Browse Source

* debian/patches:
- 03_enable_hardened_build: New, to enable CFLAGS/CPPFLAGS/LDFLAGS from
the environment in order to have hardened builds.

David Martínez Moreno 9 years ago
parent
commit
f07b328a83
3 changed files with 44 additions and 0 deletions
  1. 3 0
      debian/changelog
  2. 40 0
      debian/patches/03_enable_hardened_build.patch
  3. 1 0
      debian/patches/series

+ 3 - 0
debian/changelog

@@ -18,6 +18,9 @@ aoetools (36-1) UNRELEASED; urgency=low
   * debian/rules:
     - Actually migrate it to the compact version, overriding dh_installinit.
   * debian/watch: Added.
+  * debian/patches:
+    - 03_enable_hardened_build: New, to enable CFLAGS/CPPFLAGS/LDFLAGS from
+      the environment in order to have hardened builds.
 
  -- David Martínez Moreno <ender@debian.org>  Sun, 12 Jan 2014 15:05:34 -0800
 

+ 40 - 0
debian/patches/03_enable_hardened_build.patch

@@ -0,0 +1,40 @@
+Description: Enable CFLAGS/CPPFLAGS/LDFLAGS from the environment.
+ Add the ability in the Makefile to pass from the environment values for
+ CFLAGS, CPPFLAGS and LDFLAGS in order to have a proper hardened build.
+ Refer to http://wiki.debian.org/Hardening for details.
+Author: David Martínez Moreno <ender@debian.org>
+Forwarded: no
+Last-Update: 2014-01-12
+
+--- a/Makefile
++++ b/Makefile
+@@ -40,7 +40,7 @@
+ CONF_SCRIPTS = aoe-discover aoe-interfaces aoe-mkshelf aoe-revalidate aoe-flush aoe-stat
+ PROGS = aoeping aoecfg aoe-sancheck
+ COMMANDS := ${CONF_SCRIPTS} aoe-mkdevs aoe-version coraid-update ${PROGS}
+-CFLAGS = -Wall -O -g
++CFLAGS += -Wall -O -g ${CPPFLAGS}
+ SANCHECKLIBS = -lpthread
+ 
+ AOE_PING_OBJ = aoeping.o linux.o
+@@ -68,17 +68,17 @@
+ 	rm -f ${CONF_SCRIPTS} ${AOE_PING_OBJ} ${AOE_CFG_OBJ} ${SANCHECK_OBJ} ${PROGS}
+ 
+ aoeping : ${AOE_PING_OBJ}
+-	${CC} ${CFLAGS} -o $@ ${AOE_PING_OBJ}
++	${CC} ${CFLAGS} ${LDFLAGS} -o $@ ${AOE_PING_OBJ}
+ aoeping.o : aoeping.c dat.h fns.h
+ 	${CC} ${CFLAGS} -o $@ -c $<
+ linux.o : linux.c config.h
+ 	${CC} ${CFLAGS} -o $@ -c $<
+ aoecfg: ${AOE_CFG_OBJ}
+-	${CC} ${CFLAGS} -o $@ ${AOE_CFG_OBJ}
++	${CC} ${CFLAGS} ${LDFLAGS} -o $@ ${AOE_CFG_OBJ}
+ aoecfg.o : aoecfg.c dat.h fns.h
+ 	${CC} ${CFLAGS} -o $@ -c $<
+ aoe-sancheck : ${SANCHECK_OBJ}
+-	-$(CC) $(CFLAGS) -o $@ ${SANCHECK_OBJ} $(SANCHECKLIBS)
++	-$(CC) $(CFLAGS) ${LDFLAGS} -o $@ ${SANCHECK_OBJ} $(SANCHECKLIBS)
+ aoe-sancheck.o : aoe-sancheck.c
+ 	-$(CC) $(CFLAGS) -o $@ -c $<
+ 

+ 1 - 0
debian/patches/series

@@ -1,2 +1,3 @@
 01_no_bashisms.patch
 02_no_hyphen_in_manpages.patch
+03_enable_hardened_build.patch