aboutsummaryrefslogtreecommitdiff
path: root/contrib
diff options
context:
space:
mode:
authorfanquake <fanquake@gmail.com>2022-06-21 07:21:32 +0100
committerfanquake <fanquake@gmail.com>2022-06-21 09:21:00 +0100
commit4e569c8bd85e0dbdb1fad7ba6ad5fab31753016a (patch)
treece7394269b37e0b7027ce939403a285059bfc506 /contrib
parent1d39c9ca0672e7ad4c1f0959f9d58d2fcc7dc46b (diff)
guix: remove explicit glibc stack protector disabling
While glibc 2.25 and newer *can* be built with stack-smashing-protection enabled, it isn't used by default, and still isn't, as of glibc 2.35, so I can't see a reason to explicitly disable it. I'd also like to move in the direction of enabling, by default, hardening options for the toolchains we build, so removing the explicit disabling is a step in that direction. Will be following up with some changes based on this PR.
Diffstat (limited to 'contrib')
-rw-r--r--contrib/guix/manifest.scm16
1 files changed, 1 insertions, 15 deletions
diff --git a/contrib/guix/manifest.scm b/contrib/guix/manifest.scm
index 34a9c608db..5d8cf69f76 100644
--- a/contrib/guix/manifest.scm
+++ b/contrib/guix/manifest.scm
@@ -132,25 +132,11 @@ chain for " target " development."))
(define base-gcc gcc-10)
(define base-linux-kernel-headers linux-libre-headers-5.15)
-;; Building glibc with stack smashing protector first landed in glibc 2.25, use
-;; this function to disable for older glibcs
-;;
-;; From glibc 2.25 changelog:
-;;
-;; * Most of glibc can now be built with the stack smashing protector enabled.
-;; It is recommended to build glibc with --enable-stack-protector=strong.
-;; Implemented by Nick Alcock (Oracle).
-(define (make-glibc-without-ssp xglibc)
- (package-with-extra-configure-variable
- (package-with-extra-configure-variable
- xglibc "libc_cv_ssp" "no")
- "libc_cv_ssp_strong" "no"))
-
(define* (make-bitcoin-cross-toolchain target
#:key
(base-gcc-for-libc base-gcc)
(base-kernel-headers base-linux-kernel-headers)
- (base-libc (make-glibc-without-ssp (make-glibc-without-werror glibc-2.24)))
+ (base-libc (make-glibc-without-werror glibc-2.24))
(base-gcc (make-gcc-rpath-link base-gcc)))
"Convenience wrapper around MAKE-CROSS-TOOLCHAIN with default values
desirable for building Bitcoin Core release binaries."