diff options
| author | nekral-guest <nekral-guest@5a98b0ae-9ef6-0310-add3-de5d479b70d7> | 2012-01-24 22:23:06 +0000 |
|---|---|---|
| committer | nekral-guest <nekral-guest@5a98b0ae-9ef6-0310-add3-de5d479b70d7> | 2012-01-24 22:23:06 +0000 |
| commit | 36018131dda89831b3159ce57e89ce23bcc91cff (patch) | |
| tree | 26014c5d4f3cd58408c317865010e334e54b67e7 | |
| parent | f35045dcf12fa02a57e029cb229755321ef23342 (diff) | |
| download | shadow-36018131dda89831b3159ce57e89ce23bcc91cff.tar.gz | |
* debian/rules: Do not hard-code CFLAGS and LDFLAGS. Build with all
hardening flags set. Closes: #657010
| -rw-r--r-- | debian/changelog | 4 | ||||
| -rwxr-xr-x | debian/rules | 18 |
2 files changed, 13 insertions, 9 deletions
diff --git a/debian/changelog b/debian/changelog index 528fa686..7e3b6664 100644 --- a/debian/changelog +++ b/debian/changelog @@ -92,12 +92,14 @@ shadow (1:4.1.5-1) unstable; urgency=low with gcov to avoid coverage false negatives. This does not impact the debian binary package, only the test package. * debian/control: Add Build-Depends on libsemanage1-dev [linux-any] + * debian/rules: Do not hard-code CFLAGS and LDFLAGS. Build with all + hardening flags set. Closes: #657010 [ Christian Perrier ] * Use "linux-any" instead of a negated list of architectures in Build-Depends. Closes: #634465 - -- Nicolas FRANCOIS (Nekral) <nicolas.francois@centraliens.net> Sat, 19 Nov 2011 16:57:55 +0100 + -- Nicolas FRANCOIS (Nekral) <nicolas.francois@centraliens.net> Tue, 24 Jan 2012 20:06:43 +0100 shadow (1:4.1.4.2+svn3283-3) unstable; urgency=high diff --git a/debian/rules b/debian/rules index 39be6d09..6f893de9 100755 --- a/debian/rules +++ b/debian/rules @@ -8,6 +8,16 @@ ifeq ($(DEB_HOST_ARCH_OS),hurd) override DEB_ARCH_PACKAGES=passwd endif +# To be set before loading any CDBS files (#651964) +#CDBS_FIX_COMPILE_FLAGS = 1 +# Enable PIE, BINDNOW, and possible future flags. +#export DEB_BUILD_MAINT_OPTIONS = hardening=+all +# Unfortunately, this is not working (#651966), set flags manually + +export DEB_BUILD_MAINT_OPTIONS = hardening=+all +DPKG_EXPORT_BUILDFLAGS = 1 +include /usr/share/dpkg/buildflags.mk + include /usr/share/cdbs/1/rules/debhelper.mk # Specify where dh_install will find the files that it needs to move: DEB_DH_INSTALL_SOURCEDIR=debian/tmp @@ -32,14 +42,6 @@ endif # Automatically controls patching at build time: include /usr/share/cdbs/1/rules/patchsys-quilt.mk -CFLAGS = -g -W -Wall -ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) - CFLAGS += -O0 -else - CFLAGS += -O2 -endif -export CFLAGS - # Add extras to the install process: binary-install/login:: dh_installpam -p login |