This is the mail archive of the crossgcc@sourceware.org mailing list for the crossgcc project.

See the CrossGCC FAQ for lots more information.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: adding support for hardened toolchain

From: Heiko Zuerker <heiko at zuerker dot org>
To: "Yann E. MORIN" <yann dot morin dot 1998 at anciens dot enib dot fr>
Cc: crossgcc at sourceware dot org
Date: Wed, 29 Dec 2010 14:44:40 -0600
Subject: Re: adding support for hardened toolchain
References: <20101229131529.152749nes31253v4@www.home.zuerker.org> <201012292113.00953.yann.morin.1998@anciens.enib.fr>

Quoting "Yann E. MORIN" <yann.morin.1998@anciens.enib.fr>:

Heiko, All,

On Wednesday 29 December 2010 20:15:29 Heiko Zuerker wrote:

I'm currently applying additional patches to gcc, in order to create a
hardened toolchain.
You can find the patches here:
http://devil-linux.git.sourceforge.net/git/gitweb.cgi?p=devil-linux/devil-linux;a=tree;f=target/Devil-Linux/default/patches.ct-ng/gcc;hb=HEAD

I was wondering what the best way would be to incorporate that as a
configurable options into ct-ng, so other people could enjoy this
functionality too.


There is a simple way to do that, but it's not future-proof:
- create a new directory under patches/ for example: patches/hardened
- add new patches in the same structure as currently present in patches/
- configure crosstool-NG to use local patches
  - set Patches origin: Bundled, then local
  - set Local patch directory to ${CT_LIB_DIR}/patches/hardened

Then, when building the toolchain, the additional patches in patches/hardened
will be apply ontop of the current patches.

What I do not like in this scheme is that it does not scale at all. Should
another feature-patchset gets included, we could not use that new patchset
with the hardened patches, as only one 'local' patch dir can be specified.
Besides, it means that true 'local' patches can no longer be applied either.

Yet, you can use that to test your patches integration, as a begining.

I use the existing features of ct-ng to apply the patches after the ones you supply out of the box. Everything seems to work fine.

Now, I was thinking of something a big more generic:
- add the patches/hardened directory as above
- add a boolean option in the Toolchain options sub-menu:
  [ ] Hardened toolchain
- have CT_Patch look at the patches/hardened directory if the above
  option is set.

Then, if we add a new feature-patchset:
- add a new directory under patches, say patches/foobar
- add a boolean option in the Toolchain options sub-menu
- have CT_Patch add the new directory to the list of dirs to search, if
  the above option is set.

This would have to be split in two parts:
- first, the generic additional patch dir handling
- second the new hardened patches directory

This should not be very complex to do, I think.

Yes and once the framework is created, it will be really easy to add new features which rely on patches.

I know it works under x86 based architecture, but don't have any other
hardware available to do any testing with.

Qemu might come handy in this case.

I'll have to take a look at that some time in the future. Right now all my available time goes into getting buildroot and ct-ng in shape so I can use it as a build platform for Devil-Linux.

--

Regards
  Heiko Zuerker
  http://www.devil-linux.org


----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

--
For unsubscribe information see http://sourceware.org/lists.html#faq

Follow-Ups:
- Re: adding support for hardened toolchain
  - From: Yann E. MORIN

References:
- adding support for hardened toolchain
  - From: Heiko Zuerker
- Re: adding support for hardened toolchain
  - From: Yann E. MORIN

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]