1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
|
#!/usr/bin/make -f
# Sample debian/rules that uses debhelper. GNU copyright 1997 by Joey Hess.
# Uncomment this to turn on verbose mode.
#export DH_VERBOSE=1
DEB_HOST_ARCH_OS := $(shell dpkg-architecture -qDEB_HOST_ARCH_OS 2>/dev/null)
DEB_HOST_ARCH_CPU := $(shell dpkg-architecture -qDEB_HOST_ARCH_CPU 2>/dev/null)
# Calculate arch-specific defaults
DEFAULT_PIE=0
ifneq (,$(findstring :$(DEB_HOST_ARCH_OS):,:linux:knetbsd:))
# PIE enabled only on linux/knetbsd
ifeq (,$(findstring :$(DEB_HOST_ARCH_CPU):,:hppa:m68k:arm:))
# disabled on hppa, m68k (where it doesn't work).
# disabled for arm since there is no randomization support in ARM kernels
DEFAULT_PIE=1
endif
endif
DEFAULT_STACKPROT=1
ifneq (,$(findstring :$(DEB_HOST_ARCH_CPU):,:ia64:alpha:mips:mipsel:hppa:arm:))
# Stack protector disabled on ia64, alpha, mips, mipsel, hppa.
# "warning: -fstack-protector not supported for this target"
# Stack protector disabled on arm, armel.
# compiler supports it incorrectly (leads to SEGV)
DEFAULT_STACKPROT=0
endif
build: build-stamp test
build-stamp:
# Building
dh_testdir
mkdir -p build-tree
install hardened-cc hardened-ld build-tree
# Set defaults, based on OS and CPU
perl -pi -e 's/ #OS#/ '"$(DEB_HOST_ARCH_OS)"'/; s/ #CPU#/ '"$(DEB_HOST_ARCH_CPU)"'/;' build-tree/hardened-cc build-tree/hardened-ld
perl -pi -e "s/default{'DEB_BUILD_HARDENING_PIE'}=1;/default{'DEB_BUILD_HARDENING_PIE'}=$(DEFAULT_PIE);/;" build-tree/hardened-cc build-tree/hardened-ld
perl -pi -e "s/default{'DEB_BUILD_HARDENING_STACKPROTECTOR'}=1;/default{'DEB_BUILD_HARDENING_STACKPROTECTOR'}=$(DEFAULT_STACKPROT);/;" build-tree/hardened-cc build-tree/hardened-ld
# Duplicate cc wrapper to c++
cp build-tree/hardened-cc build-tree/hardened-c++
perl -pi -e 's/hardened-cc/hardened-c++/g; s|/usr/bin/cc|/usr/bin/c++|g;' build-tree/hardened-c++
# Set up man pages
ln -sf hardened-cc.1 hardening-wrapper.1
cp hardened-cc.1 hardened-c++.1
perl -pi -e 's/hardened-cc/hardened-c++/g; s/gcc/g++/g;' hardened-c++.1
# Done building
touch build-stamp
clean:
dh_testdir
dh_testroot
rm -f build-stamp test-stamp
rm -rf build-tree
rm -f hardened-c++.1 hardening-wrapper.1
dh_clean
test: build-stamp test-stamp
test-stamp:
(cd tests; make check)
# Done testing
touch test-stamp
install: build
dh_testdir
dh_testroot
dh_clean -k
dh_installdirs usr/bin
dh_installdirs -A usr/share/lintian/overrides
install -m644 debian/lintian.overrides debian/hardening-wrapper/usr/share/lintian/overrides/hardening-wrapper
install build-tree/hardened-cc build-tree/hardened-c++ build-tree/hardened-ld debian/hardening-wrapper/usr/bin
# Build links
for ver in 4.1 4.2 4.3; do dh_link \
usr/bin/hardened-cc usr/bin/gcc-$$ver \
usr/bin/hardened-c++ usr/bin/g++-$$ver \
;\
done
dh_link usr/bin/hardened-ld usr/bin/ld
# Build architecture-dependent files here.
binary-arch: build install
# dh_testversion
dh_perl
dh_testdir
dh_testroot
dh_installdocs AUTHORS TODO
dh_installexamples
dh_installmenu
# dh_installinit
dh_installcron
dh_installman
# dh_undocumented
dh_installchangelogs
dh_strip
dh_compress
dh_fixperms
dh_installdeb
dh_shlibdeps
dh_gencontrol
# dh_makeshlibs
dh_md5sums
dh_builddeb
# Build architecture-independent files here.
binary-indep: binary-arch
# Nothing to do here
source diff:
@echo >&2 'source and diff are obsolete - use dpkg-source -b'; false
binary: binary-indep binary-arch
.PHONY: build clean binary-indep binary-arch binary test
|
