[arch-commits] Commit in hardening-wrapper/repos (22 files)
Daniel Micay
thestinger at archlinux.org
Sun Aug 3 15:58:58 UTC 2014
Date: Sunday, August 3, 2014 @ 17:58:57
Author: thestinger
Revision: 116794
archrelease: copy trunk to community-i686, community-x86_64
Added:
hardening-wrapper/repos/community-i686/PKGBUILD
(from rev 116793, hardening-wrapper/trunk/PKGBUILD)
hardening-wrapper/repos/community-i686/cc-wrapper.sh
(from rev 116793, hardening-wrapper/trunk/cc-wrapper.sh)
hardening-wrapper/repos/community-i686/hardening-wrapper-i686.conf
(from rev 116793, hardening-wrapper/trunk/hardening-wrapper-i686.conf)
hardening-wrapper/repos/community-i686/hardening-wrapper-x86_64.conf
(from rev 116793, hardening-wrapper/trunk/hardening-wrapper-x86_64.conf)
hardening-wrapper/repos/community-i686/ld-wrapper.sh
(from rev 116793, hardening-wrapper/trunk/ld-wrapper.sh)
hardening-wrapper/repos/community-i686/path.sh
(from rev 116793, hardening-wrapper/trunk/path.sh)
hardening-wrapper/repos/community-x86_64/PKGBUILD
(from rev 116793, hardening-wrapper/trunk/PKGBUILD)
hardening-wrapper/repos/community-x86_64/cc-wrapper.sh
(from rev 116793, hardening-wrapper/trunk/cc-wrapper.sh)
hardening-wrapper/repos/community-x86_64/hardening-wrapper-i686.conf
(from rev 116793, hardening-wrapper/trunk/hardening-wrapper-i686.conf)
hardening-wrapper/repos/community-x86_64/hardening-wrapper-x86_64.conf
(from rev 116793, hardening-wrapper/trunk/hardening-wrapper-x86_64.conf)
hardening-wrapper/repos/community-x86_64/ld-wrapper.sh
(from rev 116793, hardening-wrapper/trunk/ld-wrapper.sh)
hardening-wrapper/repos/community-x86_64/path.sh
(from rev 116793, hardening-wrapper/trunk/path.sh)
Deleted:
hardening-wrapper/repos/community-i686/PKGBUILD
hardening-wrapper/repos/community-i686/cc-wrapper.sh
hardening-wrapper/repos/community-i686/hardening-wrapper-i686.conf
hardening-wrapper/repos/community-i686/hardening-wrapper-x86_64.conf
hardening-wrapper/repos/community-i686/path.sh
hardening-wrapper/repos/community-x86_64/PKGBUILD
hardening-wrapper/repos/community-x86_64/cc-wrapper.sh
hardening-wrapper/repos/community-x86_64/hardening-wrapper-i686.conf
hardening-wrapper/repos/community-x86_64/hardening-wrapper-x86_64.conf
hardening-wrapper/repos/community-x86_64/path.sh
------------------------------------------------+
/PKGBUILD | 76 +++++++++
/cc-wrapper.sh | 184 +++++++++++++++++++++++
/hardening-wrapper-i686.conf | 12 +
/hardening-wrapper-x86_64.conf | 12 +
/path.sh | 2
community-i686/PKGBUILD | 31 ---
community-i686/cc-wrapper.sh | 109 -------------
community-i686/hardening-wrapper-i686.conf | 6
community-i686/hardening-wrapper-x86_64.conf | 6
community-i686/ld-wrapper.sh | 33 ++++
community-i686/path.sh | 1
community-x86_64/PKGBUILD | 31 ---
community-x86_64/cc-wrapper.sh | 109 -------------
community-x86_64/hardening-wrapper-i686.conf | 6
community-x86_64/hardening-wrapper-x86_64.conf | 6
community-x86_64/ld-wrapper.sh | 33 ++++
community-x86_64/path.sh | 1
17 files changed, 352 insertions(+), 306 deletions(-)
Deleted: community-i686/PKGBUILD
===================================================================
--- community-i686/PKGBUILD 2014-08-03 15:56:10 UTC (rev 116793)
+++ community-i686/PKGBUILD 2014-08-03 15:58:57 UTC (rev 116794)
@@ -1,31 +0,0 @@
-# Maintainer: Daniel Micay <danielmicay at gmail.com>
-pkgname=hardening-wrapper
-pkgver=4
-pkgrel=1
-pkgdesc='Wrapper script for building hardened executables by default'
-arch=(i686 x86_64)
-url='https://archlinux.org/'
