When "bmake clean depends" was called for a package where the various
cookie files already existed, these would enable different rules than a
clean package directory.
Since "bmake clean" deletes all the cookie files before "bmake depends"
starts, in these combined command lines the cookie files must be treated
as absent.
WSL is Windows Services for Linux, aka "bash on Ubuntu on Windows".
Some packages need to differentiate plain Linux and running on WSL.
Patch from David Weller-Fahy via PR pkg/53806.
Platform support is determined by _OPSYS_SUPPORTS_CTF from mk/platform, the
user enables support by setting PKGSRC_USE_CTF=yes, and packages can
explicitly disable support with CTF_SUPPORTED=no or skip certain files with
CTF_FILES_SKIP.
The path to ctfconvert is configured via TOOLS_PLATFORM.ctfconvert.
If all of the requisite variables are enabled, a compiler-specific debug flag
is passed via the wrappers to ensure we have DWARF information to convert,
_INSTALL_UNSTRIPPED is explicitly defined to avoid binaries being stripped
prior to conversion, and the conversion is performed during the install stage.
It is recommended that users who enable the feature also set STRIP_DEBUG=yes
to reduce the final binary size once the conversion has been performed.
This has been used for the past year in Joyent SmartOS builds. FreeBSD is
marked as supported but is untested.
Using variables such as PKGSRC_USE_SSP in package Makefiles to disable SSP does
not work due to the parsing order in bsd.prefs.mk. Even if it did, it's not a
good idea to mix user and package settable variables, and would cause issues in
complex packages where bsd.prefs.mk is included early (e.g. Makefile.common).
Packages can now set {MKPIE,MKREPRO,FORTIFY,RELRO,SSP,STACK_CHECK}_SUPPORTED=no
to correctly disable security features if necessary.
It currently tackles two problems:
- gcc(1) hard-coding full paths in debugging information (with one
caveat at the moment)
- ar(1) hard-coding user IDs in archive headers
This allows packages built from the same tree and options to produce
identical results bit by bit. This option should be combined with ASLR
and PKGSRC_MKPIE to avoid predictable address offsets for attackers
attempting to exploit security vulnerabilities.
This is still disabled by default, and only supports NetBSD so far.
As discussed on tech-pkg@
This adds a detection for Chrome OS and Chromium OS based on /etc/lsb-release,
which sets LOWER_VENDOR, like for other Linux distros. It also sets OS_VARIANT
to the value of LOWER_VENDOR, so we can have conditionals for ChromeOS. It is
missing some things that are silently assumed to be part of Linux base
systems, such as POSIX attr support, NIS and more.
ok jperkin@
If ${_USE_NEW_PKGINSTALL} is "yes", then use the new "pkgtasks",
"init", and "pkgformat/pkg"-scripts frameworks instead of the
existing "pkginstall" framework.
Only four platforms, all BSDs, need to resolve "ELF/a.out" into
either ELF or a.out. Calculate it directly in the platform file
and return the value in ${_OPSYS_SHLIB_TYPE} and export that value
in bsd.prefs.mk as ${SHLIB_TYPE}.
Instead of requiring the file(1) tool, we can expect the base
system of those BSDs to have /usr/bin/file, so make use of it
directly.
The new options are, for FORTIFY:
"no" Do not pass any flags for FORTIFY
"weak" Pass -D_FORTIFY_SOURCE=1
"strong" Pass -D_FORTIFY_SOURCE=2
This allows users to reduce the level of FORTIFY specified if necessary
or desired. The previous setting as "yes" is now equivalent to "strong"
(the default when enabling).
The new options are, for RELRO:
"no" Do not pass any flags for RELRO
"partial" Pass -Wl,-z,relro
"full" Pass -Wl,-z,relro -Wl,-z,now
This allows users to reduce the level of RELRO specified if necessary or
desired. The previous setting as "yes" is now equivalent to "full" (the
default when enabling).
This is intended to match the changes committed by jperkin@ (for SSP)
after our discussion a (long) while back.
No functional change intended (with the settings supported so far).
to "auto", which will enable cwrappers if the _OPSYS_SUPPORTS_CWRAPPERS
platform variable is set to "yes".
Switch over to cwrappers by default for Darwin, Linux, and SunOS (except when
using the sunpro compiler).
"no" Do not pass any stack protection flags (the default)
"yes" Pass -fstack-protector
"strong" Pass -fstack-protector-strong
"all" Pass -fstack-protector-all
This allows users to configure the level of stack smashing protection they
require, and ensures consistent behaviour across platforms. Users running
on NetBSD who previously used the option will need to change "yes" to "all"
to match the previous default configuration for that platform.
While here use _WRAP_EXTRA_ARGS to ensure the flag gets passed regardless
of whether the package honours CFLAGS, and support additional wrappers.
Discussed a while back with khorben, and used in production for the SmartOS
2016Q1 package sets with the "strong" option.
been broken due to NATIVE_MACHINE_ARCH no longer being set to x86_64. Fix
this by introducing HOST_MACHINE_ARCH which refers to the underlying host
architecture rather than bmake's native architecture, thus differentiating
between cross-compiling and multilib.
This is currently only set on Linux as the only OPSYS which currently
requires such a test, but can be expanded to other OPSYS as necessary.
- No _GCC_* anything in mk/bsd.prefs.mk;
- No compiler flags in platform files.
Tested again on NetBSD/amd64, with and without cwrappers, with the same
outcome.
With feedback from jperkin@
- Revisit (and rename) support for FORTIFY as PKGSRC_USE_FORTIFY (instead
of PKGSRC_USE_FORT) for easier support outside NetBSD/gcc;
- PKGSRC_USE_SSP is no longer enabled by default when PKGSRC_USE_FORTIFY
is enabled;
- PKGSRC_MKPIE builds executables as PIE (to leverage userland ASLR)
- PKGSRC_USE_RELRO builds with a read-only GOT to prevent some exploits
from functioning.
Tested on NetBSD/amd64 by myself, in every combination, with and without
pkgtools/cwrappers. MKPIE is not supported at the moment with cwrappers.
Also, MKPIE is known to still break a number of packages when enabled (and
actually supported).
Tested on SunOS by jperkin@, thank you!
As discussed on tech-pkg@, the default behavior is not changed, except
where noted above.
ok bsiegert@
Previously there were at least 5 different ways MACHINE_ARCH could be set,
some statically and some at run time, and in many cases these settings
differed, leading to issues at pkg_add time where there was conflict
between the setting encoded into the package and that used by pkg_install.
Instead, move to a single source of truth where the correct value based on
the host and the chosen (or default) ABI is determined in the bootstrap
script. The value can still be overridden in mk.conf if necessary, e.g.
for cross-compiling.
ABI is now set by default and if unset a default is calculated based on
MACHINE_ARCH. This fixes some OS, e.g. Linux, where the wrong default was
previously chosen.
As a result of the refactoring there is no need for LOWER_ARCH, with
references to it replaced by MACHINE_ARCH. SPARC_TARGET_ARCH is also
removed.
Operating Systems.
For SmartOS, store the result from running uname -v & trimming the joyent_
prefix.
For OmniOS, store the result from processing /etc/release with awk(1)
Reviewed by joerg@ bsiegert@
Initial patchset to add support by rodent@
Further adjustments made based on feedback by joerg@
Tested by myself with numerous bulkbuilds thanks to Patrick Wildt @ Bitrig
Reviewed by bsiegert@ joerg@ wiz@
they won't create the subdirectory either. Since the SUBST targets try
to change to WRKSRC first, they fail. This is seen with meta packages
depending on Freetype2 when using X11_TYPE=native.