[arch-commits] Commit in hardening-wrapper/trunk (3 files)
Daniel Micay
thestinger at archlinux.org
Fri Dec 26 01:14:54 UTC 2014
Date: Friday, December 26, 2014 @ 02:14:54
Author: thestinger
Revision: 124589
upgpkg: hardening-wrapper 8-1
Deleted:
hardening-wrapper/trunk/cc-wrapper.sh
hardening-wrapper/trunk/common.sh
hardening-wrapper/trunk/ld-wrapper.sh
---------------+
cc-wrapper.sh | 79 --------------------------------------------------------
common.sh | 24 -----------------
ld-wrapper.sh | 25 -----------------
3 files changed, 128 deletions(-)
Deleted: cc-wrapper.sh
===================================================================
--- cc-wrapper.sh 2014-12-26 01:10:39 UTC (rev 124588)
+++ cc-wrapper.sh 2014-12-26 01:14:54 UTC (rev 124589)
@@ -1,79 +0,0 @@
-#!/bin/bash
-
-. /usr/lib/hardening-wrapper/common.sh
-
-declare -A default
-while IFS== read key value; do
- default["$key"]="$value"
-done < /etc/hardening-wrapper.conf
-
-force_fPIE="${HARDENING_PIE:-"${default[HARDENING_PIE]:-1}"}"
-force_fortify="${HARDENING_FORTIFY:-"${default[HARDENING_FORTIFY]:-2}"}"
-force_pie="${HARDENING_PIE:-"${default[HARDENING_PIE]:-1}"}"
-force_stack_check="${HARDENING_STACK_CHECK:-"${default[HARDENING_STACK_CHECK]:-0}"}"
-force_stack_protector="${HARDENING_STACK_PROTECTOR:-${default[HARDENING_STACK_PROTECTOR]:-2}}"
-
-optimizing=0
-
-for opt; do
- case "$opt" in
- -fno-PIC|-fno-pic|-fno-PIE|-fno-pie|-nopie|-static|--static|-shared|--shared|-D__KERNEL__|-nostdlib|-nostartfiles)
- force_fPIE=0
- force_pie=0
- ;;
- -fPIC|-fpic|-fPIE|-fpie)
- force_fPIE=0
- ;;
- -c|-E|-S)
- force_pie=0
- ;;
- -nostdlib|-ffreestanding)
- force_stack_protector=0
- ;;
- -D_FORTIFY_SOURCE*)
- force_fortify=0
- ;;
- -O0)
- optimizing=0
- ;;
- -O*)
- optimizing=1
- ;;
- esac
-done
-
-arguments=(-B/usr/lib/hardening-wrapper/bin)
-
-case "$force_fPIE" in
- 0) ;;
- 1) arguments+=(-fPIE) ;;
- *) error 'invalid value for HARDENING_PIE' ;;
-esac
-
-case "$force_fortify" in
- 0) ;;
- 1|2) (( optimizing )) && arguments+=(-D_FORTIFY_SOURCE=$force_fortify) ;;
- *) error 'invalid value for HARDENING_FORTIFY' ;;
-esac
-
-case "$force_pie" in
- 0) ;;
- 1) arguments+=(-pie) ;;
- *) error 'invalid value for HARDENING_PIE' ;;
-esac
-
-case "$force_stack_check" in
- 0) ;;
- 1) arguments+=(-fstack-check) ;;
- *) error 'invalid value for HARDENING_STACK_CHECK' ;;
-esac
-
-case "$force_stack_protector" in
- 0) ;;
- 1) arguments+=(-fstack-protector) ;;
- 2) arguments+=(-fstack-protector-strong) ;;
- 3) arguments+=(-fstack-protector-all) ;;
- *) error 'invalid value for HARDENING_STACK_PROTECTOR' ;;
-esac
-
-run_wrapped_binary "$@"
Deleted: common.sh
===================================================================
--- common.sh 2014-12-26 01:10:39 UTC (rev 124588)
+++ common.sh 2014-12-26 01:14:54 UTC (rev 124589)
@@ -1,24 +0,0 @@
-error() {
- printf "%s\n" "$1" >&2
- exit 1
-}
-
-run_wrapped_binary() {
- # search for the wrapped binary in $PATH
- #
- # ignore paths before our own for compatibility with other wrappers
- unwrapped=false
- self=false
- IFS=: read -ra path <<< "$PATH";
- for p in "${path[@]}"; do
- binary="$p/${0##*/}"
- if $self && [[ -x "$binary" ]]; then
- unwrapped="$binary"
- break
- elif [[ "$binary" -ef "$0" ]]; then
- self=true
- fi
- done
-
- exec "$unwrapped" "${arguments[@]}" "$@"
-}
Deleted: ld-wrapper.sh
===================================================================
--- ld-wrapper.sh 2014-12-26 01:10:39 UTC (rev 124588)
+++ ld-wrapper.sh 2014-12-26 01:14:54 UTC (rev 124589)
@@ -1,25 +0,0 @@
-#!/bin/bash
-
-. /usr/lib/hardening-wrapper/common.sh
-
-declare -A default
-while IFS== read key value; do
- default["$key"]="$value"
-done < /etc/hardening-wrapper.conf
-
-force_bindnow="${HARDENING_BINDNOW:-"${default[HARDENING_BINDNOW]:-1}"}"
-force_relro="${HARDENING_RELRO:-"${default[HARDENING_RELRO]:-1}"}"
-
-case "$force_bindnow" in
- 0) ;;
- 1) arguments+=(-z now) ;;
- *) error 'invalid value for HARDENING_BINDNOW' ;;
-esac
-
-case "$force_relro" in
- 0) ;;
- 1) arguments+=(-z relro) ;;
- *) error 'invalid value for HARDENING_RELRO' ;;
-esac
-
-run_wrapped_binary "$@"
More information about the arch-commits
mailing list