commit 406904e68c064f29785d06f79d083170b85dee23 Author: Nicolas Vigier boklm@torproject.org Date: Mon Jan 30 10:37:51 2017 +0100
binutils: build with hardening flags on Linux --- projects/binutils/build | 15 +++++++++++++++ 1 file changed, 15 insertions(+)
diff --git a/projects/binutils/build b/projects/binutils/build index 11e25d6..3ff4bdb 100644 --- a/projects/binutils/build +++ b/projects/binutils/build @@ -1,6 +1,21 @@ #!/bin/sh set -e +rootdir=$(pwd) distdir=/var/tmp/dist/binutils +[% IF c("var/linux") %] + # Config options for hardening-wrapper + export DEB_BUILD_HARDENING=1 + export DEB_BUILD_HARDENING_STACKPROTECTOR=1 + export DEB_BUILD_HARDENING_FORTIFY=1 + export DEB_BUILD_HARDENING_FORMAT=1 + export DEB_BUILD_HARDENING_PIE=1 + + # The libstdc++ shipped by default is non-PIC which breaks the binutils build + # if we build with DEB_BUILD_HARDENING_PIE=1. We need to install a PIC one AND + # make sure it gets used before the non-PIC one would. + ln -s /usr/lib/gcc/x86_64-linux-gnu/4.7/libstdc++_pic.a libstdc++.a + export LDFLAGS="-L$rootdir -lstdc++" +[% END %] tar xf [% project %]-[% c("version") %].tar.bz2 cd [% project %]-[% c("version") %] [% IF c('var/windows') -%]
tbb-commits@lists.torproject.org