[arch-commits] Commit in hardening-wrapper/repos (12 files)

Daniel Micay thestinger at archlinux.org
Wed Jul 23 23:02:22 UTC 2014


    Date: Thursday, July 24, 2014 @ 01:02:22
  Author: thestinger
Revision: 116253

archrelease: copy trunk to community-i686, community-x86_64

Added:
  hardening-wrapper/repos/community-i686/
  hardening-wrapper/repos/community-i686/PKGBUILD
    (from rev 116252, hardening-wrapper/trunk/PKGBUILD)
  hardening-wrapper/repos/community-i686/cc-wrapper.sh
    (from rev 116252, hardening-wrapper/trunk/cc-wrapper.sh)
  hardening-wrapper/repos/community-i686/hardening-wrapper-i686.conf
    (from rev 116252, hardening-wrapper/trunk/hardening-wrapper-i686.conf)
  hardening-wrapper/repos/community-i686/hardening-wrapper-x86_64.conf
    (from rev 116252, hardening-wrapper/trunk/hardening-wrapper-x86_64.conf)
  hardening-wrapper/repos/community-i686/path.sh
    (from rev 116252, hardening-wrapper/trunk/path.sh)
  hardening-wrapper/repos/community-x86_64/
  hardening-wrapper/repos/community-x86_64/PKGBUILD
    (from rev 116252, hardening-wrapper/trunk/PKGBUILD)
  hardening-wrapper/repos/community-x86_64/cc-wrapper.sh
    (from rev 116252, hardening-wrapper/trunk/cc-wrapper.sh)
  hardening-wrapper/repos/community-x86_64/hardening-wrapper-i686.conf
    (from rev 116252, hardening-wrapper/trunk/hardening-wrapper-i686.conf)
  hardening-wrapper/repos/community-x86_64/hardening-wrapper-x86_64.conf
    (from rev 116252, hardening-wrapper/trunk/hardening-wrapper-x86_64.conf)
  hardening-wrapper/repos/community-x86_64/path.sh
    (from rev 116252, hardening-wrapper/trunk/path.sh)

------------------------------------------------+
 community-i686/PKGBUILD                        |   30 ++++++
 community-i686/cc-wrapper.sh                   |  106 +++++++++++++++++++++++
 community-i686/hardening-wrapper-i686.conf     |    6 +
 community-i686/hardening-wrapper-x86_64.conf   |    6 +
 community-i686/path.sh                         |    1 
 community-x86_64/PKGBUILD                      |   30 ++++++
 community-x86_64/cc-wrapper.sh                 |  106 +++++++++++++++++++++++
 community-x86_64/hardening-wrapper-i686.conf   |    6 +
 community-x86_64/hardening-wrapper-x86_64.conf |    6 +
 community-x86_64/path.sh                       |    1 
 10 files changed, 298 insertions(+)

Copied: hardening-wrapper/repos/community-i686/PKGBUILD (from rev 116252, hardening-wrapper/trunk/PKGBUILD)
===================================================================
--- community-i686/PKGBUILD	                        (rev 0)
+++ community-i686/PKGBUILD	2014-07-23 23:02:22 UTC (rev 116253)
@@ -0,0 +1,30 @@
+# Maintainer: Daniel Micay <danielmicay at gmail.com>
+pkgname=hardening-wrapper
+pkgver=3
+pkgrel=2
+pkgdesc='Wrapper script for building hardened executables by default'
+arch=(i686 x86_64)
+url='https://archlinux.org/'
+license=('GPL')
+depends=(bash)
+source=(cc-wrapper.sh path.sh hardening-wrapper-i686.conf hardening-wrapper-x86_64.conf)
+sha1sums=('3c2b70878b77ba433ba94f22ed4881fb393991fa'
+          '1e5f6d9931f01b26bb4b6fbb839e21d34d534cdc'
+          '658aed4d1039393f0ba08152c1320fca04ce1315'
+          'ff104a6624ce898010f277fe22e6f964aeb34300')
+
+package() {
+  install -Dm644 hardening-wrapper-${CARCH}.conf "$pkgdir/etc/hardening-wrapper.conf"
+  install -Dm644 path.sh "$pkgdir/etc/profile.d/hardening-wrapper.sh"
+
+  mkdir -p "$pkgdir/usr/lib/hardening-wrapper/bin"
+  install -m755 cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper"
+  ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/c89"
+  ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/c99"
+  ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/cc"
+  ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/c++"
+  ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/clang"
+  ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/clang++"
+  ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/gcc"
+  ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/g++"
+}

