Bug#812834: gcc-5: Please add support for hardened1-linux-amd64
Package: gcc-5
Version: 5.3.1-7
Severity: wishlist
Tags: patch
User: balint@balintreczey.hu
Usertags: hardened1-linux-amd64
Dear GCC Maintainers,
I have successfully bootstrapped the hardened1-linux-amd64 [1]
port using a set of patches [2].
I'm working towards making the port ready for being accepted to
Debian and the attached patches are adding the port support to
GCC.
The first patch allows cross building GCC to a port enabling PIE
by default from a host witout PIE by default.
It may be useful on its own.
Dpkg support for the port is being discussed in #812782.
Accepting this patch would make (re-)bootstrapping the new
port easier.
Thank you in advance,
Balint
[1] http://balintreczey.hu/blog/proposing-amd64-hardened-architecture-for-debian/
[2] https://anonscm.debian.org/cgit/users/rbalint/rebootstrap.git/
>From f1d664b0ae440163d85f85ab6f014ad6d7daab4c Mon Sep 17 00:00:00 2001
From: Balint Reczey <balint@balintreczey.hu>
Date: Mon, 25 Jan 2016 17:56:30 +0100
Subject: [PATCH 1/3] Re-enable -fPIC when -fno-PIE is used in bootstrapping
---
debian/patches/gcc-configure-pie.diff | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/debian/patches/gcc-configure-pie.diff b/debian/patches/gcc-configure-pie.diff
index 7abe92a..f58ccf3 100644
--- a/debian/patches/gcc-configure-pie.diff
+++ b/debian/patches/gcc-configure-pie.diff
@@ -381,7 +381,7 @@ Index: b/src/gcc/Makefile.in
echo INHIBIT_LIBC_CFLAGS = '$(INHIBIT_LIBC_CFLAGS)' >> tmp-libgcc.mvars
echo TARGET_SYSTEM_ROOT = '$(TARGET_SYSTEM_ROOT)' >> tmp-libgcc.mvars
+ if test @enable_default_pie@ = yes; then \
-+ NO_PIE_CFLAGS="-fno-PIE"; \
++ NO_PIE_CFLAGS="-fno-PIE -fPIC"; \
+ else \
+ NO_PIE_CFLAGS=; \
+ fi; \
--
2.1.4
>From 568bc9d19bdf9dbe505e7904fdc2ddd22ba9e767 Mon Sep 17 00:00:00 2001
From: Balint Reczey <balint@balintreczey.hu>
Date: Mon, 25 Jan 2016 19:23:23 +0100
Subject: [PATCH 2/3] Add support for hardened1-linux-amd64 architecture
---
debian/libasan2.symbols | 4 ++--
debian/rules.defs | 37 ++++++++++++++++++++++---------------
debian/rules2 | 2 +-
3 files changed, 25 insertions(+), 18 deletions(-)
diff --git a/debian/libasan2.symbols b/debian/libasan2.symbols
index fa170da..23a06a7 100644
--- a/debian/libasan2.symbols
+++ b/debian/libasan2.symbols
@@ -1,7 +1,7 @@
libasan.so.2 libasan2 #MINVER#
#include "libasan.symbols.common"
-(arch=!arm64 !alpha !amd64 !ia64 !ppc64 !ppc64el !s390x !sparc64 !kfreebsd-amd64)#include "libasan.symbols.32"
-(arch=arm64 alpha amd64 ia64 ppc64 ppc64el s390x sparc64 kfreebsd-amd64)#include "libasan.symbols.64"
+(arch=!arm64 !alpha !amd64 !ia64 !ppc64 !ppc64el !s390x !sparc64 !kfreebsd-amd64 !hardened1-linux-amd64)#include "libasan.symbols.32"
+(arch=arm64 alpha amd64 ia64 ppc64 ppc64el s390x sparc64 kfreebsd-amd64 hardened1-linux-amd64)#include "libasan.symbols.64"
(arch=armel armhf sparc64 x32)#include "libasan.symbols.16"
