From 7850c5fe20a034438e00f6c12ce51efc6af3a1aa Mon Sep 17 00:00:00 2001 From: fanquake Date: Mon, 14 Aug 2023 13:23:25 +0100 Subject: guix: build GCC with --enable-standard-branch-protection To enable Branch Target Identification Mechanism and Return Address Signing by default at configure time use the `--enable-standard-branch-protection` option. This is equivalent to having `-mbranch-protection=standard` during compilation. This can be explicitly disabled during compilation by passing the `-mbranch-protection=none` option which turns off all types of branch protections. See: https://gcc.gnu.org/install/specific.html#aarch64-x-x --- contrib/guix/manifest.scm | 1 + 1 file changed, 1 insertion(+) diff --git a/contrib/guix/manifest.scm b/contrib/guix/manifest.scm index 3353c8a874..e24a61bf9d 100644 --- a/contrib/guix/manifest.scm +++ b/contrib/guix/manifest.scm @@ -423,6 +423,7 @@ inspecting signatures in Mach-O binaries.") (list "--enable-initfini-array=yes", "--enable-default-ssp=yes", "--enable-default-pie=yes", + "--enable-standard-branch-protection=yes", building-on))) ((#:phases phases) `(modify-phases ,phases -- cgit v1.2.3