Unify hardening flag names to SEC.
This commit is contained in:
parent
ac4cc2282b
commit
ac0e482533
10
portage/env/gcc-nolto-nopie.conf
vendored
10
portage/env/gcc-nolto-nopie.conf
vendored
@ -13,12 +13,12 @@ RANLIB="ranlib"
|
||||
|
||||
# Flags.
|
||||
## Hardening flags.
|
||||
C_HARDENING="-fPIC -fstack-protector-all -fstack-clash-protection -D_FORTIFY_SOURCE=2 -ftrivial-auto-var-init=zero -fwrapv"
|
||||
LD_HARDENING="-Wl,--strip-all -Wl,-z,defs -Wl,-z,now -Wl,-z,relro"
|
||||
C_SEC="-fPIC -fstack-protector-all -fstack-clash-protection -D_FORTIFY_SOURCE=2 -ftrivial-auto-var-init=zero -fwrapv"
|
||||
LD_SEC="-Wl,--strip-all -Wl,-z,defs -Wl,-z,now -Wl,-z,relro"
|
||||
|
||||
## Common flags.
|
||||
CFLAGS="-march=znver1 -O2 -pipe -U__gnu_linux__ ${C_HARDENING}"
|
||||
CXXFLAGS="-march=znver1 -O2 -pipe ${C_HARDENING}"
|
||||
CFLAGS="-march=znver1 -O2 -pipe -U__gnu_linux__ ${C_SEC}"
|
||||
CXXFLAGS="-march=znver1 -O2 -pipe ${C_SEC}"
|
||||
|
||||
## Linker flags.
|
||||
LDFLAGS="-Wl,-O2 ${LD_HARDENING}"
|
||||
LDFLAGS="-Wl,-O2 ${LD_SEC}"
|
||||
|
||||
10
portage/env/gcc-nolto.conf
vendored
10
portage/env/gcc-nolto.conf
vendored
@ -13,12 +13,12 @@ RANLIB="ranlib"
|
||||
|
||||
# Flags.
|
||||
## Hardening flags.
|
||||
C_HARDENING="-fPIE -fPIC -fstack-protector-all -fstack-clash-protection -D_FORTIFY_SOURCE=2 -ftrivial-auto-var-init=zero -fwrapv"
|
||||
LD_HARDENING="-Wl,-pie -Wl,--strip-all -Wl,-z,defs -Wl,-z,now -Wl,-z,relro"
|
||||
C_SEC="-fPIE -fPIC -fstack-protector-all -fstack-clash-protection -D_FORTIFY_SOURCE=2 -ftrivial-auto-var-init=zero -fwrapv"
|
||||
LD_SEC="-Wl,-pie -Wl,--strip-all -Wl,-z,defs -Wl,-z,now -Wl,-z,relro"
|
||||
|
||||
## Common flags.
|
||||
CFLAGS="-march=znver1 -O2 -pipe -U__gnu_linux__ ${C_HARDENING}"
|
||||
CXXFLAGS="-march=znver1 -O2 -pipe ${C_HARDENING}"
|
||||
CFLAGS="-march=znver1 -O2 -pipe -U__gnu_linux__ ${C_SEC}"
|
||||
CXXFLAGS="-march=znver1 -O2 -pipe ${C_SEC}"
|
||||
|
||||
## Linker flags.
|
||||
LDFLAGS="-Wl,-O2 ${LD_HARDENING}"
|
||||
LDFLAGS="-Wl,-O2 ${LD_SEC}"
|
||||
|
||||
10
portage/env/gcc-nopie.conf
vendored
10
portage/env/gcc-nopie.conf
vendored
@ -13,12 +13,12 @@ RANLIB="ranlib"
|
||||
|
||||
# Flags.
|
||||
## Hardening flags.
|
||||
C_HARDENING="-fPIC -fstack-protector-all -fstack-clash-protection -D_FORTIFY_SOURCE=2 -ftrivial-auto-var-init=zero -fwrapv"
|
||||
LD_HARDENING="-Wl,--strip-all -Wl,-z,defs -Wl,-z,now -Wl,-z,relro"
|
||||
C_SEC="-fPIC -fstack-protector-all -fstack-clash-protection -D_FORTIFY_SOURCE=2 -ftrivial-auto-var-init=zero -fwrapv"
|
||||
LD_SEC="-Wl,--strip-all -Wl,-z,defs -Wl,-z,now -Wl,-z,relro"
|
||||
|
||||
## Common flags.
|
||||
CFLAGS="-march=znver1 -O2 -pipe -flto=4 -U__gnu_linux__ ${C_HARDENING}"
|
||||
CXXFLAGS="-march=znver1 -O2 -pipe -flto=4 ${C_HARDENING}"
|
||||
CFLAGS="-march=znver1 -O2 -pipe -flto=4 -U__gnu_linux__ ${C_SEC}"
|
||||
CXXFLAGS="-march=znver1 -O2 -pipe -flto=4 ${C_SEC}"
