The idea is that ports that build static executables should switch
from specifying "-static" to "${STATIC}" (available in bsd.port.mk,
defined in bsd.own.mk), so they can become static PIE executables
on the archs that support this.
There may be a few things that really need "-static", but the usual
instances of rescue utilities or chroot binaries should switch to
PIE.
A quick grep over the ports tree revealed these candidates; some more
are likely hiding:
Straightforward replacement -static -> ${STATIC} in the port Makefile:
archivers/gtar,static
archivers/star,static
misc/screen,static
net/cnupm,static
net/nslint,static
shells/dash,static
shells/tcsh,static
www/cgit
www/haserl,static
www/mimetex
These make references to components that are built static, but the
details aren't in the port Makefile; they may require patches:
devel/fossil
mail/femail
mail/mini_sendmail
net/icinga/core
www/fcgi-cgi
Finally, I have no idea if there is a valid reason why this wants
to be static:
benchmarks/bonnie
There remain the somewhat connected questions when to throw the
switch and whether the affected ports should have a revision bump.
--
Christian "naddy" Weisgerber [email protected]
