From 3897a131d022c29301809c3d6edfcb46e100dc21 Mon Sep 17 00:00:00 2001 From: fanquake Date: Tue, 21 Jun 2022 20:09:47 +0100 Subject: [PATCH] guix: enable SSP for RISC-V glibc (2.27) Pass `--enable-stack-protector=all` when building the glibc used for the RISC-V toolchain, to enable stack smashing protection on all functions, in the glibc code. --- contrib/guix/manifest.scm | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/contrib/guix/manifest.scm b/contrib/guix/manifest.scm index 7471f08a2b1..cd69f9bf0e7 100644 --- a/contrib/guix/manifest.scm +++ b/contrib/guix/manifest.scm @@ -520,6 +520,9 @@ inspecting signatures in Mach-O binaries.") (define (make-glibc-without-werror glibc) (package-with-extra-configure-variable glibc "enable_werror" "no")) +(define (make-glibc-with-stack-protector glibc) + (package-with-extra-configure-variable glibc "--enable-stack-protector" "all")) + (define-public glibc-2.24 (package (inherit glibc-2.31) @@ -607,7 +610,7 @@ inspecting signatures in Mach-O binaries.") ((string-contains target "-linux-") (list (cond ((string-contains target "riscv64-") (make-bitcoin-cross-toolchain target - #:base-libc (make-glibc-without-werror glibc-2.27/bitcoin-patched))) + #:base-libc (make-glibc-with-stack-protector (make-glibc-without-werror glibc-2.27/bitcoin-patched)))) (else (make-bitcoin-cross-toolchain target))))) ((string-contains target "darwin")