diff mbox

check -nopie in configure

Message ID 578F8388.8060605@arm.com
State New
Headers show

Commit Message

Szabolcs Nagy July 20, 2016, 1:58 p.m. UTC 
since gcc can be built with --enable-default-pie, there
is a -no-pie flag to turn off PIE.

gcc cannot be built as PIE (pr 71934), so the gcc build
system has to detect the -no-pie flag to disable PIE.

historically default pie toolchains used the -nopie flag
(e.g. gentoo hardened), those toolchains cannot build
gcc anymore, so detect -nopie too.

gcc/
2016-07-20  Szabolcs Nagy  <szabolcs.nagy@arm.com>

	* configure.ac: Detect -nopie flag just like -no-pie.
	* configure: Regenerate.

Comments

Szabolcs Nagy Aug. 24, 2016, 5:21 p.m. UTC | #1 
On 20/07/16 14:58, Szabolcs Nagy wrote:
> since gcc can be built with --enable-default-pie, there
> is a -no-pie flag to turn off PIE.
> 
> gcc cannot be built as PIE (pr 71934), so the gcc build
> system has to detect the -no-pie flag to disable PIE.
> 
> historically default pie toolchains used the -nopie flag
> (e.g. gentoo hardened), those toolchains cannot build
> gcc anymore, so detect -nopie too.
> 
> gcc/
> 2016-07-20  Szabolcs Nagy  <szabolcs.nagy@arm.com>
> 
> 	* configure.ac: Detect -nopie flag just like -no-pie.
> 	* configure: Regenerate.
> 

ping
Magnus Granberg Aug. 24, 2016, 8:20 p.m. UTC | #2 
onsdag 24 augusti 2016 kl. 18:21:07 CEST skrev  Szabolcs Nagy:
> On 20/07/16 14:58, Szabolcs Nagy wrote:
> > since gcc can be built with --enable-default-pie, there
> > is a -no-pie flag to turn off PIE.
> > 
> > gcc cannot be built as PIE (pr 71934), so the gcc build
> > system has to detect the -no-pie flag to disable PIE.
> > 
> > historically default pie toolchains used the -nopie flag
> > (e.g. gentoo hardened), those toolchains cannot build
> > gcc anymore, so detect -nopie too.
> > 
> > gcc/
> > 2016-07-20  Szabolcs Nagy  <szabolcs.nagy@arm.com>
> > 
> > 	* configure.ac: Detect -nopie flag just like -no-pie.
> > 	* configure: Regenerate.
> 
> ping

On Gentoo Hardened we are moving to use -no-pie to disable the linking part 
for both gcc and ld/gold support it. -nopie was not supported by upstream.
To disable PIE when compile -fno-PIE should be just.
The compile and link part is disable when building gcc, look in the Makefile.

/Magnus G.
diff mbox

Patch

diff --git a/gcc/configure b/gcc/configure
index ed44472..ca16e66 100755
--- a/gcc/configure
+++ b/gcc/configure
@@ -29566,6 +29566,33 @@  fi
 $as_echo "$gcc_cv_no_pie" >&6; }
 if test "$gcc_cv_no_pie" = "yes"; then
   NO_PIE_FLAG="-no-pie"
+else
+  # Check if -nopie works.
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -nopie option" >&5
+$as_echo_n "checking for -nopie option... " >&6; }
+if test "${gcc_cv_nopie+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  saved_LDFLAGS="$LDFLAGS"
+     LDFLAGS="$LDFLAGS -nopie"
+     cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+int main(void) {return 0;}
+_ACEOF
+if ac_fn_cxx_try_link "$LINENO"; then :
+  gcc_cv_nopie=yes
+else
+  gcc_cv_nopie=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+     LDFLAGS="$saved_LDFLAGS"
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gcc_cv_nopie" >&5
+$as_echo "$gcc_cv_nopie" >&6; }
+  if test "$gcc_cv_nopie" = "yes"; then
+    NO_PIE_FLAG="-nopie"
+  fi
 fi
 
 
diff --git a/gcc/configure.ac b/gcc/configure.ac
index 086d0fc..98ab5cb 100644
--- a/gcc/configure.ac
+++ b/gcc/configure.ac
@@ -6200,6 +6200,19 @@  AC_CACHE_CHECK([for -no-pie option],
    LDFLAGS="$saved_LDFLAGS"])
 if test "$gcc_cv_no_pie" = "yes"; then
   NO_PIE_FLAG="-no-pie"
+else
+  # Check if -nopie works.
+  AC_CACHE_CHECK([for -nopie option],
+    [gcc_cv_nopie],
+    [saved_LDFLAGS="$LDFLAGS"
+     LDFLAGS="$LDFLAGS -nopie"
+     AC_LINK_IFELSE([int main(void) {return 0;}],
+       [gcc_cv_nopie=yes],
+       [gcc_cv_nopie=no])
+     LDFLAGS="$saved_LDFLAGS"])
+  if test "$gcc_cv_nopie" = "yes"; then
+    NO_PIE_FLAG="-nopie"
+  fi
 fi
 AC_SUBST([NO_PIE_FLAG])