summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorAndrei Belov <defan@nginx.com>2017-12-28 20:38:36 +0300
committerAndrei Belov <defan@nginx.com>2017-12-28 20:38:36 +0300
commitd22aa884058c46fde2d03f3cc717807fddadba4d (patch)
treeea28f3481831391241d98d90f9105c7776aa639c
parentad63a3e7521dcbc8e39e610a534c8c1728ecf3da (diff)
downloadunit-d22aa884058c46fde2d03f3cc717807fddadba4d.tar.gz
unit-d22aa884058c46fde2d03f3cc717807fddadba4d.tar.bz2
Packages: hardening flags for deb.
-rwxr-xr-xpkg/deb/debian.module/rules-noarch.in13
-rwxr-xr-xpkg/deb/debian.module/rules.in13
-rw-r--r--pkg/deb/debian/rules.in16
3 files changed, 33 insertions, 9 deletions
diff --git a/pkg/deb/debian.module/rules-noarch.in b/pkg/deb/debian.module/rules-noarch.in
index d74420c1..61f2bd25 100755
--- a/pkg/deb/debian.module/rules-noarch.in
+++ b/pkg/deb/debian.module/rules-noarch.in
@@ -3,6 +3,11 @@
# Uncomment this to turn on verbose mode.
#export DH_VERBOSE=1
+export DEB_BUILD_MAINT_OPTIONS=hardening=+all,-pie
+export DEB_CFLAGS_MAINT_APPEND=-Wp,-D_FORTIFY_SOURCE=2
+DPKG_EXPORT_BUILDFLAGS = 1
+include /usr/share/dpkg/buildflags.mk
+
BUILDDIR_unit = $(CURDIR)/debian/build-unit
BUILDDIR_unit_debug = $(CURDIR)/debian/build-unit-debug
INSTALLDIR = $(CURDIR)/debian/%%NAME%%
@@ -21,17 +26,19 @@ config.env.%:
configure.unit: config.env.unit
cd $(BUILDDIR_unit) && \
- ./configure \
+ CFLAGS= ./configure \
%%CONFIGURE_ARGS%% \
- --modules=/usr/lib/unit/modules && \
+ --modules=/usr/lib/unit/modules \
+ --cc-opt="$(CFLAGS)" && \
./configure %%MODULE_CONFARGS%%
touch $@
configure.unit_debug: config.env.unit_debug
cd $(BUILDDIR_unit_debug) && \
- ./configure \
+ CFLAGS= ./configure \
%%CONFIGURE_ARGS%% \
--modules=/usr/lib/unit/debug-modules \
+ --cc-opt="$(CFLAGS)" \
--debug && \
./configure %%MODULE_CONFARGS%%
touch $@
diff --git a/pkg/deb/debian.module/rules.in b/pkg/deb/debian.module/rules.in
index 4498cdca..b8ef9e85 100755
--- a/pkg/deb/debian.module/rules.in
+++ b/pkg/deb/debian.module/rules.in
@@ -3,6 +3,11 @@
# Uncomment this to turn on verbose mode.
#export DH_VERBOSE=1
+export DEB_BUILD_MAINT_OPTIONS=hardening=+all,-pie
+export DEB_CFLAGS_MAINT_APPEND=-Wp,-D_FORTIFY_SOURCE=2
+DPKG_EXPORT_BUILDFLAGS = 1
+include /usr/share/dpkg/buildflags.mk
+
BUILDDIR_unit = $(CURDIR)/debian/build-unit
BUILDDIR_unit_debug = $(CURDIR)/debian/build-unit-debug
INSTALLDIR = $(CURDIR)/debian/%%NAME%%
@@ -21,17 +26,19 @@ config.env.%:
configure.unit: config.env.unit
cd $(BUILDDIR_unit) && \
- ./configure \
+ CFLAGS= ./configure \
%%CONFIGURE_ARGS%% \
- --modules=/usr/lib/unit/modules && \
+ --modules=/usr/lib/unit/modules \
+ --cc-opt="$(CFLAGS)" && \
./configure %%MODULE_CONFARGS%%
touch $@
configure.unit_debug: config.env.unit_debug
cd $(BUILDDIR_unit_debug) && \
- ./configure \
+ CFLAGS= ./configure \
%%CONFIGURE_ARGS%% \
--modules=/usr/lib/unit/debug-modules \
+ --cc-opt="$(CFLAGS)" \
--debug && \
./configure %%MODULE_CONFARGS%%
touch $@
diff --git a/pkg/deb/debian/rules.in b/pkg/deb/debian/rules.in
index 5f087a7c..a9f68189 100644
--- a/pkg/deb/debian/rules.in
+++ b/pkg/deb/debian/rules.in
@@ -3,6 +3,12 @@
# Uncomment this to turn on verbose mode.
#export DH_VERBOSE=1
+export DEB_BUILD_MAINT_OPTIONS=hardening=+all,-pie
+export DEB_CFLAGS_MAINT_APPEND=-Wp,-D_FORTIFY_SOURCE=2 -fPIC
+export DEB_LDFLAGS_MAINT_APPEND=-Wl,--as-needed -pie
+DPKG_EXPORT_BUILDFLAGS = 1
+include /usr/share/dpkg/buildflags.mk
+
BUILDDIR_unit = $(CURDIR)/debian/build-unit
BUILDDIR_unit_debug = $(CURDIR)/debian/build-unit-debug
INSTALLDIR = $(CURDIR)/debian/unit
@@ -21,16 +27,20 @@ config.env.%:
configure.unit: config.env.unit
cd $(BUILDDIR_unit) && \
- ./configure \
+ CFLAGS= ./configure \
%%CONFIGURE_ARGS%% \
- --modules=/usr/lib/unit/modules
+ --modules=/usr/lib/unit/modules \
+ --cc-opt="$(CFLAGS)" \
+ --ld-opt="$(LDFLAGS)"
touch $@
configure.unit_debug: config.env.unit_debug
cd $(BUILDDIR_unit_debug) && \
- ./configure \
+ CFLAGS= ./configure \
%%CONFIGURE_ARGS%% \
--modules=/usr/lib/unit/debug-modules \
+ --cc-opt="$(CFLAGS)" \
+ --ld-opt="$(LDFLAGS)" \
--debug
touch $@