On May 10, 2014 02:14 PM -0600, Warner Losh wrote: > > On May 10, 2014, at 10:45 AM, Shawn Webb <lattera_at_gmail.com> wrote: > > > Hey All, > > > > It seems that the recent changes to the makefiles for building > > world/kernel have broken some modifications I have locally for > > implementing ASLR+PIE. I'm quite the bsd make newbie, so I thought I'd > > ask for a bit of help. I'm sure the solution is quite simple. > > > > My code is up on GitHub. I'll include links at the bottom of the email. > > > > The code in question is in share/mk/bsd.prog.mk, where I'm checking to > > see if MK_PIE is not equal to "no". Prior to the recent changes, this > > code used to work. (Please note that I know that the way I'm cheking is > > a bit bloated, if anyone has any suggestions to trim my code down, let > > me know). > > You?ll need to add PIE to DEFAULT_NO_OPTIONS in bsd.opts.mk since > bsd.*.mk files need it. > Thanks a lot! Adding it to that one worked. But what's the difference between the DEFAULT_NO_OPTIONS in src.opts.mk and bsd.opts.mk? > > How this feature is supposed to work is: > > 1) PIE is added to the __DEFAULT_NO_OPTIONS to make building > > applications as position-independent executables opt-in. > > 2) User adds WITH_PIE=1 to /etc/src.conf or /etc/make.conf > > 3) The application being built needs to also specify CAN_PIE=1 in its > > Makefile. This is because some applications don't support being built as > > a position-independent executable. > > 4) If MK_PIE is not "no" and CAN_PIE is defined, then add additional > > CFLAGS. > > > > The log from my build is here: http://ix.io/cf0 > > > > My code is here: > > https://github.com/HardenedBSD/hardenedBSD/blob/hardened/current/aslr/share/mk/bsd.prog.mk#L14-L22 > > Maybe RESCUE should define NO_SHARED=yes since it is building a > static binary so you can eliminate a special case that infects the bsd.*.mk files > with defines from our src build? > That sounds like a good idea. Since that's outside the scope of my ASLR work, should I file a PR for that? > Hate that you are propagating the NO_SHARED=no interface, but can?t > offer at better suggestion at the moment. I?d kinda like to kill that? In looking at the Makefiles, it seems like NO_*/YES_* is being phased out. Once a suitable alternative to NO_SHARED is in place, I'll make adjustments on my end. Thanks, Shawn
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:49 UTC