-license=('GPL')
-depends=(bash)
-backup=(etc/hardening-wrapper.conf)
-source=(cc-wrapper.sh path.sh hardening-wrapper-i686.conf hardening-wrapper-x86_64.conf)
-sha1sums=('68dcca1219f56d8578158e18db8f1a39bab46807'
- '1e5f6d9931f01b26bb4b6fbb839e21d34d534cdc'
- '4d7a8f4818c531ce7002e860e0654b42b6147037'
- '50db33c08439393b673c23d542e274beef44fbdd')
-
-package() {
- install -Dm644 hardening-wrapper-${CARCH}.conf "$pkgdir/etc/hardening-wrapper.conf"
- install -Dm644 path.sh "$pkgdir/etc/profile.d/hardening-wrapper.sh"
-
- mkdir -p "$pkgdir/usr/lib/hardening-wrapper/bin"
- install -m755 cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper"
- ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/c89"
- ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/c99"
- ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/cc"
- ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/c++"
- ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/clang"
- ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/clang++"
- ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/gcc"
- ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/g++"
-}
Copied: hardening-wrapper/repos/community-i686/PKGBUILD (from rev 116793, hardening-wrapper/trunk/PKGBUILD)
===================================================================
--- community-i686/PKGBUILD (rev 0)
+++ community-i686/PKGBUILD 2014-08-03 15:58:57 UTC (rev 116794)
@@ -0,0 +1,38 @@
+# Maintainer: Daniel Micay <danielmicay at gmail.com>
+pkgname=hardening-wrapper
+pkgver=5
+pkgrel=1
+pkgdesc='Wrapper script for building hardened executables by default'
+arch=(i686 x86_64)
+url='https://archlinux.org/'
+license=('GPL')
+depends=(bash)
+backup=(etc/hardening-wrapper.conf)
+source=(cc-wrapper.sh ld-wrapper.sh path.sh
+ hardening-wrapper-i686.conf hardening-wrapper-x86_64.conf)
+sha1sums=('996ceb802ace34ad0fbd253edc20bd1376cfe4bc'
+ 'cbccd615be70f9f287b0c8a17ad450462bb46eba'
+ '1e5f6d9931f01b26bb4b6fbb839e21d34d534cdc'
+ '4d7a8f4818c531ce7002e860e0654b42b6147037'
+ '50db33c08439393b673c23d542e274beef44fbdd')
+
+package() {
+ install -Dm644 hardening-wrapper-${CARCH}.conf "$pkgdir/etc/hardening-wrapper.conf"
+ install -Dm644 path.sh "$pkgdir/etc/profile.d/hardening-wrapper.sh"
+
+ mkdir -p "$pkgdir/usr/lib/hardening-wrapper/bin"
+ install -m755 cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper"
+ ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/c89"
+ ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/c99"
+ ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/cc"
+ ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/c++"
+ ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/clang"
+ ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/clang++"
+ ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/gcc"
+ ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/g++"
+
+ install -m755 ld-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper"
+ ln -s ../ld-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/ld"
+ ln -s ../ld-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/ld.bfd"
+ ln -s ../ld-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/ld.gold"
+}
Deleted: community-i686/cc-wrapper.sh
===================================================================
--- community-i686/cc-wrapper.sh 2014-08-03 15:56:10 UTC (rev 116793)
+++ community-i686/cc-wrapper.sh 2014-08-03 15:58:57 UTC (rev 116794)
@@ -1,109 +0,0 @@
-#!/bin/bash
-
-set -o nounset
-
