Roadmap for version 3.4 Expand all | Collapse all

33% of 6 tasks completed. 4 open tasks:

FS#1201 - Minor Handbook Changes To Introduce Package System Expand Collapse
As a CRUX newbie, I was challenged to grok the package system from the Handbook. I offer the attached small ed file to clarify (1) the expected skills to work with CRUX, and (2) clarification of what packages are and how the package system maps into the standard recipe for installing tarballs.
FS#1467 - gcc: enable default pie and ssp Expand Collapse
Please consider adding --enable-default-pie and --enable-default-ssp to the configure command of the gcc port.

While the use of -fstack-protector-strong in CFLAGS (/etc/pkgmk.conf) is easy and can be done by the user, and using --enable-default-ssp only brings CRUX closer to other Linux distributions (Debian, Arch, Void, ...) :), the -fPIE and -pie is difficult to be enabled with /etc/pkgmk.conf, because it needs a linker option too and a lot of programs ignore LDFLAGS and CFLAGS when linking. Not to mention that CFLAGS in pkgmk.conf applies to shared libraries as well (making the build to fail).

Some programs won't build with these options (more with pie than with ssp) but the most important maybe are already fixed upstream (-no-pie, -fno-stack-protector).

There is a speed penalty with these options, more with ssp than with pie.


Btw, playing with the hardening-check script from Debian I see that the read-only relocations are already in place.

FS#1469 - Include and enable PAM in distro packages. Expand Collapse
Just a security issue. And for hardening it will be good.
Fork bomb and fixing it with ulimit, for example. It fixes in in x11 due to login manager with pam enabled, but not in tty.
FS#1552 - pkgmk: default JOBS=nproc Expand Collapse
Currently, we use {JOBS:-1} in Pkgfiles, which is a downgrade from the default behavior, because the ports using ninja (and maybe others, firefox for example, from what I remember) are built with parallel jobs if "-j" is not supplied.

Not to mention that JOBS is used in ports where the build time matters and where the build system/file supports parallel jobs: firefox, boost, webkit, chromium, samba.

Having "export JOBS=$(nproc)" by default in pkgmk.conf should be a good thing for most of us (faster builds with ports using JOBS), and when the memory is scarce or the system is not properly cooled, the user can set JOBS to a lower value.

Of course, there is the choice to change ${JOBS:-1} to ${JOBS:-$(nproc)} in ports, and leave the pkgmk.conf file untouched, but I think enforcing JOBS to be set in pkgmk.conf to any positive value and use just "$JOBS" in ports where it matters is better.

Text Version