[tor-commits] [tor-browser-bundle/master] Use 'hardening-wrapper' to build Linux binaries.
mikeperry at torproject.org
mikeperry at torproject.org
Mon Jun 24 01:46:12 UTC 2013
commit 615bd6329bd18b8f0fcf8121fd7ec5e0eee4985a
Author: Mike Perry <mikeperry-git at torproject.org>
Date: Sun Jun 23 18:45:32 2013 -0700
Use 'hardening-wrapper' to build Linux binaries.
Doesn't appear to change much in practice.. hrmm..
---
gitian/descriptors/linux/gitian-firefox.yml | 8 ++++++++
gitian/descriptors/linux/gitian-tor.yml | 8 ++++++++
2 files changed, 16 insertions(+)
diff --git a/gitian/descriptors/linux/gitian-firefox.yml b/gitian/descriptors/linux/gitian-firefox.yml
index ae75cc7..41a5562 100644
--- a/gitian/descriptors/linux/gitian-firefox.yml
+++ b/gitian/descriptors/linux/gitian-firefox.yml
@@ -22,6 +22,7 @@ packages:
- "autoconf2.13"
- "libtool"
- "libiw-dev"
+- "hardening-wrapper"
reference_datetime: "2000-01-01 00:00:00"
remotes:
- "url": "https://git.torproject.org/tor-browser.git"
@@ -40,6 +41,13 @@ script: |
export FAKETIME=$REFERENCE_DATETIME
umask 0022
#
+ # Config options for hardening-wrapper
+ export DEB_BUILD_HARDENING=1
+ export DEB_BUILD_HARDENING_STACKPROTECTOR=1
+ export DEB_BUILD_HARDENING_FORTIFY=1
+ export DEB_BUILD_HARDENING_FORMAT=1
+ export DEB_BUILD_HARDENING_PIE=1
+ #
mkdir -p $INSTDIR/build/bin/
ln -s /usr/bin/yasm-1 $INSTDIR/build/bin/yasm
export PATH=$PATH:$INSTDIR/build/bin
diff --git a/gitian/descriptors/linux/gitian-tor.yml b/gitian/descriptors/linux/gitian-tor.yml
index cac735b..2901274 100644
--- a/gitian/descriptors/linux/gitian-tor.yml
+++ b/gitian/descriptors/linux/gitian-tor.yml
@@ -13,6 +13,7 @@ packages:
- "autoconf2.13"
- "faketime"
- "libtool"
+- "hardening-wrapper"
reference_datetime: "2000-01-01 00:00:00"
remotes:
- "url": "https://git.torproject.org/tor.git"
@@ -32,6 +33,13 @@ script: |
export TZ=UTC
umask 0022
#
+ # Config options for hardening-wrapper
+ export DEB_BUILD_HARDENING=1
+ export DEB_BUILD_HARDENING_STACKPROTECTOR=1
+ export DEB_BUILD_HARDENING_FORTIFY=1
+ export DEB_BUILD_HARDENING_FORMAT=1
+ export DEB_BUILD_HARDENING_PIE=1
+ #
mkdir -p $INSTDIR/App
mkdir -p $INSTDIR/Lib/libz/
#
More information about the tor-commits
mailing list