1
0
Fork 0
mirror of https://github.com/pygos/build.git synced 2024-11-25 20:30:43 +01:00

Set hardening options for packages with custom build system

Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
This commit is contained in:
David Oberhollenzer 2018-10-14 18:47:20 +02:00
parent 7b0e1f182c
commit 69aa1d33e9
9 changed files with 50 additions and 9 deletions

View file

@ -12,7 +12,12 @@ prepare() {
build() { build() {
cp -r ${1}/* ${PKGBUILDDIR} cp -r ${1}/* ${PKGBUILDDIR}
make CC=${TARGET}-gcc AR=${TARGET}-ar RANLIB=${TARGET}-ranlib -j $NUMJOBS libbz2.a bzip2 bzip2recover local cflags="-fstack-protector-all"
local ldflags="-z noexecstack -z relro -z now"
make CFLAGS="-Wall -Winline -O2 -D_FILE_OFFSET_BITS=64 $cflags" \
LDFLAGS="$ldflags" CC=${TARGET}-gcc AR=${TARGET}-ar \
RANLIB=${TARGET}-ranlib -j $NUMJOBS libbz2.a bzip2 bzip2recover
} }
deploy() { deploy() {

View file

@ -12,6 +12,11 @@ prepare() {
build() { build() {
cp -r ${1}/* ${PKGBUILDDIR} cp -r ${1}/* ${PKGBUILDDIR}
local cflags="-fstack-protector-all"
local ldflags="-z noexecstack -z relro -z now"
CFLAGS="-O2 $cflags" \
LDFLAGS="$ldflags" \
make CC=${TARGET}-gcc PREFIX="/" BINDIR="/bin" -j $NUMJOBS make CC=${TARGET}-gcc PREFIX="/" BINDIR="/bin" -j $NUMJOBS
} }

View file

@ -13,7 +13,12 @@ build() {
cp -r ${1}/* ${PKGBUILDDIR} cp -r ${1}/* ${PKGBUILDDIR}
cp "$SCRIPTDIR/pkg/$PKGNAME/config" "$PKGBUILDDIR/hostapd/.config" cp "$SCRIPTDIR/pkg/$PKGNAME/config" "$PKGBUILDDIR/hostapd/.config"
export PKG_CONFIG_SYSROOT_DIR="$TCDIR/$TARGET" local cflags="-fstack-protector-all"
local ldflags="-z noexecstack -z relro -z now"
PKG_CONFIG_SYSROOT_DIR="$TCDIR/$TARGET" \
CFLAGS="-MMD -O2 $cflags" \
LDFLAGS="$ldflags" \
make CC=${TARGET}-gcc -C hostapd -j $NUMJOBS make CC=${TARGET}-gcc -C hostapd -j $NUMJOBS
} }

View file

@ -12,7 +12,12 @@ prepare() {
build() { build() {
cp -r ${1}/* ${PKGBUILDDIR} cp -r ${1}/* ${PKGBUILDDIR}
make HOSTCC="gcc" AR="${TARGET}-ar" LD="${TARGET}-ld" CC="${TARGET}-gcc" SYSROOT="$TCDIR/$TARGET" local cflags="-fstack-protector-all"
local ldflags="-z noexecstack -z relro -z now"
make CCOPTS="-O2 $cflags" LDFLAGS="$ldflags" \
HOSTCC="gcc" AR="${TARGET}-ar" LD="${TARGET}-ld" \
CC="${TARGET}-gcc" SYSROOT="$TCDIR/$TARGET"
} }
deploy() { deploy() {

