[arch-commits] Commit in hardening-wrapper/repos (28 files)

Daniel Micay thestinger at archlinux.org
Thu Dec 25 22:40:05 UTC 2014


    Date: Thursday, December 25, 2014 @ 23:40:04
  Author: thestinger
Revision: 124585

archrelease: copy trunk to community-i686, community-x86_64

Added:
  hardening-wrapper/repos/community-i686/PKGBUILD
    (from rev 124584, hardening-wrapper/trunk/PKGBUILD)
  hardening-wrapper/repos/community-i686/cc-wrapper.sh
    (from rev 124584, hardening-wrapper/trunk/cc-wrapper.sh)
  hardening-wrapper/repos/community-i686/common.sh
    (from rev 124584, hardening-wrapper/trunk/common.sh)
  hardening-wrapper/repos/community-i686/hardening-wrapper-i686.conf
    (from rev 124584, hardening-wrapper/trunk/hardening-wrapper-i686.conf)
  hardening-wrapper/repos/community-i686/hardening-wrapper-x86_64.conf
    (from rev 124584, hardening-wrapper/trunk/hardening-wrapper-x86_64.conf)
  hardening-wrapper/repos/community-i686/ld-wrapper.sh
    (from rev 124584, hardening-wrapper/trunk/ld-wrapper.sh)
  hardening-wrapper/repos/community-i686/path.sh
    (from rev 124584, hardening-wrapper/trunk/path.sh)
  hardening-wrapper/repos/community-x86_64/PKGBUILD
    (from rev 124584, hardening-wrapper/trunk/PKGBUILD)
  hardening-wrapper/repos/community-x86_64/cc-wrapper.sh
    (from rev 124584, hardening-wrapper/trunk/cc-wrapper.sh)
  hardening-wrapper/repos/community-x86_64/common.sh
    (from rev 124584, hardening-wrapper/trunk/common.sh)
  hardening-wrapper/repos/community-x86_64/hardening-wrapper-i686.conf
    (from rev 124584, hardening-wrapper/trunk/hardening-wrapper-i686.conf)
  hardening-wrapper/repos/community-x86_64/hardening-wrapper-x86_64.conf
    (from rev 124584, hardening-wrapper/trunk/hardening-wrapper-x86_64.conf)
  hardening-wrapper/repos/community-x86_64/ld-wrapper.sh
    (from rev 124584, hardening-wrapper/trunk/ld-wrapper.sh)
  hardening-wrapper/repos/community-x86_64/path.sh
    (from rev 124584, hardening-wrapper/trunk/path.sh)
Deleted:
  hardening-wrapper/repos/community-i686/PKGBUILD
  hardening-wrapper/repos/community-i686/cc-wrapper.sh
  hardening-wrapper/repos/community-i686/common.sh
  hardening-wrapper/repos/community-i686/hardening-wrapper-i686.conf
  hardening-wrapper/repos/community-i686/hardening-wrapper-x86_64.conf
  hardening-wrapper/repos/community-i686/ld-wrapper.sh
  hardening-wrapper/repos/community-i686/path.sh
  hardening-wrapper/repos/community-x86_64/PKGBUILD
  hardening-wrapper/repos/community-x86_64/cc-wrapper.sh
  hardening-wrapper/repos/community-x86_64/common.sh
  hardening-wrapper/repos/community-x86_64/hardening-wrapper-i686.conf
  hardening-wrapper/repos/community-x86_64/hardening-wrapper-x86_64.conf
  hardening-wrapper/repos/community-x86_64/ld-wrapper.sh
  hardening-wrapper/repos/community-x86_64/path.sh

------------------------------------------------+
 /PKGBUILD                                      |   86 ++++++++++++
 /cc-wrapper.sh                                 |  158 +++++++++++++++++++++++
 /common.sh                                     |   48 ++++++
 /hardening-wrapper-i686.conf                   |   12 +
 /hardening-wrapper-x86_64.conf                 |   12 +
 /ld-wrapper.sh                                 |   50 +++++++
 /path.sh                                       |    2 
 community-i686/PKGBUILD                        |   41 -----
 community-i686/cc-wrapper.sh                   |   89 ------------
 community-i686/common.sh                       |    4 
 community-i686/hardening-wrapper-i686.conf     |    6 
 community-i686/hardening-wrapper-x86_64.conf   |    6 
 community-i686/ld-wrapper.sh                   |   35 -----
 community-i686/path.sh                         |    1 
 community-x86_64/PKGBUILD                      |   41 -----
 community-x86_64/cc-wrapper.sh                 |   89 ------------
 community-x86_64/common.sh                     |    4 
 community-x86_64/hardening-wrapper-i686.conf   |    6 
 community-x86_64/hardening-wrapper-x86_64.conf |    6 
 community-x86_64/ld-wrapper.sh                 |   35 -----
 community-x86_64/path.sh                       |    1 
 21 files changed, 368 insertions(+), 364 deletions(-)