|
||||
|
||||
## Linker flags.
|
||||
LDFLAGS="-Wl,-O2 ${LD_HARDENING}"
|
||||
LDFLAGS="-Wl,-O2 ${LD_SEC}"
|
||||
|
||||
10
portage/env/gcc.conf
vendored
10
portage/env/gcc.conf
vendored
@ -13,12 +13,12 @@ RANLIB="ranlib"
|
||||
|
||||
# Flags.
|
||||
## Hardening flags.
|
||||
C_HARDENING="-fPIE -fPIC -fstack-protector-all -fstack-clash-protection -D_FORTIFY_SOURCE=2 -ftrivial-auto-var-init=zero -fwrapv"
|
||||
LD_HARDENING="-Wl,-pie -Wl,--strip-all -Wl,-z,defs -Wl,-z,now -Wl,-z,relro"
|
||||
C_SEC="-fPIE -fPIC -fstack-protector-all -fstack-clash-protection -D_FORTIFY_SOURCE=2 -ftrivial-auto-var-init=zero -fwrapv"
|
||||
LD_SEC="-Wl,-pie -Wl,--strip-all -Wl,-z,defs -Wl,-z,now -Wl,-z,relro"
|
||||
|
||||
## Common flags.
|
||||
CFLAGS="-march=znver1 -O2 -pipe -flto=4 -U__gnu_linux__ ${C_HARDENING}"
|
||||
CXXFLAGS="-march=znver1 -O2 -pipe -flto=4 ${C_HARDENING}"
|
||||
CFLAGS="-march=znver1 -O2 -pipe -flto=4 -U__gnu_linux__ ${C_SEC}"
|
||||
CXXFLAGS="-march=znver1 -O2 -pipe -flto=4 ${C_SEC}"
|
||||
|
||||
## Linker flags.
|
||||
LDFLAGS="-Wl,-O2 ${LD_HARDENING}"
|
||||
LDFLAGS="-Wl,-O2 ${LD_SEC}"
|
||||
|
||||
10
portage/env/nolto-nopie.conf
vendored
10
portage/env/nolto-nopie.conf
vendored
@ -20,12 +20,12 @@ OBJDUMP="llvm-objdump"
|
||||
|
||||
# Flags.
|
||||
## Hardening flags.
|
||||
C_HARDENING="-fPIC -fstack-protector-all -fstack-clash-protection -D_FORTIFY_SOURCE=2 -ftrivial-auto-var-init=zero -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang -fwrapv"
|
||||
LD_HARDENING="-Wl,--strip-all -Wl,-z,defs -Wl,-z,now -Wl,-z,relro"
|
||||
C_SEC="-fPIC -fstack-protector-all -fstack-clash-protection -D_FORTIFY_SOURCE=2 -ftrivial-auto-var-init=zero -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang -fwrapv"
|
||||
LD_SEC="-Wl,--strip-all -Wl,-z,defs -Wl,-z,now -Wl,-z,relro"
|
||||
|
||||
## Common flags.
|
||||
CFLAGS="-march=znver1 -O2 -pipe -U__gnu_linux__ ${C_HARDENING}"
|
||||
CXXFLAGS="-march=znver1 -O2 -pipe ${C_HARDENING}"
|
||||
CFLAGS="-march=znver1 -O2 -pipe -U__gnu_linux__ ${C_SEC}"
|
||||
CXXFLAGS="-march=znver1 -O2 -pipe ${C_SEC}"
|
||||
|
||||
## Linker flags.
|
||||
LDFLAGS="-fuse-ld=lld -rtlib=compiler-rt -unwindlib=libunwind ${LD_HARDENING}"
|
||||
LDFLAGS="-fuse-ld=lld -rtlib=compiler-rt -unwindlib=libunwind ${LD_SEC}"
|
||||
|
||||
10
portage/env/nolto.conf
vendored
10
portage/env/nolto.conf
vendored
@ -20,12 +20,12 @@ OBJDUMP="llvm-objdump"
|
||||
|
||||
# Flags.
|
||||
## Hardening flags.
|
||||
C_HARDENING="-fPIE -fPIC -fstack-protector-all -fstack-clash-protection -D_FORTIFY_SOURCE=2 -ftrivial-auto-var-init=zero -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang -fwrapv"
|
||||
LD_HARDENING="-Wl,-pie -Wl,--strip-all -Wl,-z,defs -Wl,-z,now -Wl,-z,relro"
|
||||
C_SEC="-fPIE -fPIC -fstack-protector-all -fstack-clash-protection -D_FORTIFY_SOURCE=2 -ftrivial-auto-var-init=zero -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang -fwrapv"
|
||||
LD_SEC="-Wl,-pie -Wl,--strip-all -Wl,-z,defs -Wl,-z,now -Wl,-z,relro"
