[arch-commits] Commit in hardening-wrapper/repos (12 files)
Daniel Micay
thestinger at archlinux.org
Wed Jul 23 23:02:22 UTC 2014
Date: Thursday, July 24, 2014 @ 01:02:22
Author: thestinger
Revision: 116253
archrelease: copy trunk to community-i686, community-x86_64
Added:
hardening-wrapper/repos/community-i686/
hardening-wrapper/repos/community-i686/PKGBUILD
(from rev 116252, hardening-wrapper/trunk/PKGBUILD)
hardening-wrapper/repos/community-i686/cc-wrapper.sh
(from rev 116252, hardening-wrapper/trunk/cc-wrapper.sh)
hardening-wrapper/repos/community-i686/hardening-wrapper-i686.conf
(from rev 116252, hardening-wrapper/trunk/hardening-wrapper-i686.conf)
hardening-wrapper/repos/community-i686/hardening-wrapper-x86_64.conf
(from rev 116252, hardening-wrapper/trunk/hardening-wrapper-x86_64.conf)
hardening-wrapper/repos/community-i686/path.sh
(from rev 116252, hardening-wrapper/trunk/path.sh)
hardening-wrapper/repos/community-x86_64/
hardening-wrapper/repos/community-x86_64/PKGBUILD
(from rev 116252, hardening-wrapper/trunk/PKGBUILD)
hardening-wrapper/repos/community-x86_64/cc-wrapper.sh
(from rev 116252, hardening-wrapper/trunk/cc-wrapper.sh)
hardening-wrapper/repos/community-x86_64/hardening-wrapper-i686.conf
(from rev 116252, hardening-wrapper/trunk/hardening-wrapper-i686.conf)
hardening-wrapper/repos/community-x86_64/hardening-wrapper-x86_64.conf
(from rev 116252, hardening-wrapper/trunk/hardening-wrapper-x86_64.conf)
hardening-wrapper/repos/community-x86_64/path.sh
(from rev 116252, hardening-wrapper/trunk/path.sh)
------------------------------------------------+
community-i686/PKGBUILD | 30 ++++++
community-i686/cc-wrapper.sh | 106 +++++++++++++++++++++++
community-i686/hardening-wrapper-i686.conf | 6 +
community-i686/hardening-wrapper-x86_64.conf | 6 +
community-i686/path.sh | 1
community-x86_64/PKGBUILD | 30 ++++++
community-x86_64/cc-wrapper.sh | 106 +++++++++++++++++++++++
community-x86_64/hardening-wrapper-i686.conf | 6 +
community-x86_64/hardening-wrapper-x86_64.conf | 6 +
community-x86_64/path.sh | 1
10 files changed, 298 insertions(+)
Copied: hardening-wrapper/repos/community-i686/PKGBUILD (from rev 116252, hardening-wrapper/trunk/PKGBUILD)
===================================================================
--- community-i686/PKGBUILD (rev 0)
+++ community-i686/PKGBUILD 2014-07-23 23:02:22 UTC (rev 116253)
@@ -0,0 +1,30 @@
+# Maintainer: Daniel Micay <danielmicay at gmail.com>
+pkgname=hardening-wrapper
+pkgver=3
+pkgrel=2
+pkgdesc='Wrapper script for building hardened executables by default'
+arch=(i686 x86_64)
+url='https://archlinux.org/'
+license=('GPL')
+depends=(bash)
+source=(cc-wrapper.sh path.sh hardening-wrapper-i686.conf hardening-wrapper-x86_64.conf)
+sha1sums=('3c2b70878b77ba433ba94f22ed4881fb393991fa'
+ '1e5f6d9931f01b26bb4b6fbb839e21d34d534cdc'
+ '658aed4d1039393f0ba08152c1320fca04ce1315'
+ 'ff104a6624ce898010f277fe22e6f964aeb34300')
+
+package() {
+ install -Dm644 hardening-wrapper-${CARCH}.conf "$pkgdir/etc/hardening-wrapper.conf"
+ install -Dm644 path.sh "$pkgdir/etc/profile.d/hardening-wrapper.sh"
+
+ mkdir -p "$pkgdir/usr/lib/hardening-wrapper/bin"
+ install -m755 cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper"
+ ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/c89"
+ ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/c99"
+ ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/cc"
+ ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/c++"
+ ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/clang"
+ ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/clang++"
+ ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/gcc"
+ ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/g++"
+}
Copied: hardening-wrapper/repos/community-i686/cc-wrapper.sh (from rev 116252, hardening-wrapper/trunk/cc-wrapper.sh)
===================================================================
--- community-i686/cc-wrapper.sh (rev 0)
+++ community-i686/cc-wrapper.sh 2014-07-23 23:02:22 UTC (rev 116253)
@@ -0,0 +1,106 @@
+#!/bin/bash
+
+set -o nounset
+
+declare -A default="($(cat /etc/hardening-wrapper.conf))"
+
+force_bindnow="${HARDENING_BINDNOW:-"${default[HARDENING_BINDNOW]:-0}"}"
+force_fPIE="${HARDENING_PIE:-"${default[HARDENING_PIE]:-1}"}"
+force_fortify="${HARDENING_FORTIFY:-"${default[HARDENING_FORTIFY]:-2}"}"
+force_pie="${HARDENING_PIE:-"${default[HARDENING_PIE]:-1}"}"
+force_relro="${HARDENING_RELRO:-"${default[HARDENING_RELRO]:-1}"}"
+force_stack_check="${HARDENING_STACK_CHECK:-"${default[HARDENING_STACK_CHECK]:-0}"}"
+force_stack_protector="${HARDENING_STACK_PROTECTOR:-${default[HARDENING_STACK_PROTECTOR]:-2}}"
+
+error() {
+ echo "$1" >&2
+ exit 1
+}
+
+linking=1
+optimizing=0
+
+for opt; do
+ case "$opt" in
+ -fno-PIC|-fno-pic|-fno-PIE|-fno-pie|-nopie|-static|--static|-shared|--shared|-D__KERNEL__|-nostdlib|-nostartfiles)
+ force_fPIE=0
+ force_pie=0
+ ;;
+ -fPIC|-fpic|-fPIE|-fpie)
+ force_fPIE=0
+ ;;
+ -c)
+ linking=0
+ ;;
+ -nostdlib|-ffreestanding)
+ force_stack_protector=0
+ ;;
+ -D_FORTIFY_SOURCE*)
+ force_fortify=0
+ ;;
+ -O0)
+ optimizing=0
+ ;;
+ -O*)
+ optimizing=1
+ ;;
+ esac
+done
+
+arguments=()
+
+case "$force_bindnow" in
+ 0) ;;
+ 1) (( linking )) && arguments+=(-Wl,-z,now) ;;
+ *) error 'invalid value for HARDENING_BINDNOW' ;;
+esac
+
+case "$force_fPIE" in
+ 0) ;;
+ 1) arguments+=(-fPIE) ;;
+ *) error 'invalid value for HARDENING_PIE' ;;
+esac
+
+case "$force_fortify" in
+ 0) ;;
+ 1|2) (( optimizing )) && arguments+=(-D_FORTIFY_SOURCE=$force_fortify) ;;
+ *) error 'invalid value for HARDENING_FORTIFY' ;;
+esac
+
+case "$force_pie" in
+ 0) ;;
+ 1) (( linking )) && arguments+=(-pie) ;;
+ *) error 'invalid value for HARDENING_PIE' ;;
+esac
+
+case "$force_relro" in
+ 0) ;;
+ 1) (( linking )) && arguments+=(-Wl,-z,relro) ;;
+ *) error 'invalid value for HARDENING_RELRO' ;;
+esac
+
+case "$force_stack_check" in
+ 0) ;;
+ 1) arguments+=(-fstack-check) ;;
+ *) error 'invalid value for HARDENING_STACK_CHECK' ;;
+esac
+
+case "$force_stack_protector" in
+ 0) ;;
+ 1) arguments+=(-fstack-protector) ;;
+ 2) arguments+=(-fstack-protector-strong) ;;
+ 3) arguments+=(-fstack-protector-all) ;;
+ *) error 'invalid value for HARDENING_STACK_PROTECTOR' ;;
+esac
+
+unwrapped=false
+IFS=: read -ra path <<< "$PATH";
+for p in "${path[@]}"; do
+ binary="$p/${0##*/}"
+ if [[ "$binary" != "$0" && -x "$binary" ]]; then
+ unwrapped="$binary"
+ break
+ fi
+done
+
+exec "$unwrapped" "${arguments[@]}" "$@"
Copied: hardening-wrapper/repos/community-i686/hardening-wrapper-i686.conf (from rev 116252, hardening-wrapper/trunk/hardening-wrapper-i686.conf)
===================================================================
--- community-i686/hardening-wrapper-i686.conf (rev 0)
+++ community-i686/hardening-wrapper-i686.conf 2014-07-23 23:02:22 UTC (rev 116253)
@@ -0,0 +1,6 @@
