adding support for hardened toolchain

Heiko Zuerker heiko@zuerker.org
Wed Dec 29 20:44:00 GMT 2010


Quoting "Yann E. MORIN" <yann.morin.1998@anciens.enib.fr>:
> Heiko, All,
>
> On Wednesday 29 December 2010 20:15:29 Heiko Zuerker wrote:
>> I'm currently applying additional patches to gcc, in order to create a
>> hardened toolchain.
>> You can find the patches here:
>> http://devil-linux.git.sourceforge.net/git/gitweb.cgi?p=devil-linux/devil-linux;a=tree;f=target/Devil-Linux/default/patches.ct-ng/gcc;hb=HEAD
>>
>> I was wondering what the best way would be to incorporate that as a
>> configurable options into ct-ng, so other people could enjoy this
>> functionality too.
>
> There is a simple way to do that, but it's not future-proof:
> - create a new directory under patches/ for example: patches/hardened
> - add new patches in the same structure as currently present in patches/
> - configure crosstool-NG to use local patches
>   - set Patches origin: Bundled, then local
>   - set Local patch directory to ${CT_LIB_DIR}/patches/hardened
>
> Then, when building the toolchain, the additional patches in patches/hardened
> will be apply ontop of the current patches.
>
> What I do not like in this scheme is that it does not scale at all. Should
> another feature-patchset gets included, we could not use that new patchset
> with the hardened patches, as only one 'local' patch dir can be specified.
> Besides, it means that true 'local' patches can no longer be applied either.
>
> Yet, you can use that to test your patches integration, as a begining.

I use the existing features of ct-ng to apply the patches after the  
ones you supply out of the box. Everything seems to work fine.

> Now, I was thinking of something a big more generic:
> - add the patches/hardened directory as above
> - add a boolean option in the Toolchain options sub-menu:
>   [ ] Hardened toolchain
> - have CT_Patch look at the patches/hardened directory if the above
>   option is set.
>
> Then, if we add a new feature-patchset:
> - add a new directory under patches, say patches/foobar
> - add a boolean option in the Toolchain options sub-menu
> - have CT_Patch add the new directory to the list of dirs to search, if
>   the above option is set.
>
> This would have to be split in two parts:
> - first, the generic additional patch dir handling
> - second the new hardened patches directory
>
> This should not be very complex to do, I think.

Yes and once the framework is created, it will be really easy to add  
new features which rely on patches.

>> I know it works under x86 based architecture, but don't have any other
>> hardware available to do any testing with.
>
> Qemu might come handy in this case.

I'll have to take a look at that some time in the future.
Right now all my available time goes into getting buildroot and ct-ng  
in shape so I can use it as a build platform for Devil-Linux.

-- 

Regards
   Heiko Zuerker
   http://www.devil-linux.org


----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.



--
For unsubscribe information see http://sourceware.org/lists.html#faq



More information about the crossgcc mailing list