← Back to branch summary

~ubuntu-branches/ubuntu/trusty/hardening-wrapper/trusty-proposed 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58

#!/usr/bin/make -f

BUILD_TREE:=build-tree

include hardening.make
DEFAULT_PIE:=$(DEB_BUILD_HARDENING_PIE)
DEFAULT_STACKPROT:=$(DEB_BUILD_HARDENING_STACKPROTECTOR)

WRAPPERS=hardened-cc hardened-ld
TOOLS=hardening.make hardening-check
MANPAGES=hardened-cc.1 hardened-ld.1

$(BUILD_TREE)/stamp-build: $(WRAPPERS) $(TOOLS) $(MANPAGES) Makefile
	if [ -z "$(DEB_HOST_ARCH)" ]; then echo No DEB_HOST_ARCH; exit 1; fi
	if [ -z "$(DEB_HOST_ARCH_OS)" ]; then echo No DEB_HOST_ARCH_OS; exit 1; fi
	mkdir -p $(BUILD_TREE)

	# Construct wrappers.
	install $(WRAPPERS) $(BUILD_TREE)/
	# Set defaults, based on OS and ARCH.
	perl -pi -e 's/ #OS#/ '"$(DEB_HOST_ARCH_OS)"'/; s/ #ARCH#/ '"$(DEB_HOST_ARCH)"'/;' $(BUILD_TREE)/hardened-cc $(BUILD_TREE)/hardened-ld
	perl -pi -e "s/default{'DEB_BUILD_HARDENING_PIE'}=1;/default{'DEB_BUILD_HARDENING_PIE'}=$(DEFAULT_PIE);/;" $(BUILD_TREE)/hardened-cc $(BUILD_TREE)/hardened-ld
	perl -pi -e "s/default{'DEB_BUILD_HARDENING_STACKPROTECTOR'}=1;/default{'DEB_BUILD_HARDENING_STACKPROTECTOR'}=$(DEFAULT_STACKPROT);/;" $(BUILD_TREE)/hardened-cc $(BUILD_TREE)/hardened-ld
	# Duplicate cc wrapper to c++.
	install $(BUILD_TREE)/hardened-cc $(BUILD_TREE)/hardened-c++
	perl -pi -e 's/hardened-cc/hardened-c++/g; s|/usr/bin/cc|/usr/bin/c++|g;' $(BUILD_TREE)/hardened-c++

	# Construct tools.
	install $(TOOLS) $(BUILD_TREE)/
	# Do not use "shell" here because it eats newlines. We want those.
	perl -pi -e "s/^my %libc;/my %libc = (\n$$(perl hardening-check --find-libc-functions /bin/ls)\n);/;" $(BUILD_TREE)/hardening-check

	# Construct man pages.
	install $(MANPAGES) $(BUILD_TREE)/
	pod2man hardening-check > $(BUILD_TREE)/hardening-check.1
	# Duplicate cc man page to c++.
	install $(BUILD_TREE)/hardened-cc.1 $(BUILD_TREE)/hardened-c++.1
	perl -pi -e 's/hardened-cc/hardened-c++/g; s/gcc/g++/g;' $(BUILD_TREE)/hardened-c++.1

	touch $(BUILD_TREE)/stamp-build

check: $(BUILD_TREE)/stamp-build
	make -C tests check

clean:
	rm -rf $(BUILD_TREE)

old-install:
	# programatically build links (change debian/h-w.{preinst,postrm} too)
	for ver in 4.2 4.3 4.4 4.5 4.6 4.7; do dh_link -phardening-wrapper \
		usr/bin/hardened-cc usr/bin/gcc-$$ver \
		usr/bin/hardened-c++ usr/bin/g++-$$ver \
		;\
	done
	dh_link -phardening-wrapper usr/bin/hardened-ld usr/bin/ld.bfd
	dh_link -phardening-wrapper usr/bin/hardened-ld usr/bin/ld.gold

.PHONY: check clean