aboutsummaryrefslogtreecommitdiffstats
path: root/debian
diff options
context:
space:
mode:
authorTheodore Ts'o <tytso@mit.edu>2012-06-13 15:29:13 -0400
committerTheodore Ts'o <tytso@mit.edu>2012-06-13 16:06:44 -0400
commitc1986ecb6fc68427db7579d409929939117e45ff (patch)
tree8cb42a4ced5d8eab9d26408c383f537c71974b4e /debian
parent8f00911a21f4e95de84c60e09cc4df173e5b6701 (diff)
downloade2fsprogs-c1986ecb6fc68427db7579d409929939117e45ff.tar.gz
e2fsprogs-c1986ecb6fc68427db7579d409929939117e45ff.tar.xz
e2fsprogs-c1986ecb6fc68427db7579d409929939117e45ff.zip
Fix blhc (Build Log Hardening Check) warnings
The Build Log Hardening Check is a debian tool which scans the output of a package build making sure that the security hardening flags are used when compiling and linking all of binaries in a package. For the most part we were passing CFLAGS, CPPFLAGS, and LDFLAGS down to the compiler and link commands, but there there were one or two exceptions. In addition, there where a few places in "make install" where the V=1 option was not being honored, which triggered blhc warnings since it couldn't analyze those commands. The e2fsck.static was the only binary that was not getting built and packaged with the hardening flags, but I've fixed all of the blhc warnings so in the future it will be obvious if we regress. Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Diffstat (limited to 'debian')
-rwxr-xr-xdebian/rules31
1 files changed, 18 insertions, 13 deletions
diff --git a/debian/rules b/debian/rules
index 1f6e7b4a..cf8e070c 100755
--- a/debian/rules
+++ b/debian/rules
@@ -258,9 +258,11 @@ endif
ifneq ($(ismips),)
mkdir -p ${mipsbuilddir} ${mipsbuilddir64}
cd ${mipsbuilddir} && AWK=/usr/bin/awk \
- ${topdir}/configure ${MIPS_NOPIC_CONF_FLAGS} CFLAGS="${CFLAGS}"
+ ${topdir}/configure ${MIPS_NOPIC_CONF_FLAGS} \
+ CFLAGS="${CFLAGS}" CPPFLAGS="$(CPPFLAGS)" LDFLAGS="$(LDFLAGS)"
cd ${mipsbuilddir64} && AWK=/usr/bin/awk \
- ${topdir}/configure ${MIPS_NOPIC_CONF_FLAGS} CFLAGS="${CFLAGS}"
+ ${topdir}/configure ${MIPS_NOPIC_CONF_FLAGS} \
+ CFLAGS="${CFLAGS}" CPPFLAGS="$(CPPFLAGS)" LDFLAGS="$(LDFLAGS)"
endif
mkdir -p ${STAMPSDIR}
@@ -293,11 +295,13 @@ ifeq ($(DEB_BUILD_ARCH),$(DEB_HOST_ARCH))
if type diet > /dev/null 2>&1 ; then \
cd ${staticbuilddir} && AWK=/usr/bin/awk \
${topdir}/configure ${STATIC_CONF_FLAGS} \
- ${WITH_DIET_LIBC} CFLAGS="${CFLAGS}"; \
+ ${WITH_DIET_LIBC} CFLAGS="${CFLAGS}" \
+ CPPFLAGS="$(CPPFLAGS)" LDFLAGS="$(LDFLAGS)"; \
else \
cd ${staticbuilddir} && AWK=/usr/bin/awk \
