[tbb-commits] [tor-browser-build/master] Bug 22444: use hardening-wrapper when building gcc for the Linux build
boklm at torproject.org
boklm at torproject.org
Tue May 30 12:58:17 UTC 2017
commit 6378afdeb4e15607bedebe5270137657c7961be7
Author: Nicolas Vigier <boklm at torproject.org>
Date: Tue May 30 14:51:46 2017 +0200
Bug 22444: use hardening-wrapper when building gcc for the Linux build
---
projects/gcc/build | 11 +++++++++++
projects/gcc/config | 2 ++
2 files changed, 13 insertions(+)
diff --git a/projects/gcc/build b/projects/gcc/build
index e509aac..e2902ad 100644
--- a/projects/gcc/build
+++ b/projects/gcc/build
@@ -1,6 +1,17 @@
#!/bin/sh
[% c("var/set_default_env") -%]
[% c("var/setarch") -%]
+[% IF c("var/linux") -%]
+ # Config options for hardening-wrapper
+ export DEB_BUILD_HARDENING=1
+ export DEB_BUILD_HARDENING_STACKPROTECTOR=1
+ export DEB_BUILD_HARDENING_FORTIFY=1
+ export DEB_BUILD_HARDENING_PIE=1
+ # We need to disable `-Werror=format-security` as GCC does not build with it
+ # anymore. It seems it got audited for those problems already:
+ # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=48817.
+ export DEB_BUILD_HARDENING_FORMAT=0
+[% END -%]
distdir=/var/tmp/dist/[% project %]
mkdir /var/tmp/build
tar -C /var/tmp/build -xf [% project %]-[% c("version") %].tar.bz2
diff --git a/projects/gcc/config b/projects/gcc/config
index 3871455..d97afbf 100644
--- a/projects/gcc/config
+++ b/projects/gcc/config
@@ -47,12 +47,14 @@ targets:
var:
configure_opt: --enable-multilib --enable-languages=c,c++ --with-system-zlib
arch_deps:
+ - hardening-wrapper
- libc6-dev
- zlib1g-dev
linux-x86_64:
var:
configure_opt: --enable-multilib --enable-languages=c,c++ --with-arch_32=i686
arch_deps:
+ - hardening-wrapper
- libc6-dev-i386
input_files:
- project: container-image
More information about the tbb-commits
mailing list