about summary refs log blame commit diff stats
path: root/core/toolchain.html
blob: 57113fdb084b612fb5c799e68b10e1c99805ed86 (plain) (tree) 
4cc6765 ^




9069537 ^

4cc6765 ^





9069537 ^
pre { line-height: 125%; } td.linenos .normal { color: inherit; background-color: transparent; padding-left: 5px; padding-right: 5px; } span.linenos { color: inherit; background-color: transparent; padding-left: 5px; padding-right: 5px; } td.linenos .special { color: #000000; background-color: #ffffc0; padding-left: 5px; padding-right: 5px; } span.linenos.special { color: #000000; background-color: #ffffc0; padding-left: 5px; padding-right: 5px; } .highlight .hll { background-color: #ffffcc } .highlight .c { color: #888888 } /* Comment */ .highlight .err { color: #a61717; background-color: #e3d2d2 } /* Error */ .highlight .k { color: #008800; font-weight: bold } /* Keyword */ .highlight .ch { color: #888888 } /* Comment.Hashbang */ .highlight .cm { color: #888888 } /* Comment.Multiline */ .highlight .cp { color: #cc0000; font-weight: bold } /* Comment.Preproc */ .highlight .cpf { color: #888888 } /* Comment.PreprocFile */ .highlight .c1 { color: #888888 } /* Comment.Single */ .highlight .cs { color: #cc0000; font-weight: bold; background-color: #fff0f0 } /* Comment.Special */ .highlight .gd { color: #000000; background-color: #ffdddd } /* Generic.Deleted */ .highlight .ge { font-style: italic } /* Generic.Emph */ .highlight .ges { font-weight: bold; font-style: italic } /* Generic.EmphStrong */ .highlight .gr { color: #aa0000 } /* Generic.Error */ .highlight .gh { color: #333333 } /* Generic.Heading */ .highlight .gi { color: #000000; background-color: #ddffdd } /* Generic.Inserted */ .highlight .go { color: #888888 } /* Generic.Output */ .highlight .gp { color: #555555 } /* Generic.Prompt */ .highlight .gs { font-weight: bold } /* Generic.Strong */ .highlight .gu { color: #666666 } /* Generic.Subheading */ .highlight .gt { color: #aa0000 } /* Generic.Traceback */ .highlight .kc { color: #008800; font-weight: bold } /* Keyword.Constant */ .highlight .kd { color: #008800; font-weight: bold } /* Keyword.Declaration */ .highlight .kn { color: #008800; font-weight: bold } /* Keyword.Namespace */ .highlight .kp { color: #008800 } /* Keyword.Pseudo */ .highlight .kr { color: #008800; font-weight: bold } /* Keyword.Reserved */ .highlight .kt { color: #888888; font-weight: bold } /* Keyword.Type */ .highlight .m { color: #0000DD; font-weight: bold } /* Literal.Number */ .highlight .s { color: #dd2200; background-color: #fff0f0 } /* Literal.String */ .highlight .na { color: #336699 } /* Name.Attribute */ .highlight .nb { color: #003388 } /* Name.Builtin */ .highlight .nc { color: #bb0066; font-weight: bold } /* Name.Class */ .highlight .no { color: #003366; font-weight: bold } /* Name.Constant */ .highlight .nd { color: #555555 } /* Name.Decorator */ .highlight .ne { color: #bb0066; font-weight: bold } /* Name.Exception */ .highlight .nf { color: #0066bb; font-weight: bold } /* Name.Function */ .highlight .nl { color: #336699; font-style: italic } /* Name.Label */ .highlight .nn { color: #bb0066; font-weight: bold } /* Name.Namespace */ .highlight .py { color: #336699; font-weight: bold } /* Name.Property */ .highlight .nt { color: #bb0066; font-weight: bold } /* Name.Tag */ .highlight .nv { color: #336699 } /* Name.Variable */ .highlight .ow { color: #008800 } /* Operator.Word */ .highlight .w { color: #bbbbbb } /* Text.Whitespace */ .highlight .mb { color: #0000DD; font-weight: bold } /* Literal.Number.Bin */ .highlight .mf { color: #0000DD; font-weight: bold } /* Literal.Number.Float */ .highlight .mh { color: #0000DD; font-weight: bold } /* Literal.Number.Hex */ .highlight .mi { color: #0000DD; font-weight: bold } /* Literal.Number.Integer */ .highlight .mo { color: #0000DD; font-weight: bold } /* Literal.Number.Oct */ .highlight .sa { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Affix */ .highlight .sb { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Backtick */ .highlight .sc { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Char */ .highlight .dl { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Delimiter */ .highlight .sd { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Doc */ .highlight .s2 { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Double */ .highlight .se { color: #0044dd; background-color: #fff0f0 } /* Literal.String.Escape */ .highlight .sh { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Heredoc */ .highlight .si { color: #3333bb; background-color: #fff0f0 } /* Literal.String.Interpol */ .highlight .sx { color: #22bb22; background-color: #f0fff0 } /* Literal.String.Other */ .highlight .sr { color: #008800; background-color: #fff0ff } /* Literal.String.Regex */ .highlight .s1 { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Single */ .highlight .ss { color: #aa6600; background-color: #fff0f0 } /* Literal.String.Symbol */ .highlight .bp { color: #003388 } /* Name.Builtin.Pseudo */ .highlight .fm { color: #0066bb; font-weight: bold } /* Name.Function.Magic */ .highlight .vc { color: #336699 } /* Name.Variable.Class */ .highlight .vg { color: #dd7700 } /* Name.Variable.Global */ .highlight .vi { color: #3333bb } /* Name.Variable.Instance */ .highlight .vm { color: #336699 } /* Name.Variable.Magic */ .highlight .il { color: #0000DD; font-weight: bold } /* Literal.Number.Integer.Long */
[colours]
bkgnd=default
titlebar=blue
statusbar=blue
titlebar.text=bold_white
titlebar.brackets=bold_cyan
statusbar.text=bold_white
statusbar.brackets=bold_cyan
statusbar.active=bold_cyan
statusbar.new=bold_white
main.text=bold_white
main.text.me=bold_white
main.text.them=bold_white
input.text=bold_white
main.time=bold_white
main.splash=bold_cyan
subscribed=bold_green
unsubscribed=bold_red
online=bold_green
away=bold_cyan
chat=bold_green
dnd=bold_red
xa=bold_cyan
offline=bold_red
typing=bold_yellow
gone=bold_red
error=bold_red
incoming=bold_yellow
roominfo=bold_yellow
roommention=bold_yellow
me=bold_yellow
them=bold_green
titlebar.unencrypted=bold_red
titlebar.encrypted=bold_white
titlebar.untrusted=bold_yellow
titlebar.trusted=bold_white
titlebar.online=bold_white
titlebar.offline=bold_white
titlebar.away=bold_white
titlebar.xa=bold_white
titlebar.dnd=bold_white
titlebar.chat=bold_white
otr.started.trusted=bold_green
otr.started.untrusted=bold_yellow
otr.ended=bold_red
otr.trusted=bold_green
otr.untrusted=bold_yellow
roster.header=bold_yellow
occupants.header=bold_yellow
generated by cgit-pink 1.4.1-2-gfad0 (git 2.36.2.497.gbbea4dcf42) at 2024-11-20 08:42:42 +0000
14 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 
177
178