-declare -A default
-while IFS== read key value; do
- default["$key"]="$value"
-done < /etc/hardening-wrapper.conf
-
-force_bindnow="${HARDENING_BINDNOW:-"${default[HARDENING_BINDNOW]:-1}"}"
-force_fPIE="${HARDENING_PIE:-"${default[HARDENING_PIE]:-1}"}"
-force_fortify="${HARDENING_FORTIFY:-"${default[HARDENING_FORTIFY]:-2}"}"
-force_pie="${HARDENING_PIE:-"${default[HARDENING_PIE]:-1}"}"
-force_relro="${HARDENING_RELRO:-"${default[HARDENING_RELRO]:-1}"}"
-force_stack_check="${HARDENING_STACK_CHECK:-"${default[HARDENING_STACK_CHECK]:-0}"}"
-force_stack_protector="${HARDENING_STACK_PROTECTOR:-${default[HARDENING_STACK_PROTECTOR]:-2}}"
-
-error() {
- printf "%s\n" "$1" >&2
- exit 1
-}
-
-linking=1
-optimizing=0
-
-for opt; do
- case "$opt" in
- -fno-PIC|-fno-pic|-fno-PIE|-fno-pie|-nopie|-static|--static|-shared|--shared|-D__KERNEL__|-nostdlib|-nostartfiles)
- force_fPIE=0
- force_pie=0
- ;;
- -fPIC|-fpic|-fPIE|-fpie)
- force_fPIE=0
- ;;
- -c)
- linking=0
- ;;
- -nostdlib|-ffreestanding)
- force_stack_protector=0
- ;;
- -D_FORTIFY_SOURCE*)
- force_fortify=0
- ;;
- -O0)
- optimizing=0
- ;;
- -O*)
- optimizing=1
- ;;
- esac
-done
-
-arguments=()
-
-case "$force_bindnow" in
- 0) ;;
- 1) (( linking )) && arguments+=(-Wl,-z,now) ;;
- *) error 'invalid value for HARDENING_BINDNOW' ;;
-esac
-
-case "$force_fPIE" in
- 0) ;;
- 1) arguments+=(-fPIE) ;;
- *) error 'invalid value for HARDENING_PIE' ;;
-esac
-
-case "$force_fortify" in
- 0) ;;
- 1|2) (( optimizing )) && arguments+=(-D_FORTIFY_SOURCE=$force_fortify) ;;
- *) error 'invalid value for HARDENING_FORTIFY' ;;
-esac
-
-case "$force_pie" in
- 0) ;;
- 1) (( linking )) && arguments+=(-pie) ;;
- *) error 'invalid value for HARDENING_PIE' ;;
-esac
-
-case "$force_relro" in
- 0) ;;
- 1) (( linking )) && arguments+=(-Wl,-z,relro) ;;
- *) error 'invalid value for HARDENING_RELRO' ;;
-esac
-
-case "$force_stack_check" in
- 0) ;;
- 1) arguments+=(-fstack-check) ;;
- *) error 'invalid value for HARDENING_STACK_CHECK' ;;
-esac
-
-case "$force_stack_protector" in
- 0) ;;
- 1) arguments+=(-fstack-protector) ;;
- 2) arguments+=(-fstack-protector-strong) ;;
- 3) arguments+=(-fstack-protector-all) ;;
- *) error 'invalid value for HARDENING_STACK_PROTECTOR' ;;
-esac
-
-unwrapped=false
-IFS=: read -ra path <<< "$PATH";
-for p in "${path[@]}"; do
- binary="$p/${0##*/}"
- if [[ "$binary" != "$0" && -x "$binary" ]]; then
- unwrapped="$binary"
- break
- fi
-done
-
-exec "$unwrapped" "${arguments[@]}" "$@"
Copied: hardening-wrapper/repos/community-i686/cc-wrapper.sh (from rev 116793, hardening-wrapper/trunk/cc-wrapper.sh)
===================================================================
--- community-i686/cc-wrapper.sh (rev 0)
+++ community-i686/cc-wrapper.sh 2014-08-03 15:58:57 UTC (rev 116794)
@@ -0,0 +1,92 @@
+#!/bin/bash
+
+declare -A default
+while IFS== read key value; do
+ default["$key"]="$value"
+done < /etc/hardening-wrapper.conf
+
+force_fPIE="${HARDENING_PIE:-"${default[HARDENING_PIE]:-1}"}"
+force_fortify="${HARDENING_FORTIFY:-"${default[HARDENING_FORTIFY]:-2}"}"
+force_pie="${HARDENING_PIE:-"${default[HARDENING_PIE]:-1}"}"
+force_stack_check="${HARDENING_STACK_CHECK:-"${default[HARDENING_STACK_CHECK]:-0}"}"
+force_stack_protector="${HARDENING_STACK_PROTECTOR:-${default[HARDENING_STACK_PROTECTOR]:-2}}"
+
+error() {
+ printf "%s\n" "$1" >&2
+ exit 1
+}
+
+optimizing=0
+
+for opt; do
+ case "$opt" in
+ -fno-PIC|-fno-pic|-fno-PIE|-fno-pie|-nopie|-static|--static|-shared|--shared|-D__KERNEL__|-nostdlib|-nostartfiles)
