adding support for hardened toolchain

Heiko Zuerker
Wed Jan 5 19:50:00 GMT 2011

Quoting Bryan Hundven <>:


>> The hardened toolchain is not anything folks would look at on their own
>> usually. Adding it to ct-ng would give it more exposure and more folks may
>> tend to try it out. We really need to get to a place where things get more
>> secure for everybody.
>> We'll see when I actually get a chance to look into writing a patch for
>> this...
> After looking into this a bit more, I think I get it now, and I would
> like to see this get into crosstool-ng.

Cool :)

> It seems to me that the patch directory needs to be refactored. I
> would suggest something like:
> patches/
>   <architecture>/
>       <program>/
>           <version>/
>              <patch>.patch
> Where one of the "architecture"s would be "any" and another would be
> "security", besides just x86, powerpc, arm, etc...
> This makes sense, because my x86 toolchain doesn't need patches that
> are specific to powerpc, and if the CT_TOOLCHAIN_HARDENING is enabled,
> it will apply patches from "security". Patches that would be applied
> regardless of architecture would go in "any".

On one hand I really like the idea of separating the architectures  
out, but on the other hand I'm a bit worried about inter-dependencies.  
Of course this could also simply be solved by moving these specific  
patches into "any". We need to be careful not to turn this whole thing  
into a maintenance nightmare whenever a new i.e. gcc comes out.


   Heiko Zuerker

This message was sent using IMP, the Internet Messaging Program.

For unsubscribe information see

More information about the crossgcc mailing list