why use a hardened toolchain?

Robert Connolly robert at linuxfromscratch.org
Fri Nov 25 22:57:32 PST 2005

It's mainly for consitancy. So that where possible chapter 5 is compiled with 
the same versions and build type as chapter 6. It's better for bootstrapping 
to compile a pie/pic/ssp system with a pie/pic/ssp toolchain and environment. 
The glibc-ssp and arc4random patches are nescessary in chapter 5, but the 
rest technically isn't.

On November 25, 2005 02:00 pm, Sebastian Faulborn wrote:
> Hello everybody!
> Can anyone tell me, why HLFS compiles a hardened toolchain?
> ie. things like:
> sed -e 's/^CFLAGS\t.*$/& -pie -fpie/' \
>     -i {progs,tack}/Makefile.in
> in chapter 5.
> Is there a need to compile SSP and pic/pie in chapter 5?
> Wouldn't it be enough to use the toolchain from LFS and just patch
> binutils/gcc/glibc so that chapter 6 can be compiled with
> SSP/pic/pie/arc4random/erandom etc?
> Thanks a lot!
> Sebastian Faulborn

More information about the hlfs-dev mailing list