From 7fed71e9ac107d8c3d04a5a37e5f46466d9b536c Mon Sep 17 00:00:00 2001 From: Michael Marineau Date: Tue, 7 Jul 2015 20:25:12 -0700 Subject: [PATCH] coreos-kernel: explicitly add -nopie for hardened compilers The Gentoo hardened compiler enables PIE by default unless it detects an incompatible option. To detect kernel builds it uses -D__KERNEL__ which is unfortunately a preprocessor option that ccache >= 3.2 will not pass to compile-only calls, since in theory it is unnessicary and omitting preprocessor options works around and issues in another (*cough* LLVM) compilers. There really isn't any other alternative magic hack so go with the plain no-magic solution. :) Bug: https://bugs.gentoo.org/show_bug.cgi?id=535984 --- .../coreos-overlay/eclass/coreos-kernel.eclass | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/sdk_container/src/third_party/coreos-overlay/eclass/coreos-kernel.eclass b/sdk_container/src/third_party/coreos-overlay/eclass/coreos-kernel.eclass index d6d53626c9..6acd4979df 100644 --- a/sdk_container/src/third_party/coreos-overlay/eclass/coreos-kernel.eclass +++ b/sdk_container/src/third_party/coreos-overlay/eclass/coreos-kernel.eclass @@ -92,8 +92,12 @@ update_bootengine_cpio() { } kmake() { - local kernel_arch=$(tc-arch-kernel) - emake LDFLAGS="" ARCH="${kernel_arch}" CROSS_COMPILE="${CHOST}-" "$@" + local kernel_arch=$(tc-arch-kernel) kernel_cflags= + if gcc-specs-pie; then + kernel_cflags="-nopie" + fi + emake ARCH="${kernel_arch}" CROSS_COMPILE="${CHOST}-" \ + KCFLAGS="${kernel_cflags}" LDFLAGS="" "$@" } # Discard the module signing key, we use new keys for each build.