Robin Gloster
335d0097cf
cc-wrapper: add-{flags,hardening} -> add-{flags,hardening}.sh
2016-08-23 15:27:51 +00:00
Robin Gloster
a9b942c061
cc-wrapper: treat hardeningDisable as string
...
This fixes passing the env variable to the ld-wrapper through the gcc
call. Wtf?!
2016-03-14 00:26:52 +00:00
Tristan Helmich
1a5acdb695
cc-wrapper: Add additional NIX_DEBUG statements
2016-03-11 14:02:07 +01:00
Tristan Helmich
7e2e0dfe7a
cc-wrapper: Use stderr for NIX_DEBUG output
...
Otherwise configure scripts might break when looking for the path to ld
2016-03-10 15:47:55 +01:00
Franz Pletz
514a478e61
cc-wrapper: Fix if syntax
2016-03-09 10:08:07 +01:00
Robin Gloster
9a5b070b45
hardening: debug with NIX_DEBUG
2016-03-08 20:51:35 +00:00
Franz Pletz
baee91ec60
cc-wrapper: Check if ld supports -z, fixes darwin
2016-03-07 21:40:20 +01:00
Franz Pletz
b2b499e6c4
cc-wrapper: Increase number of functions for stackprotector
2016-03-07 01:30:40 +01:00
Franz Pletz
ab1092875a
cc-wrapper: Disable pie for linking static libs
2016-03-07 01:30:39 +01:00
Franz Pletz
63f60b6a13
cc-wrapper: Disable pie when linking shared libraries
2016-03-07 01:30:39 +01:00
Franz Pletz
05a02c53a0
cc-wrapper: -pie is a ldflag
2016-03-06 00:14:55 +01:00
Franz Pletz
aff1f4ab94
Use general hardening flag toggle lists
...
The following parameters are now available:
* hardeningDisable
To disable specific hardening flags
* hardeningEnable
To enable specific hardening flags
Only the cc-wrapper supports this right now, but these may be reused by
other wrappers, builders or setup hooks.
cc-wrapper supports the following flags:
* fortify
* stackprotector
* pie (disabled by default)
* pic
* strictoverflow
* format
* relro
* bindnow
2016-03-05 18:55:26 +01:00