# these are missing on some archs ...
(arch=!arm64 !armel !armhf !powerpc !ppc64 !ppc64el !sparc !sparc64)__interceptor_ptrace@Base 4.9
diff --git a/debian/rules.defs b/debian/rules.defs
index a108f12..6d775f1 100644
--- a/debian/rules.defs
+++ b/debian/rules.defs
@@ -418,7 +418,7 @@ multiarch_xarch_map = \
amd64=i386-linux-gnu,x86_64-linux-gnux32 \
armel=arm-linux-gnueabi \
armhf=arm-linux-gnueabihf \
- i386=x86_64-linux-gnu,x86_64-linux-gnux32 \
+ i386=x86_64-linux-gnu,x86_64-linux-gnux32,x86_64-linux-gnuhardened1 \
powerpc=powerpc64-linux-gnu \
ppc64=powerpc-linux-gnu \
sparc=sparc64-linux-gnu \
@@ -431,8 +431,9 @@ multiarch_xarch_map = \
mipsn32el=mipsel-linux-gnu,mips64el-linux-gnuabi64 \
mips64=mips-linux-gnu,mips64-linux-gnuabin32 \
mips64el=mipsel-linux-gnu,mips64el-linux-gnuabin32 \
- x32=x86_64-linux-gnu,i386-linux-gnu \
- kfreebsd-amd64=i386-kfreebsd-gnu
+ x32=x86_64-linux-gnu,i386-linux-gnu, x86_64-linux-gnuhardened1 \
+ kfreebsd-amd64=i386-kfreebsd-gnu \
+ hardened1-linux-amd64=i386-linux-gnu,x86_64-linux-gnux32
xarch_multiarch_names = $(subst $(COMMA),$(SPACE),$(patsubst $(DEB_TARGET_ARCH)=%,%, \
$(filter $(DEB_TARGET_ARCH)=%,$(multiarch_xarch_map))))
@@ -464,7 +465,8 @@ multilib_multiarch_map = \
mips64el/n32=mips64el-linux-gnuabin32 \
x32/32=i386-linux-gnu \
x32/64=x86_64-linux-gnu \
- kfreebsd-amd64/32=i386-kfreebsd-gnu
+ kfreebsd-amd64/32=i386-kfreebsd-gnu \
+ hardened1-linux-amd64/32=i386-linux-gnu
# $(call mlib_to_march,<empty>|32|64|n32|x32|hf|sf)
mlib_to_march = $(patsubst $(DEB_TARGET_ARCH)/$(1)=%,%, \
$(filter $(DEB_TARGET_ARCH)/$(1)=%,$(multilib_multiarch_map)))
@@ -927,7 +929,7 @@ ifeq ($(with_d)-$(with_separate_gdc),yes-yes)
endif
ifeq ($(with_d),yes)
- libphobos_archs = amd64 armel armhf i386 x32 kfreebsd-amd64 kfreebsd-i386
+ libphobos_archs = amd64 hardened1-linux-amd64 armel armhf i386 x32 kfreebsd-amd64 kfreebsd-i386
ifneq (,$(filter $(DEB_TARGET_ARCH), $(libphobos_archs)))
with_libphobos := yes
endif
@@ -1106,7 +1108,7 @@ ifneq (,$(filter $(DEB_TARGET_ARCH),$(gomp_no_archs)))
endif
# itm --------------------
-itm_archs = amd64 arm64 i386 x32 ppc64 ppc64el
+itm_archs = amd64 hardened1-linux-amd64 arm64 i386 x32 ppc64 ppc64el
ifneq (,$(filter $(DEB_TARGET_ARCH),$(itm_archs)))
with_itm := yes
endif
@@ -1129,7 +1131,7 @@ endif
# asan / sanitizer --------------------
with_asan :=
with_asan := $(call envfilt, asan, , , $(with_asan))
-asan_archs = amd64 armel armhf arm64 i386 powerpc ppc64 ppc64el x32 sparc sparc64
+asan_archs = amd64 hardened1-linux-amd64 armel armhf arm64 i386 powerpc ppc64 ppc64el x32 sparc sparc64
ifneq (,$(filter $(DEB_TARGET_ARCH),$(asan_archs)))
with_asan := yes
endif
@@ -1137,7 +1139,7 @@ endif
# lsan / sanitizer --------------------
with_lsan :=
with_lsan := $(call envfilt, lsan, , , $(with_lsan))
-lsan_archs = amd64
+lsan_archs = amd64 hardened1-linux-amd64
ifneq (,$(filter $(DEB_TARGET_ARCH),$(lsan_archs)))
with_lsan := yes
endif
@@ -1145,7 +1147,7 @@ endif
# tsan / sanitizer --------------------
with_tsan :=
with_tsan := $(call envfilt, tsan, , , $(with_tsan))
-tsan_archs = amd64
+tsan_archs = amd64 hardened1-linux-amd64
ifneq (,$(filter $(DEB_TARGET_ARCH),$(tsan_archs)))
with_tsan := yes
endif
@@ -1155,7 +1157,7 @@ endif # with_cdev
# ubsan / sanitizer --------------------
with_ubsan :=
with_ubsan := $(call envfilt, ubsan, , , $(with_ubsan))
-ubsan_archs = amd64 armel armhf arm64 i386 powerpc ppc64 ppc64el x32 sparc sparc64
+ubsan_archs = amd64 hardened1-linux-amd64 armel armhf arm64 i386 powerpc ppc64 ppc64el x32 sparc sparc64
ifneq (,$(filter $(DEB_TARGET_ARCH),$(ubsan_archs)))
with_ubsan := yes
endif
@@ -1163,7 +1165,7 @@ endif
# libvtv --------------------
with_vtv :=
with_vtv := $(call envfilt, vtv, , , $(with_vtv))
-vtv_archs = amd64 i386 x32
+vtv_archs = amd64 hardened1-linux-amd64 i386 x32
ifneq (,$(filter $(DEB_TARGET_ARCH),$(vtv_archs)))
with_vtv := yes
with_libvtv := yes
@@ -1175,7 +1177,7 @@ with_libvtv :=
# libcilkrts --------------------
with_cilkrts :=
with_cilkrts := $(call envfilt, cilkrts, , , $(with_cilkrts))
-cilkrts_archs = amd64 i386 x32
+cilkrts_archs = amd64 hardened1-linux-amd64 i386 x32
ifneq (,$(filter $(DEB_TARGET_ARCH),$(cilkrts_archs)))
with_cilkrts := yes
endif
@@ -1183,7 +1185,7 @@ endif
# libmpx --------------------
with_mpx :=
with_mpx := $(call envfilt, mpx, , , $(with_mpx))
-mpx_archs = amd64 i386
+mpx_archs = amd64 hardened1-linux-amd64 i386
ifneq (,$(filter $(DEB_TARGET_ARCH),$(mpx_archs)))
# requires newer binutils, or else libmpxwrappers isn't built
ifeq (,$(filter $(distrelease),squeeze lucid precise))
@@ -1207,7 +1209,7 @@ endif
# gold --------------------
# armel with binutils 2.20.51 only
-gold_archs = amd64 armel armhf i386 powerpc powerpcspe ppc64 ppc64el sparc sparc64 x32 hurd-i386
+gold_archs = amd64 hardened1-linux-amd64 armel armhf i386 powerpc powerpcspe ppc64 ppc64el sparc sparc64 x32 hurd-i386
ifneq (,$(filter $(DEB_TARGET_ARCH),$(gold_archs)))
with_gold := yes
endif
@@ -1346,6 +1348,11 @@ else
#with_lib32gmath := yes
#with_libgmathdev := yes
endif
+ ifeq ($(DEB_TARGET_ARCH),hardened1-linux-amd64)
+ #with_libgccmath := yes
+ #with_lib32gmath := yes
+ #with_libgmathdev := yes
+ endif
# hppa64 build ----------------
hppa64_no_snap := no
@@ -1593,7 +1600,7 @@ define gen_biarch
export TARGET64_MACHINE
endif
endef
-biarch32archs := /amd64/ppc64/kfreebsd-amd64/s390x/sparc64/x32/mipsn32/mipsn32el/mips64/mips64el/
+biarch32archs := /amd64/hardened1-linux-amd64/ppc64/kfreebsd-amd64/s390x/sparc64/x32/mipsn32/mipsn32el/mips64/mips64el/
biarch64archs := /i386/powerpc/sparc/s390/mips/mipsel/mipsn32/mipsn32el/x32/
biarchn32archs := /mips/mipsel/mips64/mips64el/
ifeq ($(derivative),Ubuntu)
diff --git a/debian/rules2 b/debian/rules2
index 52c6b31..c8bf542 100644
--- a/debian/rules2
