From mboxrd@z Thu Jan  1 00:00:00 1970
From: contact.ng0@cryptolab.net
Subject: Add configure-flags to tor.
Date: Wed, 25 Jan 2017 09:31:06 +0000
Message-ID: <20170125093107.11271-1-contact.ng0@cryptolab.net>
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:50003)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ng0@we.make.ritual.n0.is>) id 1cWJvL-0002OH-Ls
	for guix-devel@gnu.org; Wed, 25 Jan 2017 04:31:28 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <ng0@we.make.ritual.n0.is>) id 1cWJvI-0007xa-Kx
	for guix-devel@gnu.org; Wed, 25 Jan 2017 04:31:27 -0500
Received: from aibo.runbox.com ([91.220.196.211]:60454)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <ng0@we.make.ritual.n0.is>)
	id 1cWJvI-0007xE-Dl
	for guix-devel@gnu.org; Wed, 25 Jan 2017 04:31:24 -0500
Received: from [10.9.9.210] (helo=mailfront10.runbox.com)
	by mailtransmit02.runbox with esmtp (Exim 4.86_2)
	(envelope-from <ng0@we.make.ritual.n0.is>) id 1cWJvG-0003b4-Qb
	for guix-devel@gnu.org; Wed, 25 Jan 2017 10:31:23 +0100
Received: from x5d83f139.dyn.telefonica.de ([93.131.241.57] helo=localhost)
	by mailfront10.runbox.com with esmtpsa (uid:892961 )
	(TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) id 1cWJv6-00015p-Ao
	for guix-devel@gnu.org; Wed, 25 Jan 2017 10:31:12 +0100
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: guix-devel@gnu.org

This adds tor hardening flags.  Do you want me to document the flags in the package? I left it out since it's documented in the tor release itself.

Taken from ReleaseNotes:

'--enable-expensive-hardening'

   New --enable-expensive-hardening option to enable security
   hardening options that consume nontrivial amounts of CPU and
   memory. Right now, this includes AddressSanitizer and UbSan, which
   are supported in newer versions of GCC and Clang. Closes ticket
   11477.

'--enable-gcc-hardening'

  New "--enable-gcc-hardening" ./configure flag (off by default)
  to turn on gcc compile time hardening options. It ensures
  that signed ints have defined behavior (-fwrapv), enables
  -D_FORTIFY_SOURCE=2 (requiring -O2), adds stack smashing protection
  with canaries (-fstack-protector-all), turns on ASLR protection if
  supported by the kernel (-fPIE, -pie), and adds additional security
  related warnings. Verified to work on Mac OS X and Debian Lenny.

'--enable-linker-hardening'

  New "--enable-linker-hardening" ./configure flag (off by default)
  to turn on ELF specific hardening features (relro, now). This does
  not work with Mac OS X or any other non-ELF binary format.