179

180
181
182
183
184




                              
                                       




                                              
                                                
































































                                                                                                                                        


















                                                                                                                                                    
















































































                                                                                                                              

                                                         
                  




                                                                                            
<!DOCTYPE html>
<html dir="ltr" lang="en">
    <head>
        <meta charset='utf-8'>
        <title>2.2.3. Toolchain</title>
    </head>
    <body>

        <a href="index.html">Core OS Index</a>

        <h1 id="toolchain">2.2.3. Toolchain</h1>

        <p>Add flags to pkgmk configuration and change specific ports that
        don't build with hardening flags. More information about
        <a href="https://wiki.archlinux.org/index.php/DeveloperWiki:Security">arch security</a>,
        gentoo security,
        <a href="http://gcc.gnu.org/onlinedocs/gcc/Instrumentation-Options.html#Instrumentation-Options">gcc</a> instrumentation-options
        and <a href="http://www.gnu.org/software/libc/manual/html_node/Configuring-and-compiling.html">glibc</a>
        configuring and compiling. Edit /etc/pkgmk.conf;</p>

        <pre>
        export CPPFLAGS="-D_FORTIFY_SOURCE=2"
        export CFLAGS="-O2 -march=native -mtune=native -fstack-protector-strong --param=ssp-buffer-size=4"
        export CXXFLAGS="${CFLAGS}"
        export LDFLAGS="-z relro"
        </pre>

        <h3>Core</h3>

        <p>Ports in core collection that need to be changed in order
        to build with pkgmk harden configuration.</p>

        <h4>Glibc</h4>

        <ul>
            <li><a href="http://www.linuxfromscratch.org/lfs/view/development/chapter06/glibc.html">lfs</a></li>
            <li><a href="https://git.archlinux.org/svntogit/packages.git/tree/trunk/PKGBUILD?h=packages/glibc">arch</a></li>
        </ul>

        <pre>
        export CPPFLAGS=""
        export CFLAGS="-O2 -march=native -mtune=native"
        export CXXFLAGS="${CFLAGS}"
        export LDFLAGS=""
        </pre>

        <pre>
        ../$name-${version:0:4}/configure --prefix=/usr \
                --libexecdir=/usr/lib \
                --with-headers=$PKG/usr/include \
                --enable-kernel=3.12 \
                --enable-add-ons \
                --enable-static-nss \
                --disable-profile \
                --disable-werror \
                --without-gd \
                --enable-obsolete-rpc \
                --enable-multi-arch \
                --enable-stackguard-randomization \
                --enable-stack-protector=strong
        </pre>

