[med-svn] [tantan] 01/01: fix build system for hardening and reproducibility

Sascha Steinbiss sascha at steinbiss.name
Sun Mar 13 00:08:19 UTC 2016 

This is an automated email from the git hooks/post-receive script.

sascha-guest pushed a commit to branch master
in repository tantan.

commit 66159d3bb7bbf61d9299757928f86d4d936d8684
Author: Sascha Steinbiss <sascha at steinbiss.name>
Date:   Sun Mar 13 00:05:25 2016 +0000

    fix build system for hardening and reproducibility
---
 debian/changelog                |  7 +++++++
 debian/patches/buildflags.patch | 32 +++++++++++++++++++++++++++++---
 debian/rules                    |  6 +-----
 3 files changed, 37 insertions(+), 8 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 7fc1bd0..cd09f88 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+tantan (13-4) unstable; urgency=medium
+
+  * Use stable compilation order for reproducibility.
+  * Add full hardening support.
+
+ -- Sascha Steinbiss <sascha at steinbiss.name>  Sun, 13 Mar 2016 00:04:54 +0000
+
 tantan (13-3) unstable; urgency=medium
 
   * Bump Standards-Version.
diff --git a/debian/patches/buildflags.patch b/debian/patches/buildflags.patch
index b26628f..bacda18 100644
--- a/debian/patches/buildflags.patch
+++ b/debian/patches/buildflags.patch
@@ -3,14 +3,40 @@ Description: add buildflags
 Author: Sascha Steinbiss <sascha at steinbiss.name> 
 --- a/src/Makefile
 +++ b/src/Makefile
-@@ -1,8 +1,8 @@
+@@ -1,17 +1,21 @@
 -CXXFLAGS = -O3 -Wall -W -Wcast-qual -Wswitch-enum -Wundef	\
-+CXXFLAGS += -O3 -g -Wall -W -Wcast-qual -Wswitch-enum -Wundef	\
++#CXXFLAGS += -O3 -g -Wall -W -Wcast-qual -Wswitch-enum -Wundef	\
  -Wcast-align -Wold-style-cast
  # -Wconversion
  
 -CFLAGS = -Wall
-+CFLAGS += -Wall
++#CFLAGS += -Wall
  
  COBJ = CA_code/lambda_calculator.o
++CCSRCS = $(sort $(wildcard *.cc))
++CCHDRS = $(sort $(wildcard *.hh))
++CACODESRCS = $(sort $(wildcard CA_code/*.c))
++CACODEHDRS = $(sort $(wildcard CA_code/*.h))
  
+ all: tantan
+ 
+-tantan: *.cc *.hh version.hh Makefile $(COBJ)
+-	$(CXX) $(CPPFLAGS) $(CXXFLAGS) $(LDFLAGS) -o $@ *.cc $(COBJ)
++tantan: $(CCSRCS) $(CCHDRS) version.hh Makefile $(COBJ)
++	$(CXX) $(CPPFLAGS) $(CXXFLAGS) $(LDFLAGS) -o $@ $(CCSRCS) $(COBJ)
+ 
+-$(COBJ): CA_code/*.c CA_code/*.h Makefile
++$(COBJ): $(CACODESRCS) $(CACODEHDRS) Makefile
+ 	$(CC) $(CPPFLAGS) $(CFLAGS) -c -o $@ CA_code/lambda_calculator.c
+ 
+ clean:
+--- a/Makefile
++++ b/Makefile
+@@ -1,6 +1,5 @@
+-CXXFLAGS = -O3
+ all:
+-	@cd src && ${MAKE} CXXFLAGS="${CXXFLAGS}"
++	@cd src && ${MAKE}
+ 
+ prefix = /usr/local
+ exec_prefix = ${prefix}
diff --git a/debian/rules b/debian/rules
index 77b507c..9dc6ce0 100755
--- a/debian/rules
+++ b/debian/rules
@@ -3,11 +3,7 @@
 
 export DESTDIR=$(CURDIR)/debian/tantan/usr
 export DH_ALWAYS_EXCLUDE=.gitignore
-
-CPPFLAGS:=$(shell dpkg-buildflags --get CPPFLAGS)
-CFLAGS:=$(shell dpkg-buildflags --get CFLAGS)
-CXXFLAGS:=$(shell dpkg-buildflags --get CXXFLAGS)
-LDFLAGS:=$(shell dpkg-buildflags --get LDFLAGS)
+export DEB_BUILD_MAINT_OPTIONS = hardening=+all
 
 %:
 	dh $@

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/debian-med/tantan.git

More information about the debian-med-commit mailing list