Building ports with stack-protector

Dmitry Marakasov amdmi3 at
Wed Jun 2 19:20:05 UTC 2010

* Janne Snabb (snabb at wrote:

> Based on these variables the port infrastructure would decide whether
> to add "-fstack-protector" to CFLAGS or not:
>                                 Port Makefile
>                                 USE_STACK_PROTECTOR
>                                 yes     undef   no
> In /etc/make.conf:           +--------------------
> WITH_STACK_PROTECTOR   yes   | yes     yes     no
>                        undef  | yes     no      no
>                         no    | no      no      no

I'd perfer variables to be named and to work similarily to existing
MAKE_JOBS framework. There should be a way to force stack-protector
to be able to check which ports can be build with it with a exp-run,
and for courageous users who may want to enable stack-protector by
default and are not afraid to send PRs if something fails. Also,
AFAIR there was certain performance penalty with stack-protector,
no? Judging on how noticeable it is (are any linux distros using
it by default? If yes, may look through phoronix comparisons), I'd
make it enabled or disabled by default.

It may be implemented by mere copypasting MAKE_JOBS implementation,
like this:
(not tested and lacks variable descriptions at the top of the file).
As you can see, there're condition lines for both enabled-by-default,
and disabled-by-default, and I think the latter can be added to right now with a possible switch to the former later, if
we find it useful enough.

Also note, that unlike MAKE_JOBS (for which build failures are
non-deterministic), this can probably be tested with a single exp-run
and all ports marked with STACK_PROTECTOR_{UN,}SAFE. If that's
considered useful enough as well.

Dmitry Marakasov   .   55B5 0596 FF1E 8D84 5F56  9510 D35A 80DD F9D2 F77D
amdmi3 at  ..:  jabber: amdmi3 at

More information about the freebsd-ports mailing list