Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge bitcoin#29695: guix: build GCC with --enable-standard-branch-pr…
…otection 7850c5f guix: build GCC with --enable-standard-branch-protection (fanquake) Pull request description: This is one change extracted from bitcoin#24123 (which now produces fully BTI & PAC enabled bins), which will mean that everything in depends, for Guix builds, is compiled using `-mbranch-protection=standard`. Turning this on by default, is similar to what we already do with `--enable-default-ssp`, `--enable-default-pie` etc. See: https://gcc.gnu.org/install/specific.html#aarch64-x-x > To enable Branch Target Identification Mechanism and Return Address Signing by default at configure time use the `--enable-standard-branch-protection` option. > This is equivalent to having `-mbranch-protection=standard` during compilation. This can be explicitly disabled during compilation by passing the `-mbranch-protection=none` option which turns off all types of branch protections. ACKs for top commit: TheCharlatan: ACK 7850c5f Tree-SHA512: 18f898da27021bab502e708ea5fa9b325352f8f6e23d9488a2a0feda87e0af2ac0e4f87b3af9ad6a9a37bbfc99ab0285de4f0bdc174dcd38163d92c122e958e2
- Loading branch information