From: zimoun <zimon.toutoune@gmail.com>
To: Maxim Cournoyer <maxim.cournoyer@gmail.com>,
Maxime Devos <maximedevos@telenet.be>
Cc: guix-devel@gnu.org, kiasoc5@tutanota.com
Subject: Re: Hardened toolchain
Date: Mon, 28 Mar 2022 09:35:41 +0200 [thread overview]
Message-ID: <86a6dattpu.fsf@gmail.com> (raw)
In-Reply-To: <874k3iwysf.fsf@gmail.com>
Hi,
On Sun, 27 Mar 2022 at 23:17, Maxim Cournoyer <maxim.cournoyer@gmail.com> wrote:
> Maxime Devos <maximedevos@telenet.be> writes:
>> I think it would be a lot simpler to just add this to the 'standard'
>> gcc configure flags, in (gnu packages gcc), given that probably the
>> idea is to do this hardening for all packages? Needs a world-rebuild
>> though.
>
> +1. The whole distribution can probably benefit from this hardening.
(Parenthesis, the initial question is about how to create a custom gcc,
somehow whatever the options are about, and my answers are in this
direction and not in supporting directly in Guix some variants or even
create a new upstream . To me, that “a lot simpler” is orthogonal. :-)
Closing parenthesis.)
Yes, for sure, it can be a good idea to follow the “Arch Linux” hardened
flags. The two question I have are:
1. Is it well-supported for cross-compiling?
2. Do we introduce the hardened flags for compiling the hardened
compiler? Other said, at which bootstrap level in the chain do we
introduce these hardened options?
Cheers,
simon
next prev parent reply other threads:[~2022-03-28 8:07 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-21 13:34 Hardened toolchain zimoun
[not found] ` <Mymdzxm--3-2@tutanota.com>
2022-03-22 19:06 ` zimoun
2022-03-22 20:02 ` kiasoc5--- via Development of GNU Guix and the GNU System distribution.
2022-03-25 19:39 ` kiasoc5--- via Development of GNU Guix and the GNU System distribution.
2022-03-25 22:54 ` zimoun
2022-03-26 19:33 ` kiasoc5--- via Development of GNU Guix and the GNU System distribution.
2022-03-26 22:02 ` kiasoc5--- via Development of GNU Guix and the GNU System distribution.
2022-03-27 20:06 ` zimoun
2022-03-27 20:22 ` Maxime Devos
2022-03-28 3:17 ` Maxim Cournoyer
2022-03-28 7:35 ` zimoun [this message]
2022-03-29 0:02 ` kiasoc5--- via Development of GNU Guix and the GNU System distribution.
2022-03-29 10:15 ` Ludovic Courtès
2022-04-14 18:59 ` kiasoc5--- via Development of GNU Guix and the GNU System distribution.
2022-04-15 15:18 ` jbranso
2022-04-15 16:04 ` Zhu Zihao
2022-04-15 16:34 ` raingloom
2022-04-26 11:07 ` Katherine Cox-Buday
2022-04-28 17:36 ` Aurora
2022-04-28 17:41 ` Katherine Cox-Buday
2022-04-28 19:53 ` Aurora
2022-04-28 17:50 ` Vagrant Cascadian
2022-04-28 19:54 ` Aurora
2022-04-29 10:31 ` zimoun
2022-04-29 15:51 ` kiasoc5--- via Development of GNU Guix and the GNU System distribution.
2022-05-02 14:55 ` Katherine Cox-Buday
2022-05-02 16:25 ` Maxime Devos
2022-05-02 17:41 ` zimoun
2022-05-02 21:10 ` Maxime Devos
-- strict thread matches above, loose matches on Subject: below --
2022-04-15 20:36 Nathan Dehnel
2022-04-16 3:51 ` raingloom
2022-03-21 4:31 kiasoc5--- via Development of GNU Guix and the GNU System distribution.
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=86a6dattpu.fsf@gmail.com \
--to=zimon.toutoune@gmail.com \
--cc=guix-devel@gnu.org \
--cc=kiasoc5@tutanota.com \
--cc=maxim.cournoyer@gmail.com \
--cc=maximedevos@telenet.be \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.