Ubuntu
systemd package

Merge ~xnox/ubuntu/+source/systemd:cet into ~ubuntu-core-dev/ubuntu/+source/systemd:ubuntu-groovy

  1. Git
  2. lp:~xnox/ubuntu/+source/systemd
  3. cet
  4. Merge into ubuntu-groovy
Proposed by Dimitri John Ledkov
Status: Merged
Merge reported by: Balint Reczey
Merged at revision: dae13af52b92f05a0f5b3bee5e2bf374f04da147
Proposed branch: ~xnox/ubuntu/+source/systemd:cet
Merge into: ~ubuntu-core-dev/ubuntu/+source/systemd:ubuntu-groovy
Diff against target: 16 lines (+5/-0)
1 file modified
debian/rules (+5/-0)
Reviewer Review Type Date Requested Status
Balint Reczey Approve
Dimitri John Ledkov Pending
Review via email: mp+386467@code.launchpad.net

Commit message

ubuntu: enable CET on amd64.

CET is enabled by default in our toolchain, however currently toolchain forgets about that if lto is enabled, which it is by systemd. Specify -fcf-protection flag in LDFLAGS, to ensure that systemd is CET enabled whilst using lto.

I expect this patch to be temporary, and will be possible to drop once the toolchain is fixed later this cycle.

To post a comment you must log in.
Revision history for this message
Balint Reczey (rbalint) wrote :

Sure, let's enable this as early as possible.

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/rules b/debian/rules
2index 8b42dd7..175f4e8 100755
3--- a/debian/rules
4+++ b/debian/rules
5@@ -11,6 +11,11 @@ ifeq ($(DEB_VENDOR),Ubuntu)
6 DEFAULT_NTP_SERVERS = ntp.ubuntu.com
7 SUPPORT_URL = http://www.ubuntu.com/support
8 CONFFLAGS_DISTRO = -Dtpm-pcrindex=12
9+ifeq ($(DEB_HOST_ARCH),amd64)
10+# enable CET on ubuntu amd64, until compiler is fixed to do it correctly with
11+# -flto
12+export DEB_LDFLAGS_MAINT_APPEND=-fcf-protection
13+endif
14 else
15 DEFAULT_NTP_SERVERS = 0.debian.pool.ntp.org 1.debian.pool.ntp.org 2.debian.pool.ntp.org 3.debian.pool.ntp.org
16 SUPPORT_URL = https://www.debian.org/support

Subscribers

People subscribed via source and target branches