From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 19BD815801B for ; Tue, 29 Aug 2023 19:08:28 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 434C32BC016; Tue, 29 Aug 2023 19:08:27 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 24DC22BC016 for ; Tue, 29 Aug 2023 19:08:27 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id E8465335D5D for ; Tue, 29 Aug 2023 19:08:25 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 542E01076 for ; Tue, 29 Aug 2023 19:08:24 +0000 (UTC) From: "Sam James" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sam James" Message-ID: <1693336085.d7e3de5bc89f7ea17ebc0ea0a1c9ad289a29cabb.sam@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: sys-devel/clang-common/ X-VCS-Repository: repo/gentoo X-VCS-Files: sys-devel/clang-common/clang-common-17.0.0.9999.ebuild sys-devel/clang-common/clang-common-17.0.0_rc3-r1.ebuild sys-devel/clang-common/clang-common-17.0.0_rc3.ebuild sys-devel/clang-common/clang-common-18.0.0.9999.ebuild sys-devel/clang-common/clang-common-18.0.0_pre20230825-r1.ebuild sys-devel/clang-common/clang-common-18.0.0_pre20230825.ebuild sys-devel/clang-common/clang-common-18.0.0_pre20230829-r1.ebuild sys-devel/clang-common/clang-common-18.0.0_pre20230829.ebuild X-VCS-Directories: sys-devel/clang-common/ X-VCS-Committer: sam X-VCS-Committer-Name: Sam James X-VCS-Revision: d7e3de5bc89f7ea17ebc0ea0a1c9ad289a29cabb X-VCS-Branch: master Date: Tue, 29 Aug 2023 19:08:24 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: eb3485ea-9231-42c8-87f9-a7b80c9959e6 X-Archives-Hash: c189e9d9a2306dba72700faf680fe8d6 commit: d7e3de5bc89f7ea17ebc0ea0a1c9ad289a29cabb Author: Sam James gentoo org> AuthorDate: Sat Aug 26 22:53:44 2023 +0000 Commit: Sam James gentoo org> CommitDate: Tue Aug 29 19:08:05 2023 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d7e3de5b sys-devel/clang-common: enable relro, enable bind_now (for hardened) * Always enable RELRO (-Wl,-z,relro) * Conditionally enable BIND_NOW (-Wl,-z,now) based on USE=hardened (for parity with gcc for now) Signed-off-by: Sam James gentoo.org> Closes: https://github.com/gentoo/gentoo/pull/32465 Signed-off-by: Sam James gentoo.org> .../clang-common/clang-common-17.0.0.9999.ebuild | 4 + ...c3.ebuild => clang-common-17.0.0_rc3-r1.ebuild} | 4 + .../clang-common/clang-common-18.0.0.9999.ebuild | 4 + ...d => clang-common-18.0.0_pre20230825-r1.ebuild} | 4 + ...d => clang-common-18.0.0_pre20230829-r1.ebuild} | 4 + .../clang-common-18.0.0_pre20230829.ebuild | 200 --------------------- 6 files changed, 20 insertions(+), 200 deletions(-) diff --git a/sys-devel/clang-common/clang-common-17.0.0.9999.ebuild b/sys-devel/clang-common/clang-common-17.0.0.9999.ebuild index abf3150abbd6..8bca701cfc0b 100644 --- a/sys-devel/clang-common/clang-common-17.0.0.9999.ebuild +++ b/sys-devel/clang-common/clang-common-17.0.0.9999.ebuild @@ -99,6 +99,8 @@ src_install() { -fstack-protector-strong -fPIE -include "${EPREFIX}/usr/include/gentoo/fortify.h" + + -Wl,-z,relro EOF dodir /usr/include/gentoo @@ -144,6 +146,8 @@ src_install() { # https://libcxx.llvm.org/UsingLibcxx.html#assertions-mode # https://libcxx.llvm.org/Hardening.html#using-hardened-mode -D_LIBCPP_ENABLE_HARDENED_MODE=1 + + -Wl,-z,now EOF fi diff --git a/sys-devel/clang-common/clang-common-17.0.0_rc3.ebuild b/sys-devel/clang-common/clang-common-17.0.0_rc3-r1.ebuild similarity index 99% rename from sys-devel/clang-common/clang-common-17.0.0_rc3.ebuild rename to sys-devel/clang-common/clang-common-17.0.0_rc3-r1.ebuild index abf3150abbd6..8bca701cfc0b 100644 --- a/sys-devel/clang-common/clang-common-17.0.0_rc3.ebuild +++ b/sys-devel/clang-common/clang-common-17.0.0_rc3-r1.ebuild @@ -99,6 +99,8 @@ src_install() { -fstack-protector-strong -fPIE -include "${EPREFIX}/usr/include/gentoo/fortify.h" + + -Wl,-z,relro EOF dodir /usr/include/gentoo @@ -144,6 +146,8 @@ src_install() { # https://libcxx.llvm.org/UsingLibcxx.html#assertions-mode # https://libcxx.llvm.org/Hardening.html#using-hardened-mode -D_LIBCPP_ENABLE_HARDENED_MODE=1 + + -Wl,-z,now EOF fi diff --git a/sys-devel/clang-common/clang-common-18.0.0.9999.ebuild b/sys-devel/clang-common/clang-common-18.0.0.9999.ebuild index abf3150abbd6..8bca701cfc0b 100644 --- a/sys-devel/clang-common/clang-common-18.0.0.9999.ebuild +++ b/sys-devel/clang-common/clang-common-18.0.0.9999.ebuild @@ -99,6 +99,8 @@ src_install() { -fstack-protector-strong -fPIE -include "${EPREFIX}/usr/include/gentoo/fortify.h" + + -Wl,-z,relro EOF dodir /usr/include/gentoo @@ -144,6 +146,8 @@ src_install() { # https://libcxx.llvm.org/UsingLibcxx.html#assertions-mode # https://libcxx.llvm.org/Hardening.html#using-hardened-mode -D_LIBCPP_ENABLE_HARDENED_MODE=1 + + -Wl,-z,now EOF fi diff --git a/sys-devel/clang-common/clang-common-18.0.0_pre20230825.ebuild b/sys-devel/clang-common/clang-common-18.0.0_pre20230825-r1.ebuild similarity index 99% rename from sys-devel/clang-common/clang-common-18.0.0_pre20230825.ebuild rename to sys-devel/clang-common/clang-common-18.0.0_pre20230825-r1.ebuild index abf3150abbd6..8bca701cfc0b 100644 --- a/sys-devel/clang-common/clang-common-18.0.0_pre20230825.ebuild +++ b/sys-devel/clang-common/clang-common-18.0.0_pre20230825-r1.ebuild @@ -99,6 +99,8 @@ src_install() { -fstack-protector-strong -fPIE -include "${EPREFIX}/usr/include/gentoo/fortify.h" + + -Wl,-z,relro EOF dodir /usr/include/gentoo @@ -144,6 +146,8 @@ src_install() { # https://libcxx.llvm.org/UsingLibcxx.html#assertions-mode # https://libcxx.llvm.org/Hardening.html#using-hardened-mode -D_LIBCPP_ENABLE_HARDENED_MODE=1 + + -Wl,-z,now EOF fi diff --git a/sys-devel/clang-common/clang-common-17.0.0.9999.ebuild b/sys-devel/clang-common/clang-common-18.0.0_pre20230829-r1.ebuild similarity index 99% copy from sys-devel/clang-common/clang-common-17.0.0.9999.ebuild copy to sys-devel/clang-common/clang-common-18.0.0_pre20230829-r1.ebuild index abf3150abbd6..8bca701cfc0b 100644 --- a/sys-devel/clang-common/clang-common-17.0.0.9999.ebuild +++ b/sys-devel/clang-common/clang-common-18.0.0_pre20230829-r1.ebuild @@ -99,6 +99,8 @@ src_install() { -fstack-protector-strong -fPIE -include "${EPREFIX}/usr/include/gentoo/fortify.h" + + -Wl,-z,relro EOF dodir /usr/include/gentoo @@ -144,6 +146,8 @@ src_install() { # https://libcxx.llvm.org/UsingLibcxx.html#assertions-mode # https://libcxx.llvm.org/Hardening.html#using-hardened-mode -D_LIBCPP_ENABLE_HARDENED_MODE=1 + + -Wl,-z,now EOF fi diff --git a/sys-devel/clang-common/clang-common-18.0.0_pre20230829.ebuild b/sys-devel/clang-common/clang-common-18.0.0_pre20230829.ebuild deleted file mode 100644 index abf3150abbd6..000000000000 --- a/sys-devel/clang-common/clang-common-18.0.0_pre20230829.ebuild +++ /dev/null @@ -1,200 +0,0 @@ -# Copyright 1999-2023 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -inherit bash-completion-r1 llvm.org multilib - -DESCRIPTION="Common files shared between multiple slots of clang" -HOMEPAGE="https://llvm.org/" - -LICENSE="Apache-2.0-with-LLVM-exceptions UoI-NCSA" -SLOT="0" -KEYWORDS="" -IUSE=" - default-compiler-rt default-libcxx default-lld llvm-libunwind - hardened stricter -" - -PDEPEND=" - sys-devel/clang:* - default-compiler-rt? ( - sys-devel/clang-runtime[compiler-rt] - llvm-libunwind? ( sys-libs/llvm-libunwind[static-libs] ) - !llvm-libunwind? ( sys-libs/libunwind[static-libs] ) - ) - !default-compiler-rt? ( sys-devel/gcc ) - default-libcxx? ( >=sys-libs/libcxx-${PV}[static-libs] ) - !default-libcxx? ( sys-devel/gcc ) - default-lld? ( sys-devel/lld ) - !default-lld? ( sys-devel/binutils ) -" -IDEPEND=" - !default-compiler-rt? ( sys-devel/gcc-config ) - !default-libcxx? ( sys-devel/gcc-config ) -" - -LLVM_COMPONENTS=( clang/utils ) -llvm.org_set_globals - -pkg_pretend() { - [[ ${CLANG_IGNORE_DEFAULT_RUNTIMES} ]] && return - - local flag missing_flags=() - for flag in default-{compiler-rt,libcxx,lld}; do - if ! use "${flag}" && has_version "sys-devel/clang[${flag}]"; then - missing_flags+=( "${flag}" ) - fi - done - - if [[ ${missing_flags[@]} ]]; then - eerror "It seems that you have the following flags set on sys-devel/clang:" - eerror - eerror " ${missing_flags[*]}" - eerror - eerror "The default runtimes are now set via flags on sys-devel/clang-common." - eerror "The build is being aborted to prevent breakage. Please either set" - eerror "the respective flags on this ebuild, e.g.:" - eerror - eerror " sys-devel/clang-common ${missing_flags[*]}" - eerror - eerror "or build with CLANG_IGNORE_DEFAULT_RUNTIMES=1." - die "Mismatched defaults detected between sys-devel/clang and sys-devel/clang-common" - fi -} - -src_install() { - newbashcomp bash-autocomplete.sh clang - - insinto /etc/clang - newins - gentoo-runtimes.cfg <<-EOF - # This file is initially generated by sys-devel/clang-runtime. - # It is used to control the default runtimes using by clang. - - --rtlib=$(usex default-compiler-rt compiler-rt libgcc) - --unwindlib=$(usex default-compiler-rt libunwind libgcc) - --stdlib=$(usex default-libcxx libc++ libstdc++) - -fuse-ld=$(usex default-lld lld bfd) - EOF - - newins - gentoo-gcc-install.cfg <<-EOF - # This file is maintained by gcc-config. - # It is used to specify the selected GCC installation. - EOF - - newins - gentoo-common.cfg <<-EOF - # This file contains flags common to clang, clang++ and clang-cpp. - @gentoo-runtimes.cfg - @gentoo-gcc-install.cfg - @gentoo-hardened.cfg - # bug #870001 - -include "${EPREFIX}/usr/include/gentoo/maybe-stddefs.h" - EOF - - # Baseline hardening (bug #851111) - newins - gentoo-hardened.cfg <<-EOF - # Some of these options are added unconditionally, regardless of - # USE=hardened, for parity with sys-devel/gcc. - -fstack-clash-protection - -fstack-protector-strong - -fPIE - -include "${EPREFIX}/usr/include/gentoo/fortify.h" - EOF - - dodir /usr/include/gentoo - - cat >> "${ED}/usr/include/gentoo/maybe-stddefs.h" <<-EOF || die - /* __has_include is an extension, but it's fine, because this is only - for Clang anyway. */ - #if defined __has_include && __has_include () && !defined(__GLIBC__) - # include - #endif - EOF - - local fortify_level=$(usex hardened 3 2) - # We have to do this because glibc's headers warn if F_S is set - # without optimization and that would at the very least be very noisy - # during builds and at worst trigger many -Werror builds. - cat >> "${ED}/usr/include/gentoo/fortify.h" <<- EOF || die - #ifdef __clang__ - # pragma clang system_header - #endif - #ifndef _FORTIFY_SOURCE - # if defined(__has_feature) - # define __GENTOO_HAS_FEATURE(x) __has_feature(x) - # else - # define __GENTOO_HAS_FEATURE(x) 0 - # endif - # - # if defined(__OPTIMIZE__) && __OPTIMIZE__ > 0 - # if !defined(__SANITIZE_ADDRESS__) && !__GENTOO_HAS_FEATURE(address_sanitizer) && !__GENTOO_HAS_FEATURE(memory_sanitizer) - # define _FORTIFY_SOURCE ${fortify_level} - # endif - # endif - # undef __GENTOO_HAS_FEATURE - #endif - EOF - - if use hardened ; then - cat >> "${ED}/etc/clang/gentoo-hardened.cfg" <<-EOF || die - # Options below are conditional on USE=hardened. - -D_GLIBCXX_ASSERTIONS - - # Analogue to GLIBCXX_ASSERTIONS - # https://libcxx.llvm.org/UsingLibcxx.html#assertions-mode - # https://libcxx.llvm.org/Hardening.html#using-hardened-mode - -D_LIBCPP_ENABLE_HARDENED_MODE=1 - EOF - fi - - if use stricter; then - newins - gentoo-stricter.cfg <<-EOF - # This file increases the strictness of older clang versions - # to match the newest upstream version. - - # clang-16 defaults - -Werror=implicit-function-declaration - -Werror=implicit-int - -Werror=incompatible-function-pointer-types - - # constructs banned by C2x - -Werror=deprecated-non-prototype - - # deprecated but large blast radius - #-Werror=strict-prototypes - EOF - - cat >> "${ED}/etc/clang/gentoo-common.cfg" <<-EOF || die - @gentoo-stricter.cfg - EOF - fi - - # We only install config files for supported ABIs because unprefixed tools - # might be used for crosscompilation where e.g. PIE may not be supported. - # See bug #912237 and bug #901247. - # Just ${CHOST} won't do due to bug #912685. - local abi - for abi in $(get_all_abis); do - local abi_chost=$(get_abi_CHOST "${abi}") - - local tool - for tool in ${abi_chost}-clang{,++,-cpp}; do - newins - "${tool}.cfg" <<-EOF - # This configuration file is used by ${tool} driver. - @gentoo-common.cfg - EOF - done - done -} - -pkg_preinst() { - if has_version -b sys-devel/gcc-config && has_version sys-devel/gcc - then - local gcc_path=$(gcc-config --get-lib-path 2>/dev/null) - if [[ -n ${gcc_path} ]]; then - cat >> "${ED}/etc/clang/gentoo-gcc-install.cfg" <<-EOF - --gcc-install-dir="${gcc_path%%:*}" - EOF - fi - fi -}