[pkgsrc/trunk]: pkgsrc/mk mk: Introduce *_SUPPORTED variables for security fe...

[jperkin <jperkin%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/0e8c06f2d69e
branches:  trunk
changeset: 374063:0e8c06f2d69e
user:      jperkin <jperkin%pkgsrc.org@localhost>
date:      Mon Jan 15 09:35:45 2018 +0000

description:
mk: Introduce *_SUPPORTED variables for security features.

Using variables such as PKGSRC_USE_SSP in package Makefiles to disable SSP does
not work due to the parsing order in bsd.prefs.mk.  Even if it did, it's not a
good idea to mix user and package settable variables, and would cause issues in
complex packages where bsd.prefs.mk is included early (e.g. Makefile.common).

Packages can now set {MKPIE,MKREPRO,FORTIFY,RELRO,SSP,STACK_CHECK}_SUPPORTED=no
to correctly disable security features if necessary.

diffstat:

 mk/bsd.prefs.mk |  32 +++++++++++++++++++-------------
 1 files changed, 19 insertions(+), 13 deletions(-)

diffs (66 lines):

diff -r a6e72fcb4288 -r 0e8c06f2d69e mk/bsd.prefs.mk
--- a/mk/bsd.prefs.mk   Mon Jan 15 09:26:23 2018 +0000
+++ b/mk/bsd.prefs.mk   Mon Jan 15 09:35:45 2018 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: bsd.prefs.mk,v 1.395 2017/11/12 13:34:14 khorben Exp $
+# $NetBSD: bsd.prefs.mk,v 1.396 2018/01/15 09:35:45 jperkin Exp $
 #
 # This file includes the mk.conf file, which contains the user settings.
 #
@@ -700,38 +700,44 @@
 .endif
 
 _PKGSRC_MKPIE= no
-.if (${PKGSRC_MKPIE:tl} == "yes") && \
-    (${_OPSYS_SUPPORTS_MKPIE:Uno} == "yes")
+.if ${PKGSRC_MKPIE:tl} == "yes" && \
+    ${MKPIE_SUPPORTED:Uyes:tl} == "yes" && \
+    ${_OPSYS_SUPPORTS_MKPIE:Uno} == "yes"
 _PKGSRC_MKPIE= yes
 .endif
 
 _PKGSRC_MKREPRO=       no
-.if (${PKGSRC_MKREPRO:tl} == "yes") && \
-    (${_OPSYS_SUPPORTS_MKREPRO:Uno} == "yes")
+.if ${PKGSRC_MKREPRO:tl} == "yes" && \
+    ${MKREPRO_SUPPORTED:Uyes:tl} == "yes" && \
+    ${_OPSYS_SUPPORTS_MKREPRO:Uno} == "yes"
 _PKGSRC_MKREPRO=       yes
 .endif
 
 _PKGSRC_USE_FORTIFY=   no
-.if (${PKGSRC_USE_FORTIFY:tl} != "no") && \
-    (${_OPSYS_SUPPORTS_FORTIFY:Uno} == "yes")
+.if ${PKGSRC_USE_FORTIFY:tl} != "no" && \
+    ${FORTIFY_SUPPORTED:Uyes:tl} == "yes" && \
+    ${_OPSYS_SUPPORTS_FORTIFY:Uno} == "yes"
 _PKGSRC_USE_FORTIFY=   yes
 .endif
 
 _PKGSRC_USE_RELRO=     no
-.if (${PKGSRC_USE_RELRO:tl} != "no") && \
-    (${_OPSYS_SUPPORTS_RELRO:Uno} == "yes")
+.if ${PKGSRC_USE_RELRO:tl} != "no" && \
+    ${RELRO_SUPPORTED:Uyes:tl} == "yes" && \
+    ${_OPSYS_SUPPORTS_RELRO:Uno} == "yes"
 _PKGSRC_USE_RELRO=     yes
 .endif
 
 _PKGSRC_USE_SSP=       no
-.if (${PKGSRC_USE_SSP:tl} != "no") && \
-    (${_OPSYS_SUPPORTS_SSP:Uno} == "yes")
+.if ${PKGSRC_USE_SSP:tl} != "no" && \
+    ${SSP_SUPPORTED:Uyes:tl} == "yes" && \
+    ${_OPSYS_SUPPORTS_SSP:Uno} == "yes"
 _PKGSRC_USE_SSP=       yes
 .endif
 
 _PKGSRC_USE_STACK_CHECK=no
-.if (${PKGSRC_USE_STACK_CHECK:tl} != "no") && \
-    (${_OPSYS_SUPPORTS_STACK_CHECK:Uno} == "yes")
+.if ${PKGSRC_USE_STACK_CHECK:tl} != "no" && \
+    ${STACK_CHECK_SUPPORTED:Uyes:tl} == "yes" && \
+    ${_OPSYS_SUPPORTS_STACK_CHECK:Uno} == "yes"
 _PKGSRC_USE_STACK_CHECK=yes
 .endif