+ force_fPIE=0
+ force_pie=0
+ ;;
+ -fPIC|-fpic|-fPIE|-fpie)
+ force_fPIE=0
+ ;;
+ -c)
+ force_pie=0
+ ;;
+ -nostdlib|-ffreestanding)
+ force_stack_protector=0
+ ;;
+ -D_FORTIFY_SOURCE*)
+ force_fortify=0
+ ;;
+ -O0)
+ optimizing=0
+ ;;
+ -O*)
+ optimizing=1
+ ;;
+ esac
+done
+
+arguments=(-B/usr/lib/hardening-wrapper/bin)
+
+case "$force_fPIE" in
+ 0) ;;
+ 1) arguments+=(-fPIE) ;;
+ *) error 'invalid value for HARDENING_PIE' ;;
+esac
+
+case "$force_fortify" in
+ 0) ;;
+ 1|2) (( optimizing )) && arguments+=(-D_FORTIFY_SOURCE=$force_fortify) ;;
+ *) error 'invalid value for HARDENING_FORTIFY' ;;
+esac
+
+case "$force_pie" in
+ 0) ;;
+ 1) arguments+=(-pie) ;;
+ *) error 'invalid value for HARDENING_PIE' ;;
+esac
+
+case "$force_stack_check" in
+ 0) ;;
+ 1) arguments+=(-fstack-check) ;;
+ *) error 'invalid value for HARDENING_STACK_CHECK' ;;
+esac
+
+case "$force_stack_protector" in
+ 0) ;;
+ 1) arguments+=(-fstack-protector) ;;
+ 2) arguments+=(-fstack-protector-strong) ;;
+ 3) arguments+=(-fstack-protector-all) ;;
+ *) error 'invalid value for HARDENING_STACK_PROTECTOR' ;;
+esac
+
+unwrapped=false
+IFS=: read -ra path <<< "$PATH";
+for p in "${path[@]}"; do
+ binary="$p/${0##*/}"
+ if [[ "$binary" != "$0" && -x "$binary" ]]; then
+ unwrapped="$binary"
+ break
+ fi
+done
+
+exec "$unwrapped" "${arguments[@]}" "$@"
Deleted: community-i686/hardening-wrapper-i686.conf
===================================================================
--- community-i686/hardening-wrapper-i686.conf 2014-08-03 15:56:10 UTC (rev 116793)
+++ community-i686/hardening-wrapper-i686.conf 2014-08-03 15:58:57 UTC (rev 116794)
@@ -1,6 +0,0 @@
-HARDENING_BINDNOW=0
-HARDENING_PIE=0
-HARDENING_FORTIFY=2
-HARDENING_RELRO=1
-HARDENING_STACK_CHECK=0
-HARDENING_STACK_PROTECTOR=2
Copied: hardening-wrapper/repos/community-i686/hardening-wrapper-i686.conf (from rev 116793, hardening-wrapper/trunk/hardening-wrapper-i686.conf)
===================================================================
--- community-i686/hardening-wrapper-i686.conf (rev 0)
+++ community-i686/hardening-wrapper-i686.conf 2014-08-03 15:58:57 UTC (rev 116794)
@@ -0,0 +1,6 @@
+HARDENING_BINDNOW=0
+HARDENING_PIE=0
+HARDENING_FORTIFY=2
+HARDENING_RELRO=1
+HARDENING_STACK_CHECK=0
+HARDENING_STACK_PROTECTOR=2
Deleted: community-i686/hardening-wrapper-x86_64.conf
===================================================================
--- community-i686/hardening-wrapper-x86_64.conf 2014-08-03 15:56:10 UTC (rev 116793)
+++ community-i686/hardening-wrapper-x86_64.conf 2014-08-03 15:58:57 UTC (rev 116794)
@@ -1,6 +0,0 @@
-HARDENING_BINDNOW=0
-HARDENING_PIE=1
-HARDENING_FORTIFY=2
-HARDENING_RELRO=1
-HARDENING_STACK_CHECK=0
-HARDENING_STACK_PROTECTOR=2
Copied: hardening-wrapper/repos/community-i686/hardening-wrapper-x86_64.conf (from rev 116793, hardening-wrapper/trunk/hardening-wrapper-x86_64.conf)
===================================================================
--- community-i686/hardening-wrapper-x86_64.conf (rev 0)
+++ community-i686/hardening-wrapper-x86_64.conf 2014-08-03 15:58:57 UTC (rev 116794)
@@ -0,0 +1,6 @@
+HARDENING_BINDNOW=0
+HARDENING_PIE=1
+HARDENING_FORTIFY=2
+HARDENING_RELRO=1
+HARDENING_STACK_CHECK=0
+HARDENING_STACK_PROTECTOR=2
Copied: hardening-wrapper/repos/community-i686/ld-wrapper.sh (from rev 116793, hardening-wrapper/trunk/ld-wrapper.sh)
===================================================================
--- community-i686/ld-wrapper.sh (rev 0)
