As a part of my earlier threads I tried to figure out the migration plan from not hardened glibc and not hardened gcc to both of them hardened.
That of course raises questions like - what we compile first, and what are dependencies here? Here's what I have figured out - by _experimenting_ not speculation: 1. Building glibc with USE=hardened works, no matter whether the toolchain is hardened or not. 2. However, glibc won't apply one hardening-related patch if the used toolchain is not pie-enabled. 3. Interestingly, gcc with USE=hardened compiles fine even if glibc is -hardened. The vanilla spec works. I haven't tested the hardened spec. Based on that, I suggest the following dependency changes (conceptually): In glibc: DEPEND="gcc[hardened?]" In gcc: PDEPEND="elibc_glibc? glibc[hardened?]" Thoughts?
signature.asc
Description: OpenPGP digital signature
