Date: Thursday, July 24, 2014 @ 00:54:50 Author: thestinger Revision: 116250
upgpkg: hardening-wrapper 3-1 Added: hardening-wrapper/trunk/hardening-wrapper-i686.conf hardening-wrapper/trunk/hardening-wrapper-x86_64.conf Modified: hardening-wrapper/trunk/PKGBUILD hardening-wrapper/trunk/cc-wrapper.sh -------------------------------+ PKGBUILD | 13 ++++++++----- cc-wrapper.sh | 16 +++++++++------- hardening-wrapper-i686.conf | 6 ++++++ hardening-wrapper-x86_64.conf | 6 ++++++ 4 files changed, 29 insertions(+), 12 deletions(-) Modified: PKGBUILD =================================================================== --- PKGBUILD 2014-07-23 22:52:06 UTC (rev 116249) +++ PKGBUILD 2014-07-23 22:54:50 UTC (rev 116250) @@ -1,17 +1,20 @@ # Maintainer: Daniel Micay <[email protected]> pkgname=hardening-wrapper -pkgver=2 -pkgrel=4 +pkgver=3 +pkgrel=1 pkgdesc='Wrapper script for building hardened executables by default' arch=(any) url='https://archlinux.org/' license=('GPL') depends=(bash) -source=(cc-wrapper.sh path.sh) -sha1sums=('41ed86439513a9be2cd4a186e419d70f4d362b0c' - '1e5f6d9931f01b26bb4b6fbb839e21d34d534cdc') +source=(cc-wrapper.sh path.sh hardening-wrapper-i686.conf hardening-wrapper-x86_64.conf) +sha1sums=('3c2b70878b77ba433ba94f22ed4881fb393991fa' + '1e5f6d9931f01b26bb4b6fbb839e21d34d534cdc' + '658aed4d1039393f0ba08152c1320fca04ce1315' + 'ff104a6624ce898010f277fe22e6f964aeb34300') package() { + install -Dm644 hardening-wrapper-${CARCH}.conf "$pkgdir/etc/hardening-wrapper.conf" install -Dm644 path.sh "$pkgdir/etc/profile.d/hardening-wrapper.sh" mkdir -p "$pkgdir/usr/lib/hardening-wrapper/bin" Modified: cc-wrapper.sh =================================================================== --- cc-wrapper.sh 2014-07-23 22:52:06 UTC (rev 116249) +++ cc-wrapper.sh 2014-07-23 22:54:50 UTC (rev 116250) @@ -2,14 +2,16 @@ set -o nounset -force_bindnow="${HARDENING_BINDNOW:-1}" -force_fPIE="${HARDENING_PIE:-1}" -force_fortify="${HARDENING_FORTIFY:-2}" -force_pie="${HARDENING_PIE:-1}" -force_relro="${HARDENING_RELRO:-1}" -force_stack_check="${HARDENING_STACK_CHECK:-0}" -force_stack_protector="${HARDENING_STACK_PROTECTOR:-2}" +declare -A default="($(cat /etc/hardening-wrapper.conf))" +force_bindnow="${HARDENING_BINDNOW:-"${default[HARDENING_BINDNOW]:-0}"}" +force_fPIE="${HARDENING_PIE:-"${default[HARDENING_PIE]:-1}"}" +force_fortify="${HARDENING_FORTIFY:-"${default[HARDENING_FORTIFY]:-2}"}" +force_pie="${HARDENING_PIE:-"${default[HARDENING_PIE]:-1}"}" +force_relro="${HARDENING_RELRO:-"${default[HARDENING_RELRO]:-1}"}" +force_stack_check="${HARDENING_STACK_CHECK:-"${default[HARDENING_STACK_CHECK]:-0}"}" +force_stack_protector="${HARDENING_STACK_PROTECTOR:-${default[HARDENING_STACK_PROTECTOR]:-2}}" + error() { echo "$1" >&2 exit 1 Added: hardening-wrapper-i686.conf =================================================================== --- hardening-wrapper-i686.conf (rev 0) +++ hardening-wrapper-i686.conf 2014-07-23 22:54:50 UTC (rev 116250) @@ -0,0 +1,6 @@ +[HARDENING_BINDNOW]=0 +[HARDENING_PIE]=0 +[HARDENING_FORTIFY]=2 +[HARDENING_RELRO]=1 +[HARDENING_STACK_CHECK]=0 +[HARDENING_STACK_PROTECTOR]=2 Added: hardening-wrapper-x86_64.conf =================================================================== --- hardening-wrapper-x86_64.conf (rev 0) +++ hardening-wrapper-x86_64.conf 2014-07-23 22:54:50 UTC (rev 116250) @@ -0,0 +1,6 @@ +[HARDENING_BINDNOW]=0 +[HARDENING_PIE]=1 +[HARDENING_FORTIFY]=2 +[HARDENING_RELRO]=1 +[HARDENING_STACK_CHECK]=0 +[HARDENING_STACK_PROTECTOR]=2