Copied: hardening-wrapper/repos/community-i686/cc-wrapper.sh (from rev 116252, hardening-wrapper/trunk/cc-wrapper.sh)
===================================================================
--- community-i686/cc-wrapper.sh	                        (rev 0)
+++ community-i686/cc-wrapper.sh	2014-07-23 23:02:22 UTC (rev 116253)
@@ -0,0 +1,106 @@
+#!/bin/bash
+
+set -o nounset
+
+declare -A default="($(cat /etc/hardening-wrapper.conf))"
+
+force_bindnow="${HARDENING_BINDNOW:-"${default[HARDENING_BINDNOW]:-0}"}"
+force_fPIE="${HARDENING_PIE:-"${default[HARDENING_PIE]:-1}"}"
+force_fortify="${HARDENING_FORTIFY:-"${default[HARDENING_FORTIFY]:-2}"}"
+force_pie="${HARDENING_PIE:-"${default[HARDENING_PIE]:-1}"}"
+force_relro="${HARDENING_RELRO:-"${default[HARDENING_RELRO]:-1}"}"
+force_stack_check="${HARDENING_STACK_CHECK:-"${default[HARDENING_STACK_CHECK]:-0}"}"
+force_stack_protector="${HARDENING_STACK_PROTECTOR:-${default[HARDENING_STACK_PROTECTOR]:-2}}"
+
+error() {
+  echo "$1" >&2
+  exit 1
+}
+
+linking=1
+optimizing=0
+
+for opt; do
+  case "$opt" in
+    -fno-PIC|-fno-pic|-fno-PIE|-fno-pie|-nopie|-static|--static|-shared|--shared|-D__KERNEL__|-nostdlib|-nostartfiles)
+      force_fPIE=0
+      force_pie=0
+      ;;
+    -fPIC|-fpic|-fPIE|-fpie)
+      force_fPIE=0
+      ;;
+    -c)
+      linking=0
+      ;;
+    -nostdlib|-ffreestanding)
+      force_stack_protector=0
+      ;;
+    -D_FORTIFY_SOURCE*)
+      force_fortify=0
+      ;;
+    -O0)
+      optimizing=0
+      ;;
+    -O*)
+      optimizing=1
+      ;;
+  esac
+done
+
+arguments=()
+
+case "$force_bindnow" in
+  0) ;;
+  1) (( linking )) && arguments+=(-Wl,-z,now) ;;
+  *) error 'invalid value for HARDENING_BINDNOW' ;;
+esac
+
+case "$force_fPIE" in
+  0) ;;
+  1) arguments+=(-fPIE) ;;
+  *) error 'invalid value for HARDENING_PIE' ;;
+esac
+
+case "$force_fortify" in
+  0) ;;
+  1|2) (( optimizing )) && arguments+=(-D_FORTIFY_SOURCE=$force_fortify) ;;
+  *) error 'invalid value for HARDENING_FORTIFY' ;;
+esac
+
+case "$force_pie" in
+  0) ;;
+  1) (( linking )) && arguments+=(-pie) ;;
+  *) error 'invalid value for HARDENING_PIE' ;;
+esac
+
+case "$force_relro" in
+  0) ;;
+  1) (( linking )) && arguments+=(-Wl,-z,relro) ;;
+  *) error 'invalid value for HARDENING_RELRO' ;;
+esac
+
+case "$force_stack_check" in
+  0) ;;
+  1) arguments+=(-fstack-check) ;;
+  *) error 'invalid value for HARDENING_STACK_CHECK' ;;
+esac
+
+case "$force_stack_protector" in
+  0) ;;
+  1) arguments+=(-fstack-protector) ;;
+  2) arguments+=(-fstack-protector-strong) ;;
+  3) arguments+=(-fstack-protector-all) ;;
+  *) error 'invalid value for HARDENING_STACK_PROTECTOR' ;;
+esac
+
+unwrapped=false
+IFS=: read -ra path <<< "$PATH";
+for p in "${path[@]}"; do
+  binary="$p/${0##*/}"
+  if [[ "$binary" != "$0" && -x "$binary" ]]; then
+    unwrapped="$binary"
+    break
+  fi
+done
+
+exec "$unwrapped" "${arguments[@]}" "$@"

Copied: hardening-wrapper/repos/community-i686/hardening-wrapper-i686.conf (from rev 116252, hardening-wrapper/trunk/hardening-wrapper-i686.conf)
===================================================================
--- community-i686/hardening-wrapper-i686.conf	                        (rev 0)
+++ community-i686/hardening-wrapper-i686.conf	2014-07-23 23:02:22 UTC (rev 116253)
@@ -0,0 +1,6 @@
+[HARDENING_BINDNOW]=0
+[HARDENING_PIE]=0
+[HARDENING_FORTIFY]=2
+[HARDENING_RELRO]=1
+[HARDENING_STACK_CHECK]=0
+[HARDENING_STACK_PROTECTOR]=2