${topdir}/configure ${STATIC_CONF_FLAGS} \
- CFLAGS="${CFLAGS}"; \
+ CFLAGS="${CFLAGS}" CPPFLAGS="$(CPPFLAGS)" \
+ LDFLAGS="$(LDFLAGS)"; \
fi
else
cd ${staticbuilddir} && AWK=/usr/bin/awk CC="${DEB_HOST_GNU_TYPE}-gcc" \
@@ -342,6 +346,7 @@ ${BUILDBFSTAMP}: ${CFGBFSTAMP}
$(MAKE) -C ${bfbuilddir} V=1 libs
$(MAKE) -C ${bfbuilddir}/e2fsck V=1 all
$(MAKE) -C ${bfbuilddir}/misc V=1 all
+ $(MAKE) -C ${bfbuilddir}/resize V=1 all
touch ${BUILDBFSTAMP}
build-static: ${BUILDSTATICSTAMP}
@@ -354,9 +359,9 @@ ${BUILDSTATICSTAMP}: ${CFGSTATICSTAMP}
clean:
dh_testdir
rm -rf ${STAMPSDIR}
- [ ! -f ${stdbuilddir}/Makefile ] || $(MAKE) -C ${stdbuilddir} distclean
- [ ! -f ${bfbuilddir}/Makefile ] || $(MAKE) -C ${bfbuilddir} distclean
- [ ! -f ${staticbuilddir}/Makefile ] || $(MAKE) -C ${staticbuilddir} distclean
+ [ ! -f ${stdbuilddir}/Makefile ] || $(MAKE) -C ${stdbuilddir} V=1 distclean
+ [ ! -f ${bfbuilddir}/Makefile ] || $(MAKE) -C ${bfbuilddir} V=1 distclean
+ [ ! -f ${staticbuilddir}/Makefile ] || $(MAKE) -C ${staticbuilddir} V=1 distclean
rm -rf ${stdbuilddir} ${bfbuilddir} ${staticbuilddir} ${mipsbuilddir} ${mipsbuilddir64}
rm -f debian/*.substvars
dh_clean
@@ -378,10 +383,10 @@ install-std: build
dh_installdirs
mkdir -p ${tmpdir}/sbin
- $(MAKE) -C ${stdbuilddir} install DESTDIR=${tmpdir} \
+ $(MAKE) -C ${stdbuilddir} V=1 install DESTDIR=${tmpdir} \
INSTALL_PROGRAM="${INSTALL_PROGRAM}" LDCONFIG=true
# static libs and .h files
- $(MAKE) -C ${stdbuilddir} install-libs DESTDIR=${tmpdir} LDCONFIG=true
+ $(MAKE) -C ${stdbuilddir} V=1 install-libs DESTDIR=${tmpdir} LDCONFIG=true
# statically-linked fsck
${INSTALL_PROGRAM} $(E2FSCK_STATIC) ${tmpdir}/sbin
@@ -410,13 +415,13 @@ install-udeb: build
dh_testdir
dh_testroot
- $(MAKE) -C ${bfbuilddir} install-shlibs-libs-recursive DESTDIR=${udebdir} \
+ $(MAKE) -C ${bfbuilddir} V=1 install-shlibs-libs-recursive DESTDIR=${udebdir} \
INSTALL_PROGRAM="${INSTALL_PROGRAM}" LDCONFIG=true
- $(MAKE) -C ${bfbuilddir}/e2fsck install DESTDIR=${udebdir} \
+ $(MAKE) -C ${bfbuilddir}/e2fsck V=1 install DESTDIR=${udebdir} \
INSTALL_PROGRAM="${INSTALL_PROGRAM}" LDCONFIG=true
- $(MAKE) -C ${bfbuilddir}/misc install DESTDIR=${udebdir} \
+ $(MAKE) -C ${bfbuilddir}/misc V=1 install DESTDIR=${udebdir} \
INSTALL_PROGRAM="${INSTALL_PROGRAM}" LDCONFIG=true
- $(MAKE) -C ${bfbuilddir}/resize install DESTDIR=${udebdir} \
+ $(MAKE) -C ${bfbuilddir}/resize V=1 install DESTDIR=${udebdir} \
INSTALL_PROGRAM="${INSTALL_PROGRAM}" LDCONFIG=true
rm -rf ${udebdir}/usr