Browse code
Comments are added. Android options are removed.
YustasSwamp authored on 2015/05/14 06:05:40Showing 1 changed files
| ... | ... |
@@ -6,22 +6,28 @@ if [ $# -eq 1 -a "x$1" = "xclean" ]; then |
| 6 | 6 |
fi |
| 7 | 7 |
|
| 8 | 8 |
cat <<EOF > `dirname $(gcc --print-libgcc-file-name)`/../specs |
| 9 |
+# add sec hardening flags for cc1. |
|
| 9 | 10 |
*cc1: |
| 10 | 11 |
+ %{!fno-stack-protector:-fstack-protector} %{fno-pie|fno-PIE|fpic|fPIC|shared:;:-fPIE -fpie}
|
| 11 | 12 |
|
| 13 |
+# add sec hardening flags for cc1. |
|
| 12 | 14 |
*cc1plus: |
| 13 | 15 |
+ %{!fno-stack-protector:-fstack-protector} %{fno-pie|fno-PIE|fpic|fPIC|shared:;:-fPIE -fpie}
|
| 14 | 16 |
|
| 17 |
+# add -D_FORTIFY_SOURCE=2 for preprocessor. |
|
| 15 | 18 |
*cpp: |
| 16 | 19 |
+ %{O1|O2|O3|Os|Ofast:-D_FORTIFY_SOURCE=2}
|
| 17 | 20 |
|
| 21 |
+# add sec hardening flags for linker. |
|
| 18 | 22 |
*link: |
| 19 |
-+ %{r|fno-pie|fno-PIE|fpic|fPIC|fno-pic|fno-PIC|shared:;:-pie} %{!norelro:-z relro} %{!nonow:-z now}
|
|
| 23 |
++ %{r|fno-pie|fno-PIE|fno-pic|fno-PIC|shared:;:-pie} %{!norelro:-z relro} %{!nonow:-z now}
|
|
| 20 | 24 |
|
| 25 |
+# sec hardening flags require shared libgcc_s during linking. |
|
| 21 | 26 |
*libgcc: |
| 22 | 27 |
+ -lgcc_s |
| 23 | 28 |
|
| 29 |
+# replace default startfile rules to use crt that PIE code requires. |
|
| 24 | 30 |
*startfile: |
| 25 |
-%{!mandroid|tno-android-ld:%{!shared: %{pg|p|profile:gcrt1.o%s;:Scrt1.o%s}} crti.o%s %{static:crtbeginT.o%s;:crtbeginS.o%s};:%{shared: crtbegin_so%O%s;: %{static: crtbegin_static%O%s;: crtbegin_dynamic%O%s}}}
|
|
| 31 |
+%{!shared: %{pg|p|profile:gcrt1.o%s;:Scrt1.o%s}} crti.o%s %{static:crtbeginT.o%s;:crtbeginS.o%s}
|
|
| 26 | 32 |
|
| 27 | 33 |
EOF |