mirror of
https://github.com/pygos/build.git
synced 2024-11-22 02:59:47 +01:00
Set hardening options for packages with custom build system
Signed-off-by: David Oberhollenzer <david.oberhollenzer@tele2.at>
This commit is contained in:
parent
7b0e1f182c
commit
69aa1d33e9
9 changed files with 50 additions and 9 deletions
|
@ -12,7 +12,12 @@ prepare() {
|
|||
build() {
|
||||
cp -r ${1}/* ${PKGBUILDDIR}
|
||||
|
||||
make CC=${TARGET}-gcc AR=${TARGET}-ar RANLIB=${TARGET}-ranlib -j $NUMJOBS libbz2.a bzip2 bzip2recover
|
||||
local cflags="-fstack-protector-all"
|
||||
local ldflags="-z noexecstack -z relro -z now"
|
||||
|
||||
make CFLAGS="-Wall -Winline -O2 -D_FILE_OFFSET_BITS=64 $cflags" \
|
||||
LDFLAGS="$ldflags" CC=${TARGET}-gcc AR=${TARGET}-ar \
|
||||
RANLIB=${TARGET}-ranlib -j $NUMJOBS libbz2.a bzip2 bzip2recover
|
||||
}
|
||||
|
||||
deploy() {
|
||||
|
|
|
@ -12,6 +12,11 @@ prepare() {
|
|||
build() {
|
||||
cp -r ${1}/* ${PKGBUILDDIR}
|
||||
|
||||
local cflags="-fstack-protector-all"
|
||||
local ldflags="-z noexecstack -z relro -z now"
|
||||
|
||||
CFLAGS="-O2 $cflags" \
|
||||
LDFLAGS="$ldflags" \
|
||||
make CC=${TARGET}-gcc PREFIX="/" BINDIR="/bin" -j $NUMJOBS
|
||||
}
|
||||
|
||||
|
|
|
@ -13,7 +13,12 @@ build() {
|
|||
cp -r ${1}/* ${PKGBUILDDIR}
|
||||
cp "$SCRIPTDIR/pkg/$PKGNAME/config" "$PKGBUILDDIR/hostapd/.config"
|
||||
|
||||
export PKG_CONFIG_SYSROOT_DIR="$TCDIR/$TARGET"
|
||||
local cflags="-fstack-protector-all"
|
||||
local ldflags="-z noexecstack -z relro -z now"
|
||||
|
||||
PKG_CONFIG_SYSROOT_DIR="$TCDIR/$TARGET" \
|
||||
CFLAGS="-MMD -O2 $cflags" \
|
||||
LDFLAGS="$ldflags" \
|
||||
make CC=${TARGET}-gcc -C hostapd -j $NUMJOBS
|
||||
}
|
||||
|
||||
|
|
|
@ -12,7 +12,12 @@ prepare() {
|
|||
build() {
|
||||
cp -r ${1}/* ${PKGBUILDDIR}
|
||||
|
||||
make HOSTCC="gcc" AR="${TARGET}-ar" LD="${TARGET}-ld" CC="${TARGET}-gcc" SYSROOT="$TCDIR/$TARGET"
|
||||
local cflags="-fstack-protector-all"
|
||||
local ldflags="-z noexecstack -z relro -z now"
|
||||
|
||||
make CCOPTS="-O2 $cflags" LDFLAGS="$ldflags" \
|
||||
HOSTCC="gcc" AR="${TARGET}-ar" LD="${TARGET}-ld" \
|
||||
CC="${TARGET}-gcc" SYSROOT="$TCDIR/$TARGET"
|
||||
}
|
||||
|
||||
deploy() {
|
||||
|
|
|
@ -12,7 +12,12 @@ prepare() {
|
|||
build() {
|
||||
cp -r ${1}/* ${PKGBUILDDIR}
|
||||
|
||||
export PKG_CONFIG_SYSROOT_DIR="$TCDIR/$TARGET"
|
||||
local cflags="-fstack-protector-all"
|
||||
local ldflags="-z noexecstack -z relro -z now"
|
||||
|
||||
CFLAGS="-O2 $cflags" \
|
||||
LDFLAGS="$ldflags" \
|
||||
PKG_CONFIG_SYSROOT_DIR="$TCDIR/$TARGET" \
|
||||
make CC="${TARGET}-gcc" PKG_CONFIG="${TARGET}-pkg-config" PREFIX= \
|
||||
SBINDIR=/bin DESTDIR="$2" -j $NUMJOBS
|
||||
}
|
||||
|
|
|
@ -10,6 +10,10 @@ prepare() {
|
|||
}
|
||||
|
||||
build() {
|
||||
local cflags="-fPIE -fPIC -fstack-protector-all"
|
||||
local ldflags="-z noexecstack -z relro -z now"
|
||||
|
||||
CFLAGS="$cflags" LDFLAGS="$ldflags" \
|
||||
CROSS_COMPILE="${TARGET}-" $1/configure --prefix=/ --target="$TARGET"
|
||||
CROSS_COMPILE="${TARGET}-" make -j $NUMJOBS
|
||||
}
|
||||
|
|
|
@ -12,6 +12,9 @@ prepare() {
|
|||
build() {
|
||||
cp -r ${1}/* ${PKGBUILDDIR}
|
||||
|
||||
local cflags="-fstack-protector-all"
|
||||
local ldflags="-z noexecstack -z relro -z now"
|
||||
|
||||
./configure --prefix="" --sbin-path=/bin/nginx \
|
||||
--modules-path=/lib/nginx \
|
||||
--conf-path=/etc/nginx/nginx.conf \
|
||||
|
@ -23,6 +26,7 @@ build() {
|
|||
--crossbuild=${TARGET} \
|
||||
--with-cc=${TCDIR}/bin/${TARGET}-gcc \
|
||||
--with-cpp=${TCDIR}/bin/${TARGET}-cpp \
|
||||
--with-cc-opt="$cflags" --with-ld-opt="$ldflags" \
|
||||
--with-poll_module --without-select_module \
|
||||
--with-threads --with-http_ssl_module \
|
||||
--with-http_sub_module --with-http_gunzip_module \
|
||||
|
|
|
@ -10,9 +10,13 @@ prepare() {
|
|||
}
|
||||
|
||||
build() {
|
||||
local cflags="-fstack-protector-all"
|
||||
local ldflags="-z noexecstack -z relro -z now"
|
||||
|
||||
$1/Configure --prefix=/ --cross-compile-prefix="${TARGET}-" \
|
||||
--openssldir=/etc/ssl --libdir=/lib \
|
||||
-DOPENSSL_NO_HEARTBEATS \
|
||||
CFLAGS="-DOPENSSL_NO_HEARTBEATS $cflags" \
|
||||
LDFLAGS="$ldflags" \
|
||||
threads shared zlib-dynamic no-async $OPENSSL_TARGET
|
||||
|
||||
make -j 1
|
||||
|
|
|
@ -10,6 +10,10 @@ prepare() {
|
|||
}
|
||||
|
||||
build() {
|
||||
local cflags="-fstack-protector-all"
|
||||
local ldflags="-z noexecstack -z relro -z now"
|
||||
|
||||
CFLAGS="$cflags" LDFLAGS="$ldflags" \
|
||||
cmake -DCMAKE_TOOLCHAIN_FILE="$CMAKETCFILE" \
|
||||
-DCMAKE_INSTALL_PREFIX="" "$1"
|
||||
|
||||
|
|
Loading…
Reference in a new issue