diff options
author | Michael Vogt <mvo@ubuntu.com> | 2014-10-01 08:22:26 +0200 |
---|---|---|
committer | Michael Vogt <mvo@ubuntu.com> | 2014-10-01 14:56:16 +0200 |
commit | e503a4d5ac668d233c11f64a0dd0c6d20f3b2be1 (patch) | |
tree | fc0400688d1c16968088900d35b06559ea6e6bac | |
parent | e359fe101e1a66277b340563c96e868451d9d4b5 (diff) | |
download | apt-e503a4d5ac668d233c11f64a0dd0c6d20f3b2be1.tar.gz |
debian/rules: add hardening=+all
Because of dpkg-buildflags we already get most of the hardening
features, +all adds -fPIE and ld -z now
Thanks: Simon Ruderich, Markus Waldeck
-rwxr-xr-x | debian/rules | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/debian/rules b/debian/rules index c7b5aa304..f031cfddb 100755 --- a/debian/rules +++ b/debian/rules @@ -21,9 +21,12 @@ endif -include build/environment.mak ifneq (,$(shell which dpkg-buildflags)) - export CXXFLAGS = $(shell dpkg-buildflags --get CXXFLAGS) - export LDFLAGS = $(shell dpkg-buildflags --get LDFLAGS) - export CPPFLAGS = $(shell dpkg-buildflags --get CPPFLAGS) + # make does not export to $(shell) so we need to workaround + # (http://savannah.gnu.org/bugs/?10593) + dpkg_buildflags = DEB_BUILD_MAINT_OPTIONS=hardening=+all dpkg-buildflags + export CXXFLAGS = $(shell $(dpkg_buildflags) --get CXXFLAGS) + export LDFLAGS = $(shell $(dpkg_buildflags) --get LDFLAGS) + export CPPFLAGS = $(shell $(dpkg_buildflags) --get CPPFLAGS) else ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) export CXXFLAGS = -O0 -g -Wall |