diff options
Diffstat (limited to 'core/toolchain.html')
| -rw-r--r-- | core/toolchain.html | 187 |
1 files changed, 0 insertions, 187 deletions
diff --git a/core/toolchain.html b/core/toolchain.html deleted file mode 100644 index 23f5655..0000000 --- a/core/toolchain.html +++ /dev/null @@ -1,187 +0,0 @@ -<!DOCTYPE html> -<html dir="ltr" lang="en"> - <head> - <meta charset='utf-8'> - <title>2.6.3. Toolchain</title> - </head> - <body> - - <a href="index.html">Core OS Index</a> - - <h1 id="toolchain">2.6.3. Toolchain</h1> - - <p>Add flags to pkgmk configuration and change specific ports that - don't build with hardening flags. More information about - <a href="https://wiki.archlinux.org/index.php/DeveloperWiki:Security">arch security</a>, - gentoo security, - <a href="http://gcc.gnu.org/onlinedocs/gcc/Instrumentation-Options.html#Instrumentation-Options">gcc</a> instrumentation-options - and <a href="http://www.gnu.org/software/libc/manual/html_node/Configuring-and-compiling.html">glibc</a> - configuring and compiling. Edit /etc/pkgmk.conf;</p> - - <pre> - export CPPFLAGS="-D_FORTIFY_SOURCE=2" - export CFLAGS="-O2 -march=native -mtune=native -fstack-protector-strong --param=ssp-buffer-size=4" - export CXXFLAGS="${CFLAGS}" - export LDFLAGS="-z relro" - </pre> - - <p>Above should compile most of the packages, for more - "restrict" and other flags combinations check <a href="conf/pkgmk.conf.harden">pkgmk.conf.handen</a>.</p> - - <h3>Core</h3> - - <p>Ports in core collection that need to be changed in order - to build with pkgmk harden configuration.</p> - - <h4>Glibc</h4> - - <ul> - <li><a href="http://www.linuxfromscratch.org/lfs/view/development/chapter06/glibc.html">lfs</a></li> - <li><a href="https://git.archlinux.org/svntogit/packages.git/tree/trunk/PKGBUILD?h=packages/glibc">arch</a></li> - </ul> - - <pre> - export CPPFLAGS="" - export CFLAGS="-O2 -march=native -mtune=native" - export CXXFLAGS="${CFLAGS}" - export LDFLAGS="" - </pre> - - <pre> - ../$name-${version:0:4}/configure --prefix=/usr \ - --libexecdir=/usr/lib \ - --with-headers=$PKG/usr/include \ - --enable-kernel=3.12 \ - --enable-add-ons \ - --enable-static-nss \ - --disable-profile \ - --disable-werror \ - --without-gd \ - --enable-obsolete-rpc \ - --enable-multi-arch \ - --enable-stackguard-randomization \ - --enable-stack-protector=strong - </pre> - - <h4>Gcc</h4> - - <ul> - <li><a href="http://www.linuxfromscratch.org/lfs/view/development/chapter06/gcc.html">lfs</a></li> - <li><a href="https://git.archlinux.org/svntogit/packages.git/tree/trunk/PKGBUILD?h=packages/gcc">arch</a></li> - </ul> - - <pre> - export CPPFLAGS="" - export CFLAGS="-O2 -march=native -mtune=native" - export CXXFLAGS="${CFLAGS}" - export LDFLAGS="" - </pre> - - <h4>Openssl</h4> - - <p>Replace openssl by libressl, view if - <a href="https://raw.githubusercontent.com/6c37/crux-ports-dropin/3.3/libressl/Pkgfile">libressl port</a> from 6c37-dropin is updated with - latest <a href="https://raw.githubusercontent.com/libressl-portable/portable/master/ChangeLog">libressl upstream</a>. First install libressl - to ensure it gets all the sources; - - <pre> - $ sudo prt-get depinst libressl - </pre> - - <p>After complaining about openssl files remove openssl; - - <pre> - $ sudo prt-get remove openssl - $ sudo prt-get depinst libressl - </pre> - - - <h4>libcap</h4> - - <ul> - <li><a href="http://www.linuxfromscratch.org/lfs/view/development/chapter06/libcap.html">lfs</a></li> - <li><a href="https://git.archlinux.org/svntogit/packages.git/tree/trunk/PKGBUILD?h=packages/libcap">arch</a></li> - </ul> - - <h4>bzip2</h4> - - <ul> - <li><a href="http://www.linuxfromscratch.org/lfs/view/development/chapter06/bzip2.html">lfs</a></li> - <li><a href="https://git.archlinux.org/svntogit/packages.git/tree/trunk/PKGBUILD?h=packages/bzip2">arch</a></li> - </ul> - - <h4>hdparm</h4> - - <ul> - <li><a href="http://www.linuxfromscratch.org/blfs/view/svn/general/hdparm.html">lfs</a></li> - <li><a href="https://git.archlinux.org/svntogit/packages.git/tree/trunk/PKGBUILD?h=packages/hdparm">arch</a></li> - </ul> - - <h3>Opt</h3> - - <h4>lsof</h4> - - <ul> - <li><a href="http://www.linuxfromscratch.org/blfs/view/svn/general/lsof.html">lfs</a></li> - <li><a href="https://git.archlinux.org/svntogit/packages.git/tree/trunk/PKGBUILD?h=packages/lsof">arch</a></li> - </ul> - - <h4>python</h4> - - <ul> - <li><a href="http://www.linuxfromscratch.org/blfs/view/svn/general/python2.html">lfs</a></li> - <li><a href="https://git.archlinux.org/svntogit/packages.git/tree/trunk/PKGBUILD?h=packages/python2">arch</a></li> - </ul> - - <h4>zip</h4> - - <ul> - <li><a href="http://www.linuxfromscratch.org/blfs/view/svn/general/zip.html">lfs</a></li> - <li><a href="https://git.archlinux.org/svntogit/packages.git/tree/trunk/PKGBUILD?h=packages/zip">arch</a></li> - </ul> - - <h4>glew</h4> - - <ul> - <li><a href="https://git.archlinux.org/svntogit/packages.git/tree/trunk/PKGBUILD?h=packages/glew">arch</a></li> - </ul> - - <h4>dmenu</h4> - - <ul> - <li><a href="https://git.archlinux.org/svntogit/packages.git/tree/trunk/PKGBUILD?h=packages/dmenu">arch</a></li> - </ul> - - <h4>Boost</h4> - - <ul> - <li><a href="http://www.linuxfromscratch.org/blfs/view/svn/general/boost.html">lfs</a></li> - <li><a href="https://git.archlinux.org/svntogit/packages.git/tree/trunk/PKGBUILD?h=packages/boost">arch</a></li> - </ul> - - <pre> - export CPPFLAGS="" - export CFLAGS="-O2 -march=native -mtune=native" - export CXXFLAGS="${CFLAGS}" - export LDFLAGS="" - </pre> - - <h3>Contrib</h3> - - <h4>gsl</h4> - - <ul> - <li><a href="http://www.linuxfromscratch.org/blfs/view/svn/general/gsl.html">lfs</a></li> - <li><a href="https://git.archlinux.org/svntogit/packages.git/tree/trunk/PKGBUILD?h=packages/gsl">arch</a></li> - </ul> - - - <a href="index.html">Core OS Index</a> - <p>This is part of the Tribu System Documentation. - Copyright (C) 2020 - Tribu Team. - See the file <a href="../fdl-1.3-standalone.html">Gnu Free Documentation License</a> - for copying conditions.</p> - - </body> -</html> |