8735fdbd4c
- It is opt-out for now so as to give it maximum testing, but it may be turned opt-in for stable branches depending on the consensus. You can turn it off with WITHOUT_SSP. - WITHOUT_SSP was previously used to disable the build of GNU libssp. It is harmless to steal the knob as SSP symbols have been provided by libc for a long time, GNU libssp should not have been much used. - SSP is disabled in a few corners such as system bootstrap programs (sys/boot), process bootstrap code (rtld, csu) and SSP symbols themselves. - It should be safe to use -fstack-protector-all to build world, however libc will be automatically downgraded to -fstack-protector because it breaks rtld otherwise. - This option is unavailable on ia64. Enable GCC stack protection (aka Propolice) for kernel: - It is opt-out for now so as to give it maximum testing. - Do not compile your kernel with -fstack-protector-all, it won't work. Submitted by: Jeremie Le Hen <jeremie@le-hen.org> |
||
---|---|---|
.. | ||
librescue | ||
rescue | ||
Makefile | ||
README |
The /rescue build system here has three goals: 1) Produce a reliable standalone set of /rescue tools. The contents of /rescue are all statically linked and do not depend on anything in /bin or /sbin. In particular, they'll continue to function even if you've hosed your dynamic /bin and /sbin. For example, note that /rescue/mount runs /rescue/mount_nfs and not /sbin/mount_nfs. This is more subtle than it looks. As an added bonus, /rescue is fairly small (thanks to crunchgen) and includes a number of tools (such as gzip, bzip2, vi) that are not normally found in /bin and /sbin. 2) Demonstrate robust use of crunchgen. These Makefiles recompile each of the crunchgen components and include support for overriding specific library entries. Such techniques should be useful elsewhere. For example, boot floppies could use this to conditionally compile out features to reduce executable size. 3) Produce a toolkit suitable for small distributions. Install /rescue on a CD or CompactFlash disk, and symlink /bin and /sbin to /rescue to produce a small and fairly complete FreeBSD system. These tools have one big disadvantage: being statically linked, they cannot use some advanced library functions that rely on dynamic linking. In particular, nsswitch, locales, and pam are likely to all rely on dynamic linking in the near future. To compile: # cd /usr/src/rescue # make obj # make # make install Note that rebuilds don't always work correctly; if you run into trouble, try 'make clean' before recompiling. $FreeBSD$