+[HARDENING_BINDNOW]=0
+[HARDENING_PIE]=0
+[HARDENING_FORTIFY]=2
+[HARDENING_RELRO]=1
+[HARDENING_STACK_CHECK]=0
+[HARDENING_STACK_PROTECTOR]=2
Copied: hardening-wrapper/repos/community-i686/hardening-wrapper-x86_64.conf (from rev 116252, hardening-wrapper/trunk/hardening-wrapper-x86_64.conf)
===================================================================
--- community-i686/hardening-wrapper-x86_64.conf (rev 0)
+++ community-i686/hardening-wrapper-x86_64.conf 2014-07-23 23:02:22 UTC (rev 116253)
@@ -0,0 +1,6 @@
+[HARDENING_BINDNOW]=0
+[HARDENING_PIE]=1
+[HARDENING_FORTIFY]=2
+[HARDENING_RELRO]=1
+[HARDENING_STACK_CHECK]=0
+[HARDENING_STACK_PROTECTOR]=2
Copied: hardening-wrapper/repos/community-i686/path.sh (from rev 116252, hardening-wrapper/trunk/path.sh)
===================================================================
--- community-i686/path.sh (rev 0)
+++ community-i686/path.sh 2014-07-23 23:02:22 UTC (rev 116253)
@@ -0,0 +1 @@
+export PATH="/usr/lib/hardening-wrapper/bin:$PATH"
Copied: hardening-wrapper/repos/community-x86_64/PKGBUILD (from rev 116252, hardening-wrapper/trunk/PKGBUILD)
===================================================================
--- community-x86_64/PKGBUILD (rev 0)
+++ community-x86_64/PKGBUILD 2014-07-23 23:02:22 UTC (rev 116253)
@@ -0,0 +1,30 @@
+# Maintainer: Daniel Micay <danielmicay at gmail.com>
+pkgname=hardening-wrapper
+pkgver=3
+pkgrel=2
+pkgdesc='Wrapper script for building hardened executables by default'
+arch=(i686 x86_64)
+url='https://archlinux.org/'
+license=('GPL')
+depends=(bash)
+source=(cc-wrapper.sh path.sh hardening-wrapper-i686.conf hardening-wrapper-x86_64.conf)
+sha1sums=('3c2b70878b77ba433ba94f22ed4881fb393991fa'
+ '1e5f6d9931f01b26bb4b6fbb839e21d34d534cdc'
+ '658aed4d1039393f0ba08152c1320fca04ce1315'
+ 'ff104a6624ce898010f277fe22e6f964aeb34300')
+
+package() {
+ install -Dm644 hardening-wrapper-${CARCH}.conf "$pkgdir/etc/hardening-wrapper.conf"
+ install -Dm644 path.sh "$pkgdir/etc/profile.d/hardening-wrapper.sh"
+
+ mkdir -p "$pkgdir/usr/lib/hardening-wrapper/bin"
+ install -m755 cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper"
+ ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/c89"
+ ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/c99"
+ ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/cc"
+ ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/c++"
+ ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/clang"
+ ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/clang++"
+ ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/gcc"
+ ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/g++"
+}
Copied: hardening-wrapper/repos/community-x86_64/cc-wrapper.sh (from rev 116252, hardening-wrapper/trunk/cc-wrapper.sh)
===================================================================
--- community-x86_64/cc-wrapper.sh (rev 0)
+++ community-x86_64/cc-wrapper.sh 2014-07-23 23:02:22 UTC (rev 116253)
@@ -0,0 +1,106 @@
+#!/bin/bash
+
+set -o nounset
+
+declare -A default="($(cat /etc/hardening-wrapper.conf))"
+
+force_bindnow="${HARDENING_BINDNOW:-"${default[HARDENING_BINDNOW]:-0}"}"
+force_fPIE="${HARDENING_PIE:-"${default[HARDENING_PIE]:-1}"}"
+force_fortify="${HARDENING_FORTIFY:-"${default[HARDENING_FORTIFY]:-2}"}"
+force_pie="${HARDENING_PIE:-"${default[HARDENING_PIE]:-1}"}"
+force_relro="${HARDENING_RELRO:-"${default[HARDENING_RELRO]:-1}"}"
