For USE_LANGUAGES there is already a pkglint warning, but for GCC_REQD it
is missing. It's better to have this check directly in the
infrastructure since it is more reliable.
This check is disabled by default, to not cause any new breakage.
It should be enabled in bulk builds.
A default installation of GCC doesn't install bin/cc but only bin/gcc.
Adding bin/cc is only done by the pgksrc packages, not by the upstream
package.
The previous strategy of just checking whether ${GCCBASE}/bin/${CC:[1]}
exists did not work in such a situation. Therefore, if CC still has its
default value from sys.mk, that is changed to the intended gcc, which
then detects the base GCC properly.
See https://mail-index.netbsd.org/pkgsrc-users/2019/09/07/msg029329.html.
See https://mail-index.netbsd.org/tech-pkg/2019/09/18/msg021976.html.
This way we don't inadvertently tell a native dependency that it is
supposed to be compiled with the cross-compiler.
No functional change intended for USE_CROSS_COMPILE=no.
Platform support is determined by _OPSYS_SUPPORTS_CTF from mk/platform, the
user enables support by setting PKGSRC_USE_CTF=yes, and packages can
explicitly disable support with CTF_SUPPORTED=no or skip certain files with
CTF_FILES_SKIP.
The path to ctfconvert is configured via TOOLS_PLATFORM.ctfconvert.
If all of the requisite variables are enabled, a compiler-specific debug flag
is passed via the wrappers to ensure we have DWARF information to convert,
_INSTALL_UNSTRIPPED is explicitly defined to avoid binaries being stripped
prior to conversion, and the conversion is performed during the install stage.
It is recommended that users who enable the feature also set STRIP_DEBUG=yes
to reduce the final binary size once the conversion has been performed.
This has been used for the past year in Joyent SmartOS builds. FreeBSD is
marked as supported but is untested.
It currently tackles two problems:
- gcc(1) hard-coding full paths in debugging information (with one
caveat at the moment)
- ar(1) hard-coding user IDs in archive headers
This allows packages built from the same tree and options to produce
identical results bit by bit. This option should be combined with ASLR
and PKGSRC_MKPIE to avoid predictable address offsets for attackers
attempting to exploit security vulnerabilities.
This is still disabled by default, and only supports NetBSD so far.
As discussed on tech-pkg@
This makes sure a simple "cc -o hello hello.c" will still build a valid
executable. It does not let us detect when CFLAGS or LDFLAGS are
ignored anymore, but it is legitimate for packages to expect it to work
without any additional parameter.
ld(1) does not expect "-fPIC" but it seems to be ignored by our wrappers
in this case, so no disruption is expected there.
We can't rely on _GCC_VERSION as an accurate indicator of the GCC version,
as when using a pkgsrc GCC it will be set to 0 until the pkgsrc GCC is
available and we can detect its version. Instead, move the logic later to
after CC_VERSION is set and use that instead.
This is based on a patch submitted on 16/04/2017 on tech-pkg@ and
adapted by joerg@ for pkgtools/cwrappers. It only consists in the
missing part to actually generate PIE executables with cwrappers if
configured to do so (currently disabled by default). The aim is really
to produce safer binaries where ASLR is in use.
This part in pkgsrc is only supported on NetBSD (x86) with GCC at the
moment.
Tested on NetBSD/amd64, with and without cwrappers, with and without
PKGSRC_MKPIE (all four combinations).
The new options are, for FORTIFY:
"no" Do not pass any flags for FORTIFY
"weak" Pass -D_FORTIFY_SOURCE=1
"strong" Pass -D_FORTIFY_SOURCE=2
This allows users to reduce the level of FORTIFY specified if necessary
or desired. The previous setting as "yes" is now equivalent to "strong"
(the default when enabling).
The new options are, for RELRO:
"no" Do not pass any flags for RELRO
"partial" Pass -Wl,-z,relro
"full" Pass -Wl,-z,relro -Wl,-z,now
This allows users to reduce the level of RELRO specified if necessary or
desired. The previous setting as "yes" is now equivalent to "full" (the
default when enabling).
This is intended to match the changes committed by jperkin@ (for SSP)
after our discussion a (long) while back.
No functional change intended (with the settings supported so far).
This large commit accomplishes the following:
1) Switch USE_LANGUAGES=ada to require lang/gcc5-aux (gcc 5.4) instead
of lang/gcc-aux (gcc 4.9.2) on gcc.mk
2) Bump affected ports and fix paths as necessary
3) Upgrade devel/gprbuild to the latest release
- No longer requires lang/gnat_util
- gprslave requires gcc6-aux, so it was disabled for now
4) Fix lang/gnat_util but set PKG_SKIP_REASON
- It has no further purpose in the pkgsrc tree
- It has no practical purpose outside of the pkgsrc tree
- Indicate intent to remove from tree in Jan. 2017
5) Set devel/GPS as failed with PKG_FAIL_REASON
- This version of GPS is several years old and at the time they were
strongly tied to compiler.
- Latest release of GPS require gcc6-aux (not available) and several
new and complex dependencies
- maintainer (me) has no interest to continue supporting it
- Leaving GPS in place until Jan 2017 to give another person chance to
upgrade and take over support
- Latest version in FreeBSD Ports Collection as a reference point
"no" Do not pass any stack protection flags (the default)
"yes" Pass -fstack-protector
"strong" Pass -fstack-protector-strong
"all" Pass -fstack-protector-all
This allows users to configure the level of stack smashing protection they
require, and ensures consistent behaviour across platforms. Users running
on NetBSD who previously used the option will need to change "yes" to "all"
to match the previous default configuration for that platform.
While here use _WRAP_EXTRA_ARGS to ensure the flag gets passed regardless
of whether the package honours CFLAGS, and support additional wrappers.
Discussed a while back with khorben, and used in production for the SmartOS
2016Q1 package sets with the "strong" option.
