[arch-commits] Commit in hardening-wrapper/trunk (3 files)

Daniel Micay thestinger at archlinux.org
Fri Dec 26 01:14:54 UTC 2014


    Date: Friday, December 26, 2014 @ 02:14:54
  Author: thestinger
Revision: 124589

upgpkg: hardening-wrapper 8-1

Deleted:
  hardening-wrapper/trunk/cc-wrapper.sh
  hardening-wrapper/trunk/common.sh
  hardening-wrapper/trunk/ld-wrapper.sh

---------------+
 cc-wrapper.sh |   79 --------------------------------------------------------
 common.sh     |   24 -----------------
 ld-wrapper.sh |   25 -----------------
 3 files changed, 128 deletions(-)

Deleted: cc-wrapper.sh
===================================================================
--- cc-wrapper.sh	2014-12-26 01:10:39 UTC (rev 124588)
+++ cc-wrapper.sh	2014-12-26 01:14:54 UTC (rev 124589)
@@ -1,79 +0,0 @@
-#!/bin/bash
-
-. /usr/lib/hardening-wrapper/common.sh
-
-declare -A default
-while IFS== read key value; do
-  default["$key"]="$value"
-done < /etc/hardening-wrapper.conf
-
-force_fPIE="${HARDENING_PIE:-"${default[HARDENING_PIE]:-1}"}"
-force_fortify="${HARDENING_FORTIFY:-"${default[HARDENING_FORTIFY]:-2}"}"
-force_pie="${HARDENING_PIE:-"${default[HARDENING_PIE]:-1}"}"
-force_stack_check="${HARDENING_STACK_CHECK:-"${default[HARDENING_STACK_CHECK]:-0}"}"
-force_stack_protector="${HARDENING_STACK_PROTECTOR:-${default[HARDENING_STACK_PROTECTOR]:-2}}"
-
-optimizing=0
-
-for opt; do
-  case "$opt" in
-    -fno-PIC|-fno-pic|-fno-PIE|-fno-pie|-nopie|-static|--static|-shared|--shared|-D__KERNEL__|-nostdlib|-nostartfiles)
-      force_fPIE=0
-      force_pie=0
-      ;;
-    -fPIC|-fpic|-fPIE|-fpie)
-      force_fPIE=0
-      ;;
-    -c|-E|-S)
-      force_pie=0
-      ;;
-    -nostdlib|-ffreestanding)
-      force_stack_protector=0
-      ;;
-    -D_FORTIFY_SOURCE*)
-      force_fortify=0
-      ;;
-    -O0)
-      optimizing=0
-      ;;
-    -O*)
-      optimizing=1
-      ;;
-  esac
-done
-
-arguments=(-B/usr/lib/hardening-wrapper/bin)
-
-case "$force_fPIE" in
-  0) ;;
-  1) arguments+=(-fPIE) ;;
-  *) error 'invalid value for HARDENING_PIE' ;;
-esac
-
-case "$force_fortify" in
-  0) ;;
-  1|2) (( optimizing )) && arguments+=(-D_FORTIFY_SOURCE=$force_fortify) ;;
-  *) error 'invalid value for HARDENING_FORTIFY' ;;
-esac
-
-case "$force_pie" in
-  0) ;;
-  1) arguments+=(-pie) ;;
-  *) error 'invalid value for HARDENING_PIE' ;;
-esac
-
-case "$force_stack_check" in
-  0) ;;
-  1) arguments+=(-fstack-check) ;;
-  *) error 'invalid value for HARDENING_STACK_CHECK' ;;
-esac
-
-case "$force_stack_protector" in
-  0) ;;
-  1) arguments+=(-fstack-protector) ;;
-  2) arguments+=(-fstack-protector-strong) ;;
-  3) arguments+=(-fstack-protector-all) ;;
-  *) error 'invalid value for HARDENING_STACK_PROTECTOR' ;;
-esac
-
-run_wrapped_binary "$@"

Deleted: common.sh
===================================================================
--- common.sh	2014-12-26 01:10:39 UTC (rev 124588)
+++ common.sh	2014-12-26 01:14:54 UTC (rev 124589)
@@ -1,24 +0,0 @@
-error() {
-  printf "%s\n" "$1" >&2
-  exit 1
-}
-
-run_wrapped_binary() {
-  # search for the wrapped binary in $PATH
-  #
-  # ignore paths before our own for compatibility with other wrappers
-  unwrapped=false
-  self=false
-  IFS=: read -ra path <<< "$PATH";
-  for p in "${path[@]}"; do
-    binary="$p/${0##*/}"
-    if $self && [[ -x "$binary" ]]; then
-      unwrapped="$binary"
-      break
-    elif [[ "$binary" -ef "$0" ]]; then
-      self=true
-    fi
-  done
-
-  exec "$unwrapped" "${arguments[@]}" "$@"
-}

Deleted: ld-wrapper.sh
===================================================================
--- ld-wrapper.sh	2014-12-26 01:10:39 UTC (rev 124588)
+++ ld-wrapper.sh	2014-12-26 01:14:54 UTC (rev 124589)
@@ -1,25 +0,0 @@
-#!/bin/bash
-
-. /usr/lib/hardening-wrapper/common.sh
-
-declare -A default
-while IFS== read key value; do
-  default["$key"]="$value"
-done < /etc/hardening-wrapper.conf
-
-force_bindnow="${HARDENING_BINDNOW:-"${default[HARDENING_BINDNOW]:-1}"}"
-force_relro="${HARDENING_RELRO:-"${default[HARDENING_RELRO]:-1}"}"
-
-case "$force_bindnow" in
-  0) ;;
-  1) arguments+=(-z now) ;;
-  *) error 'invalid value for HARDENING_BINDNOW' ;;
-esac
-
-case "$force_relro" in
-  0) ;;
-  1) arguments+=(-z relro) ;;
-  *) error 'invalid value for HARDENING_RELRO' ;;
-esac
-
-run_wrapped_binary "$@"



More information about the arch-commits mailing list