Deleted: community-i686/PKGBUILD
===================================================================
--- community-i686/PKGBUILD	2014-12-25 22:38:59 UTC (rev 124584)
+++ community-i686/PKGBUILD	2014-12-25 22:40:04 UTC (rev 124585)
@@ -1,41 +0,0 @@
-# $Id$
-# Maintainer: Daniel Micay <danielmicay at gmail.com>
-pkgname=hardening-wrapper
-pkgver=6
-pkgrel=1
-pkgdesc='Wrapper scripts for building hardened executables by default'
-arch=(i686 x86_64)
-url='https://archlinux.org/'
-license=('GPL')
-depends=(bash)
-backup=(etc/hardening-wrapper.conf)
-source=(cc-wrapper.sh ld-wrapper.sh common.sh path.sh
-        hardening-wrapper-i686.conf hardening-wrapper-x86_64.conf)
-sha1sums=('793f885b61b96a23791d786e99a56c7b67c74fee'
-          '1091ff9c65a60fa785ecb5b825db1ab6dfd310ff'
-          '0c420f5323c0573d5c23c0ff8981025e2ba347ff'
-          '1e5f6d9931f01b26bb4b6fbb839e21d34d534cdc'
-          '4d7a8f4818c531ce7002e860e0654b42b6147037'
-          '50db33c08439393b673c23d542e274beef44fbdd')
-
-package() {
-  install -Dm644 hardening-wrapper-${CARCH}.conf "$pkgdir/etc/hardening-wrapper.conf"
-  install -Dm644 path.sh "$pkgdir/etc/profile.d/hardening-wrapper.sh"
-
-  mkdir -p "$pkgdir/usr/lib/hardening-wrapper/bin"
-  install -m755 {cc,ld}-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper"
-  install -m644 common.sh "$pkgdir/usr/lib/hardening-wrapper"
-
-  ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/c89"
-  ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/c99"
-  ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/cc"
-  ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/c++"
-  ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/clang"
-  ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/clang++"
-  ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/gcc"
-  ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/g++"
-
-  ln -s ../ld-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/ld"
-  ln -s ../ld-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/ld.bfd"
-  ln -s ../ld-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/ld.gold"
-}

Copied: hardening-wrapper/repos/community-i686/PKGBUILD (from rev 124584, hardening-wrapper/trunk/PKGBUILD)
===================================================================
--- community-i686/PKGBUILD	                        (rev 0)
+++ community-i686/PKGBUILD	2014-12-25 22:40:04 UTC (rev 124585)
@@ -0,0 +1,43 @@
+# $Id$
+# Maintainer: Daniel Micay <danielmicay at gmail.com>
+pkgname=hardening-wrapper
+pkgver=7
+pkgrel=1
+pkgdesc='Wrapper scripts for building hardened executables by default'
+arch=(i686 x86_64)
+url='https://archlinux.org/'
+license=('GPL')
+depends=(bash)
+backup=(etc/hardening-wrapper.conf)
+source=(cc-wrapper.sh ld-wrapper.sh common.sh path.sh
+        hardening-wrapper-i686.conf hardening-wrapper-x86_64.conf)
+sha1sums=('683aefa825cdc070262e7e605e8b33907e92cd2a'
+          'e8c1fc067c15631fee3ba6282b1c2aa90f25c12b'
+          '517afb3bd75a9f9e13aedb19079d26cd76d52bd2'
+          '1e5f6d9931f01b26bb4b6fbb839e21d34d534cdc'
+          '4d7a8f4818c531ce7002e860e0654b42b6147037'
+          '50db33c08439393b673c23d542e274beef44fbdd')
+
+package() {
+  install -Dm644 hardening-wrapper-${CARCH}.conf "$pkgdir/etc/hardening-wrapper.conf"
+  install -Dm644 path.sh "$pkgdir/etc/profile.d/hardening-wrapper.sh"
+
+  base="$pkgdir/usr/lib/hardening-wrapper"
+
+  mkdir -p "$base/bin"
+  install -m755 {cc,ld}-wrapper.sh "$base"
+  install -m644 common.sh "$base"
+
+  ln "$base/cc-wrapper.sh" "$base/bin/c89"
+  ln "$base/cc-wrapper.sh" "$base/bin/c99"
+  ln "$base/cc-wrapper.sh" "$base/bin/cc"
+  ln "$base/cc-wrapper.sh" "$base/bin/c++"
+  ln "$base/cc-wrapper.sh" "$base/bin/clang"
+  ln "$base/cc-wrapper.sh" "$base/bin/clang++"
+  ln "$base/cc-wrapper.sh" "$base/bin/gcc"
+  ln "$base/cc-wrapper.sh" "$base/bin/g++"
+
+  ln "$base/ld-wrapper.sh" "$base/bin/ld"
+  ln "$base/ld-wrapper.sh" "$base/bin/ld.bfd"
+  ln "$base/ld-wrapper.sh" "$base/bin/ld.gold"
+}

