Discussion:
SSP_CFLAGS for kernel
Rozhuk Ivan
2018-05-05 00:59:31 UTC
Permalink
Hi!

I set:

/etc/src.conf:
WITH_SSP=

/etc/make.conf:
SSP_CFLAGS=-fstack-protector-all
WITH_SSP_PORTS=yes


But in /usr/src/sys/conf/kern.mk:

...
#
# GCC SSP support
#
.if ${MK_SSP} != "no" && \
${MACHINE_CPUARCH} != "arm" && ${MACHINE_CPUARCH} != "mips"
CFLAGS+= -fstack-protector
.endif
...


Is there should be some thing like in /usr/src/share/mk/bsd.sys.mk:

SSP_CFLAGS?= -fstack-protector
CFLAGS+= ${SSP_CFLAGS}

???


PS: /usr/ports/UPDATING
"The default SSP_CLFAGS is -fstack-protector, but -fstack-protector-all"
should be:
"The default SSP_CFLAGS is -fstack-protector, but -fstack-protector-all"
bryn1u85
2018-05-05 10:38:37 UTC
Permalink
Hey,
Don't touch src.conf

Entry for make.conf should looks like below:

WITH_SSP_PORTS=YES

SSP_CFLAGS=-fstack-protector-all

SSP_CXXFLAGS=-fstack-protector-all

It's working for me.
Post by Rozhuk Ivan
Hi!
WITH_SSP=
SSP_CFLAGS=-fstack-protector-all
WITH_SSP_PORTS=yes
...
#
# GCC SSP support
#
.if ${MK_SSP} != "no" && \
${MACHINE_CPUARCH} != "arm" && ${MACHINE_CPUARCH} != "mips"
CFLAGS+= -fstack-protector
.endif
...
SSP_CFLAGS?= -fstack-protector
CFLAGS+= ${SSP_CFLAGS}
???
PS: /usr/ports/UPDATING
"The default SSP_CLFAGS is -fstack-protector, but -fstack-protector-all"
"The default SSP_CFLAGS is -fstack-protector, but -fstack-protector-all"
_______________________________________________
https://lists.freebsd.org/mailman/listinfo/freebsd-hackers
Rozhuk Ivan
2018-05-05 11:33:35 UTC
Permalink
On Sat, 5 May 2018 12:38:37 +0200
Post by bryn1u85
Don't touch src.conf
I want to buils kernel and system with SSP too.
Post by bryn1u85
WITH_SSP_PORTS=YES
SSP_CFLAGS=-fstack-protector-all
SSP_CXXFLAGS=-fstack-protector-all
SSP_CXXFLAGS does not used in system and ports, at least on 11.2.
Kevin Oberman
2018-05-05 18:55:45 UTC
Permalink
Post by Rozhuk Ivan
On Sat, 5 May 2018 12:38:37 +0200
Post by bryn1u85
Don't touch src.conf
I want to buils kernel and system with SSP too
Not relevant.

/etc/make.conf definitions are applied to ALL make operations and that
includes kernel and module building.
/etc/src.conf definitions are only applied to the kernel, modules, and
ports. When src.conf was created, it was explicitly NOT intended that the
file be used for building ports, but someone has changed that. It probably
should have been used for ports that built kernel modules, but not any
others, but that is not the case.
From bsd.port.mk:
# We prefer to pass MK_*=no but it was only supported after a certain
# revision. Passing WITHOUT_* may conflict with a make.conf or src.conf's
# WITH_* value. Note that ports *do* pull in src.conf.
--
Kevin Oberman, Part time kid herder and retired Network Engineer
E-mail: ***@gmail.com
PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683

Loading...