commit: 68d4571e78f348eac41d64ba306ec2a8226ad17c Author: Sam James <sam <AT> gentoo <DOT> org> AuthorDate: Sat Mar 11 18:48:14 2023 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Sat Mar 11 18:50:28 2023 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=68d4571e
app-containers/docker: drop USE=hardened hacks 1. These aren't needed on hardened systems anyway (we've had default PIE on normal, non-hardened systems for years); 2. The relevant variables are gone upstream, see https://github.com/moby/moby/commit/877baae03e1810b6a6afaa8b767b8df25f5c5cae, which fails because of the grep sanity check in the ebuild (correctly); 3. If we did need to keep this check, we would need to do it based on a e.g. toolchain-funcs function to check if the toolchain defaults to PIE, but not based on USE=hardened. Closes: https://bugs.gentoo.org/900849 Signed-off-by: Sam James <sam <AT> gentoo.org> app-containers/docker/docker-23.0.1.ebuild | 8 -------- 1 file changed, 8 deletions(-) diff --git a/app-containers/docker/docker-23.0.1.ebuild b/app-containers/docker/docker-23.0.1.ebuild index e52d11e4501a..407387c83b71 100644 --- a/app-containers/docker/docker-23.0.1.ebuild +++ b/app-containers/docker/docker-23.0.1.ebuild @@ -253,14 +253,6 @@ src_compile() { fi done - if use hardened; then - sed -i "s/EXTLDFLAGS_STATIC='/&-fno-PIC /" hack/make.sh || die - grep -q -- '-fno-PIC' hack/make.sh || die 'hardened sed failed' - sed "s/LDFLAGS_STATIC_DOCKER='/&-extldflags -fno-PIC /" \ - -i hack/make/dynbinary-daemon || die - grep -q -- '-fno-PIC' hack/make/dynbinary-daemon || die 'hardened sed failed' - fi - # build daemon ./hack/make.sh dynbinary || die 'dynbinary failed' }
