diff options
| author | Andrei Belov <defan@nginx.com> | 2017-12-28 20:38:36 +0300 |
|---|---|---|
| committer | Andrei Belov <defan@nginx.com> | 2017-12-28 20:38:36 +0300 |
| commit | d22aa884058c46fde2d03f3cc717807fddadba4d (patch) | |
| tree | ea28f3481831391241d98d90f9105c7776aa639c /pkg/deb/debian | |
| parent | ad63a3e7521dcbc8e39e610a534c8c1728ecf3da (diff) | |
| download | unit-d22aa884058c46fde2d03f3cc717807fddadba4d.tar.gz unit-d22aa884058c46fde2d03f3cc717807fddadba4d.tar.bz2 | |
Packages: hardening flags for deb.
Diffstat (limited to 'pkg/deb/debian')
| -rw-r--r-- | pkg/deb/debian/rules.in | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/pkg/deb/debian/rules.in b/pkg/deb/debian/rules.in index 5f087a7c..a9f68189 100644 --- a/pkg/deb/debian/rules.in +++ b/pkg/deb/debian/rules.in @@ -3,6 +3,12 @@ # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 +export DEB_BUILD_MAINT_OPTIONS=hardening=+all,-pie +export DEB_CFLAGS_MAINT_APPEND=-Wp,-D_FORTIFY_SOURCE=2 -fPIC +export DEB_LDFLAGS_MAINT_APPEND=-Wl,--as-needed -pie +DPKG_EXPORT_BUILDFLAGS = 1 +include /usr/share/dpkg/buildflags.mk + BUILDDIR_unit = $(CURDIR)/debian/build-unit BUILDDIR_unit_debug = $(CURDIR)/debian/build-unit-debug INSTALLDIR = $(CURDIR)/debian/unit @@ -21,16 +27,20 @@ config.env.%: configure.unit: config.env.unit cd $(BUILDDIR_unit) && \ - ./configure \ + CFLAGS= ./configure \ %%CONFIGURE_ARGS%% \ - --modules=/usr/lib/unit/modules + --modules=/usr/lib/unit/modules \ + --cc-opt="$(CFLAGS)" \ + --ld-opt="$(LDFLAGS)" touch $@ configure.unit_debug: config.env.unit_debug cd $(BUILDDIR_unit_debug) && \ - ./configure \ + CFLAGS= ./configure \ %%CONFIGURE_ARGS%% \ --modules=/usr/lib/unit/debug-modules \ + --cc-opt="$(CFLAGS)" \ + --ld-opt="$(LDFLAGS)" \ --debug touch $@ |