gcc_env_entry vanilla
+	fi
 	# Make sure we dont have stuff lying around that
 	# can nuke multiple versions of gcc
 	cd "${D}"${LIBPATH}
@@ -1839,6 +1888,9 @@
=20
 	# Create config files for eselect-compiler
 	create_eselect_conf
+
+	# Cpoy the needed minispec for hardened gcc 4
+	copy_minispecs_gcc_specs
 }
=20
 # Move around the libs to the right location.  For some reason,
@@ -1909,6 +1961,7 @@
 	export PIE_GCC_VER=3D${PIE_GCC_VER:-${GCC_RELEASE_VER}}
 	export PP_GCC_VER=3D${PP_GCC_VER:-${GCC_RELEASE_VER}}
 	export HTB_GCC_VER=3D${HTB_GCC_VER:-${GCC_RELEASE_VER}}
+	export SPECS_GCC_VER=3D${SPECS_GCC_VER:-${GCC_RELEASE_VER}}
=20
 	if [[ -n ${GCC_A_FAKEIT} ]] ; then
 		unpack ${GCC_A_FAKEIT}
@@ -1964,6 +2017,8 @@
 		else
 			unpack gcc-${PIE_GCC_VER}-piepatches-v${PIE_VER}.tar.bz2
 		fi
+		[[ -n ${SPECS_VER} ]] && \
+			unpack gcc-${SPECS_GCC_VER}-default-specs-${SPECS_VER}.tar.bz2
 	fi
=20
 	want_boundschecking && \
@@ -2143,13 +2198,13 @@
 		# adds default pie support (rs6000 too) if DEFAULT_PIE[_SSP] is define=
d
 		EPATCH_MULTI_MSG=3D"Applying default pie patches ..." \
 		epatch "${WORKDIR}"/piepatch/def
-	fi
=20
-	# we want to be able to control the pie patch logic via something other
-	# than ALL_CFLAGS...
-	sed -e '/^ALL_CFLAGS/iHARD_CFLAGS =3D ' \
-		-e 's|^ALL_CFLAGS =3D |ALL_CFLAGS =3D $(HARD_CFLAGS) |' \
-		-i "${S}"/gcc/Makefile.in
+		# we want to be able to control the pie patch logic via something othe=
r
+		# than ALL_CFLAGS...
+		sed -e '/^ALL_CFLAGS/iHARD_CFLAGS =3D ' \
+			-e 's|^ALL_CFLAGS =3D |ALL_CFLAGS =3D $(HARD_CFLAGS) |' \
+			-i "${S}"/gcc/Makefile.in
+	fi
=20
 	BRANDING_GCC_PKGVERSION=3D"${BRANDING_GCC_PKGVERSION}, pie-${PIE_VER}"
 }