From 4e569c8bd85e0dbdb1fad7ba6ad5fab31753016a Mon Sep 17 00:00:00 2001 From: fanquake Date: Tue, 21 Jun 2022 07:21:32 +0100 Subject: guix: remove explicit glibc stack protector disabling While glibc 2.25 and newer *can* be built with stack-smashing-protection enabled, it isn't used by default, and still isn't, as of glibc 2.35, so I can't see a reason to explicitly disable it. I'd also like to move in the direction of enabling, by default, hardening options for the toolchains we build, so removing the explicit disabling is a step in that direction. Will be following up with some changes based on this PR. --- contrib/guix/manifest.scm | 16 +--------------- 1 file changed, 1 insertion(+), 15 deletions(-) (limited to 'contrib/guix') diff --git a/contrib/guix/manifest.scm b/contrib/guix/manifest.scm index 34a9c608db..5d8cf69f76 100644 --- a/contrib/guix/manifest.scm +++ b/contrib/guix/manifest.scm @@ -132,25 +132,11 @@ chain for " target " development.")) (define base-gcc gcc-10) (define base-linux-kernel-headers linux-libre-headers-5.15) -;; Building glibc with stack smashing protector first landed in glibc 2.25, use -;; this function to disable for older glibcs -;; -;; From glibc 2.25 changelog: -;; -;; * Most of glibc can now be built with the stack smashing protector enabled. -;; It is recommended to build glibc with --enable-stack-protector=strong. -;; Implemented by Nick Alcock (Oracle). -(define (make-glibc-without-ssp xglibc) - (package-with-extra-configure-variable - (package-with-extra-configure-variable - xglibc "libc_cv_ssp" "no") - "libc_cv_ssp_strong" "no")) - (define* (make-bitcoin-cross-toolchain target #:key (base-gcc-for-libc base-gcc) (base-kernel-headers base-linux-kernel-headers) - (base-libc (make-glibc-without-ssp (make-glibc-without-werror glibc-2.24))) + (base-libc (make-glibc-without-werror glibc-2.24)) (base-gcc (make-gcc-rpath-link base-gcc))) "Convenience wrapper around MAKE-CROSS-TOOLCHAIN with default values desirable for building Bitcoin Core release binaries." -- cgit v1.2.3