Summit 2025 followup: LTO (with cgo)
kpcyrd
kpcyrd at archlinux.org
Thu Feb 5 23:31:33 UTC 2026
On 2/5/26 7:04 AM, Martin Monperrus via rb-general wrote:
>> Arch Linux is generally very invested in binary hardening
> Interesting! Also loving the topic. Is there a reference list of binary
> hardening techniques used at scale in Arch?
There's a table comparing different distributions here:
https://github.com/jvoisin/compiler-flags-distro?tab=readme-ov-file
The specific flags used can be found here:
https://gitlab.archlinux.org/archlinux/devtools/-/blob/f8fe0ae2bc3872f1d17c45b8ea7891062c5b792f/config/makepkg/x86_64.conf#L45-52
The most recent change was in spring 2024, the introduction of _FORTIFY_SOURCE=3
for the entire operating system.
Through .BUILDINFO files you can figure out which devtools version was present,
which in turn tells you which CFLAGS/LDFLAGS were used when compiling that binary.
cheers,
kpcyrd
More information about the rb-general
mailing list