git: c6e7c894c665 - main - features: Add support to build ports as PIE executables.

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Baptiste Daroussin <bapt_at_FreeBSD.org>
Date: Wed, 26 Oct 2022 08:34:45 UTC
The branch main has been updated by bapt:

URL: https://cgit.FreeBSD.org/ports/commit/?id=c6e7c894c6657af42a49dfdffee5de8b8c69e422

commit c6e7c894c6657af42a49dfdffee5de8b8c69e422
Author:     Jatin Kataria <jatinkataria1@gmail.com>
AuthorDate: 2022-10-14 22:27:35 +0000
Commit:     Baptiste Daroussin <bapt@FreeBSD.org>
CommitDate: 2022-10-26 08:22:12 +0000

    features: Add support to build ports as PIE executables.
    
    This will allow utilization of ASLR provided by the kernel.
    
    Sponsored by:   Netflix
---
 Mk/Features/pie.mk | 14 ++++++++++++++
 Mk/Uses/go.mk      |  7 ++++++-
 Mk/bsd.port.mk     |  9 ++++++---
 3 files changed, 26 insertions(+), 4 deletions(-)

diff --git a/Mk/Features/pie.mk b/Mk/Features/pie.mk
new file mode 100644
index 000000000000..73bbe9b24c19
--- /dev/null
+++ b/Mk/Features/pie.mk
@@ -0,0 +1,14 @@
+# PIE Support
+
+.if !defined(_PIE_MK_INCLUDED)
+_PIE_MK_INCLUDED=	yes
+PIE_Include_MAINTAINER=	portmgr@FreeBSD.org
+
+.  if !defined(PIE_UNSAFE)
+PIE_CFLAGS?=	-fPIE -fPIC
+CFLAGS+=	${PIE_CFLAGS}
+CXXFLAGS+=	${PIE_CFLAGS}
+LDFLAGS+=	-pie
+.  endif
+.endif
+
diff --git a/Mk/Uses/go.mk b/Mk/Uses/go.mk
index 9ae32ca267bc..d75c4c2f0fe1 100644
--- a/Mk/Uses/go.mk
+++ b/Mk/Uses/go.mk
@@ -90,7 +90,12 @@ GO_PKGNAME=	${PORTNAME}
 GO_TARGET?=	${GO_PKGNAME}
 GO_TESTTARGET?=	./...
 
-GO_BUILDFLAGS+=	-v -buildmode=exe -trimpath
+.if !defined(PIE_UNSAFE)
+GO_BUILDFLAGS+= -buildmode=pie
+.else
+GO_BUILDFLAGS+= -buildmode=exe
+.endif
+GO_BUILDFLAGS+= -v -trimpath
 .  if !defined(WITH_DEBUG) && empty(GO_BUILDFLAGS:M-ldflags*)
 GO_BUILDFLAGS+=	-ldflags=-s
 .  endif
diff --git a/Mk/bsd.port.mk b/Mk/bsd.port.mk
index a6543b0e069f..717a0efdee6f 100644
--- a/Mk/bsd.port.mk
+++ b/Mk/bsd.port.mk
@@ -339,6 +339,11 @@ FreeBSD_MAINTAINER=	portmgr@FreeBSD.org
 #				  can be used in Makefiles by port maintainers
 #				  if a port breaks with it (it should be
 #				  extremely rare).
+# PIE_CFLAGS	- Defaults to -fPIE -fPIC. This value
+#				  is added to CFLAGS and the necessary flags
+#				  are added to LDFLAGS. Note that PIE_UNSAFE
+#				  can be used in Makefiles by port maintainers
+#				  if a port breaks with it.
 ##
 # USE_LOCALE	- LANG and LC_ALL are set to the value of this variable in
 #				  CONFIGURE_ENV and MAKE_ENV.  Example: USE_LOCALE=en_US.UTF-8
@@ -1012,7 +1017,7 @@ LC_ALL=		C
 # These need to be absolute since we don't know how deep in the ports
 # tree we are and thus can't go relative.  They can, of course, be overridden
 # by individual Makefiles or local system make configuration.
-_LIST_OF_WITH_FEATURES=	debug lto ssp
+_LIST_OF_WITH_FEATURES=	debug lto ssp pie
 _DEFAULT_WITH_FEATURES=	ssp
 PORTSDIR?=		/usr/ports
 LOCALBASE?=		/usr/local
@@ -1776,8 +1781,6 @@ CFLAGS:=	${CFLAGS:C/${_CPUCFLAGS}//}
 .      endif
 .    endfor
 
-# XXX PIE support to be added here
-MAKE_ENV+=	NO_PIE=yes
 # We will control debug files.  Don't let builds that use /usr/share/mk
 # split out debug symbols since the plist won't know to expect it.
 MAKE_ENV+=	MK_DEBUG_FILES=no