[arch-commits] Commit in hardening-wrapper/trunk (4 files)
Daniel Micay
thestinger at archlinux.org
Thu Dec 25 22:39:00 UTC 2014
Date: Thursday, December 25, 2014 @ 23:38:59
Author: thestinger
Revision: 124584
upgpkg: hardening-wrapper 7-1
Modified:
hardening-wrapper/trunk/PKGBUILD
hardening-wrapper/trunk/cc-wrapper.sh
hardening-wrapper/trunk/common.sh
hardening-wrapper/trunk/ld-wrapper.sh
---------------+
PKGBUILD | 38 ++++++++++++++++++++------------------
cc-wrapper.sh | 12 +-----------
common.sh | 20 ++++++++++++++++++++
ld-wrapper.sh | 12 +-----------
4 files changed, 42 insertions(+), 40 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2014-12-25 22:00:13 UTC (rev 124583)
+++ PKGBUILD 2014-12-25 22:38:59 UTC (rev 124584)
@@ -1,7 +1,7 @@
# $Id$
# Maintainer: Daniel Micay <danielmicay at gmail.com>
pkgname=hardening-wrapper
-pkgver=6
+pkgver=7
pkgrel=1
pkgdesc='Wrapper scripts for building hardened executables by default'
arch=(i686 x86_64)
@@ -11,9 +11,9 @@
backup=(etc/hardening-wrapper.conf)
source=(cc-wrapper.sh ld-wrapper.sh common.sh path.sh
hardening-wrapper-i686.conf hardening-wrapper-x86_64.conf)
-sha1sums=('793f885b61b96a23791d786e99a56c7b67c74fee'
- '1091ff9c65a60fa785ecb5b825db1ab6dfd310ff'
- '0c420f5323c0573d5c23c0ff8981025e2ba347ff'
+sha1sums=('683aefa825cdc070262e7e605e8b33907e92cd2a'
+ 'e8c1fc067c15631fee3ba6282b1c2aa90f25c12b'
+ '517afb3bd75a9f9e13aedb19079d26cd76d52bd2'
'1e5f6d9931f01b26bb4b6fbb839e21d34d534cdc'
'4d7a8f4818c531ce7002e860e0654b42b6147037'
'50db33c08439393b673c23d542e274beef44fbdd')
@@ -22,20 +22,22 @@
install -Dm644 hardening-wrapper-${CARCH}.conf "$pkgdir/etc/hardening-wrapper.conf"
install -Dm644 path.sh "$pkgdir/etc/profile.d/hardening-wrapper.sh"
- mkdir -p "$pkgdir/usr/lib/hardening-wrapper/bin"
- install -m755 {cc,ld}-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper"
- install -m644 common.sh "$pkgdir/usr/lib/hardening-wrapper"
+ base="$pkgdir/usr/lib/hardening-wrapper"
- ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/c89"
- ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/c99"
- ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/cc"
- ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/c++"
- ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/clang"
- ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/clang++"
- ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/gcc"
- ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/g++"
+ mkdir -p "$base/bin"
+ install -m755 {cc,ld}-wrapper.sh "$base"
+ install -m644 common.sh "$base"
- ln -s ../ld-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/ld"
- ln -s ../ld-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/ld.bfd"
- ln -s ../ld-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/ld.gold"
+ ln "$base/cc-wrapper.sh" "$base/bin/c89"
+ ln "$base/cc-wrapper.sh" "$base/bin/c99"
+ ln "$base/cc-wrapper.sh" "$base/bin/cc"
+ ln "$base/cc-wrapper.sh" "$base/bin/c++"
+ ln "$base/cc-wrapper.sh" "$base/bin/clang"
+ ln "$base/cc-wrapper.sh" "$base/bin/clang++"
+ ln "$base/cc-wrapper.sh" "$base/bin/gcc"
+ ln "$base/cc-wrapper.sh" "$base/bin/g++"
+
+ ln "$base/ld-wrapper.sh" "$base/bin/ld"
+ ln "$base/ld-wrapper.sh" "$base/bin/ld.bfd"
+ ln "$base/ld-wrapper.sh" "$base/bin/ld.gold"
}
Modified: cc-wrapper.sh
===================================================================
--- cc-wrapper.sh 2014-12-25 22:00:13 UTC (rev 124583)
+++ cc-wrapper.sh 2014-12-25 22:38:59 UTC (rev 124584)
@@ -76,14 +76,4 @@
*) error 'invalid value for HARDENING_STACK_PROTECTOR' ;;
esac
-unwrapped=false
-IFS=: read -ra path <<< "$PATH";
-for p in "${path[@]}"; do
- binary="$p/${0##*/}"
- if [[ "$binary" != "$0" && -x "$binary" ]]; then
- unwrapped="$binary"
- break
- fi
-done
-
-exec "$unwrapped" "${arguments[@]}" "$@"
+run_wrapped_binary "$@"
Modified: common.sh
===================================================================
--- common.sh 2014-12-25 22:00:13 UTC (rev 124583)
+++ common.sh 2014-12-25 22:38:59 UTC (rev 124584)
@@ -2,3 +2,23 @@
printf "%s\n" "$1" >&2
exit 1
}
+
+run_wrapped_binary() {
+ # search for the wrapped binary in $PATH
+ #
+ # ignore paths before our own for compatibility with other wrappers
+ unwrapped=false
+ self=false
+ IFS=: read -ra path <<< "$PATH";
+ for p in "${path[@]}"; do
+ binary="$p/${0##*/}"
+ if $self && [[ -x "$binary" ]]; then
+ unwrapped="$binary"
+ break
+ elif [[ "$binary" -ef "$0" ]]; then
+ self=true
+ fi
+ done
+
+ exec "$unwrapped" "${arguments[@]}" "$@"
+}
Modified: ld-wrapper.sh
===================================================================
--- ld-wrapper.sh 2014-12-25 22:00:13 UTC (rev 124583)
+++ ld-wrapper.sh 2014-12-25 22:38:59 UTC (rev 124584)
@@ -22,14 +22,4 @@
*) error 'invalid value for HARDENING_RELRO' ;;
esac
-unwrapped=false
-IFS=: read -ra path <<< "$PATH";
-for p in "${path[@]}"; do
- binary="$p/${0##*/}"
- if [[ "$binary" != "$0" && -x "$binary" ]]; then
- unwrapped="$binary"
- break
- fi
-done
-
-exec "$unwrapped" "${arguments[@]}" "$@"
+run_wrapped_binary "$@"
More information about the arch-commits
mailing list