View file

@ -12,7 +12,12 @@ prepare() {
build() { build() {
cp -r ${1}/* ${PKGBUILDDIR} cp -r ${1}/* ${PKGBUILDDIR}
export PKG_CONFIG_SYSROOT_DIR="$TCDIR/$TARGET" local cflags="-fstack-protector-all"
local ldflags="-z noexecstack -z relro -z now"
CFLAGS="-O2 $cflags" \
LDFLAGS="$ldflags" \
PKG_CONFIG_SYSROOT_DIR="$TCDIR/$TARGET" \
make CC="${TARGET}-gcc" PKG_CONFIG="${TARGET}-pkg-config" PREFIX= \ make CC="${TARGET}-gcc" PKG_CONFIG="${TARGET}-pkg-config" PREFIX= \
SBINDIR=/bin DESTDIR="$2" -j $NUMJOBS SBINDIR=/bin DESTDIR="$2" -j $NUMJOBS
} }

View file

@ -10,6 +10,10 @@ prepare() {
} }
build() { build() {
local cflags="-fPIE -fPIC -fstack-protector-all"
local ldflags="-z noexecstack -z relro -z now"
CFLAGS="$cflags" LDFLAGS="$ldflags" \
CROSS_COMPILE="${TARGET}-" $1/configure --prefix=/ --target="$TARGET" CROSS_COMPILE="${TARGET}-" $1/configure --prefix=/ --target="$TARGET"
CROSS_COMPILE="${TARGET}-" make -j $NUMJOBS CROSS_COMPILE="${TARGET}-" make -j $NUMJOBS
} }

View file

@ -12,6 +12,9 @@ prepare() {
build() { build() {
cp -r ${1}/* ${PKGBUILDDIR} cp -r ${1}/* ${PKGBUILDDIR}
local cflags="-fstack-protector-all"
local ldflags="-z noexecstack -z relro -z now"
./configure --prefix="" --sbin-path=/bin/nginx \ ./configure --prefix="" --sbin-path=/bin/nginx \
--modules-path=/lib/nginx \ --modules-path=/lib/nginx \
--conf-path=/etc/nginx/nginx.conf \ --conf-path=/etc/nginx/nginx.conf \
@ -23,6 +26,7 @@ build() {
--crossbuild=${TARGET} \ --crossbuild=${TARGET} \
--with-cc=${TCDIR}/bin/${TARGET}-gcc \ --with-cc=${TCDIR}/bin/${TARGET}-gcc \
--with-cpp=${TCDIR}/bin/${TARGET}-cpp \ --with-cpp=${TCDIR}/bin/${TARGET}-cpp \
--with-cc-opt="$cflags" --with-ld-opt="$ldflags" \
--with-poll_module --without-select_module \ --with-poll_module --without-select_module \
--with-threads --with-http_ssl_module \ --with-threads --with-http_ssl_module \
--with-http_sub_module --with-http_gunzip_module \ --with-http_sub_module --with-http_gunzip_module \

View file

@ -10,9 +10,13 @@ prepare() {
} }
build() { build() {
local cflags="-fstack-protector-all"
local ldflags="-z noexecstack -z relro -z now"
$1/Configure --prefix=/ --cross-compile-prefix="${TARGET}-" \ $1/Configure --prefix=/ --cross-compile-prefix="${TARGET}-" \
--openssldir=/etc/ssl --libdir=/lib \ --openssldir=/etc/ssl --libdir=/lib \
-DOPENSSL_NO_HEARTBEATS \ CFLAGS="-DOPENSSL_NO_HEARTBEATS $cflags" \
LDFLAGS="$ldflags" \
threads shared zlib-dynamic no-async $OPENSSL_TARGET threads shared zlib-dynamic no-async $OPENSSL_TARGET
make -j 1 make -j 1

View file

@ -10,6 +10,10 @@ prepare() {
} }
build() { build() {
local cflags="-fstack-protector-all"
local ldflags="-z noexecstack -z relro -z now"
CFLAGS="$cflags" LDFLAGS="$ldflags" \
cmake -DCMAKE_TOOLCHAIN_FILE="$CMAKETCFILE" \ cmake -DCMAKE_TOOLCHAIN_FILE="$CMAKETCFILE" \
-DCMAKE_INSTALL_PREFIX="" "$1" -DCMAKE_INSTALL_PREFIX="" "$1"