phantom/bitcoin
1
0
Fork 0
mirror of https://github.com/bitcoin/bitcoin.git synced 2025-01-10 03:47:29 -03:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

guix: pass enable-bind-now to glibc

Browse source 
Both glibcs we build support `--enable-bind-now`:
Disable lazy binding for installed shared objects and programs.
This provides additional security hardening because it enables full RELRO
and a read-only global offset table (GOT), at the cost of slightly
increased program load times.

See:
https://www.gnu.org/software/libc/manual/html_node/Configuring-and-compiling.html
This commit is contained in:
fanquake 2022-06-27 11:25:07 +01:00
parent 3897a131d0
commit aa87879a77
No known key found for this signature in database
GPG key ID: 2EEB9F5CC09526C1
1 changed files with 6 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
contrib/guix/manifest.scm
View file

@ -136,7 +136,7 @@ chain for " target " development."))
#:key #:key
(base-gcc-for-libc base-gcc) (base-gcc-for-libc base-gcc)
(base-kernel-headers base-linux-kernel-headers) (base-kernel-headers base-linux-kernel-headers)
(base-libc (make-glibc-without-werror glibc-2.24)) (base-libc (make-glibc-with-bind-now (make-glibc-without-werror glibc-2.24)))
(base-gcc (make-gcc-rpath-link base-gcc))) (base-gcc (make-gcc-rpath-link base-gcc)))
"Convenience wrapper around MAKE-CROSS-TOOLCHAIN with default values "Convenience wrapper around MAKE-CROSS-TOOLCHAIN with default values
desirable for building Bitcoin Core release binaries." desirable for building Bitcoin Core release binaries."
@ -523,6 +523,9 @@ inspecting signatures in Mach-O binaries.")
(define (make-glibc-with-stack-protector glibc) (define (make-glibc-with-stack-protector glibc)
(package-with-extra-configure-variable glibc "--enable-stack-protector" "all")) (package-with-extra-configure-variable glibc "--enable-stack-protector" "all"))
(define (make-glibc-with-bind-now glibc)
(package-with-extra-configure-variable glibc "--enable-bind-now" "yes"))
(define-public glibc-2.24 (define-public glibc-2.24
(package (package
(inherit glibc-2.31) (inherit glibc-2.31)
@ -610,7 +613,8 @@ inspecting signatures in Mach-O binaries.")
((string-contains target "-linux-") ((string-contains target "-linux-")
(list (cond ((string-contains target "riscv64-") (list (cond ((string-contains target "riscv64-")
(make-bitcoin-cross-toolchain target (make-bitcoin-cross-toolchain target
#:base-libc (make-glibc-with-stack-protector (make-glibc-without-werror glibc-2.27/bitcoin-patched)))) #:base-libc (make-glibc-with-stack-protector
(make-glibc-with-bind-now (make-glibc-without-werror glibc-2.27/bitcoin-patched)))))
(else (else
(make-bitcoin-cross-toolchain target))))) (make-bitcoin-cross-toolchain target)))))
((string-contains target "darwin") ((string-contains target "darwin")