Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cc-wrapper: allow compilers to specify unsupported hardening modes #29483

Merged
merged 1 commit into from Dec 31, 2017
Merged

cc-wrapper: allow compilers to specify unsupported hardening modes #29483

merged 1 commit into from Dec 31, 2017

Conversation

veprbl
Copy link
Member

@veprbl veprbl commented Sep 16, 2017
edited

Fixes: 0fd7ef6 ('clang_34: Disable hardening bits (#28543)')
Fixes #28543

Motivation for this change
Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option build-use-sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • Linux
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Fits CONTRIBUTING.md.

cc @abbradar @dtzWill

@mention-bot
Copy link

@veprbl, thanks for your PR! By analyzing the history of the files in this pull request, we identified @Ericson2314, @peti and @edolstra to be potential reviewers.

@globin
Copy link
Member

globin commented Sep 18, 2017

Could you use camelCase? Otherwise looks fine to me.

@veprbl
Copy link
Member Author

veprbl commented Oct 12, 2017

This is not a mass rebuild, only few old compilers affected. Can we merge?

@Ericson2314 Ericson2314 merged commit 64965e8 into NixOS:master Dec 31, 2017
@Ericson2314
Copy link
Member

Ericson2314 commented Dec 31, 2017
edited

It would be good to use this for gccCrossStageStatic, which I think cannot do some of this stuff. That would just be adding some stdenv.lib.optionals crossStageStage [ .. ] to the GCC derivations. @bnikolic what do you think, since you just hit this in #33167?

@bnikolic
Copy link
Contributor

bnikolic commented Jan 2, 2018

@Ericson2314 agreed, would be useful for various cross compiling situations.

Ideally the compiler toolchains should be inteligently ignoring the hardening flags but they don't seem to do that. So hardening should fall into a category of non-functional build attributes where the builders should try to do as many of that as possible but ignore any which can not be achieved.

@Ericson2314
Copy link
Member

@bnikolic Well, I wouldn't want it to be too seemless less we accidentally end up with less clean machine code. Making the opt-out static and determinable from Nix, not just bash/builders themselves, seems to me like a sweet spot.

Do you agree that no SPP seems to be a stage-static thing in generally, or mingw stage static thing in particular?

@bnikolic
Copy link
Contributor

bnikolic commented Jan 2, 2018

@Ericson2314 I'm not sure. I think it depends on whether SSP is in the glibc or as separate library but haven't look in a lot of detail -- will keep this in mind.

@veprbl veprbl deleted the hardening_unsupported_flags branch April 15, 2018 22:34
@veprbl veprbl restored the hardening_unsupported_flags branch December 1, 2020 16:53
@veprbl veprbl deleted the hardening_unsupported_flags branch December 1, 2020 17:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fpletz fpletz fpletz approved these changes

@Ericson2314 Ericson2314 Ericson2314 approved these changes

@edolstra edolstra Awaiting requested review from edolstra

Assignees
No one assigned
Labels
10.rebuild-darwin: 1-10 10.rebuild-linux: 11-100
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
7 participants
@veprbl @mention-bot @globin @Ericson2314 @bnikolic @fpletz @GrahamcOfBorg