Package: gcc-5 Version: 5.3.1-7 Severity: wishlist Tags: patch User: bal...@balintreczey.hu Usertags: hardened1-linux-amd64
Dear GCC Maintainers, I have successfully bootstrapped the hardened1-linux-amd64 [1] port using a set of patches [2]. I'm working towards making the port ready for being accepted to Debian and the attached patch enables PIE by default on the new port. Dpkg support for the port is being discussed in #812782. Accepting this patch would make (re-)bootstrapping the new port easier. Thank you in advance, Balint [1] http://balintreczey.hu/blog/proposing-amd64-hardened-architecture-for-debian/ [2] https://anonscm.debian.org/cgit/users/rbalint/rebootstrap.git/
>From de7fa68c65d28f0bc0d97391a064355861fbd606 Mon Sep 17 00:00:00 2001 From: Balint Reczey <bal...@balintreczey.hu> Date: Wed, 27 Jan 2016 17:00:26 +0100 Subject: [PATCH] Enable PIE by default on hardened1-linux-amd64 --- debian/rules.defs | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/debian/rules.defs b/debian/rules.defs index 6d775f1..dd503c9 100644 --- a/debian/rules.defs +++ b/debian/rules.defs @@ -1198,14 +1198,15 @@ endif # pie by default -------------------- with_pie := +pie_archs = hardened1-linux-amd64 ifeq ($(distribution),Ubuntu) ifeq (,$(filter $(distrelease),lucid precise trusty utopic vivid wily)) - pie_archs = s390x - endif - ifneq (,$(filter $(DEB_TARGET_ARCH),$(pie_archs))) - with_pie := yes + pie_archs := $(pie_archs) s390x endif endif +ifneq (,$(filter $(DEB_TARGET_ARCH),$(pie_archs))) + with_pie := yes +endif # gold -------------------- # armel with binutils 2.20.51 only -- 2.1.4
