Merge bitcoin/bitcoin#30438: guix: (explicitly) build Linux GCC with --enable-cet

89bf11b807 guix: build Linux GCC with --enable-cet (fanquake) Pull request description: Similar to #29695, and in the same vein of explicitly configuring hardening options in our release toolchain. See https://gcc.gnu.org/install/configure.html: >` --enable-cet` > Enable building target run-time libraries with control-flow instrumentation, see `-fcf-protection option`. When --enable-cet is specified target libraries are configured to add `-fcf-protection` and, if needed, other target specific options to a set of building options. > `--enable-cet=auto` is default. CET is enabled on Linux/x86 if target binutils supports Intel CET instructions and disabled otherwise. In this case, the target libraries are configured to get additional `-fcf-protection` option. ACKs for top commit: TheCharlatan: ACK 89bf11b807 Tree-SHA512: 772d8529713a31e5db42be4e053582bb9ba6f26079ae136c6bf8303c4992a90d61159dbb0fde7a4b4cb7b4bf5024d5397a78004e6188b36e1c36dd5e5cdc49ad
2025-03-04 13:55:23 -05:00 · 2024-09-17 09:47:44 +01:00 · 2024-09-17 09:47:44 +01:00 · 225718eda8
commit 225718eda8
parent 9f1aa88d4d 89bf11b807
1 changed files with 1 additions and 0 deletions
--- a/contrib/guix/manifest.scm
+++ b/contrib/guix/manifest.scm
@ -434,6 +434,7 @@ inspecting signatures in Mach-O binaries.")
                  "--enable-default-ssp=yes",
                  "--enable-default-pie=yes",
                  "--enable-standard-branch-protection=yes",
+                  "--enable-cet=yes",
                  building-on)))
        ((#:phases phases)
          `(modify-phases ,phases