- import gcc:4 pie support towards hardened-gcc. (many thanks to Zorry for putting up with all my crazy requirements)

1 files changed, 67 insertions, 12 deletions

diff --git a/eclass/toolchain.eclass b/eclass/toolchain.eclass
index 6b6ee7d1517c..b005a6623954 100644
--- a/eclass/toolchain.eclass
+++ b/eclass/toolchain.eclass
@@ -1,6 +1,6 @@
 # Copyright 1999-2008 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/eclass/toolchain.eclass,v 1.368 2008/12/22 18:53:47 solar Exp $
+# $Header: /var/cvsroot/gentoo-x86/eclass/toolchain.eclass,v 1.369 2008/12/29 02:24:18 solar Exp $
 #
 # Maintainer: Toolchain Ninjas <toolchain@gentoo.org>
 
@@ -236,6 +236,10 @@ gcc_get_s_dir() {
 #				old syntax (do not define PIE_CORE anymore):
 #					PIE_CORE="gcc-3.4.0-piepatches-v${PIE_VER}.tar.bz2"
 #
+#	SPECS_VER
+#	SPECS_GCC_VER
+#			This is for the minispecs files included in the hardened gcc-4.x
+#
 #	PP_VER
 #	PP_GCC_VER
 #	obsoleted: PP_FVER
@@ -280,6 +284,7 @@ get_gcc_src_uri() {
 	export PIE_GCC_VER=${PIE_GCC_VER:-${GCC_RELEASE_VER}}
 	export PP_GCC_VER=${PP_GCC_VER:-${GCC_RELEASE_VER}}
 	export HTB_GCC_VER=${HTB_GCC_VER:-${GCC_RELEASE_VER}}
+	export SPECS_GCC_VER=${SPECS_GCC_VER:-${GCC_RELEASE_VER}}
 
 	[[ -n ${PIE_VER} ]] && \
 		PIE_CORE=${PIE_CORE:-gcc-${PIE_GCC_VER}-piepatches-v${PIE_VER}.tar.bz2}
@@ -327,6 +332,10 @@ get_gcc_src_uri() {
 	[[ -n ${PIE_VER} ]] && \
 		GCC_SRC_URI="${GCC_SRC_URI} !nopie? ( $(gentoo_urls ${PIE_CORE}) )"
 
+	# gcc minispec for the hardened gcc 4 compiler
+        [[ -n ${SPECS_VER} ]] && \
+                GCC_SRC_URI="${GCC_SRC_URI} !nopie? ( $(gentoo_urls gcc-${SPECS_GCC_VER}-default-specs-${SPECS_VER}.tar.bz2) )"
+
 	# gcc bounds checking patch
 	if [[ -n ${HTB_VER} ]] ; then
 		local HTBFILE="bounds-checking-gcc-${HTB_GCC_VER}-${HTB_VER}.patch.bz2"
@@ -483,7 +492,16 @@ want_ssp() { _want_stuff PP_VER !nossp ; }
 want_split_specs() {
 	[[ ${SPLIT_SPECS} == "true" ]] && want_pie
 }
-
+want_minispecs() {
+	if tc_version_is_at_least 4.3.2 && use hardened ; then
+		if [[ -n ${SPECS_VER} ]] ; then
+			return 0
+		else
+			die "For Hardend to work you need the minispecs files"
+		fi
+	fi
+	return 1
+}
 # This function checks whether or not glibc has the support required to build
 # Position Independant Executables with gcc.
 glibc_have_pie() {
@@ -685,7 +703,29 @@ create_gcc_env_entry() {
 	# Set which specs file to use
 	[[ -n ${gcc_specs_file} ]] && echo "GCC_SPECS=\"${gcc_specs_file}\"" >> ${gcc_envd_file}
 }
-
+setup_minispecs_gcc_build_specs() {
+	# Setup the "build.specs" file for gcc to use when building.
+	if want_minispecs ; then
+		if hardened_gcc_works pie ; then
+        		cat "${WORKDIR}"/specs/pie.specs >> "${WORKDIR}"/build.specs
+		fi
+		for s in nostrict znow zrelro; do
+			cat "${WORKDIR}"/specs/${s}.specs >> "${WORKDIR}"/build.specs
+		done
+		export GCC_SPECS="${WORKDIR}"/build.specs
+	fi
+}
+copy_minispecs_gcc_specs() {
+	# Build system specs file which, if it exists, must be a complete set of
+	# specs as it completely and unconditionally overrides the builtin specs.
+	# For gcc 4
+	if use hardened && want_minispecs ; then
+		$(XGCC) -dumpspecs > "${WORKDIR}"/specs/specs
+		cat "${WORKDIR}"/build.specs >> "${WORKDIR}"/specs/specs
+		insinto ${LIBPATH}
+		doins "${WORKDIR}"/specs/* || die "failed to install specs"
+        fi
+}
 add_profile_eselect_conf() {
 	local compiler_config_file=$1
 	local abi=$2
@@ -961,7 +1001,7 @@ gcc-compiler_src_unpack() {
 	# the necessary support
 	want_pie && use hardened && glibc_have_pie
 
