commit 71f2ed613d2b2ce6fb40ef27f99fd140b1b86517 Author: Georg Koppen gk@torproject.org Date: Mon Sep 22 10:04:12 2014 +0000
Bug 13031: Adding full RELRO protection on Linux.
Thanks to a patch by a cypherpunk we have now full RELRO protection when using gold as our linker. --- gitian/descriptors/linux/gitian-firefox.yml | 9 +++++++++ gitian/descriptors/linux/gitian-utils.yml | 6 +----- 2 files changed, 10 insertions(+), 5 deletions(-)
diff --git a/gitian/descriptors/linux/gitian-firefox.yml b/gitian/descriptors/linux/gitian-firefox.yml index 0cd4b28..509f63a 100644 --- a/gitian/descriptors/linux/gitian-firefox.yml +++ b/gitian/descriptors/linux/gitian-firefox.yml @@ -65,6 +65,15 @@ script: | export PATH=$INSTDIR/python/bin:$PATH # unzip -d $INSTDIR binutils-linux$GBUILD_BITS-utils.zip + # Make sure gold is used with the hardening wrapper for full RELRO, see + # #13031. + cd $INSTDIR/binutils/bin + rm ld + cp /usr/bin/hardened-ld ./ + mv ld.gold ld.gold.real + ln -sf hardened-ld ld.gold + ln -sf ld.gold ld + cd ~/build export PATH=$INSTDIR/binutils/bin:$PATH mkdir -p $INSTDIR/Browser/ mkdir -p $INSTDIR/Debug/Browser/components diff --git a/gitian/descriptors/linux/gitian-utils.yml b/gitian/descriptors/linux/gitian-utils.yml index ea122db..074076e 100644 --- a/gitian/descriptors/linux/gitian-utils.yml +++ b/gitian/descriptors/linux/gitian-utils.yml @@ -60,11 +60,7 @@ script: | ./configure --prefix=$INSTDIR/binutils --disable-multilib --enable-gold make $MAKEOPTS make install - # Make sure gold is used and not ld. - cd $INSTDIR/binutils/bin - rm ld - ln -sf ld.gold ld - cd ~/build + cd ..
# Building Libevent cd libevent
tbb-commits@lists.torproject.org