Building Darwin with SSP

Building

Assuming you have DarwinBuild installed you will need to make a larger disk image than usual in order to support the whole OS being built

$ hdiutil create -size 8g -type UDIF -fs HFSX -volname Builds \ > -uid 0 -gid 0 -attach Builds.dmg

Remove any stale data

# rm /usr/local/share/darwinbuild/cache/Roots/8*/CarbonHeaders* # rm /usr/local/share/darwinbuild/cache/Roots/8*/OrderFiles* # rm -rf /usr/local/share/darwinbuild/cache/Roots/8*

Change directory to our new disk image

$ cd /Volumes/Builds

Then become root and get the release plist, and initialise

$ sudo -s Password: # curl -O http://release.opendarwin.org/release/8.3.1/plists/8F46od1.plist # mkdir Build8F46od1 # cd Build8F46od1 # darwinbuild -init ../8F46od1.plist

Now we need to build an SSP enabled version of Apple GCC 1809

# darwinbuild -fetch gcc_os # cd Sources # tar xzvf gcc_os-1809.tar.gz # curl -O http://optimist.sdf-eu.org/ssp/patches/ssp-gcc_os-1809.diff # patch -p0 < ssp-gcc_os-1809.diff # cd .. # darwinbuild gcc_os

Wait for it to build and then rebuild it again. This installs the just built compiler and builds the compiler with SSP flags.

Before we do that, we need to enable stack protection as the default

# sed s/propolice_protection\ =\ 0/propolice_protection\ =\ 1/ \ > Sources/gcc_os-1809/gcc/toplev.c > Sources/gcc_os-1809/gcc/toplev.c.new # mv Sources/gcc_os-1809/gcc/toplev.c.new Sources/gcc_os-1809/gcc/toplev.c

and then rebuild ...

# darwinbuild gcc_os

Patch all projects which have SSP patches
TODO : check which patches need to be updated for 8.3.1

We should now be ready to start building the full system.

# darwinxref version '*' | sed 's/-.*//' > projects.txt # cat projects.txt | while read proj; do echo $proj; darwinbuild -load $proj; if [ $? -ne 0 ]; then echo "$proj" >> failed.txt; fi ; done # darwinbuild -loadonly Libm # /usr/local/share/darwinbuild/buildorder projects.txt build.txt # /usr/local/share/darwinbuild/buildlist build.txt

Once buildlist has built all the projects, we need to package them and use them as roots for the next build.

# /usr/local/share/darwinbuild/packageRoots

Install the roots we have just built
TODO: document the different ways to perform this step

Rebuild the system again ...

# /usr/local/share/darwinbuild/buildlist build.txt

... and package and install the roots again ...

# /usr/local/share/darwinbuild/packageRoots