[tor-commits] [tor-browser-build/master] binutils: build with hardening flags on Linux
boklm at torproject.org
boklm at torproject.org
Mon Jan 30 09:39:35 UTC 2017
commit 406904e68c064f29785d06f79d083170b85dee23
Author: Nicolas Vigier <boklm at torproject.org>
Date: Mon Jan 30 10:37:51 2017 +0100
binutils: build with hardening flags on Linux
---
projects/binutils/build | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/projects/binutils/build b/projects/binutils/build
index 11e25d6..3ff4bdb 100644
--- a/projects/binutils/build
+++ b/projects/binutils/build
@@ -1,6 +1,21 @@
#!/bin/sh
set -e
+rootdir=$(pwd)
distdir=/var/tmp/dist/binutils
+[% IF c("var/linux") %]
+ # Config options for hardening-wrapper
+ export DEB_BUILD_HARDENING=1
+ export DEB_BUILD_HARDENING_STACKPROTECTOR=1
+ export DEB_BUILD_HARDENING_FORTIFY=1
+ export DEB_BUILD_HARDENING_FORMAT=1
+ export DEB_BUILD_HARDENING_PIE=1
+
+ # The libstdc++ shipped by default is non-PIC which breaks the binutils build
+ # if we build with DEB_BUILD_HARDENING_PIE=1. We need to install a PIC one AND
+ # make sure it gets used before the non-PIC one would.
+ ln -s /usr/lib/gcc/x86_64-linux-gnu/4.7/libstdc++_pic.a libstdc++.a
+ export LDFLAGS="-L$rootdir -lstdc++"
+[% END %]
tar xf [% project %]-[% c("version") %].tar.bz2
cd [% project %]-[% c("version") %]
[% IF c('var/windows') -%]
More information about the tor-commits
mailing list