|
||||
|
||||
## Common flags.
|
||||
CFLAGS="-march=znver1 -O2 -pipe -U__gnu_linux__ ${C_HARDENING}"
|
||||
CXXFLAGS="-march=znver1 -O2 -pipe ${C_HARDENING}"
|
||||
CFLAGS="-march=znver1 -O2 -pipe -U__gnu_linux__ ${C_SEC}"
|
||||
CXXFLAGS="-march=znver1 -O2 -pipe ${C_SEC}"
|
||||
|
||||
## Linker flags.
|
||||
LDFLAGS="-fuse-ld=lld -rtlib=compiler-rt -unwindlib=libunwind ${LD_HARDENING}"
|
||||
LDFLAGS="-fuse-ld=lld -rtlib=compiler-rt -unwindlib=libunwind ${LD_SEC}"
|
||||
|
||||
10
portage/env/nopie.conf
vendored
10
portage/env/nopie.conf
vendored
@ -20,12 +20,12 @@ OBJDUMP="llvm-objdump"
|
||||
|
||||
# Flags.
|
||||
## Hardening flags.
|
||||
C_HARDENING="-fPIE -fPIC -fstack-protector-all -fstack-clash-protection -D_FORTIFY_SOURCE=2 -ftrivial-auto-var-init=zero -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang -fwrapv"
|
||||
LD_HARDENING="-Wl,--strip-all -Wl,-z,defs -Wl,-z,now -Wl,-z,relro"
|
||||
C_SEC="-fPIE -fPIC -fstack-protector-all -fstack-clash-protection -D_FORTIFY_SOURCE=2 -ftrivial-auto-var-init=zero -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang -fwrapv"
|
||||
LD_SEC="-Wl,--strip-all -Wl,-z,defs -Wl,-z,now -Wl,-z,relro"
|
||||
|
||||
## Common flags.
|
||||
CFLAGS="-march=znver1 -O2 -pipe -flto=full -U__gnu_linux__ ${C_HARDENING}"
|
||||
CXXFLAGS="-march=znver1 -O2 -pipe -flto=full ${C_HARDENING}"
|
||||
CFLAGS="-march=znver1 -O2 -pipe -flto=full -U__gnu_linux__ ${C_SEC}"
|
||||
CXXFLAGS="-march=znver1 -O2 -pipe -flto=full ${C_SEC}"
|
||||
|
||||
## Linker flags.
|
||||
LDFLAGS="-fuse-ld=lld -rtlib=compiler-rt -unwindlib=libunwind ${LD_HARDENING}"
|
||||
LDFLAGS="-fuse-ld=lld -rtlib=compiler-rt -unwindlib=libunwind ${LD_SEC}"
|
||||
|
||||
10
portage/env/werror.conf
vendored
10
portage/env/werror.conf
vendored
@ -20,12 +20,12 @@ OBJDUMP="llvm-objdump"
|
||||
|
||||
# Flags.
|
||||
## Hardening flags.
|
||||
C_HARDENING="-fPIE -fPIC -fstack-protector-all -fstack-clash-protection -D_FORTIFY_SOURCE=2 -ftrivial-auto-var-init=zero -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang -fwrapv"
|
||||
LD_HARDENING="-Wl,-z,now -Wl,-z,relro -pie -Wl,--strip-all"
|
||||
C_SEC="-fPIE -fPIC -fstack-protector-all -fstack-clash-protection -D_FORTIFY_SOURCE=2 -ftrivial-auto-var-init=zero -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang -fwrapv"
|
||||
LD_SEC="-Wl,-z,now -Wl,-z,relro -pie -Wl,--strip-all"
|
||||
|
||||
## Common flags.
|
||||
CFLAGS="-march=znver1 -O1 -pipe -flto=full -Wno-error -U__gnu_linux__ ${C_HARDENING}"
|
||||
CXXFLAGS="-march=znver1 -O1 -pipe -flto=full ${C_HARDENING}"
|
||||
CFLAGS="-march=znver1 -O1 -pipe -flto=full -Wno-error -U__gnu_linux__ ${C_SEC}"
|
||||
CXXFLAGS="-march=znver1 -O1 -pipe -flto=full ${C_SEC}"
|
||||
|
||||
## Linker flags.
|
||||
LDFLAGS="-fuse-ld=lld -rtlib=compiler-rt -unwindlib=libunwind ${LD_HARDENING}"
|
||||
LDFLAGS="-fuse-ld=lld -rtlib=compiler-rt -unwindlib=libunwind ${LD_SEC}"
