profile: update fhardened flags to match default, remove unneeded nerf

2026-05-08 20:43:38 +02:00 · 2025-02-28 12:03:43 -05:00 · 2025-02-28 12:03:43 -05:00 · 410515636e
commit 410515636e
parent 6434736260
2 changed files with 2 additions and 6 deletions
--- a/profiles/pentoo/base/make.defaults
+++ b/profiles/pentoo/base/make.defaults
@ -11,7 +11,8 @@ LDFLAGS="${LDFLAGS} -Wl,--defsym=__gentoo_check_ldflags__=0"
 SPEEDFLAGS="-O3 -flto"
 WARNINGFLAGS="-frecord-gcc-switches -Wstringop-overread -Wformat -Wformat-security"
 #adapted from gcc14 -fhardened without "-fPIE -pie"
-SECURITYFLAGS="-D_FORTIFY_SOURCE=3 -D_GLIBCXX_ASSERTIONS -ftrivial-auto-var-init=pattern -Wl,-z,relro,-z,now -fstack-protector-strong -fstack-clash-protection -fcf-protection=full"
+SECURITYFLAGS="-D_FORTIFY_SOURCE=3 -D_GLIBCXX_ASSERTIONS -ftrivial-auto-var-init=zero -Wl,-z,relro,-z,now -fstack-protector-strong -fstack-clash-protection -fcf-protection=full"
+
 CFLAGS="${CFLAGS} -pipe ${SPEEDFLAGS} ${WARNINGFLAGS} ${SECURITYFLAGS}"
 CXXFLAGS="${CXXFLAGS} -pipe ${SPEEDFLAGS} ${WARNINGFLAGS} ${SECURITYFLAGS}"
 FFLAGS="${FFLAGS} -pipe ${SPEEDFLAGS} ${WARNINGFLAGS} ${SECURITYFLAGS}"
--- a/profiles/pentoo/base/profile.bashrc
+++ b/profiles/pentoo/base/profile.bashrc
@ -29,11 +29,6 @@ if [[ $CATEGORY/$PN == dev-lang/rust ]]; then
  CFLAGS=${CFLAGS/-ggdb/} CXXFLAGS=${CXXFLAGS/-ggdb/}
 fi

-#sorry, unimplemented: __builtin_clear_padding not supported for variable length aggregates
-if [[ ${CATEGORY}/${PN} == app-crypt/johntheripper-jumbo ]]; then
-  export CFLAGS="${CFLAGS/-ftrivial-auto-var-init=pattern/}"
-fi
-
 #some packages break on LTO and should all have bugs
 if [[ ${CATEGORY}/${PN} == app-crypt/mit-krb5 ]]; then
  export CFLAGS="${CFLAGS/-flto/}"