[tbb-commits] [tor-browser-bundle/master] Bug 13031: Adding full RELRO protection on Linux.
gk at torproject.org
gk at torproject.org
Mon Sep 22 08:08:02 UTC 2014
commit 71f2ed613d2b2ce6fb40ef27f99fd140b1b86517
Author: Georg Koppen <gk at torproject.org>
Date: Mon Sep 22 10:04:12 2014 +0000
Bug 13031: Adding full RELRO protection on Linux.
Thanks to a patch by a cypherpunk we have now full RELRO protection when
using gold as our linker.
---
gitian/descriptors/linux/gitian-firefox.yml | 9 +++++++++
gitian/descriptors/linux/gitian-utils.yml | 6 +-----
2 files changed, 10 insertions(+), 5 deletions(-)
diff --git a/gitian/descriptors/linux/gitian-firefox.yml b/gitian/descriptors/linux/gitian-firefox.yml
index 0cd4b28..509f63a 100644
--- a/gitian/descriptors/linux/gitian-firefox.yml
+++ b/gitian/descriptors/linux/gitian-firefox.yml
@@ -65,6 +65,15 @@ script: |
export PATH=$INSTDIR/python/bin:$PATH
#
unzip -d $INSTDIR binutils-linux$GBUILD_BITS-utils.zip
+ # Make sure gold is used with the hardening wrapper for full RELRO, see
+ # #13031.
+ cd $INSTDIR/binutils/bin
+ rm ld
+ cp /usr/bin/hardened-ld ./
+ mv ld.gold ld.gold.real
+ ln -sf hardened-ld ld.gold
+ ln -sf ld.gold ld
+ cd ~/build
export PATH=$INSTDIR/binutils/bin:$PATH
mkdir -p $INSTDIR/Browser/
mkdir -p $INSTDIR/Debug/Browser/components
diff --git a/gitian/descriptors/linux/gitian-utils.yml b/gitian/descriptors/linux/gitian-utils.yml
index ea122db..074076e 100644
--- a/gitian/descriptors/linux/gitian-utils.yml
+++ b/gitian/descriptors/linux/gitian-utils.yml
@@ -60,11 +60,7 @@ script: |
./configure --prefix=$INSTDIR/binutils --disable-multilib --enable-gold
make $MAKEOPTS
make install
- # Make sure gold is used and not ld.
- cd $INSTDIR/binutils/bin
- rm ld
- ln -sf ld.gold ld
- cd ~/build
+ cd ..
# Building Libevent
cd libevent
More information about the tbb-commits
mailing list