mirror of
https://github.com/pygos/build.git
synced 2024-11-22 11:09:46 +01:00
Set hardening options for packages with custom build system
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
This commit is contained in:
parent
7b0e1f182c
commit
69aa1d33e9
9 changed files with 50 additions and 9 deletions
|
@ -12,7 +12,12 @@ prepare() {
|
||||||
build() {
|
build() {
|
||||||
cp -r ${1}/* ${PKGBUILDDIR}
|
cp -r ${1}/* ${PKGBUILDDIR}
|
||||||
|
|
||||||
make CC=${TARGET}-gcc AR=${TARGET}-ar RANLIB=${TARGET}-ranlib -j $NUMJOBS libbz2.a bzip2 bzip2recover
|
local cflags="-fstack-protector-all"
|
||||||
|
local ldflags="-z noexecstack -z relro -z now"
|
||||||
|
|
||||||
|
make CFLAGS="-Wall -Winline -O2 -D_FILE_OFFSET_BITS=64 $cflags" \
|
||||||
|
LDFLAGS="$ldflags" CC=${TARGET}-gcc AR=${TARGET}-ar \
|
||||||
|
RANLIB=${TARGET}-ranlib -j $NUMJOBS libbz2.a bzip2 bzip2recover
|
||||||
}
|
}
|
||||||
|
|
||||||
deploy() {
|
deploy() {
|
||||||
|
@ -32,4 +37,4 @@ deploy() {
|
||||||
|
|
||||||
check_update() {
|
check_update() {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
|
@ -12,6 +12,11 @@ prepare() {
|
||||||
build() {
|
build() {
|
||||||
cp -r ${1}/* ${PKGBUILDDIR}
|
cp -r ${1}/* ${PKGBUILDDIR}
|
||||||
|
|
||||||
|
local cflags="-fstack-protector-all"
|
||||||
|
local ldflags="-z noexecstack -z relro -z now"
|
||||||
|
|
||||||
|
CFLAGS="-O2 $cflags" \
|
||||||
|
LDFLAGS="$ldflags" \
|
||||||
make CC=${TARGET}-gcc PREFIX="/" BINDIR="/bin" -j $NUMJOBS
|
make CC=${TARGET}-gcc PREFIX="/" BINDIR="/bin" -j $NUMJOBS
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -13,7 +13,12 @@ build() {
|
||||||
cp -r ${1}/* ${PKGBUILDDIR}
|
cp -r ${1}/* ${PKGBUILDDIR}
|
||||||
cp "$SCRIPTDIR/pkg/$PKGNAME/config" "$PKGBUILDDIR/hostapd/.config"
|
cp "$SCRIPTDIR/pkg/$PKGNAME/config" "$PKGBUILDDIR/hostapd/.config"
|
||||||
|
|
||||||
export PKG_CONFIG_SYSROOT_DIR="$TCDIR/$TARGET"
|
local cflags="-fstack-protector-all"
|
||||||
|
local ldflags="-z noexecstack -z relro -z now"
|
||||||
|
|
||||||
|
PKG_CONFIG_SYSROOT_DIR="$TCDIR/$TARGET" \
|
||||||
|
CFLAGS="-MMD -O2 $cflags" \
|
||||||
|
LDFLAGS="$ldflags" \
|
||||||
make CC=${TARGET}-gcc -C hostapd -j $NUMJOBS
|
make CC=${TARGET}-gcc -C hostapd -j $NUMJOBS
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -12,7 +12,12 @@ prepare() {
|
||||||
build() {
|
build() {
|
||||||
cp -r ${1}/* ${PKGBUILDDIR}
|
cp -r ${1}/* ${PKGBUILDDIR}
|
||||||
|
|
||||||
make HOSTCC="gcc" AR="${TARGET}-ar" LD="${TARGET}-ld" CC="${TARGET}-gcc" SYSROOT="$TCDIR/$TARGET"
