Remove hardening flags to allow untrusted packages to be specifically hardened using envs.

2023-01-17 04:59:57 +00:00 · 2023-01-17 04:59:57 +00:00 · eb6bc7f14d
commit eb6bc7f14d
parent 9b9fc0e47e
1 changed files with 5 additions and 8 deletions
--- a/portage/make.conf
+++ b/portage/make.conf
@ -3,7 +3,7 @@
 # Copyright 2022-2023 Inference
 # SPDX-License-Identifier: BSD-3-Clause-Clear

-# Version: 7.0.1.31
+# Version: 8.0.0.32


 # System
@ -49,18 +49,15 @@ STRIP="llvm-strip"


 # Flags
-## Hardening flags
-C_SEC="-fPIC -fPIE -fstack-clash-protection -fstack-protector-strong -ftrivial-auto-var-init=zero -fwrapv"
-LD_SEC="-Wl,-pie -Wl,--strip-all -Wl,-z,defs -Wl,-z,now -Wl,-z,relro"
 ## Compiler flags
-CFLAGS="-flto=thin -march=znver3 -mtune=znver3 -O2 -pipe -U__gnu_linux__ ${C_SEC}"
-CXXFLAGS="-flto=thin -march=znver3 -mtune=znver3 -O2 -pipe ${C_SEC}"
+CFLAGS="-flto=thin -march=znver3 -mtune=znver3 -O2 -pipe -U__gnu_linux__"
+CXXFLAGS="-flto=thin -march=znver3 -mtune=znver3 -O2 -pipe"
 RUSTFLAGS="-C debuginfo=0 -C embed-bitcode=y -C lto -C opt-level=2 -C target-cpu=znver3"
 ## Linker flags
-LDFLAGS="-fuse-ld=lld -rtlib=compiler-rt -unwindlib=libunwind -Wl,--thinlto-jobs=4 ${LD_SEC}"
+LDFLAGS="-fuse-ld=lld -rtlib=compiler-rt -unwindlib=libunwind -Wl,--strip-all -Wl,--thinlto-jobs=4"
 ## USE flags
 USE="clang dbus libcxx libedit llvm-libunwind lto nftables pulseaudio system-av1 system-harfbuzz system-icu system-jpeg system-libvpx system-llvm system-png system-webp verify-sig wayland"
-USE="${USE} -ipv6 -jit -systemd -X"
+USE="${USE} -ipv6 -systemd -X"
 ## CPU flags
 CPU_FLAGS_X86="aes avx avx2 f16c fma3 mmx mmxext pclmul popcnt rdrand sha sse sse2 sse3 sse4_1 sse4_2 sse4a ssse3"
 ## Video card flags