From mboxrd@z Thu Jan 1 00:00:00 1970 From: Alex Vong Subject: Re: [PATCH 1/2] Add (guix build build-flags). Date: Fri, 25 Dec 2015 23:38:28 +0800 Message-ID: <87k2o2a68b.fsf@gmail.com> References: <20151031215617.4df7ce04@debian> <878u6caz6z.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:44164) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aCURw-0007g1-SD for guix-devel@gnu.org; Fri, 25 Dec 2015 10:38:38 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aCURt-0008CO-Kz for guix-devel@gnu.org; Fri, 25 Dec 2015 10:38:36 -0500 In-Reply-To: <878u6caz6z.fsf@gnu.org> ("Ludovic \=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\= \=\?utf-8\?Q\?s\?\= message of "Thu, 05 Nov 2015 22:55:32 +0100") List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org To: Ludovic =?utf-8?Q?Court=C3=A8s?= Cc: guix-devel@gnu.org ludo@gnu.org (Ludovic Court=C3=A8s) writes: Hi, This is an old thread, but I am still unclear of something, so I will reply. > Alex Vong skribis: > >> From 6ad35e245c374ff828f167bb3467ce68559ccefd Mon Sep 17 00:00:00 2001 >> From: Alex Vong >> Date: Sat, 31 Oct 2015 19:44:13 +0800 >> Subject: [PATCH 1/2] Add (guix build build-flags). >> >> A module to manipulate build flags, similar to dpkg-buildflags. >> >> * guix/build/build-flags.scm: New file. >> * Makefile.am (MODULES): Register it. > > [...] > >> +;;; Module to manipulate build flags, similar to dpkg-buildflags. > > It doesn=E2=80=99t really help to refer to dpkg-buildflags, at least for = me. ;-) > Sure, I should have elaborated more on it. What I am looking for are ways to avoid repeating a lot of flags in different packages, something like `use this set of flags, please'. For example, in Debian, if you type $ dpkg-buildflags --get CFLAGS you get -g -O2 -fstack-protector-strong -Wformat -Werror=3Dformat-security which are thr default flags to be exported during package build. Moroever, maintainer can alter the default behaviour by setting DEB_BUILD_MAINT_OPTIONS. For example, $ DEB_BUILD_MAINT_OPTIONS=3Dhardening=3D+all dpkg-buildflags --get CFLAGS will return -g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=3Dformat-security >> +;;; Data structure is constructed by flag-list. >> +;;; The constructor flag-list does something to its arguments, >> +;;; such as trimming white-spaces, to ensure no two arguments mean the = same. >> +;;; >> +;;; Here is an example: >> +;;; (define default-flag-list >> +;;; (flag-list >> +;;; #:CFLAGS '("-O2" "-g") >> +;;; #:LDFLAGS '("-lm" "-lpthread"))) >> +;;; >> +;;; flag-list+ and flag-list- are analogous to >> +;;; numeric + and - but operate on . >> +;;; >> +;;; flag-list->string-list converts into >> +;;; configure-flags-compatible string-list. > > How would we use flag lists? > > The problem is that each build system has its own way to specify custom > flags, and some don=E2=80=99t even allow that. So being able to manipula= te flag > lists is nice, but I=E2=80=99m afraid we wouldn=E2=80=99t be able to make= much out of > them. > > WDYT? > >> +(define-syntax define-record-type-with-accessor-list >> + (syntax-rules () >> + "Macro to define a srfi-9 record >> +with accessor list bound to accessor-list-name. > > Is this really needed? Would =E2=80=98define-record-type*=E2=80=99 from = (guix records) > do the job? > >> +(define-record-type-with-accessor-list >> + (make-flag-list c-flags >> + cpp-flags >> + c++-flags >> + fc-flags >> + f-flags >> + gcj-flags >> + ld-flags >> + objc-flags >> + objc++-flags) > > I=E2=80=99m not convinced we need to list all these flags, but again, that > depends on how we end up using it. > > On one hand that=E2=80=99s already too many flags, and we=E2=80=99d be pa= ssing the same > options to all of them anyway=E2=80=93like -fstack-protector, -fPIE, etc. > > On the other hand, it=E2=80=99s very much GCC- and autotool-centric. > > [...] > >> +(define fortify-flag-list >> + (flag-list >> + #:CPPFLAGS '("-D_FORTIFY_SOURCE=3D2"))) >> + >> +(define stackprotector-flag-list >> + (flag-list >> + #:CFLAGS '("-fstack-protector" "--param=3Dssp-buffer-size=3D4") >> + #:CXXFLAGS '("-fstack-protector" "--param=3Dssp-buffer-size=3D4") >> + #:FCFLAGS '("-fstack-protector" "--param=3Dssp-buffer-size=3D4") >> + #:FFLAGS '("-fstack-protector" "--param=3Dssp-buffer-size=3D4") >> + #:GCJFLAGS '("-fstack-protector" "--param=3Dssp-buffer-size=3D4") >> + #:OBJCFLAGS '("-fstack-protector" "--param=3Dssp-buffer-size=3D4") >> + #:OBJCXXFLAGS '("-fstack-protector" "--param=3Dssp-buffer-size=3D4")= )) >> + >> +(define stackprotectorstrong-flag-list >> + (flag-list >> + #:CFLAGS '("-fstack-protector-strong") >> + #:CXXFLAGS '("-fstack-protector-strong") >> + #:FCFLAGS '("-fstack-protector-strong") >> + #:FFLAGS '("-fstack-protector-strong") >> + #:GCJFLAGS '("-fstack-protector-strong") >> + #:OBJCFLAGS '("-fstack-protector-strong") >> + #:OBJCXXFLAGS '("-fstack-protector-strong"))) > > I=E2=80=99ve been thinking we should experiment with these various option= s. The > way I=E2=80=99d do it now would be by running: > > ./configure x y z CPPFLAGS=3D-D_FORTIFY_SOURCE=3D2 CFLAGS=3D-fstack-pro= tector > > This would be just automatically added to #:configure-flags in > gnu-build-system.scm. > > Of course, some packages would ignore them and others would break, but > that=E2=80=99s part of the game. It largely have to be approached on a > case-by-case basis. > Yes, I grep for `fstack-protector-strong' in the guix code base and no matches are found. It appears no packages are setting this flag currently. I think this flag (perhaps also a couple others) should be set by default since they help protect against buffer overflow . > Thoughts? > > Ludo=E2=80=99. How do you people think? Cheers, Alex