Deleted: community-i686/cc-wrapper.sh
===================================================================
--- community-i686/cc-wrapper.sh	2014-12-25 22:38:59 UTC (rev 124584)
+++ community-i686/cc-wrapper.sh	2014-12-25 22:40:04 UTC (rev 124585)
@@ -1,89 +0,0 @@
-#!/bin/bash
-
-. /usr/lib/hardening-wrapper/common.sh
-
-declare -A default
-while IFS== read key value; do
-  default["$key"]="$value"
-done < /etc/hardening-wrapper.conf
-
-force_fPIE="${HARDENING_PIE:-"${default[HARDENING_PIE]:-1}"}"
-force_fortify="${HARDENING_FORTIFY:-"${default[HARDENING_FORTIFY]:-2}"}"
-force_pie="${HARDENING_PIE:-"${default[HARDENING_PIE]:-1}"}"
-force_stack_check="${HARDENING_STACK_CHECK:-"${default[HARDENING_STACK_CHECK]:-0}"}"
-force_stack_protector="${HARDENING_STACK_PROTECTOR:-${default[HARDENING_STACK_PROTECTOR]:-2}}"
-
-optimizing=0
-
-for opt; do
-  case "$opt" in
-    -fno-PIC|-fno-pic|-fno-PIE|-fno-pie|-nopie|-static|--static|-shared|--shared|-D__KERNEL__|-nostdlib|-nostartfiles)
-      force_fPIE=0
-      force_pie=0
-      ;;
-    -fPIC|-fpic|-fPIE|-fpie)
-      force_fPIE=0
-      ;;
-    -c|-E|-S)
-      force_pie=0
-      ;;
-    -nostdlib|-ffreestanding)
-      force_stack_protector=0
-      ;;
-    -D_FORTIFY_SOURCE*)
-      force_fortify=0
-      ;;
-    -O0)
-      optimizing=0
-      ;;
-    -O*)
-      optimizing=1
-      ;;
-  esac
-done
-
-arguments=(-B/usr/lib/hardening-wrapper/bin)
-
-case "$force_fPIE" in
-  0) ;;
-  1) arguments+=(-fPIE) ;;
-  *) error 'invalid value for HARDENING_PIE' ;;
-esac
-
-case "$force_fortify" in
-  0) ;;
-  1|2) (( optimizing )) && arguments+=(-D_FORTIFY_SOURCE=$force_fortify) ;;
-  *) error 'invalid value for HARDENING_FORTIFY' ;;
-esac
-
-case "$force_pie" in
-  0) ;;
-  1) arguments+=(-pie) ;;
-  *) error 'invalid value for HARDENING_PIE' ;;
-esac
-
-case "$force_stack_check" in
-  0) ;;
-  1) arguments+=(-fstack-check) ;;
-  *) error 'invalid value for HARDENING_STACK_CHECK' ;;
-esac
-
-case "$force_stack_protector" in
-  0) ;;
-  1) arguments+=(-fstack-protector) ;;
-  2) arguments+=(-fstack-protector-strong) ;;
-  3) arguments+=(-fstack-protector-all) ;;
-  *) error 'invalid value for HARDENING_STACK_PROTECTOR' ;;
-esac
-
-unwrapped=false
-IFS=: read -ra path <<< "$PATH";
-for p in "${path[@]}"; do
-  binary="$p/${0##*/}"
-  if [[ "$binary" != "$0" && -x "$binary" ]]; then
-    unwrapped="$binary"
-    break
-  fi
-done
-
-exec "$unwrapped" "${arguments[@]}" "$@"

Copied: hardening-wrapper/repos/community-i686/cc-wrapper.sh (from rev 124584, hardening-wrapper/trunk/cc-wrapper.sh)
===================================================================
--- community-i686/cc-wrapper.sh	                        (rev 0)
+++ community-i686/cc-wrapper.sh	2014-12-25 22:40:04 UTC (rev 124585)
@@ -0,0 +1,79 @@
+#!/bin/bash
+
+. /usr/lib/hardening-wrapper/common.sh
+
+declare -A default
+while IFS== read key value; do
+  default["$key"]="$value"
+done < /etc/hardening-wrapper.conf
+
+force_fPIE="${HARDENING_PIE:-"${default[HARDENING_PIE]:-1}"}"
+force_fortify="${HARDENING_FORTIFY:-"${default[HARDENING_FORTIFY]:-2}"}"
+force_pie="${HARDENING_PIE:-"${default[HARDENING_PIE]:-1}"}"
+force_stack_check="${HARDENING_STACK_CHECK:-"${default[HARDENING_STACK_CHECK]:-0}"}"
+force_stack_protector="${HARDENING_STACK_PROTECTOR:-${default[HARDENING_STACK_PROTECTOR]:-2}}"
+
+optimizing=0
+
+for opt; do
+  case "$opt" in
+    -fno-PIC|-fno-pic|-fno-PIE|-fno-pie|-nopie|-static|--static|-shared|--shared|-D__KERNEL__|-nostdlib|-nostartfiles)
+      force_fPIE=0
+      force_pie=0
+      ;;
+    -fPIC|-fpic|-fPIE|-fpie)
+      force_fPIE=0
+      ;;
+    -c|-E|-S)
+      force_pie=0
+      ;;
+    -nostdlib|-ffreestanding)
+      force_stack_protector=0
+      ;;
+    -D_FORTIFY_SOURCE*)
+      force_fortify=0
+      ;;
+    -O0)
+      optimizing=0
+      ;;
+    -O*)
+      optimizing=1
+      ;;
+  esac
+done
+
+arguments=(-B/usr/lib/hardening-wrapper/bin)
+
+case "$force_fPIE" in
+  0) ;;
+  1) arguments+=(-fPIE) ;;
+  *) error 'invalid value for HARDENING_PIE' ;;
+esac
+
+case "$force_fortify" in
+  0) ;;
+  1|2) (( optimizing )) && arguments+=(-D_FORTIFY_SOURCE=$force_fortify) ;;
+  *) error 'invalid value for HARDENING_FORTIFY' ;;
+esac
+
+case "$force_pie" in
+  0) ;;
+  1) arguments+=(-pie) ;;
+  *) error 'invalid value for HARDENING_PIE' ;;
+esac
+
+case "$force_stack_check" in
+  0) ;;
+  1) arguments+=(-fstack-check) ;;
+  *) error 'invalid value for HARDENING_STACK_CHECK' ;;
+esac
+
+case "$force_stack_protector" in
+  0) ;;
+  1) arguments+=(-fstack-protector) ;;
+  2) arguments+=(-fstack-protector-strong) ;;
+  3) arguments+=(-fstack-protector-all) ;;
+  *) error 'invalid value for HARDENING_STACK_PROTECTOR' ;;
+esac
+
+run_wrapped_binary "$@"

