I'm using gentoo and actualy I have ~94% of packages compiled with icc. I
would like to switch to hardened profile (using pic, pie - position
independent code and ssp - stack smashing protector).
For that, gcc
is special patched and it use the following flags: -fPIE, -fPIC,
FORTIFY-SOURCES and -fstack-protector or -fstack-protector-all in
various combinations as needed by situation.
icc support -fpic and -fpie and have an equivalent of SSP: -fp-stack-check and no equivalent of FORTIFY_SOURCES.
I need a way to tell icc when to use -fPIC and when to use -fPIE or none of these two.
With gcc this can be done using specifications files (spec files) as in following examples:
%{!fsyntax-only:%{!c:%{!M:%{!MM:%{!E:%{!S: %(linker) %l
%{pie: -pie} %X %{o*} %{A} %{d} %{e*} %{m} %{N} %{n} %{r}
%{s} %{t} %{u*} %{x} %{z} %{Z} %{!A:%{!nostdlib:%{!nostartfiles:%S}}}
%{static:} %{L*} %(link_libgcc) %o %{fprofile-arcs|fprofile-generate:-lgcov}
%{!symbolic:%{!shared:%{fbounds-checking:libboundscheck.a%s}}}
%{!symbolic:%{!shared:%{fbc-strings-only:libboundscheck.a%s}}}
%{!nostdlib:%{!nodefaultlibs:%(link_gcc_c_sequence)}}
%{!A:%{!nostdlib:%{!nostartfiles:%E}}} %{T*} }}}}}}
More info about Gentoo Hardened can be found here:
http://www.gentoo.org/proj/en/hardened/hardened-toolchain.xmlI have to mention that I'm not developer.
Does icc support in a way or another specifications file ? Is it suitable for my purpose ?
Can it be done ?
Thank you!
