-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >> >> The fpie, fstack-protector, and fortify_source patches are split up and don't >> depend on eachother, so you can choose whichever ones you want. There isn't >> another practical way to do it. >>
> My practice is generally to replace those commands with some unique > text-statement such as "REPLACE_ME_WITH_PIE" > then have the user building the system run a sed expression to either > add the -fpie or replace that with an empty statement: > sed -i -e 's|REPLACE_ME_WITH_PIE|-fpie|g' some_file.c > or > sed -i -e 's|REPLACE_ME_WITH_PIE||g' some_file.c > > And then this means you ideally never have to update the patch on > changes in how the -fpie option is added. > This puts the changes in builder-space. Ouch... environment strings won't work better? I cross compile for multiple arch and may not even want a toolchain on the target. I must set a lot of specs besides fpie, etc. The GCC guys know what they are doing. Arbitrary configuration is necessary. Hardening is fine, but installing a (possibly broken)patch to a perfectly good compiler is not educational, or logical, and it should be illegal;) Marty B. - -- Putting Microsoft in a computer is like putting screen doors in a submarine. Hopeless. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFHcP3uodd/GHZYnVQRAmsaAKCtrJPw42EO2VLK0fTkJciR2OSnBQCgx3BX Q9TRXJm3QHYfeCGU7o22LgM= =ATSy -----END PGP SIGNATURE----- -- http://linuxfromscratch.org/mailman/listinfo/hlfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
