diff options
author | Andrei Belov <defan@nginx.com> | 2017-12-28 20:38:36 +0300 |
---|---|---|
committer | Andrei Belov <defan@nginx.com> | 2017-12-28 20:38:36 +0300 |
commit | d22aa884058c46fde2d03f3cc717807fddadba4d (patch) | |
tree | ea28f3481831391241d98d90f9105c7776aa639c /pkg/deb | |
parent | ad63a3e7521dcbc8e39e610a534c8c1728ecf3da (diff) | |
download | unit-d22aa884058c46fde2d03f3cc717807fddadba4d.tar.gz unit-d22aa884058c46fde2d03f3cc717807fddadba4d.tar.bz2 |
Packages: hardening flags for deb.
Diffstat (limited to '')
-rwxr-xr-x | pkg/deb/debian.module/rules-noarch.in | 13 | ||||
-rwxr-xr-x | pkg/deb/debian.module/rules.in | 13 | ||||
-rw-r--r-- | pkg/deb/debian/rules.in | 16 |
3 files changed, 33 insertions, 9 deletions
diff --git a/pkg/deb/debian.module/rules-noarch.in b/pkg/deb/debian.module/rules-noarch.in index d74420c1..61f2bd25 100755 --- a/pkg/deb/debian.module/rules-noarch.in +++ b/pkg/deb/debian.module/rules-noarch.in @@ -3,6 +3,11 @@ # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 +export DEB_BUILD_MAINT_OPTIONS=hardening=+all,-pie +export DEB_CFLAGS_MAINT_APPEND=-Wp,-D_FORTIFY_SOURCE=2 +DPKG_EXPORT_BUILDFLAGS = 1 +include /usr/share/dpkg/buildflags.mk + BUILDDIR_unit = $(CURDIR)/debian/build-unit BUILDDIR_unit_debug = $(CURDIR)/debian/build-unit-debug INSTALLDIR = $(CURDIR)/debian/%%NAME%% @@ -21,17 +26,19 @@ config.env.%: configure.unit: config.env.unit cd $(BUILDDIR_unit) && \ - ./configure \ + CFLAGS= ./configure \ %%CONFIGURE_ARGS%% \ - --modules=/usr/lib/unit/modules && \ + --modules=/usr/lib/unit/modules \ + --cc-opt="$(CFLAGS)" && \ ./configure %%MODULE_CONFARGS%% touch $@ configure.unit_debug: config.env.unit_debug cd $(BUILDDIR_unit_debug) && \ - ./configure \ + CFLAGS= ./configure \ %%CONFIGURE_ARGS%% \ --modules=/usr/lib/unit/debug-modules \ + --cc-opt="$(CFLAGS)" \ --debug && \ ./configure %%MODULE_CONFARGS%% touch $@ diff --git a/pkg/deb/debian.module/rules.in b/pkg/deb/debian.module/rules.in index 4498cdca..b8ef9e85 100755 --- a/pkg/deb/debian.module/rules.in +++ b/pkg/deb/debian.module/rules.in @@ -3,6 +3,11 @@ # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 +export DEB_BUILD_MAINT_OPTIONS=hardening=+all,-pie +export DEB_CFLAGS_MAINT_APPEND=-Wp,-D_FORTIFY_SOURCE=2 +DPKG_EXPORT_BUILDFLAGS = 1 +include /usr/share/dpkg/buildflags.mk + BUILDDIR_unit = $(CURDIR)/debian/build-unit BUILDDIR_unit_debug = $(CURDIR)/debian/build-unit-debug INSTALLDIR = $(CURDIR)/debian/%%NAME%% @@ -21,17 +26,19 @@ config.env.%: configure.unit: config.env.unit cd $(BUILDDIR_unit) && \ - ./configure \ + CFLAGS= ./configure \ %%CONFIGURE_ARGS%% \ - --modules=/usr/lib/unit/modules && \ + --modules=/usr/lib/unit/modules \ + --cc-opt="$(CFLAGS)" && \ ./configure %%MODULE_CONFARGS%% touch $@ configure.unit_debug: config.env.unit_debug cd $(BUILDDIR_unit_debug) && \ - ./configure \ + CFLAGS= ./configure \ %%CONFIGURE_ARGS%% \ --modules=/usr/lib/unit/debug-modules \ + --cc-opt="$(CFLAGS)" \ --debug && \ ./configure %%MODULE_CONFARGS%% touch $@ diff --git a/pkg/deb/debian/rules.in b/pkg/deb/debian/rules.in index 5f087a7c..a9f68189 100644 --- a/pkg/deb/debian/rules.in +++ b/pkg/deb/debian/rules.in @@ -3,6 +3,12 @@ # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 +export DEB_BUILD_MAINT_OPTIONS=hardening=+all,-pie +export DEB_CFLAGS_MAINT_APPEND=-Wp,-D_FORTIFY_SOURCE=2 -fPIC +export DEB_LDFLAGS_MAINT_APPEND=-Wl,--as-needed -pie +DPKG_EXPORT_BUILDFLAGS = 1 +include /usr/share/dpkg/buildflags.mk + BUILDDIR_unit = $(CURDIR)/debian/build-unit BUILDDIR_unit_debug = $(CURDIR)/debian/build-unit-debug INSTALLDIR = $(CURDIR)/debian/unit @@ -21,16 +27,20 @@ config.env.%: configure.unit: config.env.unit cd $(BUILDDIR_unit) && \ - ./configure \ + CFLAGS= ./configure \ %%CONFIGURE_ARGS%% \ - --modules=/usr/lib/unit/modules + --modules=/usr/lib/unit/modules \ + --cc-opt="$(CFLAGS)" \ + --ld-opt="$(LDFLAGS)" touch $@ configure.unit_debug: config.env.unit_debug cd $(BUILDDIR_unit_debug) && \ - ./configure \ + CFLAGS= ./configure \ %%CONFIGURE_ARGS%% \ --modules=/usr/lib/unit/debug-modules \ + --cc-opt="$(CFLAGS)" \ + --ld-opt="$(LDFLAGS)" \ --debug touch $@ |