|
||||
|
||||
@ -0,0 +1,85 @@
|
||||
# Remove files that shall not be installed from this list.
|
||||
amd/amd_sev_fam17h_model0xh.sbin
|
||||
amd/amd_sev_fam17h_model3xh.sbin
|
||||
amd-ucode/microcode_amd.bin
|
||||
amd-ucode/microcode_amd_fam17h.bin
|
||||
amdgpu/raven_asd.bin
|
||||
amdgpu/raven_ce.bin
|
||||
amdgpu/raven_gpu_info.bin
|
||||
amdgpu/raven_me.bin
|
||||
amdgpu/raven_mec.bin
|
||||
amdgpu/raven_mec2.bin
|
||||
amdgpu/raven_pfp.bin
|
||||
amdgpu/raven_rlc.bin
|
||||
amdgpu/raven_sdma.bin
|
||||
amdgpu/raven_vcn.bin
|
||||
amdgpu/raven_dmcu.bin
|
||||
amdgpu/raven_kicker_rlc.bin
|
||||
amdgpu/raven_ta.bin
|
||||
amdgpu/picasso_asd.bin
|
||||
amdgpu/picasso_ce.bin
|
||||
amdgpu/picasso_gpu_info.bin
|
||||
amdgpu/picasso_me.bin
|
||||
amdgpu/picasso_mec.bin
|
||||
amdgpu/picasso_mec2.bin
|
||||
amdgpu/picasso_pfp.bin
|
||||
amdgpu/picasso_rlc.bin
|
||||
amdgpu/picasso_rlc_am4.bin
|
||||
amdgpu/picasso_sdma.bin
|
||||
amdgpu/picasso_vcn.bin
|
||||
amdgpu/picasso_ta.bin
|
||||
amdgpu/raven2_asd.bin
|
||||
amdgpu/raven2_ce.bin
|
||||
amdgpu/raven2_gpu_info.bin
|
||||
amdgpu/raven2_me.bin
|
||||
amdgpu/raven2_mec.bin
|
||||
amdgpu/raven2_mec2.bin
|
||||
amdgpu/raven2_pfp.bin
|
||||
amdgpu/raven2_rlc.bin
|
||||
amdgpu/raven2_sdma.bin
|
||||
amdgpu/raven2_vcn.bin
|
||||
amdgpu/raven2_ta.bin
|
||||
amdgpu/gc_10_3_7_mec2.bin
|
||||
amdgpu/gc_10_3_7_pfp.bin
|
||||
amdgpu/gc_10_3_7_rlc.bin
|
||||
amdgpu/dcn_3_1_6_dmcub.bin
|
||||
amdgpu/psp_13_0_8_asd.bin
|
||||
amdgpu/psp_13_0_8_ta.bin
|
||||
amdgpu/psp_13_0_8_toc.bin
|
||||
amdgpu/sdma_5_2_7.bin
|
||||
ar5523.bin
|
||||
ar7010.fw
|
||||
ar7010_1_1.fw
|
||||
ar9170-1.fw
|
||||
ar9170-2.fw
|
||||
ar9271.fw
|
||||
atusb/atusb-0.2.dfu
|
||||
atusb/atusb-0.3.dfu
|
||||
atusb/rzusb-0.3.bin
|
||||
inside-secure/eip197_minifw/ipue.bin
|
||||
inside-secure/eip197_minifw/ifpp.bin
|
||||
rt2561.bin
|
||||
rt2561s.bin
|
||||
rt2661.bin
|
||||
rt2860.bin
|
||||
rt2870.bin
|
||||
rt3070.bin
|
||||
rt3071.bin
|
||||
rt3090.bin
|
||||
rt3290.bin
|
||||
rt73.bin
|
||||
rtl_nic/rtl8168d-1.fw
|
||||
rtl_nic/rtl8168d-2.fw
|
||||
rtl_nic/rtl8168e-1.fw
|
||||
rtl_nic/rtl8168e-2.fw
|
||||
rtl_nic/rtl8168e-3.fw
|
||||
rtl_nic/rtl8168f-1.fw
|
||||
rtl_nic/rtl8168f-2.fw
|
||||
rtl_nic/rtl8411-1.fw
|
||||
rtl_nic/rtl8411-2.fw
|
||||
rtl_nic/rtl8168g-1.fw
|
||||
rtl_nic/rtl8168g-2.fw
|
||||
rtl_nic/rtl8168g-3.fw
|
||||
rtl_nic/rtl8168h-1.fw
|
||||
rtl_nic/rtl8168h-2.fw
|
||||
rtl_nic/rtl8168fp-3.fw
|
||||
Loading…
x
Reference in New Issue
Block a user