+++ community-i686/ld-wrapper.sh 2014-08-03 15:58:57 UTC (rev 116794)
@@ -0,0 +1,33 @@
+#!/bin/bash
+
+declare -A default
+while IFS== read key value; do
+ default["$key"]="$value"
+done < /etc/hardening-wrapper.conf
+
+force_bindnow="${HARDENING_BINDNOW:-"${default[HARDENING_BINDNOW]:-1}"}"
+force_relro="${HARDENING_RELRO:-"${default[HARDENING_RELRO]:-1}"}"
+
+case "$force_bindnow" in
+ 0) ;;
+ 1) arguments+=(-z now) ;;
+ *) error 'invalid value for HARDENING_BINDNOW' ;;
+esac
+
+case "$force_relro" in
+ 0) ;;
+ 1) arguments+=(-z relro) ;;
+ *) error 'invalid value for HARDENING_RELRO' ;;
+esac
+
+unwrapped=false
+IFS=: read -ra path <<< "$PATH";
+for p in "${path[@]}"; do
+ binary="$p/${0##*/}"
+ if [[ "$binary" != "$0" && -x "$binary" ]]; then
+ unwrapped="$binary"
+ break
+ fi
+done
+
+exec "$unwrapped" "${arguments[@]}" "$@"
Deleted: community-i686/path.sh
===================================================================
--- community-i686/path.sh 2014-08-03 15:56:10 UTC (rev 116793)
+++ community-i686/path.sh 2014-08-03 15:58:57 UTC (rev 116794)
@@ -1 +0,0 @@
-export PATH="/usr/lib/hardening-wrapper/bin:$PATH"
Copied: hardening-wrapper/repos/community-i686/path.sh (from rev 116793, hardening-wrapper/trunk/path.sh)
===================================================================
--- community-i686/path.sh (rev 0)
+++ community-i686/path.sh 2014-08-03 15:58:57 UTC (rev 116794)
@@ -0,0 +1 @@
+export PATH="/usr/lib/hardening-wrapper/bin:$PATH"
Deleted: community-x86_64/PKGBUILD
===================================================================
--- community-x86_64/PKGBUILD 2014-08-03 15:56:10 UTC (rev 116793)
+++ community-x86_64/PKGBUILD 2014-08-03 15:58:57 UTC (rev 116794)
@@ -1,31 +0,0 @@
-# Maintainer: Daniel Micay <danielmicay at gmail.com>
-pkgname=hardening-wrapper
-pkgver=4
-pkgrel=1
-pkgdesc='Wrapper script for building hardened executables by default'
-arch=(i686 x86_64)
-url='https://archlinux.org/'
-license=('GPL')
-depends=(bash)
-backup=(etc/hardening-wrapper.conf)
-source=(cc-wrapper.sh path.sh hardening-wrapper-i686.conf hardening-wrapper-x86_64.conf)
-sha1sums=('68dcca1219f56d8578158e18db8f1a39bab46807'
- '1e5f6d9931f01b26bb4b6fbb839e21d34d534cdc'
- '4d7a8f4818c531ce7002e860e0654b42b6147037'
- '50db33c08439393b673c23d542e274beef44fbdd')
-
-package() {
- install -Dm644 hardening-wrapper-${CARCH}.conf "$pkgdir/etc/hardening-wrapper.conf"
- install -Dm644 path.sh "$pkgdir/etc/profile.d/hardening-wrapper.sh"
-
- mkdir -p "$pkgdir/usr/lib/hardening-wrapper/bin"
- install -m755 cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper"
- ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/c89"
- ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/c99"
- ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/cc"
- ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/c++"
- ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/clang"
- ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/clang++"
- ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/gcc"
- ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/g++"
-}
Copied: hardening-wrapper/repos/community-x86_64/PKGBUILD (from rev 116793, hardening-wrapper/trunk/PKGBUILD)
===================================================================
--- community-x86_64/PKGBUILD (rev 0)
+++ community-x86_64/PKGBUILD 2014-08-03 15:58:57 UTC (rev 116794)
@@ -0,0 +1,38 @@
+# Maintainer: Daniel Micay <danielmicay at gmail.com>
+pkgname=hardening-wrapper
+pkgver=5
+pkgrel=1
