diff options
| author | khorben <khorben@pkgsrc.org> | 2017-11-12 13:34:14 +0000 |
|---|---|---|
| committer | khorben <khorben@pkgsrc.org> | 2017-11-12 13:34:14 +0000 |
| commit | 7d3f3ab2e3f90a0088ece35efa2265a79d9a302a (patch) | |
| tree | 570e7605ffffab5381ff6af23ae175bce975f3c3 /mk/bsd.prefs.mk | |
| parent | 3152ab4faca23a0563c98c4201f9299e01b67376 (diff) | |
| download | pkgsrc-7d3f3ab2e3f90a0088ece35efa2265a79d9a302a.tar.gz | |
Add initial support for building packages reproducibly
It currently tackles two problems:
- gcc(1) hard-coding full paths in debugging information (with one
caveat at the moment)
- ar(1) hard-coding user IDs in archive headers
This allows packages built from the same tree and options to produce
identical results bit by bit. This option should be combined with ASLR
and PKGSRC_MKPIE to avoid predictable address offsets for attackers
attempting to exploit security vulnerabilities.
This is still disabled by default, and only supports NetBSD so far.
As discussed on tech-pkg@
Diffstat (limited to 'mk/bsd.prefs.mk')
| -rw-r--r-- | mk/bsd.prefs.mk | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/mk/bsd.prefs.mk b/mk/bsd.prefs.mk index 2704e90ca2f..bbd93490cc6 100644 --- a/mk/bsd.prefs.mk +++ b/mk/bsd.prefs.mk @@ -1,4 +1,4 @@ -# $NetBSD: bsd.prefs.mk,v 1.394 2017/11/03 18:07:40 bsiegert Exp $ +# $NetBSD: bsd.prefs.mk,v 1.395 2017/11/12 13:34:14 khorben Exp $ # # This file includes the mk.conf file, which contains the user settings. # @@ -705,6 +705,12 @@ _PKGSRC_MKPIE= no _PKGSRC_MKPIE= yes .endif +_PKGSRC_MKREPRO= no +.if (${PKGSRC_MKREPRO:tl} == "yes") && \ + (${_OPSYS_SUPPORTS_MKREPRO:Uno} == "yes") +_PKGSRC_MKREPRO= yes +.endif + _PKGSRC_USE_FORTIFY= no .if (${PKGSRC_USE_FORTIFY:tl} != "no") && \ (${_OPSYS_SUPPORTS_FORTIFY:Uno} == "yes") |