[gentoo-commits] repo/gentoo:master commit in: eclass/

Sam James Thu, 17 Aug 2023 18:31:12 -0700

commit:     b540f017cacb9d8c293648dcb1ab209d43d1ca79
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Aug 17 03:18:19 2023 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Aug 18 01:30:16 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b540f017


flag-o-matic.eclass: update _filter-hardened

_filter-hardened is used by filter-flags to negate defaults, e.g. it makes
filter-flags -fstack-protector correctly then disable -fstack-protector as well
if the toolchain enables SSP by default.

Modernise the tests it uses with the tc-enables-* functions rather than
just gcc-specs-*. We haven't done hardening via specs for ages.

Signed-off-by: Sam James <sam <AT> gentoo.org>

 eclass/flag-o-matic.eclass | 26 ++++++++++++++++++++------
 1 file changed, 20 insertions(+), 6 deletions(-)

diff --git a/eclass/flag-o-matic.eclass b/eclass/flag-o-matic.eclass
index 0558e639b981..7ea29334bba8 100644
--- a/eclass/flag-o-matic.eclass
+++ b/eclass/flag-o-matic.eclass
@@ -147,7 +147,10 @@ _filter-hardened() {
                        # not -fPIC or -fpic, but too many places filter -fPIC 
without
                        # thinking about -fPIE.
                        -fPIC|-fpic|-fPIE|-fpie|-Wl,pie|-pie)
-                               gcc-specs-pie || continue
+                               if ! gcc-specs-pie && ! tc-enables-pie ; then
+                                       continue
+                               fi
+
                                if ! is-flagq -nopie && ! is-flagq -no-pie ; 
then
                                        # Support older Gentoo form first 
(-nopie) before falling
                                        # back to the official gcc-6+ form 
(-no-pie).
@@ -158,15 +161,26 @@ _filter-hardened() {
                                        fi
                                fi
                                ;;
+
                        -fstack-protector)
-                               gcc-specs-ssp || continue
-                               is-flagq -fno-stack-protector || append-flags 
$(test-flags -fno-stack-protector);;
+                               if ! gcc-specs-ssp && ! tc-enables-ssp ; then
+                                       continue
+                               fi
+
+                               is-flagq -fno-stack-protector || append-flags 
$(test-flags -fno-stack-protector)
+                               ;;
                        -fstack-protector-all)
-                               gcc-specs-ssp-to-all || continue
-                               is-flagq -fno-stack-protector-all || 
append-flags $(test-flags -fno-stack-protector-all);;
+                               if ! gcc-specs-ssp-to-all && ! 
tc-enables-ssp-all ; then
+                                       continue
+                               fi
+
+                               is-flagq -fno-stack-protector-all || 
append-flags $(test-flags -fno-stack-protector-all)
+                               ;;
                        -fno-strict-overflow)
                                gcc-specs-nostrict || continue
-                               is-flagq -fstrict-overflow || append-flags 
$(test-flags -fstrict-overflow);;
+
+                               is-flagq -fstrict-overflow || append-flags 
$(test-flags -fstrict-overflow)
+                               ;;
                esac
        done
 }

[gentoo-commits] repo/gentoo:master commit in: eclass/

Reply via email to