diff --git a/pkg/bzip2/build b/pkg/bzip2/build index 022dcd3..8fa9713 100755 --- a/pkg/bzip2/build +++ b/pkg/bzip2/build @@ -12,12 +12,12 @@ prepare() { build() { cp -r ${1}/* ${PKGBUILDDIR} - local cflags="" + local cflags="-O2 -Os" local ldflags="" if [ "x$TC_HARDENING" = "xyes" ]; then - cflags="-fstack-protector-all" - ldflags="-z noexecstack -z relro -z now" + cflags="$cflags -fstack-protector-all" + ldflags="$ldflags -z noexecstack -z relro -z now" fi make CFLAGS="-Wall -Winline -O2 -D_FILE_OFFSET_BITS=64 $cflags" \ diff --git a/pkg/dnsmasq/build b/pkg/dnsmasq/build index 13bcdc0..41907ed 100644 --- a/pkg/dnsmasq/build +++ b/pkg/dnsmasq/build @@ -12,12 +12,12 @@ prepare() { build() { cp -r ${1}/* ${PKGBUILDDIR} - local cflags="" + local cflags="-O2 -Os" local ldflags="" if [ "x$TC_HARDENING" = "xyes" ]; then - cflags="-fstack-protector-all" - ldflags="-z noexecstack -z relro -z now" + cflags="$cflags -fstack-protector-all" + ldflags="$ldflags -z noexecstack -z relro -z now" fi CFLAGS="-O2 $cflags" \ diff --git a/pkg/hostapd/build b/pkg/hostapd/build index f923ae8..ad8c009 100755 --- a/pkg/hostapd/build +++ b/pkg/hostapd/build @@ -13,12 +13,12 @@ build() { cp -r ${1}/* ${PKGBUILDDIR} cp "$SCRIPTDIR/pkg/$PKGNAME/config" "$PKGBUILDDIR/hostapd/.config" - local cflags="" + local cflags="-O2 -Os" local ldflags="" if [ "x$TC_HARDENING" = "xyes" ]; then - cflags="-fstack-protector-all" - ldflags="-z noexecstack -z relro -z now" + cflags="$cflags -fstack-protector-all" + ldflags="$ldflags -z noexecstack -z relro -z now" fi PKG_CONFIG_SYSROOT_DIR="$TCDIR/$TARGET" \ diff --git a/pkg/iproute2/build b/pkg/iproute2/build index 6f02eb2..812250b 100755 --- a/pkg/iproute2/build +++ b/pkg/iproute2/build @@ -12,12 +12,12 @@ prepare() { build() { cp -r ${1}/* ${PKGBUILDDIR} - local cflags="" + local cflags="-O2 -Os" local ldflags="" if [ "x$TC_HARDENING" = "xyes" ]; then - cflags="-fstack-protector-all" - ldflags="-z noexecstack -z relro -z now" + cflags="$cflags -fstack-protector-all" + ldflags="$ldflags -z noexecstack -z relro -z now" fi make CCOPTS="-O2 $cflags" LDFLAGS="$ldflags" \ diff --git a/pkg/iw/build b/pkg/iw/build index bada604..5b7a935 100755 --- a/pkg/iw/build +++ b/pkg/iw/build @@ -12,12 +12,12 @@ prepare() { build() { cp -r ${1}/* ${PKGBUILDDIR} - local cflags="" + local cflags="-O2 -Os" local ldflags="" if [ "x$TC_HARDENING" = "xyes" ]; then - cflags="-fstack-protector-all" - ldflags="-z noexecstack -z relro -z now" + cflags="$cflags -fstack-protector-all" + ldflags="$ldflags -z noexecstack -z relro -z now" fi CFLAGS="-O2 $cflags" \ diff --git a/pkg/musl/build b/pkg/musl/build index 6668890..2bbd974 100755 --- a/pkg/musl/build +++ b/pkg/musl/build @@ -10,12 +10,12 @@ prepare() { } build() { - local cflags="" + local cflags="-O2 -Os" local ldflags="" if [ "x$TC_HARDENING" = "xyes" ]; then - cflags="-fPIE -fPIC -fstack-protector-all" - ldflags="-z noexecstack -z relro -z now" + cflags="$cflags -fPIE -fPIC -fstack-protector-all" + ldflags="$ldflags -z noexecstack -z relro -z now" ${TARGET}-gcc -c "$SCRIPTDIR/pkg/$PKGNAME/__stack_chk_fail_local.c" -o __stack_chk_fail_local.o ${TARGET}-ar r libssp_nonshared.a __stack_chk_fail_local.o diff --git a/pkg/nginx/build b/pkg/nginx/build index 7fa9b03..79fba7b 100755 --- a/pkg/nginx/build +++ b/pkg/nginx/build @@ -12,12 +12,12 @@ prepare() { build() { cp -r ${1}/* ${PKGBUILDDIR} - local cflags="" + local cflags="-O2 -Os" local ldflags="" if [ "x$TC_HARDENING" = "xyes" ]; then - cflags="-fstack-protector-all" - ldflags="-z noexecstack -z relro -z now" + cflags="$cflags -fstack-protector-all" + ldflags="$ldflags -z noexecstack -z relro -z now" fi ./configure --prefix="" --sbin-path=/bin/nginx \ diff --git a/pkg/openssl/build b/pkg/openssl/build index 1b5d539..2985ad1 100755 --- a/pkg/openssl/build +++ b/pkg/openssl/build @@ -11,12 +11,12 @@ prepare() { build() { local OPENSSL_TARGET="" - local cflags="" + local cflags="-O2 -Os" local ldflags="" if [ "x$TC_HARDENING" = "yes" ]; then - cflags="-fstack-protector-all" - ldflags="-z noexecstack -z relro -z now" + cflags="$cflags -fstack-protector-all" + ldflags="$ldflags -z noexecstack -z relro -z now" fi case "$TARGET" in diff --git a/pkg/zlib/build b/pkg/zlib/build index 6eaae0b..b216f5d 100644 --- a/pkg/zlib/build +++ b/pkg/zlib/build @@ -10,12 +10,12 @@ prepare() { } build() { - local cflags="" + local cflags="-O2 -Os" local ldflags="" if [ "x$TC_HARDENING" = "xyes" ]; then - cflags="-fstack-protector-all" - ldflags="-z noexecstack -z relro -z now" + cflags="$cflags -fstack-protector-all" + ldflags="$ldflags -z noexecstack -z relro -z now" fi CFLAGS="$cflags" LDFLAGS="$ldflags" \ diff --git a/util/autotools.sh b/util/autotools.sh index 8bd6fc9..9bf8117 100644 --- a/util/autotools.sh +++ b/util/autotools.sh @@ -2,12 +2,12 @@ run_configure() { local srcdir="$1" shift - local cflags="" + local cflags="-O2 -Os" local ldflags="" if [ "x$TC_HARDENING" = "xyes" ]; then - cflags="-fstack-protector-all" - ldflags="-z noexecstack -z relro -z now" + cflags="$cflags -fstack-protector-all" + ldflags="$ldflags -z noexecstack -z relro -z now" fi ac_cv_func_malloc_0_nonnull=yes \