+force_stack_check="${HARDENING_STACK_CHECK:-"${default[HARDENING_STACK_CHECK]:-0}"}"
+force_stack_protector="${HARDENING_STACK_PROTECTOR:-${default[HARDENING_STACK_PROTECTOR]:-2}}"
+
+error() {
+ echo "$1" >&2
+ exit 1
+}
+
+linking=1
+optimizing=0
+
+for opt; do
+ case "$opt" in
+ -fno-PIC|-fno-pic|-fno-PIE|-fno-pie|-nopie|-static|--static|-shared|--shared|-D__KERNEL__|-nostdlib|-nostartfiles)
+ force_fPIE=0
+ force_pie=0
+ ;;
+ -fPIC|-fpic|-fPIE|-fpie)
+ force_fPIE=0
+ ;;
+ -c)
+ linking=0
+ ;;
+ -nostdlib|-ffreestanding)
+ force_stack_protector=0
+ ;;
+ -D_FORTIFY_SOURCE*)
+ force_fortify=0
+ ;;
+ -O0)
+ optimizing=0
+ ;;
+ -O*)
+ optimizing=1
+ ;;
+ esac
+done
+
+arguments=()
+
+case "$force_bindnow" in
+ 0) ;;
+ 1) (( linking )) && arguments+=(-Wl,-z,now) ;;
+ *) error 'invalid value for HARDENING_BINDNOW' ;;
+esac
+
+case "$force_fPIE" in
+ 0) ;;
+ 1) arguments+=(-fPIE) ;;
+ *) error 'invalid value for HARDENING_PIE' ;;
+esac
+
+case "$force_fortify" in
+ 0) ;;
+ 1|2) (( optimizing )) && arguments+=(-D_FORTIFY_SOURCE=$force_fortify) ;;
+ *) error 'invalid value for HARDENING_FORTIFY' ;;
+esac
+
+case "$force_pie" in
+ 0) ;;
+ 1) (( linking )) && arguments+=(-pie) ;;
+ *) error 'invalid value for HARDENING_PIE' ;;
+esac
+
+case "$force_relro" in
+ 0) ;;
+ 1) (( linking )) && arguments+=(-Wl,-z,relro) ;;
+ *) error 'invalid value for HARDENING_RELRO' ;;
+esac
+
+case "$force_stack_check" in
+ 0) ;;
+ 1) arguments+=(-fstack-check) ;;
+ *) error 'invalid value for HARDENING_STACK_CHECK' ;;
+esac
+
+case "$force_stack_protector" in
+ 0) ;;
+ 1) arguments+=(-fstack-protector) ;;
+ 2) arguments+=(-fstack-protector-strong) ;;
+ 3) arguments+=(-fstack-protector-all) ;;
+ *) error 'invalid value for HARDENING_STACK_PROTECTOR' ;;
+esac
+
+unwrapped=false
+IFS=: read -ra path <<< "$PATH";
+for p in "${path[@]}"; do
+ binary="$p/${0##*/}"
+ if [[ "$binary" != "$0" && -x "$binary" ]]; then
+ unwrapped="$binary"
+ break
+ fi
+done
+
+exec "$unwrapped" "${arguments[@]}" "$@"
Copied: hardening-wrapper/repos/community-x86_64/hardening-wrapper-i686.conf (from rev 116252, hardening-wrapper/trunk/hardening-wrapper-i686.conf)
===================================================================
--- community-x86_64/hardening-wrapper-i686.conf (rev 0)
+++ community-x86_64/hardening-wrapper-i686.conf 2014-07-23 23:02:22 UTC (rev 116253)
@@ -0,0 +1,6 @@
+[HARDENING_BINDNOW]=0
+[HARDENING_PIE]=0
+[HARDENING_FORTIFY]=2
+[HARDENING_RELRO]=1
+[HARDENING_STACK_CHECK]=0
+[HARDENING_STACK_PROTECTOR]=2
Copied: hardening-wrapper/repos/community-x86_64/hardening-wrapper-x86_64.conf (from rev 116252, hardening-wrapper/trunk/hardening-wrapper-x86_64.conf)
===================================================================
--- community-x86_64/hardening-wrapper-x86_64.conf (rev 0)
+++ community-x86_64/hardening-wrapper-x86_64.conf 2014-07-23 23:02:22 UTC (rev 116253)
@@ -0,0 +1,6 @@
+[HARDENING_BINDNOW]=0
+[HARDENING_PIE]=1
+[HARDENING_FORTIFY]=2
+[HARDENING_RELRO]=1
+[HARDENING_STACK_CHECK]=0
+[HARDENING_STACK_PROTECTOR]=2
Copied: hardening-wrapper/repos/community-x86_64/path.sh (from rev 116252, hardening-wrapper/trunk/path.sh)
===================================================================
--- community-x86_64/path.sh (rev 0)
+++ community-x86_64/path.sh 2014-07-23 23:02:22 UTC (rev 116253)
@@ -0,0 +1 @@
+export PATH="/usr/lib/hardening-wrapper/bin:$PATH"
More information about the arch-commits
mailing list