diff options
author | Andrei Belov <defan@nginx.com> | 2017-12-28 20:38:36 +0300 |
---|---|---|
committer | Andrei Belov <defan@nginx.com> | 2017-12-28 20:38:36 +0300 |
commit | d22aa884058c46fde2d03f3cc717807fddadba4d (patch) | |
tree | ea28f3481831391241d98d90f9105c7776aa639c /pkg/deb/debian.module | |
parent | ad63a3e7521dcbc8e39e610a534c8c1728ecf3da (diff) | |
download | unit-d22aa884058c46fde2d03f3cc717807fddadba4d.tar.gz unit-d22aa884058c46fde2d03f3cc717807fddadba4d.tar.bz2 |
Packages: hardening flags for deb.
Diffstat (limited to 'pkg/deb/debian.module')
-rwxr-xr-x | pkg/deb/debian.module/rules-noarch.in | 13 | ||||
-rwxr-xr-x | pkg/deb/debian.module/rules.in | 13 |
2 files changed, 20 insertions, 6 deletions
diff --git a/pkg/deb/debian.module/rules-noarch.in b/pkg/deb/debian.module/rules-noarch.in index d74420c1..61f2bd25 100755 --- a/pkg/deb/debian.module/rules-noarch.in +++ b/pkg/deb/debian.module/rules-noarch.in @@ -3,6 +3,11 @@ # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 +export DEB_BUILD_MAINT_OPTIONS=hardening=+all,-pie +export DEB_CFLAGS_MAINT_APPEND=-Wp,-D_FORTIFY_SOURCE=2 +DPKG_EXPORT_BUILDFLAGS = 1 +include /usr/share/dpkg/buildflags.mk + BUILDDIR_unit = $(CURDIR)/debian/build-unit BUILDDIR_unit_debug = $(CURDIR)/debian/build-unit-debug INSTALLDIR = $(CURDIR)/debian/%%NAME%% @@ -21,17 +26,19 @@ config.env.%: configure.unit: config.env.unit cd $(BUILDDIR_unit) && \ - ./configure \ + CFLAGS= ./configure \ %%CONFIGURE_ARGS%% \ - --modules=/usr/lib/unit/modules && \ + --modules=/usr/lib/unit/modules \ + --cc-opt="$(CFLAGS)" && \ ./configure %%MODULE_CONFARGS%% touch $@ configure.unit_debug: config.env.unit_debug cd $(BUILDDIR_unit_debug) && \ - ./configure \ + CFLAGS= ./configure \ %%CONFIGURE_ARGS%% \ --modules=/usr/lib/unit/debug-modules \ + --cc-opt="$(CFLAGS)" \ --debug && \ ./configure %%MODULE_CONFARGS%% touch $@ diff --git a/pkg/deb/debian.module/rules.in b/pkg/deb/debian.module/rules.in index 4498cdca..b8ef9e85 100755 --- a/pkg/deb/debian.module/rules.in +++ b/pkg/deb/debian.module/rules.in @@ -3,6 +3,11 @@ # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 +export DEB_BUILD_MAINT_OPTIONS=hardening=+all,-pie +export DEB_CFLAGS_MAINT_APPEND=-Wp,-D_FORTIFY_SOURCE=2 +DPKG_EXPORT_BUILDFLAGS = 1 +include /usr/share/dpkg/buildflags.mk + BUILDDIR_unit = $(CURDIR)/debian/build-unit BUILDDIR_unit_debug = $(CURDIR)/debian/build-unit-debug INSTALLDIR = $(CURDIR)/debian/%%NAME%% @@ -21,17 +26,19 @@ config.env.%: configure.unit: config.env.unit cd $(BUILDDIR_unit) && \ - ./configure \ + CFLAGS= ./configure \ %%CONFIGURE_ARGS%% \ - --modules=/usr/lib/unit/modules && \ + --modules=/usr/lib/unit/modules \ + --cc-opt="$(CFLAGS)" && \ ./configure %%MODULE_CONFARGS%% touch $@ configure.unit_debug: config.env.unit_debug cd $(BUILDDIR_unit_debug) && \ - ./configure \ + CFLAGS= ./configure \ %%CONFIGURE_ARGS%% \ --modules=/usr/lib/unit/debug-modules \ + --cc-opt="$(CFLAGS)" \ --debug && \ ./configure %%MODULE_CONFARGS%% touch $@ |