[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#812889: gcc-5: Please enable PIE by default on hardened1-linux-amd64

Package: gcc-5
Version: 5.3.1-7
Severity: wishlist
Tags: patch
User: balint@balintreczey.hu
Usertags: hardened1-linux-amd64

Dear GCC Maintainers,

I have successfully bootstrapped the hardened1-linux-amd64 [1]
port using a set of patches [2].
I'm working towards making the port ready for being accepted to
Debian and the attached patch enables PIE by default on the new
port.

Dpkg support for the port is being discussed in #812782.

Accepting this patch would make (re-)bootstrapping the new
port easier.

Thank you in advance,
Balint

[1]
http://balintreczey.hu/blog/proposing-amd64-hardened-architecture-for-debian/
[2] https://anonscm.debian.org/cgit/users/rbalint/rebootstrap.git/



>From de7fa68c65d28f0bc0d97391a064355861fbd606 Mon Sep 17 00:00:00 2001
From: Balint Reczey <balint@balintreczey.hu>
Date: Wed, 27 Jan 2016 17:00:26 +0100
Subject: [PATCH] Enable PIE by default on hardened1-linux-amd64

---
 debian/rules.defs | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/debian/rules.defs b/debian/rules.defs
index 6d775f1..dd503c9 100644
--- a/debian/rules.defs
+++ b/debian/rules.defs
@@ -1198,14 +1198,15 @@ endif
 
 # pie by default --------------------
 with_pie :=
+pie_archs = hardened1-linux-amd64
 ifeq ($(distribution),Ubuntu)
   ifeq (,$(filter $(distrelease),lucid precise trusty utopic vivid wily))
-    pie_archs = s390x
-  endif
-  ifneq (,$(filter $(DEB_TARGET_ARCH),$(pie_archs)))
-    with_pie := yes
+    pie_archs := $(pie_archs) s390x
   endif
 endif
+ifneq (,$(filter $(DEB_TARGET_ARCH),$(pie_archs)))
+  with_pie := yes
+endif
 
 # gold --------------------
 # armel with binutils 2.20.51 only
-- 
2.1.4
Reply to: