Hi, On Mon, 29 Jan 2018, Joshua Branson <jbra...@fastmail.com> wrote: > Is this something anyone can start using now? Like I can modify my > config.scm file somehow and start enjoying a hardened guix?
Sorry to disappoint you, I'd like to have it usable also right now :) But: no. This takes some time and testing. I'll send patches as soon as I have something to go with, today I only had breakage on the bootstrap level ;) > On Mon, Jan 29, 2018, at 4:44 AM, n...@n0.is wrote: >> Hi, >> >> as we've long talked and not really taken action on hardening builds >> I've started working on an opt-in way as last discussed in >> september 2016, modifying the gnu-build-system with a >> #:hardening-flags keyword. >> >> For my testing purposes I will use >> >> > CFLAGS="-fPIE -fstack-protector-all -D_FORTIFY_SOURCE=2" >> > LDFLAGS="-Wl,-z,now -Wl,-z,relro" >> >> which is used by Gentoo, but adjustments (wether to opt-in or >> opt-out) will be made. >> -- >> ng0 :: https://ea.n0.is >> A88C8ADD129828D7EAC02E52E22F9BBFEE348588 :: https://ea.n0.is/keys/ >> > > -- ng0 :: https://ea.n0.is A88C8ADD129828D7EAC02E52E22F9BBFEE348588 :: https://ea.n0.is/keys/
