Date: Thursday, December 25, 2014 @ 23:38:59 Author: thestinger Revision: 124584
upgpkg: hardening-wrapper 7-1 Modified: hardening-wrapper/trunk/PKGBUILD hardening-wrapper/trunk/cc-wrapper.sh hardening-wrapper/trunk/common.sh hardening-wrapper/trunk/ld-wrapper.sh ---------------+ PKGBUILD | 38 ++++++++++++++++++++------------------ cc-wrapper.sh | 12 +----------- common.sh | 20 ++++++++++++++++++++ ld-wrapper.sh | 12 +----------- 4 files changed, 42 insertions(+), 40 deletions(-) Modified: PKGBUILD =================================================================== --- PKGBUILD 2014-12-25 22:00:13 UTC (rev 124583) +++ PKGBUILD 2014-12-25 22:38:59 UTC (rev 124584) @@ -1,7 +1,7 @@ # $Id$ # Maintainer: Daniel Micay <[email protected]> pkgname=hardening-wrapper -pkgver=6 +pkgver=7 pkgrel=1 pkgdesc='Wrapper scripts for building hardened executables by default' arch=(i686 x86_64) @@ -11,9 +11,9 @@ backup=(etc/hardening-wrapper.conf) source=(cc-wrapper.sh ld-wrapper.sh common.sh path.sh hardening-wrapper-i686.conf hardening-wrapper-x86_64.conf) -sha1sums=('793f885b61b96a23791d786e99a56c7b67c74fee' - '1091ff9c65a60fa785ecb5b825db1ab6dfd310ff' - '0c420f5323c0573d5c23c0ff8981025e2ba347ff' +sha1sums=('683aefa825cdc070262e7e605e8b33907e92cd2a' + 'e8c1fc067c15631fee3ba6282b1c2aa90f25c12b' + '517afb3bd75a9f9e13aedb19079d26cd76d52bd2' '1e5f6d9931f01b26bb4b6fbb839e21d34d534cdc' '4d7a8f4818c531ce7002e860e0654b42b6147037' '50db33c08439393b673c23d542e274beef44fbdd') @@ -22,20 +22,22 @@ install -Dm644 hardening-wrapper-${CARCH}.conf "$pkgdir/etc/hardening-wrapper.conf" install -Dm644 path.sh "$pkgdir/etc/profile.d/hardening-wrapper.sh" - mkdir -p "$pkgdir/usr/lib/hardening-wrapper/bin" - install -m755 {cc,ld}-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper" - install -m644 common.sh "$pkgdir/usr/lib/hardening-wrapper" + base="$pkgdir/usr/lib/hardening-wrapper" - ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/c89" - ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/c99" - ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/cc" - ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/c++" - ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/clang" - ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/clang++" - ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/gcc" - ln -s ../cc-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/g++" + mkdir -p "$base/bin" + install -m755 {cc,ld}-wrapper.sh "$base" + install -m644 common.sh "$base" - ln -s ../ld-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/ld" - ln -s ../ld-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/ld.bfd" - ln -s ../ld-wrapper.sh "$pkgdir/usr/lib/hardening-wrapper/bin/ld.gold" + ln "$base/cc-wrapper.sh" "$base/bin/c89" + ln "$base/cc-wrapper.sh" "$base/bin/c99" + ln "$base/cc-wrapper.sh" "$base/bin/cc" + ln "$base/cc-wrapper.sh" "$base/bin/c++" + ln "$base/cc-wrapper.sh" "$base/bin/clang" + ln "$base/cc-wrapper.sh" "$base/bin/clang++" + ln "$base/cc-wrapper.sh" "$base/bin/gcc" + ln "$base/cc-wrapper.sh" "$base/bin/g++" + + ln "$base/ld-wrapper.sh" "$base/bin/ld" + ln "$base/ld-wrapper.sh" "$base/bin/ld.bfd" + ln "$base/ld-wrapper.sh" "$base/bin/ld.gold" } Modified: cc-wrapper.sh =================================================================== --- cc-wrapper.sh 2014-12-25 22:00:13 UTC (rev 124583) +++ cc-wrapper.sh 2014-12-25 22:38:59 UTC (rev 124584) @@ -76,14 +76,4 @@ *) error 'invalid value for HARDENING_STACK_PROTECTOR' ;; esac -unwrapped=false -IFS=: read -ra path <<< "$PATH"; -for p in "${path[@]}"; do - binary="$p/${0##*/}" - if [[ "$binary" != "$0" && -x "$binary" ]]; then - unwrapped="$binary" - break - fi -done - -exec "$unwrapped" "${arguments[@]}" "$@" +run_wrapped_binary "$@" Modified: common.sh =================================================================== --- common.sh 2014-12-25 22:00:13 UTC (rev 124583) +++ common.sh 2014-12-25 22:38:59 UTC (rev 124584) @@ -2,3 +2,23 @@ printf "%s\n" "$1" >&2 exit 1 } + +run_wrapped_binary() { + # search for the wrapped binary in $PATH + # + # ignore paths before our own for compatibility with other wrappers + unwrapped=false + self=false + IFS=: read -ra path <<< "$PATH"; + for p in "${path[@]}"; do + binary="$p/${0##*/}" + if $self && [[ -x "$binary" ]]; then + unwrapped="$binary" + break + elif [[ "$binary" -ef "$0" ]]; then + self=true + fi + done + + exec "$unwrapped" "${arguments[@]}" "$@" +} Modified: ld-wrapper.sh =================================================================== --- ld-wrapper.sh 2014-12-25 22:00:13 UTC (rev 124583) +++ ld-wrapper.sh 2014-12-25 22:38:59 UTC (rev 124584) @@ -22,14 +22,4 @@ *) error 'invalid value for HARDENING_RELRO' ;; esac -unwrapped=false -IFS=: read -ra path <<< "$PATH"; -for p in "${path[@]}"; do - binary="$p/${0##*/}" - if [[ "$binary" != "$0" && -x "$binary" ]]; then - unwrapped="$binary" - break - fi -done - -exec "$unwrapped" "${arguments[@]}" "$@" +run_wrapped_binary "$@"
