Re-arrange support for FORTIFY/MKPIE/RELRO/SSP

- No _GCC_* anything in mk/bsd.prefs.mk;
- No compiler flags in platform files.

Tested again on NetBSD/amd64, with and without cwrappers, with the same
outcome.

With feedback from jperkin@

4 files changed, 33 insertions, 27 deletions

diff --git a/mk/bsd.prefs.mk b/mk/bsd.prefs.mk
index a3686851292..7382adadd25 100644
--- a/mk/bsd.prefs.mk
+++ b/mk/bsd.prefs.mk
@@ -1,4 +1,4 @@
-# $NetBSD: bsd.prefs.mk,v 1.380 2016/03/11 23:03:31 khorben Exp $
+# $NetBSD: bsd.prefs.mk,v 1.381 2016/03/11 23:54:08 khorben Exp $
 #
 # This file includes the mk.conf file, which contains the user settings.
 #
@@ -702,40 +702,35 @@ PREPEND_PATH+=		${LOCALBASE}/bin
 INIT_SYSTEM?=		rc.d
 _BUILD_DEFS+=		INIT_SYSTEM
 
-# Enable cwrappers if requested unless we're building the wrappers themselves.
-.if ${USE_CWRAPPERS:tl} != "no" && empty(PKGPATH:Mpkgtools/cwrappers)
-_USE_CWRAPPERS=		yes
-.else
-_USE_CWRAPPERS=		no
-.endif
-
 _PKGSRC_MKPIE=	no
 .if (${PKGSRC_MKPIE:tl} == "yes") && \
     (${_OPSYS_SUPPORTS_MKPIE:Uno} == "yes")
 _PKGSRC_MKPIE=	yes
-_GCC_CFLAGS+=		${_MKPIE_CFLAGS.gcc}
-_GCC_LDFLAGS+=		${_MKPIE_LDFLAGS.gcc}
 .endif
 
 _PKGSRC_USE_FORTIFY=	no
 .if (${PKGSRC_USE_FORTIFY:tl} == "yes") && \
     (${_OPSYS_SUPPORTS_FORTIFY:Uno} == "yes")
 _PKGSRC_USE_FORTIFY=	yes
-_GCC_CFLAGS+=		${_FORTIFY_CFLAGS.gcc}
 .endif
 
 _PKGSRC_USE_RELRO=	no
 .if (${PKGSRC_USE_RELRO:tl} == "yes") && \
     (${_OPSYS_SUPPORTS_RELRO:Uno} == "yes")
 _PKGSRC_USE_RELRO=	yes
-_GCC_LDFLAGS+=		${_RELRO_LDFLAGS.gcc}
 .endif
 
 _PKGSRC_USE_SSP=	no
 .if (${PKGSRC_USE_SSP:tl} == "yes") && \
     (${_OPSYS_SUPPORTS_SSP:Uno} == "yes")
 _PKGSRC_USE_SSP=	yes
-_GCC_CFLAGS+=		${_SSP_CFLAGS.gcc}
+.endif
+
+# Enable cwrappers if requested unless we're building the wrappers themselves.
+.if ${USE_CWRAPPERS:tl} != "no" && empty(PKGPATH:Mpkgtools/cwrappers)
+_USE_CWRAPPERS=		yes
+.else
+_USE_CWRAPPERS=		no
 .endif
 
 # Wrapper framework definitions
diff --git a/mk/compiler/gcc.mk b/mk/compiler/gcc.mk
index 1a575feffe3..30b65adb810 100644
--- a/mk/compiler/gcc.mk
+++ b/mk/compiler/gcc.mk
@@ -1,4 +1,4 @@
-# $NetBSD: gcc.mk,v 1.165 2016/03/11 23:03:31 khorben Exp $
+# $NetBSD: gcc.mk,v 1.166 2016/03/11 23:54:09 khorben Exp $
 #
 # This is the compiler definition for the GNU Compiler Collection.
 #
@@ -338,21 +338,42 @@ _WRAP_EXTRA_ARGS.CC+=	-std=gnu99
 CWRAPPERS_APPEND.cc+=	-std=gnu99
 .endif
 
+.if ${OPSYS} == "NetBSD"
+_FORTIFY_CFLAGS.gcc=	-D_FORTIFY_SOURCE=2
+_MKPIE_CFLAGS.gcc=	-fPIC
+# XXX for executables it should be:
+#_MKPIE_CFLAGS.gcc=	-fPIE
+# XXX for libraries a sink wrapper around gcc is required and used instead
+#_MKPIE_LDFLAGS.gcc=	-pie
+_RELRO_LDFLAGS.gcc=	-Wl,-z,relro -Wl,-z,now
+_SSP_CFLAGS.gcc=	-fstack-protector-all
+.endif
+
+.if ${OPSYS} == "SunOS"
+_FORTIFY_CFLAGS.gcc=	-D_FORTIFY_SOURCE=2
+_SSP_CFLAGS.gcc=	-fstack-protector
+.endif
+
 .if ${_PKGSRC_MKPIE} == "yes"
+_GCC_CFLAGS+=		${_MKPIE_CFLAGS.gcc}
+_GCC_LDFLAGS+=		${_MKPIE_LDFLAGS.gcc}
 CWRAPPERS_APPEND.cc+=	${_MKPIE_CFLAGS.gcc}
 # XXX this differs for libraries and executables
 # CWRAPPERS_APPEND.ld+=	${_MKPIE_LDFLAGS.gcc}
 .endif
 
 .if ${_PKGSRC_USE_FORTIFY} == "yes"
+_GCC_CFLAGS+=		${_FORTIFY_CFLAGS.gcc}
 CWRAPPERS_APPEND.cc+=	${_FORTIFY_CFLAGS.gcc}
 .endif
 
 .if ${_PKGSRC_USE_RELRO} == "yes"
+_GCC_LDFLAGS+=		${_RELRO_LDFLAGS.gcc}
 CWRAPPERS_APPEND.ld+=	${_RELRO_LDFLAGS.gcc}
 .endif
  
 .if ${_PKGSRC_USE_SSP} == "yes"
+_GCC_CFLAGS+=		${_SSP_CFLAGS.gcc}
 CWRAPPERS_APPEND.cc+=	${_SSP_CFLAGS.gcc}
 .endif
 
diff --git a/mk/platform/NetBSD.mk b/mk/platform/NetBSD.mk
index d5270fedc05..7acb95e138d 100644
--- a/mk/platform/NetBSD.mk
+++ b/mk/platform/NetBSD.mk
@@ -1,4 +1,4 @@
-# $NetBSD: NetBSD.mk,v 1.47 2016/03/11 23:03:31 khorben Exp $
+# $NetBSD: NetBSD.mk,v 1.48 2016/03/11 23:54:09 khorben Exp $
 #
 # Variable definitions for the NetBSD operating system.
 
@@ -123,26 +123,19 @@ FFLAGS+=	-mieee
 PKG_HAVE_KQUEUE=	# defined
 .endif
 
-# Register support for FORTIFY where supported (with GCC)
+# Register support for FORTIFY (with GCC)
 _OPSYS_SUPPORTS_FORTIFY=yes
-_FORTIFY_CFLAGS.gcc=	-D_FORTIFY_SOURCE=2
 
 # Register support for PIE on supported architectures (with GCC)
 .if (${MACHINE_ARCH} == "i386") || \
     (${MACHINE_ARCH} == "x86_64")
 _OPSYS_SUPPORTS_MKPIE=	yes
-_MKPIE_CFLAGS.gcc=	-fPIC
-# XXX for executables it should be:
-#_MKPIE_CFLAGS.gcc=	-fPIE
-# XXX for libraries a sink wrapper around gcc is required and used instead
-#_MKPIE_LDFLAGS.gcc=	-pie
 .endif
 
 # Register support for RELRO on supported architectures (with GCC)
 .if (${MACHINE_ARCH} == "i386") || \
     (${MACHINE_ARCH} == "x86_64")
 _OPSYS_SUPPORTS_RELRO=	yes
-_RELRO_LDFLAGS.gcc=	-Wl,-z,relro -Wl,-z,now
 .endif
 
 # Register support for SSP on most architectures (with GCC)
@@ -151,7 +144,6 @@ _RELRO_LDFLAGS.gcc=	-Wl,-z,relro -Wl,-z,now
     (${MACHINE_ARCH} != "ia64") && \
     (${MACHINE_ARCH} != "mips")
 _OPSYS_SUPPORTS_SSP=	yes
-_SSP_CFLAGS.gcc=	-fstack-protector-all
 .endif
 
 _OPSYS_CAN_CHECK_SHLIBS=	yes # use readelf in check/bsd.check-vars.mk
diff --git a/mk/platform/SunOS.mk b/mk/platform/SunOS.mk
index 6c6d1ffe0fe..01ab39f2507 100644
--- a/mk/platform/SunOS.mk
+++ b/mk/platform/SunOS.mk
@@ -1,4 +1,4 @@
-# $NetBSD: SunOS.mk,v 1.70 2016/03/11 23:03:31 khorben Exp $
+# $NetBSD: SunOS.mk,v 1.71 2016/03/11 23:54:09 khorben Exp $
 #
 # Variable definitions for the SunOS/Solaris operating system.
 
@@ -113,11 +113,9 @@ _OPSYS_INCLUDE_DIRS?=	/usr/include
 
 # support FORTIFY (with GCC)
 _OPSYS_SUPPORTS_FORTIFY=yes
-_FORTIFY_CFLAGS.gcc=	-D_FORTIFY_SOURCE=2
 
 # support stack protection (with GCC)
 _OPSYS_SUPPORTS_SSP=	yes
-_SSP_CFLAGS.gcc=	-fstack-protector
 
 _OPSYS_CAN_CHECK_SHLIBS=	yes # requires readelf