diff options
author | ru <ru@FreeBSD.org> | 2008-06-25 21:33:28 +0000 |
---|---|---|
committer | ru <ru@FreeBSD.org> | 2008-06-25 21:33:28 +0000 |
commit | 8735fdbd4ceeb78442804b393d49f5e7f56c1967 (patch) | |
tree | 3821989620f33150162837ccfad067791bb346ca /release | |
parent | 762f29e950fd1511beb76c95c5014bb779d4f5ed (diff) | |
download | FreeBSD-src-8735fdbd4ceeb78442804b393d49f5e7f56c1967.zip FreeBSD-src-8735fdbd4ceeb78442804b393d49f5e7f56c1967.tar.gz |
Enable GCC stack protection (aka Propolice) for userland:
- It is opt-out for now so as to give it maximum testing, but it may be
turned opt-in for stable branches depending on the consensus. You
can turn it off with WITHOUT_SSP.
- WITHOUT_SSP was previously used to disable the build of GNU libssp.
It is harmless to steal the knob as SSP symbols have been provided
by libc for a long time, GNU libssp should not have been much used.
- SSP is disabled in a few corners such as system bootstrap programs
(sys/boot), process bootstrap code (rtld, csu) and SSP symbols themselves.
- It should be safe to use -fstack-protector-all to build world, however
libc will be automatically downgraded to -fstack-protector because it
breaks rtld otherwise.
- This option is unavailable on ia64.
Enable GCC stack protection (aka Propolice) for kernel:
- It is opt-out for now so as to give it maximum testing.
- Do not compile your kernel with -fstack-protector-all, it won't work.
Submitted by: Jeremie Le Hen <jeremie@le-hen.org>
Diffstat (limited to 'release')
-rw-r--r-- | release/Makefile | 7 | ||||
-rwxr-xr-x | release/picobsd/build/picobsd | 9 |
2 files changed, 9 insertions, 7 deletions
diff --git a/release/Makefile b/release/Makefile index 0c35379..c2904d8 100644 --- a/release/Makefile +++ b/release/Makefile @@ -680,7 +680,7 @@ release.6: @rm -rf ${RD}/dists/ports/ports* @mkdir -p ${RD}/dists/ports @echo rolling ports/ports tarball - @tar --exclude CVS --exclude 'ports/distfiles/*' \ + @tar --exclude CVS --exclude .svn --exclude 'ports/distfiles/*' \ -czf ${RD}/dists/ports/ports.tgz -C /usr ports @cp ${.CURDIR}/scripts/ports-install.sh ${RD}/dists/ports/install.sh @(cd ${RD}/dists/ports; \ @@ -779,7 +779,8 @@ release.8: .if ${TARGET} == "i386" || ${TARGET_ARCH} == "amd64" @cp ${RD}/trees/base/boot/mbr ${RD}/mfsfd/boot .endif - @tar --exclude CVS -cf - -C ${.CURDIR}/../usr.sbin/sysinstall help | \ + @tar --exclude CVS --exclude .svn -cf - \ + -C ${.CURDIR}/../usr.sbin/sysinstall help | \ tar xf - -C ${RD}/mfsfd/stand @mkdir -p ${RD}/mfsroot sh -e ${DOFS_SH} ${RD}/mfsroot/mfsroot ${RD} ${MNT} \ @@ -1098,7 +1099,7 @@ doTARBALL: @( cd ${SD} && \ tn=`echo ${TN} | tr 'A-Z' 'a-z'` && \ echo rolling ${TD}/$$tn tarball &&\ - tar --exclude CVS --exclude obj --exclude BOOTMFS -cf - ${ARG} | \ + tar --exclude CVS --exclude .svn --exclude obj --exclude BOOTMFS -cf - ${ARG} | \ ${ZIPNSPLIT} ${RD}/dists/${TD}/$$tn. && \ sh ${.CURDIR}/scripts/info.sh ${RD}/dists/${TD}/$$tn \ > ${RD}/dists/${TD}/$$tn.inf && \ diff --git a/release/picobsd/build/picobsd b/release/picobsd/build/picobsd index 9135a34..4e1c023 100755 --- a/release/picobsd/build/picobsd +++ b/release/picobsd/build/picobsd @@ -495,14 +495,15 @@ populate_floppy_fs() { # OK else excl="" fi - (cd ${PICO_TREE}/floppy.tree ; tar -cf - --exclude CVS ${excl} . ) | \ + (cd ${PICO_TREE}/floppy.tree ; tar -cf - --exclude CVS --exclude .svn \ + ${excl} . ) | \ (cd ${dst} ; tar x${o_tarv}f - ) log "Copied from generic floppy-tree `echo; ls -laR ${dst}`" srcdir=${MY_TREE}/floppy.tree if [ -d ${srcdir} ] ; then log "update with type-specific files:" - (cd ${srcdir} ; tar -cf - --exclude CVS . ) | \ + (cd ${srcdir} ; tar -cf - --exclude CVS --exclude .svn . ) | \ (cd ${dst} ; tar x${o_tarv}f - ) log "Copied from type floppy-tree `echo; ls -laR ${dst}`" else @@ -510,7 +511,7 @@ populate_floppy_fs() { # OK fi if [ -d ${srcdir}.${SITE} ] ; then log "Update with site-specific (${SITE}) files:" - (cd ${srcdir}.${SITE} ; tar -cf - --exclude CVS . ) | \ + (cd ${srcdir}.${SITE} ; tar -cf - --exclude CVS --exclude .svn . ) | \ (cd ${dst} ; tar x${o_tarv}f - ) log "Copied from site floppy-tree `echo; ls -laR ${dst}`" else @@ -593,7 +594,7 @@ populate_mfs_tree() { for MFS_TREE in ${PICO_TREE}/mfs_tree ${MY_TREE}/mfs_tree ; do if [ -d ${MFS_TREE} ] ; then log "Copy ${MFS_TREE} ..." - (cd ${MFS_TREE} ; tar -cf - --exclude CVS . ) | \ + (cd ${MFS_TREE} ; tar -cf - --exclude CVS --exclude .svn . ) | \ (cd ${dst} ; tar x${o_tarv}f - ) fi done |