|
local cflags="-fstack-protector-all"
|
||||||
|
local ldflags="-z noexecstack -z relro -z now"
|
||||||
|
|
||||||
|
make CCOPTS="-O2 $cflags" LDFLAGS="$ldflags" \
|
||||||
|
HOSTCC="gcc" AR="${TARGET}-ar" LD="${TARGET}-ld" \
|
||||||
|
CC="${TARGET}-gcc" SYSROOT="$TCDIR/$TARGET"
|
||||||
}
|
}
|
||||||
|
|
||||||
deploy() {
|
deploy() {
|
||||||
|
@ -27,4 +32,4 @@ check_update() {
|
||||||
curl --silent -L $URL | grep -o "iproute2-[0-9.]*tar.xz" | \
|
curl --silent -L $URL | grep -o "iproute2-[0-9.]*tar.xz" | \
|
||||||
sed 's/iproute2-//g' | sed 's/.tar.xz//g' | \
|
sed 's/iproute2-//g' | sed 's/.tar.xz//g' | \
|
||||||
verson_find_greatest "$VERSION"
|
verson_find_greatest "$VERSION"
|
||||||
}
|
}
|
||||||
|
|
|
@ -12,7 +12,12 @@ prepare() {
|
||||||
build() {
|
build() {
|
||||||
cp -r ${1}/* ${PKGBUILDDIR}
|
cp -r ${1}/* ${PKGBUILDDIR}
|
||||||
|
|
||||||
export PKG_CONFIG_SYSROOT_DIR="$TCDIR/$TARGET"
|
local cflags="-fstack-protector-all"
|
||||||
|
local ldflags="-z noexecstack -z relro -z now"
|
||||||
|
|
||||||
|
CFLAGS="-O2 $cflags" \
|
||||||
|
LDFLAGS="$ldflags" \
|
||||||
|
PKG_CONFIG_SYSROOT_DIR="$TCDIR/$TARGET" \
|
||||||
make CC="${TARGET}-gcc" PKG_CONFIG="${TARGET}-pkg-config" PREFIX= \
|
make CC="${TARGET}-gcc" PKG_CONFIG="${TARGET}-pkg-config" PREFIX= \
|
||||||
SBINDIR=/bin DESTDIR="$2" -j $NUMJOBS
|
SBINDIR=/bin DESTDIR="$2" -j $NUMJOBS
|
||||||
}
|
}
|
||||||
|
|
|
@ -10,6 +10,10 @@ prepare() {
|
||||||
}
|
}
|
||||||
|
|
||||||
build() {
|
build() {
|
||||||
|
local cflags="-fPIE -fPIC -fstack-protector-all"
|
||||||
|
local ldflags="-z noexecstack -z relro -z now"
|
||||||
|
|
||||||
|
CFLAGS="$cflags" LDFLAGS="$ldflags" \
|
||||||
CROSS_COMPILE="${TARGET}-" $1/configure --prefix=/ --target="$TARGET"
|
CROSS_COMPILE="${TARGET}-" $1/configure --prefix=/ --target="$TARGET"
|
||||||
CROSS_COMPILE="${TARGET}-" make -j $NUMJOBS
|
CROSS_COMPILE="${TARGET}-" make -j $NUMJOBS
|
||||||
}
|
}
|
||||||
|
|
|
@ -12,6 +12,9 @@ prepare() {
|
||||||
build() {
|
build() {
|
||||||
cp -r ${1}/* ${PKGBUILDDIR}
|
cp -r ${1}/* ${PKGBUILDDIR}
|
||||||
|
|
||||||
|
local cflags="-fstack-protector-all"
|
||||||
|
local ldflags="-z noexecstack -z relro -z now"
|
||||||
|
|
||||||
./configure --prefix="" --sbin-path=/bin/nginx \
|
./configure --prefix="" --sbin-path=/bin/nginx \
|
||||||
--modules-path=/lib/nginx \
|
--modules-path=/lib/nginx \
|
||||||
--conf-path=/etc/nginx/nginx.conf \
|
--conf-path=/etc/nginx/nginx.conf \
|
||||||
|