+pkgdesc='Wrapper script for building hardened executables by default'
+arch=(i686 x86_64)
+url='https://archlinux.org/'
+license=('GPL')
+depends=(bash)
+backup=(etc/hardening-wrapper.conf)
+source=(cc-wrapper.sh ld-wrapper.sh path.sh
+ hardening-wrapper-i686.conf hardening-wrapper-x86_64.conf)
+sha1sums=('996ceb802ace34ad0fbd253edc20bd1376cfe4bc'
+ 'cbccd615be70f9f287b0c8a17ad450462bb46eba'
+ '1e5f6d9931f01b26bb4b6fbb839e21d34d534cdc'
+ '4d7a8f4818c531ce7002e860e0654b42b6147037'
+ '50db33c08439393b673c23d542e274beef44fbdd')
+
+package() {
+ install -Dm644 hardening-wrapper-${CARCH}.conf "$pkgdir/etc/hardening-wrapper.conf"
+ install -Dm644 path.sh "$pkgdir/etc/profile.d/hardening-wrapper.sh"
+
+ mkdir -p "$pkgdir/usr/lib/hardening-wrapper/bin"
+ install -m755 cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper"
+ ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/c89"
+ ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/c99"
+ ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/cc"
+ ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/c++"
+ ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/clang"
+ ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/clang++"
+ ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/gcc"
+ ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/g++"
+
+ install -m755 ld-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper"
+ ln -s ../ld-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/ld"
+ ln -s ../ld-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/ld.bfd"
+ ln -s ../ld-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/ld.gold"
+}
Deleted: community-x86_64/cc-wrapper.sh
===================================================================
--- community-x86_64/cc-wrapper.sh 2014-08-03 15:56:10 UTC (rev 116793)
+++ community-x86_64/cc-wrapper.sh 2014-08-03 15:58:57 UTC (rev 116794)
@@ -1,109 +0,0 @@
-#!/bin/bash
-
-set -o nounset
-
-declare -A default
-while IFS== read key value; do
- default["$key"]="$value"
-done < /etc/hardening-wrapper.conf
-
-force_bindnow="${HARDENING_BINDNOW:-"${default[HARDENING_BINDNOW]:-1}"}"
-force_fPIE="${HARDENING_PIE:-"${default[HARDENING_PIE]:-1}"}"
-force_fortify="${HARDENING_FORTIFY:-"${default[HARDENING_FORTIFY]:-2}"}"
-force_pie="${HARDENING_PIE:-"${default[HARDENING_PIE]:-1}"}"
-force_relro="${HARDENING_RELRO:-"${default[HARDENING_RELRO]:-1}"}"
-force_stack_check="${HARDENING_STACK_CHECK:-"${default[HARDENING_STACK_CHECK]:-0}"}"
-force_stack_protector="${HARDENING_STACK_PROTECTOR:-${default[HARDENING_STACK_PROTECTOR]:-2}}"
-
-error() {
- printf "%s\n" "$1" >&2
- exit 1
-}
-
-linking=1
-optimizing=0
-
-for opt; do
- case "$opt" in
- -fno-PIC|-fno-pic|-fno-PIE|-fno-pie|-nopie|-static|--static|-shared|--shared|-D__KERNEL__|-nostdlib|-nostartfiles)
- force_fPIE=0
- force_pie=0
- ;;
- -fPIC|-fpic|-fPIE|-fpie)
- force_fPIE=0
- ;;
- -c)
- linking=0
- ;;
- -nostdlib|-ffreestanding)
- force_stack_protector=0
- ;;
- -D_FORTIFY_SOURCE*)
- force_fortify=0
- ;;
- -O0)
- optimizing=0
- ;;
- -O*)
- optimizing=1
- ;;
- esac
-done
-
-arguments=()
-
-case "$force_bindnow" in
- 0) ;;
- 1) (( linking )) && arguments+=(-Wl,-z,now) ;;
- *) error 'invalid value for HARDENING_BINDNOW' ;;
-esac
-
-case "$force_fPIE" in
- 0) ;;
- 1) arguments+=(-fPIE) ;;
- *) error 'invalid value for HARDENING_PIE' ;;
-esac
-
-case "$force_fortify" in
- 0) ;;
- 1|2) (( optimizing )) && arguments+=(-D_FORTIFY_SOURCE=$force_fortify) ;;
- *) error 'invalid value for HARDENING_FORTIFY' ;;