+++ b/debian/rules2
@@ -397,7 +397,7 @@ ifneq (,$(filter $(DEB_TARGET_GNU_TYPE), i486-linux-gnu i586-linux-gnu i686-linu
endif
endif
-ifneq (,$(filter $(DEB_TARGET_GNU_TYPE), x86_64-linux-gnu x86_64-linux-gnux32 x86_64-kfreebsd-gnu s390x-linux-gnu sparc64-linux-gnu))
+ifneq (,$(filter $(DEB_TARGET_GNU_TYPE), x86_64-linux-gnu x86_64-linux-gnuhardened1 x86_64-linux-gnux32 x86_64-kfreebsd-gnu s390x-linux-gnu sparc64-linux-gnu))
ifneq ($(biarch32),yes)
CONFARGS += --disable-multilib
endif
--
2.1.4
>From edbe56950ee7c8830ca22dcd8bd122a839d27c52 Mon Sep 17 00:00:00 2001
From: Balint Reczey <balint@balintreczey.hu>
Date: Mon, 25 Jan 2016 19:38:30 +0100
Subject: [PATCH 3/3] Set multiarch and multilib dirs for hardened1-linux-amd64
---
.../patches/gcc-multilib-multiarch-hardened1.diff | 22 ++++++++++++++++++++++
debian/rules.patch | 3 +++
2 files changed, 25 insertions(+)
create mode 100644 debian/patches/gcc-multilib-multiarch-hardened1.diff
diff --git a/debian/patches/gcc-multilib-multiarch-hardened1.diff b/debian/patches/gcc-multilib-multiarch-hardened1.diff
new file mode 100644
index 0000000..2db549f
--- /dev/null
+++ b/debian/patches/gcc-multilib-multiarch-hardened1.diff
@@ -0,0 +1,22 @@
+diff --git a/src/gcc/config/i386/t-linux64 b/src/gcc/config/i386/t-linux64
+index 04d001c..7d34500 100644
+--- a/src/gcc/config/i386/t-linux64
++++ b/src/gcc/config/i386/t-linux64
+@@ -38,7 +38,7 @@ MULTILIB_OSDIRNAMES = m64=../lib64$(call if_multiarch,:x86_64-linux-gnu)
+ MULTILIB_OSDIRNAMES+= m32=../lib32$(call if_multiarch,:i386-linux-gnu)
+ MULTILIB_OSDIRNAMES+= mx32=../lib$(call if_multiarch,:x86_64-linux-gnux32)
+ else ifneq (,$(findstring x86_64,$(target)))
+-MULTILIB_OSDIRNAMES = m64=../lib$(call if_multiarch,:x86_64-linux-gnu)
++MULTILIB_OSDIRNAMES = m64=../lib$(call if_multiarch,:x86_64-linux-gnuhardened1)
+ MULTILIB_OSDIRNAMES+= m32=../lib32$(call if_multiarch,:i386-linux-gnu)
+ MULTILIB_OSDIRNAMES+= mx32=../libx32$(call if_multiarch,:x86_64-linux-gnux32)
+ else
+@@ -51,7 +51,7 @@ ifneq (,$(findstring x86_64,$(target)))
+ ifneq (,$(findstring biarchx32.h,$(tm_include_list)))
+ MULTIARCH_DIRNAME = $(call if_multiarch,x86_64-linux-gnux32)
+ else
+- MULTIARCH_DIRNAME = $(call if_multiarch,x86_64-linux-gnu)
++ MULTIARCH_DIRNAME = $(call if_multiarch,x86_64-linux-gnuhardened1)
+ endif
+ else
+ MULTIARCH_DIRNAME = $(call if_multiarch,i386-linux-gnu)
diff --git a/debian/rules.patch b/debian/rules.patch
index 005a964..7294940 100644
--- a/debian/rules.patch
+++ b/debian/rules.patch
@@ -312,6 +312,9 @@ ifneq (,$(filter $(build_type), build-cross cross-build-cross))
endif
endif
debian_patches += gcc-multilib-multiarch
+ifeq ($(DEB_TARGET_ARCH),hardened1-linux-amd64)
+ debian_patches += gcc-multilib-multiarch-hardened1
+endif
ifneq (,$(filter $(derivative),Ubuntu))
ifeq (,$(filter $(distrelease),dapper hardy intrepid jaunty karmic lucid maverick))
--
2.1.4
Reply to: