Replace gcc libssp with built musl builtins

Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
2018-10-20 12:52:06 +02:00 · 2018-10-20 12:52:06 +02:00 · d6030cd898
parent 8a7f8ea357
commit d6030cd898
6 changed files with 27 additions and 20 deletions
--- a/pkg/musl/__stack_chk_fail_local.c
+++ b/pkg/musl/__stack_chk_fail_local.c
@ -0,0 +1,2 @@
+extern void __stack_chk_fail(void);
+void __attribute__((visibility ("hidden"))) __stack_chk_fail_local(void) { __stack_chk_fail(); }
--- a/pkg/musl/build
+++ b/pkg/musl/build
@ -16,6 +16,9 @@ build() {
 	if [ "x$TC_HARDENING" = "xyes" ]; then
 		cflags="-fPIE -fPIC -fstack-protector-all"
 		ldflags="-z noexecstack -z relro -z now"
+
+		${TARGET}-gcc -c "$SCRIPTDIR/pkg/$PKGNAME/__stack_chk_fail_local.c" -o __stack_chk_fail_local.o
+		${TARGET}-ar r libssp_nonshared.a __stack_chk_fail_local.o
 	fi

 	CFLAGS="$cflags" LDFLAGS="$ldflags" \
@ -57,6 +60,10 @@ deploy() {

 	find "$DEPLOY/etc" -exec stat {} --printf="%n m %a 0 0\\n" \; | \
 		sed "s#^$DEPLOY/##g" | tail -n +2 >> "$DEPLOY/rootfs_files.txt"
+
+	if [ "x$TC_HARDENING" = "xyes" ]; then
+		cp libssp_nonshared.a "$DEPLOY/lib"
+	fi
 }

 check_update() {
--- a/pkg/tc-binutils/build
+++ b/pkg/tc-binutils/build
@ -12,10 +12,6 @@ prepare() {
 build() {
 	local extra=""

-	if [ "x$TC_HARDENING" = "xyes" ]; then
-		extra="--enable-libssp"
-	fi
-
 	$1/configure --prefix="$TCDIR" --target="$TARGET" --disable-nls \
 		     --with-sysroot="$TCDIR/$TARGET" --disable-multilib \
 		     --with-lib-path="$TCDIR/$TARGET/lib" $extra
--- a/pkg/tc-gcc1/0003.patch
+++ b/pkg/tc-gcc1/0003.patch
@ -0,0 +1,14 @@
+diff --git a/gcc/gcc.c b/gcc/gcc.c
+index a716f70..aca73c2 100644
+--- a/gcc/gcc.c
+++ b/gcc/gcc.c
+@@ -869,8 +869,7 @@ proper position among the other output files.  */
+ 
+ #ifndef LINK_SSP_SPEC
+ #ifdef TARGET_LIBC_PROVIDES_SSP
+-#define LINK_SSP_SPEC "%{fstack-protector|fstack-protector-all" \
+-		       "|fstack-protector-strong|fstack-protector-explicit:}"
+#define LINK_SSP_SPEC "-lssp_nonshared"
+ #else
+ #define LINK_SSP_SPEC "%{fstack-protector|fstack-protector-all" \
+ 		       "|fstack-protector-strong|fstack-protector-explicit" \
--- a/pkg/tc-gcc1/build
+++ b/pkg/tc-gcc1/build
@ -37,13 +37,11 @@ prepare() {
 }

 build() {
-	local extra=""
+	local extra="--disable-libssp"

 	if [ "x$TC_HARDENING" = "xyes" ]; then
-		extra="--enable-libssp --enable-default-pie"
+		extra="$extra --enable-default-pie"
 		extra="$extra --enable-default-ssp"
-	else
-		extra="--disable-libssp"
 	fi

 	$1/configure --prefix="$TCDIR" --target="$TARGET" \
--- a/pkg/tc-gcc2/build
+++ b/pkg/tc-gcc2/build
@ -3,13 +3,11 @@ source "$SCRIPTDIR/pkg/tc-gcc1/build"
 DEPENDS="tc-gcc1 musl linux_headers"

 build() {
-	local extra=""
+	local extra="--disable-libssp"

 	if [ "x$TC_HARDENING" = "xyes" ]; then
-		extra="--enable-libssp --enable-default-pie"
+		extra="$extra --enable-default-pie"
 		extra="$extra --enable-default-ssp"
-	else
-		extra="--disable-libssp"
 	fi

 	$1/configure --prefix="$TCDIR" --target="$TARGET" \
@ -53,12 +51,4 @@ deploy() {
 	mv ${TCDIR}/${TARGET}/{include,lib} "$DEPLOY"
 	rm ${DEPLOY}/lib/*.la
 	cp "$SCRIPTDIR/pkg/$PKGNAME/rootfs_files.txt" "$DEPLOY"
-
-	if [ "x$TC_HARDENING" = "xyes" ]; then
-		cat >> "$DEPLOY/rootfs_files.txt" <<_EOF
-lib/libssp.so m 777 0 0
-lib/libssp.so.0 m 777 0 0
-lib/libssp.so.0.0.0 m 555 0 0
-_EOF
-	fi
 }