Copied: hardening-wrapper/repos/community-i686/hardening-wrapper-x86_64.conf (from rev 116252, hardening-wrapper/trunk/hardening-wrapper-x86_64.conf)
===================================================================
--- community-i686/hardening-wrapper-x86_64.conf	                        (rev 0)
+++ community-i686/hardening-wrapper-x86_64.conf	2014-07-23 23:02:22 UTC (rev 116253)
@@ -0,0 +1,6 @@
+[HARDENING_BINDNOW]=0
+[HARDENING_PIE]=1
+[HARDENING_FORTIFY]=2
+[HARDENING_RELRO]=1
+[HARDENING_STACK_CHECK]=0
+[HARDENING_STACK_PROTECTOR]=2

Copied: hardening-wrapper/repos/community-i686/path.sh (from rev 116252, hardening-wrapper/trunk/path.sh)
===================================================================
--- community-i686/path.sh	                        (rev 0)
+++ community-i686/path.sh	2014-07-23 23:02:22 UTC (rev 116253)
@@ -0,0 +1 @@
+export PATH="/usr/lib/hardening-wrapper/bin:$PATH"

Copied: hardening-wrapper/repos/community-x86_64/PKGBUILD (from rev 116252, hardening-wrapper/trunk/PKGBUILD)
===================================================================
--- community-x86_64/PKGBUILD	                        (rev 0)
+++ community-x86_64/PKGBUILD	2014-07-23 23:02:22 UTC (rev 116253)
@@ -0,0 +1,30 @@
+# Maintainer: Daniel Micay <danielmicay at gmail.com>
+pkgname=hardening-wrapper
+pkgver=3
+pkgrel=2
+pkgdesc='Wrapper script for building hardened executables by default'
+arch=(i686 x86_64)
+url='https://archlinux.org/'
+license=('GPL')
+depends=(bash)
+source=(cc-wrapper.sh path.sh hardening-wrapper-i686.conf hardening-wrapper-x86_64.conf)
+sha1sums=('3c2b70878b77ba433ba94f22ed4881fb393991fa'
+          '1e5f6d9931f01b26bb4b6fbb839e21d34d534cdc'
+          '658aed4d1039393f0ba08152c1320fca04ce1315'
+          'ff104a6624ce898010f277fe22e6f964aeb34300')
+
+package() {
+  install -Dm644 hardening-wrapper-${CARCH}.conf "$pkgdir/etc/hardening-wrapper.conf"
+  install -Dm644 path.sh "$pkgdir/etc/profile.d/hardening-wrapper.sh"
+
+  mkdir -p "$pkgdir/usr/lib/hardening-wrapper/bin"
+  install -m755 cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper"
+  ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/c89"
+  ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/c99"
+  ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/cc"
+  ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/c++"
+  ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/clang"
+  ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/clang++"
+  ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/gcc"
+  ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/g++"
+}