Deleted: community-i686/common.sh
===================================================================
--- community-i686/common.sh	2014-12-25 22:38:59 UTC (rev 124584)
+++ community-i686/common.sh	2014-12-25 22:40:04 UTC (rev 124585)
@@ -1,4 +0,0 @@
-error() {
-  printf "%s\n" "$1" >&2
-  exit 1
-}

Copied: hardening-wrapper/repos/community-i686/common.sh (from rev 124584, hardening-wrapper/trunk/common.sh)
===================================================================
--- community-i686/common.sh	                        (rev 0)
+++ community-i686/common.sh	2014-12-25 22:40:04 UTC (rev 124585)
@@ -0,0 +1,24 @@
+error() {
+  printf "%s\n" "$1" >&2
+  exit 1
+}
+
+run_wrapped_binary() {
+  # search for the wrapped binary in $PATH
+  #
+  # ignore paths before our own for compatibility with other wrappers
+  unwrapped=false
+  self=false
+  IFS=: read -ra path <<< "$PATH";
+  for p in "${path[@]}"; do
+    binary="$p/${0##*/}"
+    if $self && [[ -x "$binary" ]]; then
+      unwrapped="$binary"
+      break
+    elif [[ "$binary" -ef "$0" ]]; then
+      self=true
+    fi
+  done
+
+  exec "$unwrapped" "${arguments[@]}" "$@"
+}

Deleted: community-i686/hardening-wrapper-i686.conf
===================================================================
--- community-i686/hardening-wrapper-i686.conf	2014-12-25 22:38:59 UTC (rev 124584)
+++ community-i686/hardening-wrapper-i686.conf	2014-12-25 22:40:04 UTC (rev 124585)
@@ -1,6 +0,0 @@
-HARDENING_BINDNOW=0
-HARDENING_PIE=0
-HARDENING_FORTIFY=2
-HARDENING_RELRO=1
-HARDENING_STACK_CHECK=0
-HARDENING_STACK_PROTECTOR=2

Copied: hardening-wrapper/repos/community-i686/hardening-wrapper-i686.conf (from rev 124584, hardening-wrapper/trunk/hardening-wrapper-i686.conf)
===================================================================
--- community-i686/hardening-wrapper-i686.conf	                        (rev 0)
+++ community-i686/hardening-wrapper-i686.conf	2014-12-25 22:40:04 UTC (rev 124585)
@@ -0,0 +1,6 @@
+HARDENING_BINDNOW=0
+HARDENING_PIE=0
+HARDENING_FORTIFY=2
+HARDENING_RELRO=1
+HARDENING_STACK_CHECK=0
+HARDENING_STACK_PROTECTOR=2

Deleted: community-i686/hardening-wrapper-x86_64.conf
===================================================================
--- community-i686/hardening-wrapper-x86_64.conf	2014-12-25 22:38:59 UTC (rev 124584)
+++ community-i686/hardening-wrapper-x86_64.conf	2014-12-25 22:40:04 UTC (rev 124585)
@@ -1,6 +0,0 @@
-HARDENING_BINDNOW=0
-HARDENING_PIE=1
-HARDENING_FORTIFY=2
-HARDENING_RELRO=1
-HARDENING_STACK_CHECK=0
-HARDENING_STACK_PROTECTOR=2

Copied: hardening-wrapper/repos/community-i686/hardening-wrapper-x86_64.conf (from rev 124584, hardening-wrapper/trunk/hardening-wrapper-x86_64.conf)
===================================================================
--- community-i686/hardening-wrapper-x86_64.conf	                        (rev 0)
+++ community-i686/hardening-wrapper-x86_64.conf	2014-12-25 22:40:04 UTC (rev 124585)
@@ -0,0 +1,6 @@
+HARDENING_BINDNOW=0
+HARDENING_PIE=1
+HARDENING_FORTIFY=2
+HARDENING_RELRO=1
+HARDENING_STACK_CHECK=0
+HARDENING_STACK_PROTECTOR=2

Deleted: community-i686/ld-wrapper.sh
===================================================================
--- community-i686/ld-wrapper.sh	2014-12-25 22:38:59 UTC (rev 124584)
+++ community-i686/ld-wrapper.sh	2014-12-25 22:40:04 UTC (rev 124585)
@@ -1,35 +0,0 @@
-#!/bin/bash
-
-. /usr/lib/hardening-wrapper/common.sh
-
-declare -A default
-while IFS== read key value; do
-  default["$key"]="$value"
-done < /etc/hardening-wrapper.conf
-
-force_bindnow="${HARDENING_BINDNOW:-"${default[HARDENING_BINDNOW]:-1}"}"
-force_relro="${HARDENING_RELRO:-"${default[HARDENING_RELRO]:-1}"}"
-
-case "$force_bindnow" in
-  0) ;;
-  1) arguments+=(-z now) ;;
-  *) error 'invalid value for HARDENING_BINDNOW' ;;
-esac
-
-case "$force_relro" in
-  0) ;;
-  1) arguments+=(-z relro) ;;
-  *) error 'invalid value for HARDENING_RELRO' ;;
-esac
-
-unwrapped=false
-IFS=: read -ra path <<< "$PATH";
-for p in "${path[@]}"; do
-  binary="$p/${0##*/}"
-  if [[ "$binary" != "$0" && -x "$binary" ]]; then
-    unwrapped="$binary"
-    break
-  fi
-done
-
-exec "$unwrapped" "${arguments[@]}" "$@"