-esac
-
-case "$force_pie" in
- 0) ;;
- 1) (( linking )) && arguments+=(-pie) ;;
- *) error 'invalid value for HARDENING_PIE' ;;
-esac
-
-case "$force_relro" in
- 0) ;;
- 1) (( linking )) && arguments+=(-Wl,-z,relro) ;;
- *) error 'invalid value for HARDENING_RELRO' ;;
-esac
-
-case "$force_stack_check" in
- 0) ;;
- 1) arguments+=(-fstack-check) ;;
- *) error 'invalid value for HARDENING_STACK_CHECK' ;;
-esac
-
-case "$force_stack_protector" in
- 0) ;;
- 1) arguments+=(-fstack-protector) ;;
- 2) arguments+=(-fstack-protector-strong) ;;
- 3) arguments+=(-fstack-protector-all) ;;
- *) error 'invalid value for HARDENING_STACK_PROTECTOR' ;;
-esac
-
-unwrapped=false
-IFS=: read -ra path <<< "$PATH";
-for p in "${path[@]}"; do
- binary="$p/${0##*/}"
- if [[ "$binary" != "$0" && -x "$binary" ]]; then
- unwrapped="$binary"
- break
- fi
-done
-
-exec "$unwrapped" "${arguments[@]}" "$@"
Copied: hardening-wrapper/repos/community-x86_64/cc-wrapper.sh (from rev 116793, hardening-wrapper/trunk/cc-wrapper.sh)
===================================================================
--- community-x86_64/cc-wrapper.sh (rev 0)
+++ community-x86_64/cc-wrapper.sh 2014-08-03 15:58:57 UTC (rev 116794)
@@ -0,0 +1,92 @@
+#!/bin/bash
+
+declare -A default
+while IFS== read key value; do
+ default["$key"]="$value"
+done < /etc/hardening-wrapper.conf
+
+force_fPIE="${HARDENING_PIE:-"${default[HARDENING_PIE]:-1}"}"
+force_fortify="${HARDENING_FORTIFY:-"${default[HARDENING_FORTIFY]:-2}"}"
+force_pie="${HARDENING_PIE:-"${default[HARDENING_PIE]:-1}"}"
+force_stack_check="${HARDENING_STACK_CHECK:-"${default[HARDENING_STACK_CHECK]:-0}"}"
+force_stack_protector="${HARDENING_STACK_PROTECTOR:-${default[HARDENING_STACK_PROTECTOR]:-2}}"
+
+error() {
+ printf "%s\n" "$1" >&2
+ exit 1
+}
+
+optimizing=0
+
+for opt; do
+ case "$opt" in
+ -fno-PIC|-fno-pic|-fno-PIE|-fno-pie|-nopie|-static|--static|-shared|--shared|-D__KERNEL__|-nostdlib|-nostartfiles)
+ force_fPIE=0
+ force_pie=0
+ ;;
+ -fPIC|-fpic|-fPIE|-fpie)
+ force_fPIE=0
+ ;;
+ -c)
+ force_pie=0
+ ;;
+ -nostdlib|-ffreestanding)
+ force_stack_protector=0
+ ;;
+ -D_FORTIFY_SOURCE*)
+ force_fortify=0
+ ;;
+ -O0)
+ optimizing=0
+ ;;
+ -O*)
+ optimizing=1
+ ;;
+ esac
+done
+
+arguments=(-B/usr/lib/hardening-wrapper/bin)
+
+case "$force_fPIE" in
+ 0) ;;
+ 1) arguments+=(-fPIE) ;;
+ *) error 'invalid value for HARDENING_PIE' ;;
+esac
+
+case "$force_fortify" in
+ 0) ;;
+ 1|2) (( optimizing )) && arguments+=(-D_FORTIFY_SOURCE=$force_fortify) ;;
+ *) error 'invalid value for HARDENING_FORTIFY' ;;
+esac
+
+case "$force_pie" in
+ 0) ;;
+ 1) arguments+=(-pie) ;;
+ *) error 'invalid value for HARDENING_PIE' ;;
+esac
+
+case "$force_stack_check" in
+ 0) ;;
+ 1) arguments+=(-fstack-check) ;;
+ *) error 'invalid value for HARDENING_STACK_CHECK' ;;
+esac
+
+case "$force_stack_protector" in
+ 0) ;;
+ 1) arguments+=(-fstack-protector) ;;
+ 2) arguments+=(-fstack-protector-strong) ;;
+ 3) arguments+=(-fstack-protector-all) ;;
+ *) error 'invalid value for HARDENING_STACK_PROTECTOR' ;;
+esac
+
+unwrapped=false
+IFS=: read -ra path <<< "$PATH";
+for p in "${path[@]}"; do
+ binary="$p/${0##*/}"
+ if [[ "$binary" != "$0" && -x "$binary" ]]; then
+ unwrapped="$binary"
+ break
+ fi
+done
+
+exec "$unwrapped" "${arguments[@]}" "$@"
Deleted: community-x86_64/hardening-wrapper-i686.conf
===================================================================
--- community-x86_64/hardening-wrapper-i686.conf 2014-08-03 15:56:10 UTC (rev 116793)
