[PATCH] gnu: grub-efi: Only enable the stack protector on x86_64-linux.

  • Done
  • quality assurance status badge
Details
3 participants
  • Christopher Baines
  • Maxime Devos
  • Mathieu Othacehe
Owner
unassigned
Submitted by
Christopher Baines
Severity
normal

Debbugs page

Christopher Baines wrote 4 years ago
(address . guix-patches@gnu.org)
20210627184708.17496-1-mail@cbaines.net
Follow up to 018f95094153660e3041ec160718f0bda286a3dc, as gcc on aarch64-linux
doesn't seem to support -mstack-protector-guard=global.

* gnu/packages/bootloaders.scm (grub-efi)[arguments]: Only add
"--enable-stack-protector" to #:configure-flags when system is x86_64-linux.
---
gnu/packages/bootloaders.scm | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)

Toggle diff (18 lines)
diff --git a/gnu/packages/bootloaders.scm b/gnu/packages/bootloaders.scm
index e83f21ea63..1ff0348ac7 100644
--- a/gnu/packages/bootloaders.scm
+++ b/gnu/packages/bootloaders.scm
@@ -303,7 +303,10 @@ menu to select one of the installed operating systems.")
((#:tests? _ #f) #f)
((#:configure-flags flags ''())
`(cons* "--with-platform=efi"
- "--enable-stack-protector" ; EFI-only for now
+ ,@(if (string=? (%current-system)
+ "x86_64-linux")
+ '("--enable-stack-protector") ; EFI-only for now
+ '())
,flags))
((#:phases phases)
`(modify-phases ,phases
--
2.32.0
Mathieu Othacehe wrote 4 years ago
(name . Christopher Baines)(address . mail@cbaines.net)(address . 49244@debbugs.gnu.org)
87wnqcvg25.fsf@gnu.org
Hey Chris,

Toggle quote (5 lines)
> + ,@(if (string=? (%current-system)
> + "x86_64-linux")
> + '("--enable-stack-protector") ; EFI-only for now
> + '())

Maybe we should also avoid this option when cross-compiling? Otherwise
it looks OK.

Thanks,

Mathieu
Maxime Devos wrote 4 years ago
Re: [bug#49244] [PATCH] gnu: grub-efi: Only enable the stack protector on x86_64-linux.
(address . 49244@debbugs.gnu.org)
0f7e68a422111e01388bc862d395b7a417be9c6e.camel@telenet.be
Mathieu Othacehe schreef op di 29-06-2021 om 17:36 [+0200]:
Toggle quote (10 lines)
> Hey Chris,
>
> > + ,@(if (string=? (%current-system)
> > + "x86_64-linux")
> > + '("--enable-stack-protector") ; EFI-only for now
> > + '())
>
> Maybe we should also avoid this option when cross-compiling? Otherwise
> it looks OK.

Or rather,
(string-prefix? (or (%current-target-system) (%current-system)) "x86_64")
(or was it the other way around)?

Greetings,
Maxime.
-----BEGIN PGP SIGNATURE-----

iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYNyKcBccbWF4aW1lZGV2
b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7u1WAP9FP7OIOyH4y5AlbQCuSVT8KpKt
x8fX340VMEPQFKglnQEAqESZxUWakBikMa35nvOr7KnY7RquLZW3IWjPVlJEhQY=
=uspa
-----END PGP SIGNATURE-----


Christopher Baines wrote 4 years ago
Re: bug#49244: [PATCH] gnu: grub-efi: Only enable the stack protector on x86_64-linux.
(address . 49244-done@debbugs.gnu.org)(name . Mathieu Othacehe)(address . othacehe@gnu.org)
87bl7l7gst.fsf@cbaines.net
Mathieu Othacehe <othacehe@gnu.org> writes:

Toggle quote (10 lines)
> Hey Chris,
>
>> + ,@(if (string=? (%current-system)
>> + "x86_64-linux")
>> + '("--enable-stack-protector") ; EFI-only for now
>> + '())
>
> Maybe we should also avoid this option when cross-compiling? Otherwise
> it looks OK.

Yeah, I was trying to test the cross-compiling case, but I think
something else fails regardless. Anyway, I've pushed something similar
to what Maxime suggested as fd549750d9ab23a0505aeb4c03e1299e860a4f16.

Thanks,

CHris
-----BEGIN PGP SIGNATURE-----

iQKlBAEBCgCPFiEEPonu50WOcg2XVOCyXiijOwuE9XcFAmDeUDJfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDNF
ODlFRUU3NDU4RTcyMEQ5NzU0RTBCMjVFMjhBMzNCMEI4NEY1NzcRHG1haWxAY2Jh
aW5lcy5uZXQACgkQXiijOwuE9XfTvRAArvUa/oqYKDsDE7OqR0vraMEXuHuQ/f9W
6k0QSI/ltmw4Hb1YLaW2i2vzUWmIFAQOBCDETnesxf0Xgcn/cDtptY1p/s828huF
WvQ2Vnd2coHLUoLquasQiAIJSUnQlqoW3cgHlE7XtvVhcJolyzPA3JGxZebVeA4I
wNGfI6a5h8sYp2dTOjwOSG8Ul2g4SHPG9AKERpHDYZS1j833sBYXOd6QKWDTSEn9
RSlDrf+W61A7BPWpgVIYMnQLscW3hfhMuN2O3j+JqrUZer6/olcLKLQcprwIMA0W
7yi/6flYF7e8DiuDJHLrGcLKpNg65PkhHsKZvjoqo5gpzd4fQ75fU+a7Z8vQI9i0
R/KR8PAow1oJL4Wjstg5CcQrwCs2bjEpoi+GpY6Yyu77/TwjXp/fN8mJ3deDKbiD
BncvbcDMei38DSTpw3AggVd1+5MVtHzqbvQMc61k59xHKPf3zfz5WkAS7fDGQ/UG
zD7mTpGgi7DphokcMNoGPHAqa+FV93ba7lMoNc3PxR3tDFrVHFnpOOX4yX8kl9hV
h6Dfhm25ojIKhMPJTPp8MsmtP+coA2xNOrDEKE+h/WorH7xytah25zfBm2UGZAPY
+ozQM22U0rn1ZnKLTgZpnVXHYipXsqUaQ/Nq2aIodKYPsrBDEAScrDI8kWqsakak
QBJBKEVYyZQ=
=PjIa
-----END PGP SIGNATURE-----

Closed
?
Your comment

This issue is archived.

To comment on this conversation send an email to 49244@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 49244
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch
You may also tag this issue. See list of standard tags. For example, to set the confirmed and easy tags
mumi command -t +confirmed -t +easy
Or, remove the moreinfo tag and set the help tag
mumi command -t -moreinfo -t +help