Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 2 Jun 2010 23:20:00 +0400
From:      Dmitry Marakasov <amdmi3@amdmi3.ru>
To:        Janne Snabb <snabb@epipe.com>
Cc:        freebsd-ports@freebsd.org
Subject:   Re: Building ports with stack-protector
Message-ID:  <20100602192000.GE21354@hades.panopticon>
In-Reply-To: <alpine.BSF.2.00.1005300537400.22303@tiktik.epipe.com>
References:  <alpine.BSF.2.00.1005300201380.22303@tiktik.epipe.com> <AANLkTikx2NRN2qsj_-uyzOl0zL7efc_klp090XoFlq9W@mail.gmail.com> <alpine.BSF.2.00.1005300537400.22303@tiktik.epipe.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
* Janne Snabb (snabb@epipe.com) wrote:

> Based on these variables the port infrastructure would decide whether
> to add "-fstack-protector" to CFLAGS or not:
> 
>                                 Port Makefile
>                                 USE_STACK_PROTECTOR
>                                 yes     undef   no
> In /etc/make.conf:           +--------------------
> WITH_STACK_PROTECTOR   yes   | yes     yes     no
>                        undef  | yes     no      no
>                         no    | no      no      no

I'd perfer variables to be named and to work similarily to existing
MAKE_JOBS framework. There should be a way to force stack-protector
to be able to check which ports can be build with it with a exp-run,
and for courageous users who may want to enable stack-protector by
default and are not afraid to send PRs if something fails. Also,
AFAIR there was certain performance penalty with stack-protector,
no? Judging on how noticeable it is (are any linux distros using
it by default? If yes, may look through phoronix comparisons), I'd
make it enabled or disabled by default.

It may be implemented by mere copypasting MAKE_JOBS implementation,
like this: http://people.freebsd.org/~amdmi3/stack-protector.patch
(not tested and lacks variable descriptions at the top of the file).
As you can see, there're condition lines for both enabled-by-default,
and disabled-by-default, and I think the latter can be added to
port.mk right now with a possible switch to the former later, if
we find it useful enough.

Also note, that unlike MAKE_JOBS (for which build failures are
non-deterministic), this can probably be tested with a single exp-run
and all ports marked with STACK_PROTECTOR_{UN,}SAFE. If that's
considered useful enough as well.

-- 
Dmitry Marakasov   .   55B5 0596 FF1E 8D84 5F56  9510 D35A 80DD F9D2 F77D
amdmi3@amdmi3.ru  ..:  jabber: amdmi3@jabber.ru    http://www.amdmi3.ru

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100602192000.GE21354>