From a3628fc49db4d88ff3e4067268650710d1da3f6f Mon Sep 17 00:00:00 2001 From: Silvino Silva Date: Fri, 12 Feb 2021 03:59:34 +0000 Subject: initial openbsd support --- linux/toolchain.html | 187 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 187 insertions(+) create mode 100644 linux/toolchain.html (limited to 'linux/toolchain.html') diff --git a/linux/toolchain.html b/linux/toolchain.html new file mode 100644 index 0000000..23f5655 --- /dev/null +++ b/linux/toolchain.html @@ -0,0 +1,187 @@ + + + + + 2.6.3. Toolchain + + + + Core OS Index + +

2.6.3. Toolchain

+ +

Add flags to pkgmk configuration and change specific ports that + don't build with hardening flags. More information about + arch security, + gentoo security, + gcc instrumentation-options + and glibc + configuring and compiling. Edit /etc/pkgmk.conf;

+ + 
+        export CPPFLAGS="-D_FORTIFY_SOURCE=2"
+        export CFLAGS="-O2 -march=native -mtune=native -fstack-protector-strong --param=ssp-buffer-size=4"
+        export CXXFLAGS="${CFLAGS}"
+        export LDFLAGS="-z relro"
+
+ +

Above should compile most of the packages, for more + "restrict" and other flags combinations check pkgmk.conf.handen.

+ +

Core

+ +

Ports in core collection that need to be changed in order + to build with pkgmk harden configuration.

+ +

Glibc

+ + + + 
+        export CPPFLAGS=""
+        export CFLAGS="-O2 -march=native -mtune=native"
+        export CXXFLAGS="${CFLAGS}"
+        export LDFLAGS=""
+
+ + 
+        ../$name-${version:0:4}/configure --prefix=/usr \
+                --libexecdir=/usr/lib \
+                --with-headers=$PKG/usr/include \
+                --enable-kernel=3.12 \
+                --enable-add-ons \
+                --enable-static-nss \
+                --disable-profile \
+                --disable-werror \
+                --without-gd \
+                --enable-obsolete-rpc \
+                --enable-multi-arch \
+                --enable-stackguard-randomization \
+                --enable-stack-protector=strong
+
+ +

Gcc

+ + + + 
+        export CPPFLAGS=""
+        export CFLAGS="-O2 -march=native -mtune=native"
+        export CXXFLAGS="${CFLAGS}"
+        export LDFLAGS=""
+
+ +

Openssl

+ +

Replace openssl by libressl, view if + libressl port from 6c37-dropin is updated with + latest libressl upstream. First install libressl + to ensure it gets all the sources; + + 

+        $ sudo prt-get depinst libressl
+
+ +

After complaining about openssl files remove openssl; + + 

+        $ sudo prt-get remove openssl
+        $ sudo prt-get depinst libressl
+
+ + +

libcap

+ + + +

bzip2

+ + + +

hdparm

+ + + +

Opt

+ +

lsof

+ + + +

python

+ + + +

zip

+ + + +

glew

+ + + +

dmenu

+ + + +

Boost

+ + + + 
+        export CPPFLAGS=""
+        export CFLAGS="-O2 -march=native -mtune=native"
+        export CXXFLAGS="${CFLAGS}"
+        export LDFLAGS=""
+
+ +

Contrib

+ +

gsl

+ + + + + Core OS Index +

This is part of the Tribu System Documentation. + Copyright (C) 2020 + Tribu Team. + See the file Gnu Free Documentation License + for copying conditions.

+ + + -- cgit 1.4.1-2-gfad0