guix: enable SSP for RISC-V glibc (2.27)

Pass `--enable-stack-protector=all` when building the glibc used for the
RISC-V toolchain, to enable stack smashing protection on all functions,
in the glibc code.

1 files changed, 4 insertions, 1 deletions

diff --git a/contrib/guix/manifest.scm b/contrib/guix/manifest.scm
index 7471f08a2b..cd69f9bf0e 100644
--- a/contrib/guix/manifest.scm
+++ b/contrib/guix/manifest.scm
@@ -520,6 +520,9 @@ inspecting signatures in Mach-O binaries.")
 (define (make-glibc-without-werror glibc)
   (package-with-extra-configure-variable glibc "enable_werror" "no"))
 
+(define (make-glibc-with-stack-protector glibc)
+  (package-with-extra-configure-variable glibc "--enable-stack-protector" "all"))
+
 (define-public glibc-2.24
   (package
     (inherit glibc-2.31)
@@ -607,7 +610,7 @@ inspecting signatures in Mach-O binaries.")
           ((string-contains target "-linux-")
            (list (cond ((string-contains target "riscv64-")
                         (make-bitcoin-cross-toolchain target
-                                                      #:base-libc (make-glibc-without-werror glibc-2.27/bitcoin-patched)))
+                                                      #:base-libc (make-glibc-with-stack-protector (make-glibc-without-werror glibc-2.27/bitcoin-patched))))
                        (else
                         (make-bitcoin-cross-toolchain target)))))
           ((string-contains target "darwin")