Copied: hardening-wrapper/repos/community-i686/ld-wrapper.sh (from rev 124584, hardening-wrapper/trunk/ld-wrapper.sh)
===================================================================
--- community-i686/ld-wrapper.sh	                        (rev 0)
+++ community-i686/ld-wrapper.sh	2014-12-25 22:40:04 UTC (rev 124585)
@@ -0,0 +1,25 @@
+#!/bin/bash
+
+. /usr/lib/hardening-wrapper/common.sh
+
+declare -A default
+while IFS== read key value; do
+  default["$key"]="$value"
+done < /etc/hardening-wrapper.conf
+
+force_bindnow="${HARDENING_BINDNOW:-"${default[HARDENING_BINDNOW]:-1}"}"
+force_relro="${HARDENING_RELRO:-"${default[HARDENING_RELRO]:-1}"}"
+
+case "$force_bindnow" in
+  0) ;;
+  1) arguments+=(-z now) ;;
+  *) error 'invalid value for HARDENING_BINDNOW' ;;
+esac
+
+case "$force_relro" in
+  0) ;;
+  1) arguments+=(-z relro) ;;
+  *) error 'invalid value for HARDENING_RELRO' ;;
+esac
+
+run_wrapped_binary "$@"

Deleted: community-i686/path.sh
===================================================================
--- community-i686/path.sh	2014-12-25 22:38:59 UTC (rev 124584)
+++ community-i686/path.sh	2014-12-25 22:40:04 UTC (rev 124585)
@@ -1 +0,0 @@
-export PATH="/usr/lib/hardening-wrapper/bin:$PATH"

Copied: hardening-wrapper/repos/community-i686/path.sh (from rev 124584, hardening-wrapper/trunk/path.sh)
===================================================================
--- community-i686/path.sh	                        (rev 0)
+++ community-i686/path.sh	2014-12-25 22:40:04 UTC (rev 124585)
@@ -0,0 +1 @@
+export PATH="/usr/lib/hardening-wrapper/bin:$PATH"

Deleted: community-x86_64/PKGBUILD
===================================================================
--- community-x86_64/PKGBUILD	2014-12-25 22:38:59 UTC (rev 124584)
+++ community-x86_64/PKGBUILD	2014-12-25 22:40:04 UTC (rev 124585)
@@ -1,41 +0,0 @@
-# $Id$
-# Maintainer: Daniel Micay <danielmicay at gmail.com>
-pkgname=hardening-wrapper
-pkgver=6
-pkgrel=1
-pkgdesc='Wrapper scripts for building hardened executables by default'
-arch=(i686 x86_64)
-url='https://archlinux.org/'
-license=('GPL')
-depends=(bash)
-backup=(etc/hardening-wrapper.conf)
-source=(cc-wrapper.sh ld-wrapper.sh common.sh path.sh
-        hardening-wrapper-i686.conf hardening-wrapper-x86_64.conf)
-sha1sums=('793f885b61b96a23791d786e99a56c7b67c74fee'
-          '1091ff9c65a60fa785ecb5b825db1ab6dfd310ff'
-          '0c420f5323c0573d5c23c0ff8981025e2ba347ff'
-          '1e5f6d9931f01b26bb4b6fbb839e21d34d534cdc'
-          '4d7a8f4818c531ce7002e860e0654b42b6147037'
-          '50db33c08439393b673c23d542e274beef44fbdd')
-
-package() {
-  install -Dm644 hardening-wrapper-${CARCH}.conf "$pkgdir/etc/hardening-wrapper.conf"
-  install -Dm644 path.sh "$pkgdir/etc/profile.d/hardening-wrapper.sh"
-
-  mkdir -p "$pkgdir/usr/lib/hardening-wrapper/bin"
-  install -m755 {cc,ld}-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper"
-  install -m644 common.sh "$pkgdir/usr/lib/hardening-wrapper"
-
-  ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/c89"
-  ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/c99"
-  ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/cc"
-  ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/c++"
-  ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/clang"
-  ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/clang++"
-  ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/gcc"
-  ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/g++"
-
-  ln -s ../ld-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/ld"
-  ln -s ../ld-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/ld.bfd"
-  ln -s ../ld-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/ld.gold"
-}