-	if use hardened ; then
+	if use hardened && !want_minispecs ; then
 		einfo "updating configuration to build hardened GCC"
 		make_gcc_hard || die "failed to make gcc hard"
 	fi
@@ -1585,6 +1625,9 @@ gcc_src_compile() {
 	einfo "CFLAGS=\"${CFLAGS}\""
 	einfo "CXXFLAGS=\"${CXXFLAGS}\""
 
+	# For hardened gcc 4 for build the hardened specs file to use when building gcc
+	setup_minispecs_gcc_build_specs
+
 	# Build in a separate build tree
 	mkdir -p "${WORKDIR}"/build
 	pushd "${WORKDIR}"/build > /dev/null
@@ -1607,7 +1650,7 @@ gcc_src_compile() {
 
 	# Do not create multiple specs files for PIE+SSP if boundschecking is in
 	# USE, as we disable PIE+SSP when it is.
-	if [[ ${ETYPE} == "gcc-compiler" ]] && want_split_specs ; then
+	if [[ ${ETYPE} == "gcc-compiler" ]] && want_split_specs && !want_minispecs; then
 		split_out_specs_files || die "failed to split out specs"
 	fi
 
@@ -1711,7 +1754,13 @@ gcc-compiler_src_install() {
 		insinto ${LIBPATH}
 		doins "${WORKDIR}"/build/*.specs || die "failed to install specs"
 	fi
-
+	# Setup the gcc_env_entry for hardened gcc 4 with minispecs
+	if want_minispecs ; then
+		if hardened_gcc_works pie ; then
+		    create_gcc_env_entry hardenednopie
+		fi
+		create_gcc_env_entry vanilla
+	fi
 	# Make sure we dont have stuff lying around that
 	# can nuke multiple versions of gcc
 	cd "${D}"${LIBPATH}
@@ -1839,6 +1888,9 @@ gcc-compiler_src_install() {
 
 	# Create config files for eselect-compiler
 	create_eselect_conf
+
+	# Cpoy the needed minispec for hardened gcc 4
+	copy_minispecs_gcc_specs
 }
 
 # Move around the libs to the right location.  For some reason,
@@ -1909,6 +1961,7 @@ gcc_quick_unpack() {
 	export PIE_GCC_VER=${PIE_GCC_VER:-${GCC_RELEASE_VER}}
 	export PP_GCC_VER=${PP_GCC_VER:-${GCC_RELEASE_VER}}
 	export HTB_GCC_VER=${HTB_GCC_VER:-${GCC_RELEASE_VER}}
+	export SPECS_GCC_VER=${SPECS_GCC_VER:-${GCC_RELEASE_VER}}
 
 	if [[ -n ${GCC_A_FAKEIT} ]] ; then
 		unpack ${GCC_A_FAKEIT}
@@ -1964,6 +2017,8 @@ gcc_quick_unpack() {
 		else
 			unpack gcc-${PIE_GCC_VER}-piepatches-v${PIE_VER}.tar.bz2
 		fi
+		[[ -n ${SPECS_VER} ]] && \
+			unpack gcc-${SPECS_GCC_VER}-default-specs-${SPECS_VER}.tar.bz2
 	fi
 
 	want_boundschecking && \
@@ -2143,13 +2198,13 @@ do_gcc_PIE_patches() {
 		# adds default pie support (rs6000 too) if DEFAULT_PIE[_SSP] is defined
 		EPATCH_MULTI_MSG="Applying default pie patches ..." \
 		epatch "${WORKDIR}"/piepatch/def
-	fi
 
-	# we want to be able to control the pie patch logic via something other
-	# than ALL_CFLAGS...
-	sed -e '/^ALL_CFLAGS/iHARD_CFLAGS = ' \
-		-e 's|^ALL_CFLAGS = |ALL_CFLAGS = $(HARD_CFLAGS) |' \
-		-i "${S}"/gcc/Makefile.in
+		# we want to be able to control the pie patch logic via something other
+		# than ALL_CFLAGS...
+		sed -e '/^ALL_CFLAGS/iHARD_CFLAGS = ' \
+			-e 's|^ALL_CFLAGS = |ALL_CFLAGS = $(HARD_CFLAGS) |' \
+			-i "${S}"/gcc/Makefile.in
+	fi
 
 	BRANDING_GCC_PKGVERSION="${BRANDING_GCC_PKGVERSION}, pie-${PIE_VER}"
 }