2017-08-18 19:02:23 +02:00
|
|
|
# Enable as-needed by default.
|
|
|
|
LDFLAGS="-Wl,--as-needed ${LDFLAGS}"
|
2015-12-12 08:32:38 +01:00
|
|
|
|
|
|
|
if [ -z "$nopie" ]; then
|
2017-08-18 19:02:23 +02:00
|
|
|
# Our compilers use --enable-default-pie and --enable-default-ssp,
|
|
|
|
# but the bootstrap host compiler may not, force them.
|
|
|
|
if [ -z "$CHROOT_READY" ]; then
|
|
|
|
CFLAGS="-fstack-protector-strong -D_FORTIFY_SOURCE=2 ${CFLAGS}"
|
|
|
|
CXXFLAGS="-fstack-protector-strong -D_FORTIFY_SOURCE=2 ${CXXFLAGS}"
|
|
|
|
_GCCSPECSDIR=${XBPS_COMMONDIR}/environment/configure/gccspecs
|
|
|
|
case "$XBPS_TARGET_MACHINE" in
|
|
|
|
mips*) _GCCSPECSFILE="${_GCCSPECSDIR}/hardened-mips-cc1" ;;
|
|
|
|
*) _GCCSPECSFILE="${_GCCSPECSDIR}/hardened-cc1" ;;
|
|
|
|
esac
|
|
|
|
CFLAGS="-specs=${_GCCSPECSFILE} ${CFLAGS}"
|
|
|
|
CXXFLAGS="-specs=${_GCCSPECSFILE} ${CXXFLAGS}"
|
|
|
|
LDFLAGS="-specs=${_GCCSPECSDIR}/hardened-ld -Wl,-z,relro -Wl,-z,now ${LDFLAGS}"
|
|
|
|
else
|
|
|
|
# Enable FORITFY_SOURCE=2
|
2019-01-11 16:10:07 +01:00
|
|
|
CFLAGS="-fstack-clash-protection -D_FORTIFY_SOURCE=2 ${CFLAGS}"
|
|
|
|
CXXFLAGS="-fstack-clash-protection -D_FORTIFY_SOURCE=2 ${CXXFLAGS}"
|
2021-01-03 13:59:48 +01:00
|
|
|
FFLAGS="-fstack-clash-protection ${FFLAGS}"
|
2017-08-18 19:02:23 +02:00
|
|
|
LDFLAGS="-Wl,-z,relro -Wl,-z,now ${LDFLAGS}"
|
|
|
|
fi
|
|
|
|
else
|
|
|
|
CFLAGS="-fno-PIE ${CFLAGS}"
|
2024-02-03 10:49:00 +01:00
|
|
|
CXXFLAGS="-fno-PIE ${CXXFLAGS}"
|
2021-01-03 13:59:48 +01:00
|
|
|
FFLAGS="-fno-PIE ${FFLAGS}"
|
2017-08-18 19:02:23 +02:00
|
|
|
LDFLAGS="-no-pie ${LDFLAGS}"
|
2015-11-17 17:13:12 +01:00
|
|
|
fi
|