From f2a6af2ce79e26bf47604b610056d8c524b647f2 Mon Sep 17 00:00:00 2001 From: liyunfei Date: Tue, 9 Jan 2024 20:39:10 +0800 Subject: [PATCH 1/2] Add support for selecting clang as a toolchain --- generic-hardened-clang.cfg | 1 + macros | 56 ++++++++++++++++++++++++++++++++++++-- 2 files changed, 57 insertions(+), 3 deletions(-) create mode 100644 generic-hardened-clang.cfg diff --git a/generic-hardened-clang.cfg b/generic-hardened-clang.cfg new file mode 100644 index 0000000..ac596df --- /dev/null +++ b/generic-hardened-clang.cfg @@ -0,0 +1 @@ +-fPIE \ No newline at end of file diff --git a/macros b/macros index 5fdaf0a..0062126 100755 --- a/macros +++ b/macros @@ -23,6 +23,46 @@ %_build_id_links none +# GCC toolchain +%__cc_gcc gcc +%__cxx_gcc g++ +%__cpp_gcc gcc -E + +# Clang toolchain +%__cc_clang clang +%__cxx_clang clang++ +%__cpp_clang clang-cpp + +# Default to the GCC toolchain +# +# It is enough to override `toolchain` macro and all relevant macro for C/C++ +# compilers will be switched. Either in the spec or in the command-line. +# +# %global toolchain clang +# +# or: +# +# rpmbuild -D "toolchain clang" … +# +# Inside a spec file it is also possible to determine which toolchain is in use +# by testing the same macro. For example: +# +# %if "%{toolchain}" == "gcc" +# BuildRequires: gcc +# %endif +# +# or: +# +# %if "%{toolchain}" == "clang" +# BuildRequires: clang compiler-rt +# %endif +# +%toolchain gcc + +%__cc %{expand:%%{__cc_%{toolchain}}} +%__cxx %{expand:%%{__cxx_%{toolchain}}} +%__cpp %{expand:%%{__cpp_%{toolchain}}} + #============================================================================== # ---- compiler flags. @@ -31,7 +71,13 @@ %build_fflags %{optflags} -fexceptions -I%{_fmoddir} %build_ldflags -Wl,-z,relro %{_ld_as_needed_flags} %{_ld_symbols_flags} %{_hardened_ldflags} +%set_build_cc \ + CC=%{__cc}; export CC ; \ + CXX=%{__cxx}; export CXX ; \ + CCC="${CCC:-%{__cxx}}" ; export CCC + %set_build_flags \ + %[ "%{toolchain}" == "gcc" ? "" : "%{set_build_cc};" ] \ CFLAGS="${CFLAGS:-%{build_cflags}}" ; export CFLAGS ; \ CXXFLAGS="${CXXFLAGS:-%{build_cxxflags}}" ; export CXXFLAGS ; \ FFLAGS="${FFLAGS:-%{build_fflags}}" ; export FFLAGS ; \ @@ -162,8 +208,10 @@ # secure options for rpmbuild # # #hardened options -%_hardening_cflags -specs=/usr/lib/rpm/generic-hardened-cc1 -%_hardening_ldflags -Wl,-z,now -specs=/usr/lib/rpm/generic-hardened-ld +%_hardening_gcc_cflags -specs=/usr/lib/rpm/generic-hardened-cc1 +%_hardening_clang_cflags --config /usr/lib/rpm/generic-hardened-clang.cfg +%_hardening_cflags %{expand:%%{_hardening_%{toolchain}_cflags}} +%_hardening_ldflags -Wl,-z,now %[ "%{toolchain}" == "gcc" ? "-specs=/usr/lib/rpm/generic-hardened-ld" : "" ] # Use "%undefine _hardened_build" to disable. %_hardened_build 1 %_hardened_cflags %{?_hardened_build:%{_hardening_cflags}} @@ -195,7 +243,11 @@ #%_ld_as_needed 1 %_ld_as_needed_flags %{?_ld_as_needed:-Wl,--as-needed} -%__global_compiler_flags -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fstack-protector-strong -grecord-gcc-switches %{_hardened_cflags} +%_general_options -O2 -g -grecord-gcc-switches -pipe -fstack-protector-strong %[ "%{toolchain}" == "clang" ? "-fgcc-compatible" : "" ] +%_warning_options -Wall -Werror=format-security +%_preprocessor_defines -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS + +%__global_compiler_flags %{_general_options} %{_warning_options} %{_preprocessor_defines} %{_hardened_cflags} # Automatically trim changelog entries after 2 years %_changelog_trimtime %{lua:print(os.time() - 2 * 365 * 86400)} -- 2.27.0