[arch-commits] Commit in hardening-wrapper/trunk (4 files)
Daniel Micay
thestinger at archlinux.org
Wed Jul 23 22:54:51 UTC 2014
Date: Thursday, July 24, 2014 @ 00:54:50
Author: thestinger
Revision: 116250
upgpkg: hardening-wrapper 3-1
Added:
hardening-wrapper/trunk/hardening-wrapper-i686.conf
hardening-wrapper/trunk/hardening-wrapper-x86_64.conf
Modified:
hardening-wrapper/trunk/PKGBUILD
hardening-wrapper/trunk/cc-wrapper.sh
-------------------------------+
PKGBUILD | 13 ++++++++-----
cc-wrapper.sh | 16 +++++++++-------
hardening-wrapper-i686.conf | 6 ++++++
hardening-wrapper-x86_64.conf | 6 ++++++
4 files changed, 29 insertions(+), 12 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2014-07-23 22:52:06 UTC (rev 116249)
+++ PKGBUILD 2014-07-23 22:54:50 UTC (rev 116250)
@@ -1,17 +1,20 @@
# Maintainer: Daniel Micay <danielmicay at gmail.com>
pkgname=hardening-wrapper
-pkgver=2
-pkgrel=4
+pkgver=3
+pkgrel=1
pkgdesc='Wrapper script for building hardened executables by default'
arch=(any)
url='https://archlinux.org/'
license=('GPL')
depends=(bash)
-source=(cc-wrapper.sh path.sh)
-sha1sums=('41ed86439513a9be2cd4a186e419d70f4d362b0c'
- '1e5f6d9931f01b26bb4b6fbb839e21d34d534cdc')
+source=(cc-wrapper.sh path.sh hardening-wrapper-i686.conf hardening-wrapper-x86_64.conf)
+sha1sums=('3c2b70878b77ba433ba94f22ed4881fb393991fa'
+ '1e5f6d9931f01b26bb4b6fbb839e21d34d534cdc'
+ '658aed4d1039393f0ba08152c1320fca04ce1315'
+ 'ff104a6624ce898010f277fe22e6f964aeb34300')
package() {
+ install -Dm644 hardening-wrapper-${CARCH}.conf "$pkgdir/etc/hardening-wrapper.conf"
install -Dm644 path.sh "$pkgdir/etc/profile.d/hardening-wrapper.sh"
mkdir -p "$pkgdir/usr/lib/hardening-wrapper/bin"
Modified: cc-wrapper.sh
===================================================================
--- cc-wrapper.sh 2014-07-23 22:52:06 UTC (rev 116249)
+++ cc-wrapper.sh 2014-07-23 22:54:50 UTC (rev 116250)
@@ -2,14 +2,16 @@
set -o nounset
-force_bindnow="${HARDENING_BINDNOW:-1}"
-force_fPIE="${HARDENING_PIE:-1}"
-force_fortify="${HARDENING_FORTIFY:-2}"
-force_pie="${HARDENING_PIE:-1}"
-force_relro="${HARDENING_RELRO:-1}"
-force_stack_check="${HARDENING_STACK_CHECK:-0}"
-force_stack_protector="${HARDENING_STACK_PROTECTOR:-2}"
+declare -A default="($(cat /etc/hardening-wrapper.conf))"
+force_bindnow="${HARDENING_BINDNOW:-"${default[HARDENING_BINDNOW]:-0}"}"
+force_fPIE="${HARDENING_PIE:-"${default[HARDENING_PIE]:-1}"}"
+force_fortify="${HARDENING_FORTIFY:-"${default[HARDENING_FORTIFY]:-2}"}"
+force_pie="${HARDENING_PIE:-"${default[HARDENING_PIE]:-1}"}"
+force_relro="${HARDENING_RELRO:-"${default[HARDENING_RELRO]:-1}"}"
+force_stack_check="${HARDENING_STACK_CHECK:-"${default[HARDENING_STACK_CHECK]:-0}"}"
+force_stack_protector="${HARDENING_STACK_PROTECTOR:-${default[HARDENING_STACK_PROTECTOR]:-2}}"
+
error() {
echo "$1" >&2
exit 1
Added: hardening-wrapper-i686.conf
===================================================================
--- hardening-wrapper-i686.conf (rev 0)
+++ hardening-wrapper-i686.conf 2014-07-23 22:54:50 UTC (rev 116250)
@@ -0,0 +1,6 @@
+[HARDENING_BINDNOW]=0
+[HARDENING_PIE]=0
+[HARDENING_FORTIFY]=2
+[HARDENING_RELRO]=1
+[HARDENING_STACK_CHECK]=0
+[HARDENING_STACK_PROTECTOR]=2
Added: hardening-wrapper-x86_64.conf
===================================================================
--- hardening-wrapper-x86_64.conf (rev 0)
+++ hardening-wrapper-x86_64.conf 2014-07-23 22:54:50 UTC (rev 116250)
@@ -0,0 +1,6 @@
+[HARDENING_BINDNOW]=0
+[HARDENING_PIE]=1
+[HARDENING_FORTIFY]=2
+[HARDENING_RELRO]=1
+[HARDENING_STACK_CHECK]=0
+[HARDENING_STACK_PROTECTOR]=2
More information about the arch-commits
mailing list