guix: build GCC with --enable-standard-branch-protection

To enable Branch Target Identification Mechanism and Return Address Signing by default at configure time use the `--enable-standard-branch-protection` option. This is equivalent to having `-mbranch-protection=standard` during compilation. This can be explicitly disabled during compilation by passing the `-mbranch-protection=none` option which turns off all types of branch protections. See: https://gcc.gnu.org/install/specific.html#aarch64-x-x
author: fanquake <fanquake@gmail.com> 2023-08-14 13:23:25 +0100
committer: fanquake <fanquake@gmail.com> 2024-03-21 17:33:59 +0000
commit: 7850c5fe20a034438e00f6c12ce51efc6af3a1aa (patch)
tree: eecd0c772e63c535f7c0535e924d16073f1b2548 /contrib
parent: 71b63195b30b2fa0dff20ebb262ce7566dd5d673 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/contrib/guix/manifest.scm b/contrib/guix/manifest.scm
index 3353c8a874..e24a61bf9d 100644
--- a/contrib/guix/manifest.scm
+++ b/contrib/guix/manifest.scm
@@ -423,6 +423,7 @@ inspecting signatures in Mach-O binaries.")
             (list "--enable-initfini-array=yes",
                   "--enable-default-ssp=yes",
                   "--enable-default-pie=yes",
+                  "--enable-standard-branch-protection=yes",
                   building-on)))
         ((#:phases phases)
           `(modify-phases ,phases
author	fanquake <fanquake@gmail.com>	2023-08-14 13:23:25 +0100
committer	fanquake <fanquake@gmail.com>	2024-03-21 17:33:59 +0000
commit	7850c5fe20a034438e00f6c12ce51efc6af3a1aa (patch)
tree	eecd0c772e63c535f7c0535e924d16073f1b2548 /contrib
parent	71b63195b30b2fa0dff20ebb262ce7566dd5d673 (diff)