        <h4>Gcc</h4>

        <ul>
            <li><a href="http://www.linuxfromscratch.org/lfs/view/development/chapter06/gcc.html">lfs</a></li>
            <li><a href="https://git.archlinux.org/svntogit/packages.git/tree/trunk/PKGBUILD?h=packages/gcc">arch</a></li>
        </ul>

        <pre>
        export CPPFLAGS=""
        export CFLAGS="-O2 -march=native -mtune=native"
        export CXXFLAGS="${CFLAGS}"
        export LDFLAGS=""
        </pre>

        <h4>Openssl</h4>

        <p>Replace openssl by libressl, view if
        <a href="https://raw.githubusercontent.com/6c37/crux-ports-dropin/3.3/libressl/Pkgfile">libressl port</a> from 6c37-dropin is updated with
        latest <a href="https://raw.githubusercontent.com/libressl-portable/portable/master/ChangeLog">libressl upstream</a>. First install libressl
        to ensure it gets all the sources;

        <pre>
        $ sudo prt-get depinst libressl
        </pre>

        <p>After complaining about openssl files remove openssl;

        <pre>
        $ sudo prt-get remove openssl
        $ sudo prt-get depinst libressl
        </pre>


        <h4>libcap</h4>

        <ul>
            <li><a href="http://www.linuxfromscratch.org/lfs/view/development/chapter06/libcap.html">lfs</a></li>
            <li><a href="https://git.archlinux.org/svntogit/packages.git/tree/trunk/PKGBUILD?h=packages/libcap">arch</a></li>
        </ul>

        <h4>bzip2</h4>

        <ul>
            <li><a href="http://www.linuxfromscratch.org/lfs/view/development/chapter06/bzip2.html">lfs</a></li>
            <li><a href="https://git.archlinux.org/svntogit/packages.git/tree/trunk/PKGBUILD?h=packages/bzip2">arch</a></li>
        </ul>

        <h4>hdparm</h4>

        <ul>
            <li><a href="http://www.linuxfromscratch.org/blfs/view/svn/general/hdparm.html">lfs</a></li>
            <li><a href="https://git.archlinux.org/svntogit/packages.git/tree/trunk/PKGBUILD?h=packages/hdparm">arch</a></li>
        </ul>

        <h3>Opt</h3>

        <h4>lsof</h4>

        <ul>
            <li><a href="http://www.linuxfromscratch.org/blfs/view/svn/general/lsof.html">lfs</a></li>
            <li><a href="https://git.archlinux.org/svntogit/packages.git/tree/trunk/PKGBUILD?h=packages/lsof">arch</a></li>
        </ul>

        <h4>python</h4>

        <ul>
            <li><a href="http://www.linuxfromscratch.org/blfs/view/svn/general/python2.html">lfs</a></li>
            <li><a href="https://git.archlinux.org/svntogit/packages.git/tree/trunk/PKGBUILD?h=packages/python2">arch</a></li>
        </ul>

        <h4>zip</h4>

        <ul>
            <li><a href="http://www.linuxfromscratch.org/blfs/view/svn/general/zip.html">lfs</a></li>
            <li><a href="https://git.archlinux.org/svntogit/packages.git/tree/trunk/PKGBUILD?h=packages/zip">arch</a></li>
        </ul>

        <h4>glew</h4>

        <ul>
            <li><a href="https://git.archlinux.org/svntogit/packages.git/tree/trunk/PKGBUILD?h=packages/glew">arch</a></li>
        </ul>

        <h4>dmenu</h4>

        <ul>
            <li><a href="https://git.archlinux.org/svntogit/packages.git/tree/trunk/PKGBUILD?h=packages/dmenu">arch</a></li>
        </ul>

        <h4>Boost</h4>

        <ul>
            <li><a href="http://www.linuxfromscratch.org/blfs/view/svn/general/boost.html">lfs</a></li>
            <li><a href="https://git.archlinux.org/svntogit/packages.git/tree/trunk/PKGBUILD?h=packages/boost">arch</a></li>
        </ul>

        <pre>
        export CPPFLAGS=""
        export CFLAGS="-O2 -march=native -mtune=native"
        export CXXFLAGS="${CFLAGS}"
        export LDFLAGS=""
        </pre>

        <h3>Contrib</h3>

        <h4>gsl</h4>

        <ul>
            <li><a href="http://www.linuxfromscratch.org/blfs/view/svn/general/gsl.html">lfs</a></li>
            <li><a href="https://git.archlinux.org/svntogit/packages.git/tree/trunk/PKGBUILD?h=packages/gsl">arch</a></li>
        </ul>


        <a href="index.html">Core OS Index</a>
        <p>This is part of the Hive System Documentation.
        Copyright (C) 2018
        Hive Team.
        See the file <a href="../fdl-1.3-standalone.html">Gnu Free Documentation License</a>
        for copying conditions.</p>

    </body>
</html>
generated by cgit-pink 1.4.1-2-gfad0 (git 2.36.2.497.gbbea4dcf42) at 2024-11-20 08:42:42 +0000