Copied: hardening-wrapper/repos/community-x86_64/cc-wrapper.sh (from rev 116252, hardening-wrapper/trunk/cc-wrapper.sh)
===================================================================
--- community-x86_64/cc-wrapper.sh	                        (rev 0)
+++ community-x86_64/cc-wrapper.sh	2014-07-23 23:02:22 UTC (rev 116253)
@@ -0,0 +1,106 @@
+#!/bin/bash
+
+set -o nounset
+
+declare -A default="($(cat /etc/hardening-wrapper.conf))"
+
+force_bindnow="${HARDENING_BINDNOW:-"${default[HARDENING_BINDNOW]:-0}"}"
+force_fPIE="${HARDENING_PIE:-"${default[HARDENING_PIE]:-1}"}"
+force_fortify="${HARDENING_FORTIFY:-"${default[HARDENING_FORTIFY]:-2}"}"
+force_pie="${HARDENING_PIE:-"${default[HARDENING_PIE]:-1}"}"
+force_relro="${HARDENING_RELRO:-"${default[HARDENING_RELRO]:-1}"}"
+force_stack_check="${HARDENING_STACK_CHECK:-"${default[HARDENING_STACK_CHECK]:-0}"}"
+force_stack_protector="${HARDENING_STACK_PROTECTOR:-${default[HARDENING_STACK_PROTECTOR]:-2}}"
+
+error() {
+  echo "$1" >&2
+  exit 1
+}
+
+linking=1
+optimizing=0
+
+for opt; do
+  case "$opt" in
+    -fno-PIC|-fno-pic|-fno-PIE|-fno-pie|-nopie|-static|--static|-shared|--shared|-D__KERNEL__|-nostdlib|-nostartfiles)
+      force_fPIE=0
+      force_pie=0
+      ;;
+    -fPIC|-fpic|-fPIE|-fpie)
+      force_fPIE=0
+      ;;
+    -c)
+      linking=0
+      ;;
+    -nostdlib|-ffreestanding)
+      force_stack_protector=0
+      ;;
+    -D_FORTIFY_SOURCE*)
+      force_fortify=0
+      ;;
+    -O0)
+      optimizing=0
+      ;;
+    -O*)
+      optimizing=1
+      ;;
+  esac
+done
+
+arguments=()
+
+case "$force_bindnow" in
+  0) ;;
+  1) (( linking )) && arguments+=(-Wl,-z,now) ;;
+  *) error 'invalid value for HARDENING_BINDNOW' ;;
+esac
+
+case "$force_fPIE" in
+  0) ;;
+  1) arguments+=(-fPIE) ;;
+  *) error 'invalid value for HARDENING_PIE' ;;
+esac
+
+case "$force_fortify" in
+  0) ;;
+  1|2) (( optimizing )) && arguments+=(-D_FORTIFY_SOURCE=$force_fortify) ;;
+  *) error 'invalid value for HARDENING_FORTIFY' ;;
+esac
+
+case "$force_pie" in
+  0) ;;
+  1) (( linking )) && arguments+=(-pie) ;;
+  *) error 'invalid value for HARDENING_PIE' ;;
+esac
+
+case "$force_relro" in
+  0) ;;
+  1) (( linking )) && arguments+=(-Wl,-z,relro) ;;
+  *) error 'invalid value for HARDENING_RELRO' ;;
+esac
+
+case "$force_stack_check" in
+  0) ;;
+  1) arguments+=(-fstack-check) ;;
+  *) error 'invalid value for HARDENING_STACK_CHECK' ;;
+esac
+
+case "$force_stack_protector" in
+  0) ;;
+  1) arguments+=(-fstack-protector) ;;
+  2) arguments+=(-fstack-protector-strong) ;;
+  3) arguments+=(-fstack-protector-all) ;;
+  *) error 'invalid value for HARDENING_STACK_PROTECTOR' ;;
+esac
+
+unwrapped=false
+IFS=: read -ra path <<< "$PATH";
+for p in "${path[@]}"; do
+  binary="$p/${0##*/}"
+  if [[ "$binary" != "$0" && -x "$binary" ]]; then
+    unwrapped="$binary"
+    break
+  fi
+done
+
+exec "$unwrapped" "${arguments[@]}" "$@"

Copied: hardening-wrapper/repos/community-x86_64/hardening-wrapper-i686.conf (from rev 116252, hardening-wrapper/trunk/hardening-wrapper-i686.conf)
===================================================================
--- community-x86_64/hardening-wrapper-i686.conf	                        (rev 0)
+++ community-x86_64/hardening-wrapper-i686.conf	2014-07-23 23:02:22 UTC (rev 116253)
@@ -0,0 +1,6 @@
+[HARDENING_BINDNOW]=0
+[HARDENING_PIE]=0
+[HARDENING_FORTIFY]=2
+[HARDENING_RELRO]=1
+[HARDENING_STACK_CHECK]=0
+[HARDENING_STACK_PROTECTOR]=2

Copied: hardening-wrapper/repos/community-x86_64/hardening-wrapper-x86_64.conf (from rev 116252, hardening-wrapper/trunk/hardening-wrapper-x86_64.conf)
===================================================================
--- community-x86_64/hardening-wrapper-x86_64.conf	                        (rev 0)
+++ community-x86_64/hardening-wrapper-x86_64.conf	2014-07-23 23:02:22 UTC (rev 116253)
@@ -0,0 +1,6 @@
+[HARDENING_BINDNOW]=0
+[HARDENING_PIE]=1
+[HARDENING_FORTIFY]=2
+[HARDENING_RELRO]=1
+[HARDENING_STACK_CHECK]=0
+[HARDENING_STACK_PROTECTOR]=2

Copied: hardening-wrapper/repos/community-x86_64/path.sh (from rev 116252, hardening-wrapper/trunk/path.sh)
===================================================================
--- community-x86_64/path.sh	                        (rev 0)
+++ community-x86_64/path.sh	2014-07-23 23:02:22 UTC (rev 116253)
@@ -0,0 +1 @@
+export PATH="/usr/lib/hardening-wrapper/bin:$PATH"




More information about the arch-commits mailing list