commit 615bd6329bd18b8f0fcf8121fd7ec5e0eee4985a Author: Mike Perry mikeperry-git@torproject.org Date: Sun Jun 23 18:45:32 2013 -0700

Use 'hardening-wrapper' to build Linux binaries.

Doesn't appear to change much in practice.. hrmm.. --- gitian/descriptors/linux/gitian-firefox.yml | 8 ++++++++ gitian/descriptors/linux/gitian-tor.yml | 8 ++++++++ 2 files changed, 16 insertions(+)

diff --git a/gitian/descriptors/linux/gitian-firefox.yml b/gitian/descriptors/linux/gitian-firefox.yml index ae75cc7..41a5562 100644 --- a/gitian/descriptors/linux/gitian-firefox.yml +++ b/gitian/descriptors/linux/gitian-firefox.yml @@ -22,6 +22,7 @@ packages: - "autoconf2.13" - "libtool" - "libiw-dev" +- "hardening-wrapper" reference_datetime: "2000-01-01 00:00:00" remotes: - "url": "https://git.torproject.org/tor-browser.git" @@ -40,6 +41,13 @@ script: | export FAKETIME=$REFERENCE_DATETIME umask 0022 # + # Config options for hardening-wrapper + export DEB_BUILD_HARDENING=1 + export DEB_BUILD_HARDENING_STACKPROTECTOR=1 + export DEB_BUILD_HARDENING_FORTIFY=1 + export DEB_BUILD_HARDENING_FORMAT=1 + export DEB_BUILD_HARDENING_PIE=1 + # mkdir -p $INSTDIR/build/bin/ ln -s /usr/bin/yasm-1 $INSTDIR/build/bin/yasm export PATH=$PATH:$INSTDIR/build/bin diff --git a/gitian/descriptors/linux/gitian-tor.yml b/gitian/descriptors/linux/gitian-tor.yml index cac735b..2901274 100644 --- a/gitian/descriptors/linux/gitian-tor.yml +++ b/gitian/descriptors/linux/gitian-tor.yml @@ -13,6 +13,7 @@ packages: - "autoconf2.13" - "faketime" - "libtool" +- "hardening-wrapper" reference_datetime: "2000-01-01 00:00:00" remotes: - "url": "https://git.torproject.org/tor.git" @@ -32,6 +33,13 @@ script: | export TZ=UTC umask 0022 # + # Config options for hardening-wrapper + export DEB_BUILD_HARDENING=1 + export DEB_BUILD_HARDENING_STACKPROTECTOR=1 + export DEB_BUILD_HARDENING_FORTIFY=1 + export DEB_BUILD_HARDENING_FORMAT=1 + export DEB_BUILD_HARDENING_PIE=1 + # mkdir -p $INSTDIR/App mkdir -p $INSTDIR/Lib/libz/ #