[tbb-commits] [tor-browser-bundle/hardened-builds] Bug 17034: Use our built binutils and GCC for building tor
gk at torproject.org
gk at torproject.org
Wed Feb 22 09:34:29 UTC 2017
commit 74bbd039cfb80ad4f9ea9147d8637209076ae84b
Author: Georg Koppen <gk at torproject.org>
Date: Tue Feb 21 11:24:38 2017 +0000
Bug 17034: Use our built binutils and GCC for building tor
---
gitian/descriptors/linux/gitian-tor.yml | 38 +++++++++++++++++++++++++--------
1 file changed, 29 insertions(+), 9 deletions(-)
diff --git a/gitian/descriptors/linux/gitian-tor.yml b/gitian/descriptors/linux/gitian-tor.yml
index fa0aead..3b3427b 100644
--- a/gitian/descriptors/linux/gitian-tor.yml
+++ b/gitian/descriptors/linux/gitian-tor.yml
@@ -32,6 +32,10 @@ script: |
export LC_ALL=C
umask 0022
+ mkdir -p $INSTDIR/Data/Tor/
+ mkdir -p $INSTDIR/Tor/
+ mkdir -p $INSTDIR/Debug/Tor/
+
# Config options for hardening-wrapper
export DEB_BUILD_HARDENING=1
export DEB_BUILD_HARDENING_STACKPROTECTOR=1
@@ -39,13 +43,32 @@ script: |
export DEB_BUILD_HARDENING_FORMAT=1
export DEB_BUILD_HARDENING_PIE=1
- mkdir -p $INSTDIR/Data/Tor/
- mkdir -p $INSTDIR/Tor/
- mkdir -p $INSTDIR/Debug/Tor/
+ # Preparing Binutils and GCC for tor
+ unzip -d $INSTDIR binutils-linux$GBUILD_BITS-utils.zip
+ # Make sure gold is used with the hardening wrapper for full RELRO, see
+ # #13031.
+ cd $INSTDIR/binutils/bin
+ rm ld
+ cp /usr/bin/hardened-ld ./
+ mv ld.gold ld.gold.real
+ ln -sf hardened-ld ld.gold
+ ln -sf ld.gold ld
+ cd ~/build
+ unzip -d $INSTDIR gcc-linux$GBUILD_BITS-utils.zip
+ # Make sure we use the hardening wrapper when compiling tor.
+ cd $INSTDIR/gcc/bin
+ cp /usr/bin/hardened-cc ./
+ mv gcc gcc.real
+ mv c++ c++.real
+ ln -sf hardened-cc gcc
+ ln -sf hardened-cc c++
+ cd ~/build
+ export PATH=$INSTDIR/gcc/bin:$INSTDIR/binutils/bin:$PATH
+ # Make sure our GCC gets properly used.
+ export LD_LIBRARY_PATH=$INSTDIR/gcc/lib64
+
unzip -d $INSTDIR openssl-linux$GBUILD_BITS-utils.zip
unzip -d $INSTDIR libevent-linux$GBUILD_BITS-utils.zip
- unzip -d $INSTDIR gcc-linux$GBUILD_BITS-utils.zip
- unzip -d $INSTDIR binutils-linux$GBUILD_BITS-utils.zip
cp $INSTDIR/openssl/lib/libssl.so.1.0.0 $INSTDIR/Tor/
cp $INSTDIR/openssl/lib/libcrypto.so.1.0.0 $INSTDIR/Tor/
cp $INSTDIR/libevent/lib/libevent-2.0.so.5 $INSTDIR/Tor/
@@ -61,14 +84,11 @@ script: |
chmod 700 $INSTDIR/Tor/*so*
# This is needed to make RPATH unavailable. See bug 9150.
- export LD_LIBRARY_PATH="$INSTDIR/Tor"
- export PATH=$INSTDIR/gcc/bin:$INSTDIR/binutils/bin:$PATH
+ export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$INSTDIR/Tor/"
# Building tor
cd tor
git update-index --refresh -q
- mkdir -p $OUTDIR/src
- #git archive HEAD | tar -x -C $OUTDIR/src
./autogen.sh
find -type f -print0 | xargs -0 touch --date="$REFERENCE_DATETIME"
./configure --enable-expensive-hardening --disable-asciidoc --prefix=$INSTDIR --with-openssl-dir=$INSTDIR/openssl --with-libevent-dir=$INSTDIR/libevent
More information about the tbb-commits
mailing list