[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Hardened toolchain
From: |
zimoun |
Subject: |
Re: Hardened toolchain |
Date: |
Mon, 28 Mar 2022 09:35:41 +0200 |
Hi,
On Sun, 27 Mar 2022 at 23:17, Maxim Cournoyer <maxim.cournoyer@gmail.com> wrote:
> Maxime Devos <maximedevos@telenet.be> writes:
>> I think it would be a lot simpler to just add this to the 'standard'
>> gcc configure flags, in (gnu packages gcc), given that probably the
>> idea is to do this hardening for all packages? Needs a world-rebuild
>> though.
>
> +1. The whole distribution can probably benefit from this hardening.
(Parenthesis, the initial question is about how to create a custom gcc,
somehow whatever the options are about, and my answers are in this
direction and not in supporting directly in Guix some variants or even
create a new upstream . To me, that “a lot simpler” is orthogonal. :-)
Closing parenthesis.)
Yes, for sure, it can be a good idea to follow the “Arch Linux” hardened
flags. The two question I have are:
1. Is it well-supported for cross-compiling?
2. Do we introduce the hardened flags for compiling the hardened
compiler? Other said, at which bootstrap level in the chain do we
introduce these hardened options?
Cheers,
simon
- Hardened toolchain, (continued)
- Hardened toolchain, zimoun, 2022/03/21
- Message not available
- Re: Hardened toolchain, zimoun, 2022/03/22
- Re: Hardened toolchain, kiasoc5, 2022/03/22
- Re: Hardened toolchain, kiasoc5, 2022/03/25
- Re: Hardened toolchain, zimoun, 2022/03/25
- Re: Hardened toolchain, kiasoc5, 2022/03/26
- Re: Hardened toolchain, kiasoc5, 2022/03/26
- Re: Hardened toolchain, zimoun, 2022/03/27
Re: Hardened toolchain, Maxime Devos, 2022/03/27