Copied: hardening-wrapper/repos/community-x86_64/PKGBUILD (from rev 124584, hardening-wrapper/trunk/PKGBUILD)
===================================================================
--- community-x86_64/PKGBUILD	                        (rev 0)
+++ community-x86_64/PKGBUILD	2014-12-25 22:40:04 UTC (rev 124585)
@@ -0,0 +1,43 @@
+# $Id$
+# Maintainer: Daniel Micay <danielmicay at gmail.com>
+pkgname=hardening-wrapper
+pkgver=7
+pkgrel=1
+pkgdesc='Wrapper scripts for building hardened executables by default'
+arch=(i686 x86_64)
+url='https://archlinux.org/'
+license=('GPL')
+depends=(bash)
+backup=(etc/hardening-wrapper.conf)
+source=(cc-wrapper.sh ld-wrapper.sh common.sh path.sh
+        hardening-wrapper-i686.conf hardening-wrapper-x86_64.conf)
+sha1sums=('683aefa825cdc070262e7e605e8b33907e92cd2a'
+          'e8c1fc067c15631fee3ba6282b1c2aa90f25c12b'
+          '517afb3bd75a9f9e13aedb19079d26cd76d52bd2'
+          '1e5f6d9931f01b26bb4b6fbb839e21d34d534cdc'
+          '4d7a8f4818c531ce7002e860e0654b42b6147037'
+          '50db33c08439393b673c23d542e274beef44fbdd')
+
+package() {
+  install -Dm644 hardening-wrapper-${CARCH}.conf "$pkgdir/etc/hardening-wrapper.conf"
+  install -Dm644 path.sh "$pkgdir/etc/profile.d/hardening-wrapper.sh"
+
+  base="$pkgdir/usr/lib/hardening-wrapper"
+
+  mkdir -p "$base/bin"
+  install -m755 {cc,ld}-wrapper.sh "$base"
+  install -m644 common.sh "$base"
+
+  ln "$base/cc-wrapper.sh" "$base/bin/c89"
+  ln "$base/cc-wrapper.sh" "$base/bin/c99"
+  ln "$base/cc-wrapper.sh" "$base/bin/cc"
+  ln "$base/cc-wrapper.sh" "$base/bin/c++"
+  ln "$base/cc-wrapper.sh" "$base/bin/clang"
+  ln "$base/cc-wrapper.sh" "$base/bin/clang++"
+  ln "$base/cc-wrapper.sh" "$base/bin/gcc"
+  ln "$base/cc-wrapper.sh" "$base/bin/g++"
+
+  ln "$base/ld-wrapper.sh" "$base/bin/ld"
+  ln "$base/ld-wrapper.sh" "$base/bin/ld.bfd"
+  ln "$base/ld-wrapper.sh" "$base/bin/ld.gold"
+}

Deleted: community-x86_64/cc-wrapper.sh
===================================================================
--- community-x86_64/cc-wrapper.sh	2014-12-25 22:38:59 UTC (rev 124584)
+++ community-x86_64/cc-wrapper.sh	2014-12-25 22:40:04 UTC (rev 124585)
@@ -1,89 +0,0 @@
-#!/bin/bash
-
-. /usr/lib/hardening-wrapper/common.sh
-
-declare -A default
-while IFS== read key value; do
-  default["$key"]="$value"
-done < /etc/hardening-wrapper.conf
-
-force_fPIE="${HARDENING_PIE:-"${default[HARDENING_PIE]:-1}"}"
-force_fortify="${HARDENING_FORTIFY:-"${default[HARDENING_FORTIFY]:-2}"}"
-force_pie="${HARDENING_PIE:-"${default[HARDENING_PIE]:-1}"}"
-force_stack_check="${HARDENING_STACK_CHECK:-"${default[HARDENING_STACK_CHECK]:-0}"}"
-force_stack_protector="${HARDENING_STACK_PROTECTOR:-${default[HARDENING_STACK_PROTECTOR]:-2}}"
-
-optimizing=0
-
-for opt; do
-  case "$opt" in
-    -fno-PIC|-fno-pic|-fno-PIE|-fno-pie|-nopie|-static|--static|-shared|--shared|-D__KERNEL__|-nostdlib|-nostartfiles)
-      force_fPIE=0
-      force_pie=0
-      ;;
-    -fPIC|-fpic|-fPIE|-fpie)
-      force_fPIE=0
-      ;;
-    -c|-E|-S)
-      force_pie=0
-      ;;
-    -nostdlib|-ffreestanding)
-      force_stack_protector=0
-      ;;
-    -D_FORTIFY_SOURCE*)
-      force_fortify=0
-      ;;
-    -O0)
-      optimizing=0
-      ;;
-    -O*)
-      optimizing=1
-      ;;
-  esac
-done
-
-arguments=(-B/usr/lib/hardening-wrapper/bin)
-
-case "$force_fPIE" in
-  0) ;;
-  1) arguments+=(-fPIE) ;;
-  *) error 'invalid value for HARDENING_PIE' ;;
-esac
-
-case "$force_fortify" in
-  0) ;;
-  1|2) (( optimizing )) && arguments+=(-D_FORTIFY_SOURCE=$force_fortify) ;;
-  *) error 'invalid value for HARDENING_FORTIFY' ;;
-esac
-
-case "$force_pie" in
-  0) ;;
-  1) arguments+=(-pie) ;;
-  *) error 'invalid value for HARDENING_PIE' ;;
-esac
-
-case "$force_stack_check" in
-  0) ;;
-  1) arguments+=(-fstack-check) ;;
-  *) error 'invalid value for HARDENING_STACK_CHECK' ;;
-esac
-
-case "$force_stack_protector" in
-  0) ;;
-  1) arguments+=(-fstack-protector) ;;
-  2) arguments+=(-fstack-protector-strong) ;;
-  3) arguments+=(-fstack-protector-all) ;;
-  *) error 'invalid value for HARDENING_STACK_PROTECTOR' ;;
-esac
-
-unwrapped=false
-IFS=: read -ra path <<< "$PATH";
-for p in "${path[@]}"; do
-  binary="$p/${0##*/}"
-  if [[ "$binary" != "$0" && -x "$binary" ]]; then
-    unwrapped="$binary"
-    break
-  fi
-done
-
-exec "$unwrapped" "${arguments[@]}" "$@"

Copied: hardening-wrapper/repos/community-x86_64/cc-wrapper.sh (from rev 124584, hardening-wrapper/trunk/cc-wrapper.sh)
===================================================================
--- community-x86_64/cc-wrapper.sh	                        (rev 0)
+++ community-x86_64/cc-wrapper.sh	2014-12-25 22:40:04 UTC (rev 124585)
@@ -0,0 +1,79 @@
+#!/bin/bash
+
+. /usr/lib/hardening-wrapper/common.sh
+
+declare -A default
+while IFS== read key value; do
+  default["$key"]="$value"
+done < /etc/hardening-wrapper.conf
+
+force_fPIE="${HARDENING_PIE:-"${default[HARDENING_PIE]:-1}"}"
+force_fortify="${HARDENING_FORTIFY:-"${default[HARDENING_FORTIFY]:-2}"}"
+force_pie="${HARDENING_PIE:-"${default[HARDENING_PIE]:-1}"}"
+force_stack_check="${HARDENING_STACK_CHECK:-"${default[HARDENING_STACK_CHECK]:-0}"}"
+force_stack_protector="${HARDENING_STACK_PROTECTOR:-${default[HARDENING_STACK_PROTECTOR]:-2}}"
+
+optimizing=0
+
+for opt; do
+  case "$opt" in
+    -fno-PIC|-fno-pic|-fno-PIE|-fno-pie|-nopie|-static|--static|-shared|--shared|-D__KERNEL__|-nostdlib|-nostartfiles)
+      force_fPIE=0
+      force_pie=0
+      ;;
+    -fPIC|-fpic|-fPIE|-fpie)
+      force_fPIE=0
+      ;;
+    -c|-E|-S)
+      force_pie=0
+      ;;
+    -nostdlib|-ffreestanding)
+      force_stack_protector=0
+      ;;
+    -D_FORTIFY_SOURCE*)
+      force_fortify=0
+      ;;
+    -O0)
+      optimizing=0
+      ;;
+    -O*)
+      optimizing=1
+      ;;
+  esac
+done
+
+arguments=(-B/usr/lib/hardening-wrapper/bin)
+
+case "$force_fPIE" in
+  0) ;;
+  1) arguments+=(-fPIE) ;;
+  *) error 'invalid value for HARDENING_PIE' ;;
+esac
+
+case "$force_fortify" in
+  0) ;;
+  1|2) (( optimizing )) && arguments+=(-D_FORTIFY_SOURCE=$force_fortify) ;;
+  *) error 'invalid value for HARDENING_FORTIFY' ;;
+esac
+
+case "$force_pie" in
+  0) ;;
+  1) arguments+=(-pie) ;;
+  *) error 'invalid value for HARDENING_PIE' ;;
+esac
+
+case "$force_stack_check" in
+  0) ;;
+  1) arguments+=(-fstack-check) ;;
+  *) error 'invalid value for HARDENING_STACK_CHECK' ;;
+esac
+
+case "$force_stack_protector" in
+  0) ;;
+  1) arguments+=(-fstack-protector) ;;
+  2) arguments+=(-fstack-protector-strong) ;;
+  3) arguments+=(-fstack-protector-all) ;;
+  *) error 'invalid value for HARDENING_STACK_PROTECTOR' ;;
+esac
+
+run_wrapped_binary "$@"

Deleted: community-x86_64/common.sh
===================================================================
--- community-x86_64/common.sh	2014-12-25 22:38:59 UTC (rev 124584)
+++ community-x86_64/common.sh	2014-12-25 22:40:04 UTC (rev 124585)
@@ -1,4 +0,0 @@
-error() {
-  printf "%s\n" "$1" >&2
-  exit 1
-}

Copied: hardening-wrapper/repos/community-x86_64/common.sh (from rev 124584, hardening-wrapper/trunk/common.sh)
===================================================================
--- community-x86_64/common.sh	                        (rev 0)
+++ community-x86_64/common.sh	2014-12-25 22:40:04 UTC (rev 124585)
@@ -0,0 +1,24 @@
+error() {
+  printf "%s\n" "$1" >&2
+  exit 1
+}
+
+run_wrapped_binary() {
+  # search for the wrapped binary in $PATH
+  #
+  # ignore paths before our own for compatibility with other wrappers
+  unwrapped=false
+  self=false
+  IFS=: read -ra path <<< "$PATH";
+  for p in "${path[@]}"; do
+    binary="$p/${0##*/}"
+    if $self && [[ -x "$binary" ]]; then
+      unwrapped="$binary"
+      break
+    elif [[ "$binary" -ef "$0" ]]; then
+      self=true
+    fi
+  done
+
+  exec "$unwrapped" "${arguments[@]}" "$@"
+}

Deleted: community-x86_64/hardening-wrapper-i686.conf
===================================================================
--- community-x86_64/hardening-wrapper-i686.conf	2014-12-25 22:38:59 UTC (rev 124584)
+++ community-x86_64/hardening-wrapper-i686.conf	2014-12-25 22:40:04 UTC (rev 124585)
@@ -1,6 +0,0 @@
-HARDENING_BINDNOW=0
-HARDENING_PIE=0
-HARDENING_FORTIFY=2
-HARDENING_RELRO=1
-HARDENING_STACK_CHECK=0
-HARDENING_STACK_PROTECTOR=2

