pygos
/
build
mirror of https://github.com/pygos/build.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Set hardening options for packages with custom build system 

Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
This commit is contained in:
David Oberhollenzer 2018-10-14 18:47:20 +02:00
parent 7b0e1f182c
commit 69aa1d33e9
9 changed files with 50 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
pkg/bzip2/build
View File

@ -12,7 +12,12 @@ prepare() {
build() {
cp -r ${1}/* ${PKGBUILDDIR}
make CC=${TARGET}-gcc AR=${TARGET}-ar RANLIB=${TARGET}-ranlib -j $NUMJOBS libbz2.a bzip2 bzip2recover
local cflags="-fstack-protector-all"
local ldflags="-z noexecstack -z relro -z now"
make CFLAGS="-Wall -Winline -O2 -D_FILE_OFFSET_BITS=64 $cflags" \
LDFLAGS="$ldflags" CC=${TARGET}-gcc AR=${TARGET}-ar \
RANLIB=${TARGET}-ranlib -j $NUMJOBS libbz2.a bzip2 bzip2recover
}
deploy() {
@ -32,4 +37,4 @@ deploy() {
check_update() {
return
}
}

5
pkg/dnsmasq/build
View File

@ -12,6 +12,11 @@ prepare() {
build() {
cp -r ${1}/* ${PKGBUILDDIR}
local cflags="-fstack-protector-all"
local ldflags="-z noexecstack -z relro -z now"
CFLAGS="-O2 $cflags" \
LDFLAGS="$ldflags" \
make CC=${TARGET}-gcc PREFIX="/" BINDIR="/bin" -j $NUMJOBS
}

7
pkg/hostapd/build
View File

@ -13,7 +13,12 @@ build() {
cp -r ${1}/* ${PKGBUILDDIR}
cp "$SCRIPTDIR/pkg/$PKGNAME/config" "$PKGBUILDDIR/hostapd/.config"
export PKG_CONFIG_SYSROOT_DIR="$TCDIR/$TARGET"
local cflags="-fstack-protector-all"
local ldflags="-z noexecstack -z relro -z now"
PKG_CONFIG_SYSROOT_DIR="$TCDIR/$TARGET" \
CFLAGS="-MMD -O2 $cflags" \
LDFLAGS="$ldflags" \
make CC=${TARGET}-gcc -C hostapd -j $NUMJOBS
}

9
pkg/iproute2/build
View File

@ -12,7 +12,12 @@ prepare() {
build() {
cp -r ${1}/* ${PKGBUILDDIR}
make HOSTCC="gcc" AR="${TARGET}-ar" LD="${TARGET}-ld" CC="${TARGET}-gcc" SYSROOT="$TCDIR/$TARGET"
local cflags="-fstack-protector-all"
local ldflags="-z noexecstack -z relro -z now"
make CCOPTS="-O2 $cflags" LDFLAGS="$ldflags" \
HOSTCC="gcc" AR="${TARGET}-ar" LD="${TARGET}-ld" \
CC="${TARGET}-gcc" SYSROOT="$TCDIR/$TARGET"
}
deploy() {
@ -27,4 +32,4 @@ check_update() {
curl --silent -L $URL | grep -o "iproute2-[0-9.]*tar.xz" | \
sed 's/iproute2-//g' | sed 's/.tar.xz//g' | \
verson_find_greatest "$VERSION"
}
}

7
pkg/iw/build
View File

@ -12,7 +12,12 @@ prepare() {
build() {
cp -r ${1}/* ${PKGBUILDDIR}
export PKG_CONFIG_SYSROOT_DIR="$TCDIR/$TARGET"
local cflags="-fstack-protector-all"
local ldflags="-z noexecstack -z relro -z now"
CFLAGS="-O2 $cflags" \
LDFLAGS="$ldflags" \
PKG_CONFIG_SYSROOT_DIR="$TCDIR/$TARGET" \
make CC="${TARGET}-gcc" PKG_CONFIG="${TARGET}-pkg-config" PREFIX= \
SBINDIR=/bin DESTDIR="$2" -j $NUMJOBS
}

4
pkg/musl/build
View File

@ -10,6 +10,10 @@ prepare() {
}
build() {
local cflags="-fPIE -fPIC -fstack-protector-all"
local ldflags="-z noexecstack -z relro -z now"
CFLAGS="$cflags" LDFLAGS="$ldflags" \
CROSS_COMPILE="${TARGET}-" $1/configure --prefix=/ --target="$TARGET"
CROSS_COMPILE="${TARGET}-" make -j $NUMJOBS
}

4
pkg/nginx/build
View File

@ -12,6 +12,9 @@ prepare() {
build() {
cp -r ${1}/* ${PKGBUILDDIR}
local cflags="-fstack-protector-all"
local ldflags="-z noexecstack -z relro -z now"
./configure --prefix="" --sbin-path=/bin/nginx \
--modules-path=/lib/nginx \
--conf-path=/etc/nginx/nginx.conf \
@ -23,6 +26,7 @@ build() {
--crossbuild=${TARGET} \
--with-cc=${TCDIR}/bin/${TARGET}-gcc \
--with-cpp=${TCDIR}/bin/${TARGET}-cpp \
--with-cc-opt="$cflags" --with-ld-opt="$ldflags" \
--with-poll_module --without-select_module \
--with-threads --with-http_ssl_module \
--with-http_sub_module --with-http_gunzip_module \

8
pkg/openssl/build
View File

@ -10,9 +10,13 @@ prepare() {
}
build() {
local cflags="-fstack-protector-all"
local ldflags="-z noexecstack -z relro -z now"
$1/Configure --prefix=/ --cross-compile-prefix="${TARGET}-" \
--openssldir=/etc/ssl --libdir=/lib \
-DOPENSSL_NO_HEARTBEATS \
CFLAGS="-DOPENSSL_NO_HEARTBEATS $cflags" \
LDFLAGS="$ldflags" \
threads shared zlib-dynamic no-async $OPENSSL_TARGET
make -j 1
@ -33,4 +37,4 @@ check_update() {
sed 's/>openssl-//g' | sed 's/.tar.gz<//g' | \
sed 's/\([[:lower:]]\)/.\1/g' | \
verson_find_greatest "$version"
}
}

6
pkg/zlib/build
View File

@ -10,6 +10,10 @@ prepare() {
}
build() {
local cflags="-fstack-protector-all"
local ldflags="-z noexecstack -z relro -z now"
CFLAGS="$cflags" LDFLAGS="$ldflags" \
cmake -DCMAKE_TOOLCHAIN_FILE="$CMAKETCFILE" \
-DCMAKE_INSTALL_PREFIX="" "$1"
@ -28,4 +32,4 @@ check_update() {
curl --silent -L "$URL" | grep -o "xz-[0-9.]*tar.xz" | \
sed 's/zlib-//g' | sed 's/.tar.xz//g' | \
verson_find_greatest "$VERSION"
}
}