Build ghc with hardened toolchain

[章宏九]

More information:

Gentoo's emerge --info:

Portage 2.1.7.6 (hardened/linux/x86/10.0/desktop, gcc-4.3.4,
glibc-2.10.1-r1, 2.6.31-11-generic i686)
=================================================================
System uname: Linux-2.6.31-11-generic-i686-Genuine_Intel-R-_CPU_T2050_ at _1.60GHz-with-gentoo-1.12.13
Timestamp of tree: Mon, 23 Nov 2009 06:45:01 +0000
app-shells/bash:     4.0_p28
dev-lang/python:     2.6.2-r1
sys-apps/baselayout: 1.12.13
sys-apps/sandbox:    1.6-r2
sys-devel/autoconf:  2.13, 2.63-r1
sys-devel/automake:  1.10.2
sys-devel/binutils:  2.18-r3
sys-devel/gcc-config: 1.4.1
sys-devel/libtool:   2.2.6a
virtual/os-headers:  2.6.27-r2
ACCEPT_KEYWORDS="x86 ~x86"
ACCEPT_LICENSE="* - at EULA"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -march=native -pipe -fomit-frame-pointer"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d
/etc/fonts/fonts.conf /etc/gconf /etc/sandbox.d /etc/terminfo
/etc/udev/rules.d"
CXXFLAGS="-O2 -march=native -pipe -fomit-frame-pointer"
DISTDIR="/var/cache/portage/distfiles"
EMERGE_DEFAULT_OPTS="--with-bdeps y"
FEATURES="assume-digests buildpkg distlocks fixpackages news
parallel-fetch protect-owned sandbox sfperms strict test
test-fail-continue unmerge-logs unmerge-orphans userfetch"
GENTOO_MIRRORS="http://mirrors.163.com/gentoo http://gentoo.aditsu.net"
LANG="zh_CN.UTF-8"
LC_ALL="C"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
LINGUAS="*"
MAKEOPTS="-j3"
PKGDIR="/var/cache/portage/packages"
PORTAGE_COMPRESS="xz"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times
--compress --force --whole-file --delete --stats --timeout=180
--exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/var/cache/portage/ebuilds/gentoo"
PORTDIR_OVERLAY="/var/cache/portage/ebuilds/haskell
/var/cache/portage/ebuilds/local"
SYNC="rsync://mirror.averse.net/gentoo-portage"
USE="X a52 aac acl acpi bash-completion berkdb bluetooth branding
bzip2 cairo cdr cli consolekit cracklib crypt cups dbus dri dts dvd
dvdr eds emboss encode evo fam flac gdbm gif gnome gpm gstreamer gtk
hal hardened iconv ipv6 jpeg ldap libnotify lzma mad mikmod mmx mmxext
modules mp3 mp4 mpeg mudflap ncurses nls nptl nptlonly ogg opengl
openmp oss pam pcre pdf perl pic png ppds pppd python quicktime
readline reflection sdl session spell spl sse sse2 ssl
startup-notification svg sysfs tcpd thunar tiff truetype unicode
urandom usb vorbis win32codecs x264 x86 xml xorg xulrunner xv xvid
zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106
cmipci emu10k1 	emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel
intel8x0 intel8x0m 	maestro3 trident usb-audio via82xx via82xx-modem
ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop
empty extplug file hooks iec958 ioplug ladspa lfloat linear meter
mmap_emul mulaw multi null plug rate route share shm softvol"
APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon
authn_dbm authn_default authn_file authz_dbm authz_default
authz_groupfile authz_host authz_owner authz_user autoindex cache dav
dav_fs dav_lock deflate dir disk_cache env expires ext_filter
file_cache filter headers include info log_config logio mem_cache mime
mime_magic negotiation rewrite setenvif speling status unique_id
userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="evdev"
KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216
lcdm001 mtxorb ncurses text" LINGUAS="*" USERLAND="GNU"
VIDEO_CARDS="intel"
Unset:  CPPFLAGS, CTARGET, FFLAGS, INSTALL_MASK,
PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS

Maybe it is not a broken GHC, but a broken ghc-prim library (Some
other libraries might also be affected.). But I do not know how to
transfer "-nopie" cflags and ldflags to those library. Talked to igloo
and tried $CONF_LD_OPTS+= -nopie, I still cannot get yi built.

Thank you for all your help.