@ -23,6 +26,7 @@ build() {
|
||||||
--crossbuild=${TARGET} \
|
--crossbuild=${TARGET} \
|
||||||
--with-cc=${TCDIR}/bin/${TARGET}-gcc \
|
--with-cc=${TCDIR}/bin/${TARGET}-gcc \
|
||||||
--with-cpp=${TCDIR}/bin/${TARGET}-cpp \
|
--with-cpp=${TCDIR}/bin/${TARGET}-cpp \
|
||||||
|
--with-cc-opt="$cflags" --with-ld-opt="$ldflags" \
|
||||||
--with-poll_module --without-select_module \
|
--with-poll_module --without-select_module \
|
||||||
--with-threads --with-http_ssl_module \
|
--with-threads --with-http_ssl_module \
|
||||||
--with-http_sub_module --with-http_gunzip_module \
|
--with-http_sub_module --with-http_gunzip_module \
|
||||||
|
|
|
@ -10,9 +10,13 @@ prepare() {
|
||||||
}
|
}
|
||||||
|
|
||||||
build() {
|
build() {
|
||||||
|
local cflags="-fstack-protector-all"
|
||||||
|
local ldflags="-z noexecstack -z relro -z now"
|
||||||
|
|
||||||
$1/Configure --prefix=/ --cross-compile-prefix="${TARGET}-" \
|
$1/Configure --prefix=/ --cross-compile-prefix="${TARGET}-" \
|
||||||
--openssldir=/etc/ssl --libdir=/lib \
|
--openssldir=/etc/ssl --libdir=/lib \
|
||||||
-DOPENSSL_NO_HEARTBEATS \
|
CFLAGS="-DOPENSSL_NO_HEARTBEATS $cflags" \
|
||||||
|
LDFLAGS="$ldflags" \
|
||||||
threads shared zlib-dynamic no-async $OPENSSL_TARGET
|
threads shared zlib-dynamic no-async $OPENSSL_TARGET
|
||||||
|
|
||||||
make -j 1
|
make -j 1
|
||||||
|
@ -33,4 +37,4 @@ check_update() {
|
||||||
sed 's/>openssl-//g' | sed 's/.tar.gz<//g' | \
|
sed 's/>openssl-//g' | sed 's/.tar.gz<//g' | \
|
||||||
sed 's/\([[:lower:]]\)/.\1/g' | \
|
sed 's/\([[:lower:]]\)/.\1/g' | \
|
||||||
verson_find_greatest "$version"
|
verson_find_greatest "$version"
|
||||||
}
|
}
|
||||||
|
|
|
@ -10,6 +10,10 @@ prepare() {
|
||||||
}
|
}
|
||||||
|
|
||||||
build() {
|
build() {
|
||||||
|
local cflags="-fstack-protector-all"
|
||||||
|
local ldflags="-z noexecstack -z relro -z now"
|
||||||
|
|
||||||
|
CFLAGS="$cflags" LDFLAGS="$ldflags" \
|
||||||
cmake -DCMAKE_TOOLCHAIN_FILE="$CMAKETCFILE" \
|
cmake -DCMAKE_TOOLCHAIN_FILE="$CMAKETCFILE" \
|
||||||
-DCMAKE_INSTALL_PREFIX="" "$1"
|
-DCMAKE_INSTALL_PREFIX="" "$1"
|
||||||
|
|
||||||
|
@ -28,4 +32,4 @@ check_update() {
|
||||||
curl --silent -L "$URL" | grep -o "xz-[0-9.]*tar.xz" | \
|
curl --silent -L "$URL" | grep -o "xz-[0-9.]*tar.xz" | \
|
||||||
sed 's/zlib-//g' | sed 's/.tar.xz//g' | \
|
sed 's/zlib-//g' | sed 's/.tar.xz//g' | \
|
||||||
verson_find_greatest "$VERSION"
|
verson_find_greatest "$VERSION"
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue