diff options
| author | jperkin <jperkin@pkgsrc.org> | 2018-01-15 09:35:45 +0000 |
|---|---|---|
| committer | jperkin <jperkin@pkgsrc.org> | 2018-01-15 09:35:45 +0000 |
| commit | 6085eb7ce3964895687b9a789758c5d4b522c504 (patch) | |
| tree | bdfa6be5ded1bbd27f3e42817db0397bdff8d93a /mk | |
| parent | 4d5c4b505c3669c086c3ad74a5f2289dbdf4a9b8 (diff) | |
| download | pkgsrc-6085eb7ce3964895687b9a789758c5d4b522c504.tar.gz | |
mk: Introduce *_SUPPORTED variables for security features.
Using variables such as PKGSRC_USE_SSP in package Makefiles to disable SSP does
not work due to the parsing order in bsd.prefs.mk. Even if it did, it's not a
good idea to mix user and package settable variables, and would cause issues in
complex packages where bsd.prefs.mk is included early (e.g. Makefile.common).
Packages can now set {MKPIE,MKREPRO,FORTIFY,RELRO,SSP,STACK_CHECK}_SUPPORTED=no
to correctly disable security features if necessary.
Diffstat (limited to 'mk')
| -rw-r--r-- | mk/bsd.prefs.mk | 32 |
1 files changed, 19 insertions, 13 deletions
diff --git a/mk/bsd.prefs.mk b/mk/bsd.prefs.mk index bbd93490cc6..8772bf8babb 100644 --- a/mk/bsd.prefs.mk +++ b/mk/bsd.prefs.mk @@ -1,4 +1,4 @@ -# $NetBSD: bsd.prefs.mk,v 1.395 2017/11/12 13:34:14 khorben Exp $ +# $NetBSD: bsd.prefs.mk,v 1.396 2018/01/15 09:35:45 jperkin Exp $ # # This file includes the mk.conf file, which contains the user settings. # @@ -700,38 +700,44 @@ _BUILD_DEFS+= INIT_SYSTEM .endif _PKGSRC_MKPIE= no -.if (${PKGSRC_MKPIE:tl} == "yes") && \ - (${_OPSYS_SUPPORTS_MKPIE:Uno} == "yes") +.if ${PKGSRC_MKPIE:tl} == "yes" && \ + ${MKPIE_SUPPORTED:Uyes:tl} == "yes" && \ + ${_OPSYS_SUPPORTS_MKPIE:Uno} == "yes" _PKGSRC_MKPIE= yes .endif _PKGSRC_MKREPRO= no -.if (${PKGSRC_MKREPRO:tl} == "yes") && \ - (${_OPSYS_SUPPORTS_MKREPRO:Uno} == "yes") +.if ${PKGSRC_MKREPRO:tl} == "yes" && \ + ${MKREPRO_SUPPORTED:Uyes:tl} == "yes" && \ + ${_OPSYS_SUPPORTS_MKREPRO:Uno} == "yes" _PKGSRC_MKREPRO= yes .endif _PKGSRC_USE_FORTIFY= no -.if (${PKGSRC_USE_FORTIFY:tl} != "no") && \ - (${_OPSYS_SUPPORTS_FORTIFY:Uno} == "yes") +.if ${PKGSRC_USE_FORTIFY:tl} != "no" && \ + ${FORTIFY_SUPPORTED:Uyes:tl} == "yes" && \ + ${_OPSYS_SUPPORTS_FORTIFY:Uno} == "yes" _PKGSRC_USE_FORTIFY= yes .endif _PKGSRC_USE_RELRO= no -.if (${PKGSRC_USE_RELRO:tl} != "no") && \ - (${_OPSYS_SUPPORTS_RELRO:Uno} == "yes") +.if ${PKGSRC_USE_RELRO:tl} != "no" && \ + ${RELRO_SUPPORTED:Uyes:tl} == "yes" && \ + ${_OPSYS_SUPPORTS_RELRO:Uno} == "yes" _PKGSRC_USE_RELRO= yes .endif _PKGSRC_USE_SSP= no -.if (${PKGSRC_USE_SSP:tl} != "no") && \ - (${_OPSYS_SUPPORTS_SSP:Uno} == "yes") +.if ${PKGSRC_USE_SSP:tl} != "no" && \ + ${SSP_SUPPORTED:Uyes:tl} == "yes" && \ + ${_OPSYS_SUPPORTS_SSP:Uno} == "yes" _PKGSRC_USE_SSP= yes .endif _PKGSRC_USE_STACK_CHECK=no -.if (${PKGSRC_USE_STACK_CHECK:tl} != "no") && \ - (${_OPSYS_SUPPORTS_STACK_CHECK:Uno} == "yes") +.if ${PKGSRC_USE_STACK_CHECK:tl} != "no" && \ + ${STACK_CHECK_SUPPORTED:Uyes:tl} == "yes" && \ + ${_OPSYS_SUPPORTS_STACK_CHECK:Uno} == "yes" _PKGSRC_USE_STACK_CHECK=yes .endif |