Remove hardening flags to allow untrusted packages to be specifically hardened using envs.

This commit is contained in:
inference 2023-01-17 04:59:57 +00:00
parent 9b9fc0e47e
commit eb6bc7f14d
Signed by: inference
SSH Key Fingerprint: SHA256:9Pl0nZ2UJacgm+IeEtLSZ4FOESgP1eKCtRflfPfdX9M

View File

@ -3,7 +3,7 @@
# Copyright 2022-2023 Inference # Copyright 2022-2023 Inference
# SPDX-License-Identifier: BSD-3-Clause-Clear # SPDX-License-Identifier: BSD-3-Clause-Clear
# Version: 7.0.1.31 # Version: 8.0.0.32
# System # System
@ -49,18 +49,15 @@ STRIP="llvm-strip"
# Flags # Flags
## Hardening flags
C_SEC="-fPIC -fPIE -fstack-clash-protection -fstack-protector-strong -ftrivial-auto-var-init=zero -fwrapv"
LD_SEC="-Wl,-pie -Wl,--strip-all -Wl,-z,defs -Wl,-z,now -Wl,-z,relro"
## Compiler flags ## Compiler flags
CFLAGS="-flto=thin -march=znver3 -mtune=znver3 -O2 -pipe -U__gnu_linux__ ${C_SEC}" CFLAGS="-flto=thin -march=znver3 -mtune=znver3 -O2 -pipe -U__gnu_linux__"
CXXFLAGS="-flto=thin -march=znver3 -mtune=znver3 -O2 -pipe ${C_SEC}" CXXFLAGS="-flto=thin -march=znver3 -mtune=znver3 -O2 -pipe"
RUSTFLAGS="-C debuginfo=0 -C embed-bitcode=y -C lto -C opt-level=2 -C target-cpu=znver3" RUSTFLAGS="-C debuginfo=0 -C embed-bitcode=y -C lto -C opt-level=2 -C target-cpu=znver3"
## Linker flags ## Linker flags
LDFLAGS="-fuse-ld=lld -rtlib=compiler-rt -unwindlib=libunwind -Wl,--thinlto-jobs=4 ${LD_SEC}" LDFLAGS="-fuse-ld=lld -rtlib=compiler-rt -unwindlib=libunwind -Wl,--strip-all -Wl,--thinlto-jobs=4"
## USE flags ## USE flags
USE="clang dbus libcxx libedit llvm-libunwind lto nftables pulseaudio system-av1 system-harfbuzz system-icu system-jpeg system-libvpx system-llvm system-png system-webp verify-sig wayland" USE="clang dbus libcxx libedit llvm-libunwind lto nftables pulseaudio system-av1 system-harfbuzz system-icu system-jpeg system-libvpx system-llvm system-png system-webp verify-sig wayland"
USE="${USE} -ipv6 -jit -systemd -X" USE="${USE} -ipv6 -systemd -X"
## CPU flags ## CPU flags
CPU_FLAGS_X86="aes avx avx2 f16c fma3 mmx mmxext pclmul popcnt rdrand sha sse sse2 sse3 sse4_1 sse4_2 sse4a ssse3" CPU_FLAGS_X86="aes avx avx2 f16c fma3 mmx mmxext pclmul popcnt rdrand sha sse sse2 sse3 sse4_1 sse4_2 sse4a ssse3"
## Video card flags ## Video card flags