Copied: hardening-wrapper/repos/community-x86_64/hardening-wrapper-i686.conf (from rev 124584, hardening-wrapper/trunk/hardening-wrapper-i686.conf)
===================================================================
--- community-x86_64/hardening-wrapper-i686.conf	                        (rev 0)
+++ community-x86_64/hardening-wrapper-i686.conf	2014-12-25 22:40:04 UTC (rev 124585)
@@ -0,0 +1,6 @@
+HARDENING_BINDNOW=0
+HARDENING_PIE=0
+HARDENING_FORTIFY=2
+HARDENING_RELRO=1
+HARDENING_STACK_CHECK=0
+HARDENING_STACK_PROTECTOR=2

Deleted: community-x86_64/hardening-wrapper-x86_64.conf
===================================================================
--- community-x86_64/hardening-wrapper-x86_64.conf	2014-12-25 22:38:59 UTC (rev 124584)
+++ community-x86_64/hardening-wrapper-x86_64.conf	2014-12-25 22:40:04 UTC (rev 124585)
@@ -1,6 +0,0 @@
-HARDENING_BINDNOW=0
-HARDENING_PIE=1
-HARDENING_FORTIFY=2
-HARDENING_RELRO=1
-HARDENING_STACK_CHECK=0
-HARDENING_STACK_PROTECTOR=2

Copied: hardening-wrapper/repos/community-x86_64/hardening-wrapper-x86_64.conf (from rev 124584, hardening-wrapper/trunk/hardening-wrapper-x86_64.conf)
===================================================================
--- community-x86_64/hardening-wrapper-x86_64.conf	                        (rev 0)
+++ community-x86_64/hardening-wrapper-x86_64.conf	2014-12-25 22:40:04 UTC (rev 124585)
@@ -0,0 +1,6 @@
+HARDENING_BINDNOW=0
+HARDENING_PIE=1
+HARDENING_FORTIFY=2
+HARDENING_RELRO=1
+HARDENING_STACK_CHECK=0
+HARDENING_STACK_PROTECTOR=2

Deleted: community-x86_64/ld-wrapper.sh
===================================================================
--- community-x86_64/ld-wrapper.sh	2014-12-25 22:38:59 UTC (rev 124584)
+++ community-x86_64/ld-wrapper.sh	2014-12-25 22:40:04 UTC (rev 124585)
@@ -1,35 +0,0 @@
-#!/bin/bash
-
-. /usr/lib/hardening-wrapper/common.sh
-
-declare -A default
-while IFS== read key value; do
-  default["$key"]="$value"
-done < /etc/hardening-wrapper.conf
-
-force_bindnow="${HARDENING_BINDNOW:-"${default[HARDENING_BINDNOW]:-1}"}"
-force_relro="${HARDENING_RELRO:-"${default[HARDENING_RELRO]:-1}"}"
-
-case "$force_bindnow" in
-  0) ;;
-  1) arguments+=(-z now) ;;
-  *) error 'invalid value for HARDENING_BINDNOW' ;;
-esac
-
-case "$force_relro" in
-  0) ;;
-  1) arguments+=(-z relro) ;;
-  *) error 'invalid value for HARDENING_RELRO' ;;
-esac
-
-unwrapped=false
-IFS=: read -ra path <<< "$PATH";
-for p in "${path[@]}"; do
-  binary="$p/${0##*/}"
-  if [[ "$binary" != "$0" && -x "$binary" ]]; then
-    unwrapped="$binary"
-    break
-  fi
-done
-
-exec "$unwrapped" "${arguments[@]}" "$@"

Copied: hardening-wrapper/repos/community-x86_64/ld-wrapper.sh (from rev 124584, hardening-wrapper/trunk/ld-wrapper.sh)
===================================================================
--- community-x86_64/ld-wrapper.sh	                        (rev 0)
+++ community-x86_64/ld-wrapper.sh	2014-12-25 22:40:04 UTC (rev 124585)
@@ -0,0 +1,25 @@
+#!/bin/bash
+
+. /usr/lib/hardening-wrapper/common.sh
+
+declare -A default
+while IFS== read key value; do
+  default["$key"]="$value"
+done < /etc/hardening-wrapper.conf
+
+force_bindnow="${HARDENING_BINDNOW:-"${default[HARDENING_BINDNOW]:-1}"}"
+force_relro="${HARDENING_RELRO:-"${default[HARDENING_RELRO]:-1}"}"
+
+case "$force_bindnow" in
+  0) ;;
+  1) arguments+=(-z now) ;;
+  *) error 'invalid value for HARDENING_BINDNOW' ;;
+esac
+
+case "$force_relro" in
+  0) ;;
+  1) arguments+=(-z relro) ;;
+  *) error 'invalid value for HARDENING_RELRO' ;;
+esac
+
+run_wrapped_binary "$@"

Deleted: community-x86_64/path.sh
===================================================================
--- community-x86_64/path.sh	2014-12-25 22:38:59 UTC (rev 124584)
+++ community-x86_64/path.sh	2014-12-25 22:40:04 UTC (rev 124585)
@@ -1 +0,0 @@
-export PATH="/usr/lib/hardening-wrapper/bin:$PATH"

Copied: hardening-wrapper/repos/community-x86_64/path.sh (from rev 124584, hardening-wrapper/trunk/path.sh)
===================================================================
--- community-x86_64/path.sh	                        (rev 0)
+++ community-x86_64/path.sh	2014-12-25 22:40:04 UTC (rev 124585)
@@ -0,0 +1 @@
+export PATH="/usr/lib/hardening-wrapper/bin:$PATH"



More information about the arch-commits mailing list