+++ community-x86_64/hardening-wrapper-i686.conf 2014-08-03 15:58:57 UTC (rev 116794)
@@ -1,6 +0,0 @@
-HARDENING_BINDNOW=0
-HARDENING_PIE=0
-HARDENING_FORTIFY=2
-HARDENING_RELRO=1
-HARDENING_STACK_CHECK=0
-HARDENING_STACK_PROTECTOR=2
Copied: hardening-wrapper/repos/community-x86_64/hardening-wrapper-i686.conf (from rev 116793, hardening-wrapper/trunk/hardening-wrapper-i686.conf)
===================================================================
--- community-x86_64/hardening-wrapper-i686.conf (rev 0)
+++ community-x86_64/hardening-wrapper-i686.conf 2014-08-03 15:58:57 UTC (rev 116794)
@@ -0,0 +1,6 @@
+HARDENING_BINDNOW=0
+HARDENING_PIE=0
+HARDENING_FORTIFY=2
+HARDENING_RELRO=1
+HARDENING_STACK_CHECK=0
+HARDENING_STACK_PROTECTOR=2
Deleted: community-x86_64/hardening-wrapper-x86_64.conf
===================================================================
--- community-x86_64/hardening-wrapper-x86_64.conf 2014-08-03 15:56:10 UTC (rev 116793)
+++ community-x86_64/hardening-wrapper-x86_64.conf 2014-08-03 15:58:57 UTC (rev 116794)
@@ -1,6 +0,0 @@
-HARDENING_BINDNOW=0
-HARDENING_PIE=1
-HARDENING_FORTIFY=2
-HARDENING_RELRO=1
-HARDENING_STACK_CHECK=0
-HARDENING_STACK_PROTECTOR=2
Copied: hardening-wrapper/repos/community-x86_64/hardening-wrapper-x86_64.conf (from rev 116793, hardening-wrapper/trunk/hardening-wrapper-x86_64.conf)
===================================================================
--- community-x86_64/hardening-wrapper-x86_64.conf (rev 0)
+++ community-x86_64/hardening-wrapper-x86_64.conf 2014-08-03 15:58:57 UTC (rev 116794)
@@ -0,0 +1,6 @@
+HARDENING_BINDNOW=0
+HARDENING_PIE=1
+HARDENING_FORTIFY=2
+HARDENING_RELRO=1
+HARDENING_STACK_CHECK=0
+HARDENING_STACK_PROTECTOR=2
Copied: hardening-wrapper/repos/community-x86_64/ld-wrapper.sh (from rev 116793, hardening-wrapper/trunk/ld-wrapper.sh)
===================================================================
--- community-x86_64/ld-wrapper.sh (rev 0)
+++ community-x86_64/ld-wrapper.sh 2014-08-03 15:58:57 UTC (rev 116794)
@@ -0,0 +1,33 @@
+#!/bin/bash
+
+declare -A default
+while IFS== read key value; do
+ default["$key"]="$value"
+done < /etc/hardening-wrapper.conf
+
+force_bindnow="${HARDENING_BINDNOW:-"${default[HARDENING_BINDNOW]:-1}"}"
+force_relro="${HARDENING_RELRO:-"${default[HARDENING_RELRO]:-1}"}"
+
+case "$force_bindnow" in
+ 0) ;;
+ 1) arguments+=(-z now) ;;
+ *) error 'invalid value for HARDENING_BINDNOW' ;;
+esac
+
+case "$force_relro" in
+ 0) ;;
+ 1) arguments+=(-z relro) ;;
+ *) error 'invalid value for HARDENING_RELRO' ;;
+esac
+
+unwrapped=false
+IFS=: read -ra path <<< "$PATH";
+for p in "${path[@]}"; do
+ binary="$p/${0##*/}"
+ if [[ "$binary" != "$0" && -x "$binary" ]]; then
+ unwrapped="$binary"
+ break
+ fi
+done
+
+exec "$unwrapped" "${arguments[@]}" "$@"
Deleted: community-x86_64/path.sh
===================================================================
--- community-x86_64/path.sh 2014-08-03 15:56:10 UTC (rev 116793)
+++ community-x86_64/path.sh 2014-08-03 15:58:57 UTC (rev 116794)
@@ -1 +0,0 @@
-export PATH="/usr/lib/hardening-wrapper/bin:$PATH"
Copied: hardening-wrapper/repos/community-x86_64/path.sh (from rev 116793, hardening-wrapper/trunk/path.sh)
===================================================================
--- community-x86_64/path.sh (rev 0)
+++ community-x86_64/path.sh 2014-08-03 15:58:57 UTC (rev 116794)
@@ -0,0 +1 @@
+export PATH="/usr/lib/hardening-wrapper/bin:$PATH"
More information about the arch-commits
mailing list