[med-svn] [Git][med-team/vg][master] more hardening tweaks

Michael R. Crusoe gitlab at salsa.debian.org
Sat Sep 7 02:43:45 BST 2019 


Michael R. Crusoe pushed to branch master at Debian Med / vg


Commits:
f3b6c652 by Michael R. Crusoe at 2019-09-07T01:43:25Z
more hardening tweaks

- - - - -


3 changed files:

- debian/copyright
- debian/patches/hardening_flags
- debian/rules


Changes:

=====================================
debian/copyright
=====================================
@@ -19,6 +19,8 @@ Files-Excluded: deps/libdeflate
                 deps/fastahack
                 deps/libVCFH
                 deps/vcflib/libVCFH
+                deps/vcflib/tabixpp/htslib
+                deps/sublinear-Li-Stephens/deps/htslib
 
 Files: *
 Copyright: © 2014 Erik Garrison


=====================================
debian/patches/hardening_flags
=====================================
@@ -62,7 +62,7 @@
  
  $(LIB_DIR)/libsdsl.a: $(SDSL_DIR)/lib/*.cpp $(SDSL_DIR)/include/sdsl/*.hpp
  ifeq ($(shell uname -s),Darwin)
-@@ -316,10 +316,10 @@
+@@ -316,17 +316,17 @@
  $(LIB_DIR)/libvgio.a: $(LIB_DIR)/libhts.a $(LIB_DIR)/pkgconfig/htslib.pc $(LIBVGIO_DIR)/CMakeLists.txt $(LIBVGIO_DIR)/src/*.cpp $(LIBVGIO_DIR)/include/vg/io/*.hpp
  	+rm -f $(CWD)/$(INC_DIR)/vg.pb.h $(CWD)/$(INC_DIR)/vg/vg.pb.h
  	+rm -Rf $(CWD)/$(INC_DIR)/vg/io/
@@ -75,6 +75,14 @@
  
  # We also have to have the shared libdeflate or we will get complaints that the static one is not position independent.
  # If we need either the library or the pkg-config file (which we didn't used to ship), run the whole build.
+ # We use a wildcard match to make sure make understands that both files come from one command run.
+ # See https://stackoverflow.com/a/3077254
+ $(LIB_DIR)/libhts%a $(LIB_DIR)/pkgconfig/htslib%pc: $(HTSLIB_DIR)/*.c $(HTSLIB_DIR)/*.h $(HTSLIB_DIR)/htslib/*.h $(HTSLIB_DIR)/cram/*.c $(HTSLIB_DIR)/cram/*.h
+-	+. ./source_me.sh && cd $(HTSLIB_DIR) && rm -Rf $(CWD)/$(INC_DIR)/htslib $(CWD)/$(LIB_DIR)/libhts* && autoheader && autoconf && CFLAGS="-I$(CWD)/$(INC_DIR)" LDFLAGS="-L$(CWD)/$(LIB_DIR)" ./configure --with-libdeflate --disable-s3 --disable-gcs --disable-libcurl --disable-plugins --prefix=$(CWD) $(FILTER) && $(MAKE) clean && $(MAKE) $(FILTER) && $(MAKE) install
++	+. ./source_me.sh && cd $(HTSLIB_DIR) && rm -Rf $(CWD)/$(INC_DIR)/htslib $(CWD)/$(LIB_DIR)/libhts* && autoheader && autoconf && CFLAGS="-I$(CWD)/$(INC_DIR) $(CFLAGS)" LDFLAGS="-L$(CWD)/$(LIB_DIR) $(LDFLAGS)" ./configure --with-libdeflate --disable-s3 --disable-gcs --disable-libcurl --disable-plugins --prefix=$(CWD) $(FILTER) && $(MAKE) clean && $(MAKE) $(FILTER) && $(MAKE) install
+ 
+ # We tell the vcflib build to use our own htslib.
+ # We link it and libdeflate statically (on Linux) because our lib directory won't
 @@ -392,7 +392,7 @@
  	+mkdir -p $(CWD)/$(INC_DIR)/dozeu && cp $(DOZEU_DIR)/*.h $(CWD)/$(INC_DIR)/dozeu/
  
@@ -285,6 +293,15 @@
  
  multichoose: pre
  	cd multichoose && $(MAKE) && cp *.h* $(VCF_LIB_LOCAL)/$(INC_DIR)/
+@@ -174,7 +174,7 @@
+ 	cd intervaltree && $(MAKE) && cp *.h* $(VCF_LIB_LOCAL)/$(INC_DIR)/
+ 
+ $(TABIX): pre
+-	cd tabixpp && INCLUDES="$(HTS_INCLUDES)" LIBPATH="-L. $(HTS_LDFLAGS)" HTSLIB="$(HTS_LIB)" $(MAKE) && cp *.h* $(VCF_LIB_LOCAL)/$(INC_DIR)/
++	cd tabixpp && INCLUDES="$(HTS_INCLUDES)" LIBPATH="-L. $(HTS_LDFLAGS)" HTSLIB="$(HTS_LIB)" HTS_HEADERS="" $(MAKE) && cp *.h* $(VCF_LIB_LOCAL)/$(INC_DIR)/
+ 
+ $(SMITHWATERMAN): pre
+ 	cd smithwaterman && $(MAKE) && cp *.h* $(VCF_LIB_LOCAL)/$(INC_DIR)/ && cp *.o $(VCF_LIB_LOCAL)/$(OBJ_DIR)/
 @@ -197,7 +197,7 @@
  	$(MAKE) bin/$@
  
@@ -381,3 +398,12 @@
  
  install: all
  	${MKDIR} -p ${DESTDIR}${PREFIX}/bin
+--- vg.orig/deps/vcflib/tabixpp/Makefile
++++ vg/deps/vcflib/tabixpp/Makefile
+@@ -44,6 +44,5 @@
+ cleanlocal:
+ 	rm -fr gmon.out *.o a.out *.dSYM $(PROG) *~ *.a tabix.aux tabix.log \
+ 		tabix.pdf *.class libtabix.*.dylib libtabix.so*
+-	cd htslib && $(MAKE) clean
+ 
+ clean:cleanlocal-recur


=====================================
debian/rules
=====================================
@@ -18,7 +18,7 @@ export LC_ALL=C.UTF-8
 export DEB_BUILD_MAINT_OPTIONS=hardening=+all
 export CFLAGS=$(shell dpkg-buildflags --get CFLAGS)
 export CPPFLAGS=$(shell dpkg-buildflags --get CPPFLAGS)
-export LFFLAGS=$(shell dpkg-buildflags --get LDFLAGS)
+export LDFLAGS=$(shell dpkg-buildflags --get LDFLAGS)
 export CXXFLAGS=$(shell dpkg-buildflags --get CXXFLAGS)
 
 %:



View it on GitLab: https://salsa.debian.org/med-team/vg/commit/f3b6c65275a36ec5b81e1c1c6b7f2ee686980fa4

-- 
View it on GitLab: https://salsa.debian.org/med-team/vg/commit/f3b6c65275a36ec5b81e1c1c6b7f2ee686980fa4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-med-commit/attachments/20190907/f7709ec6/attachment-0001.html>

More information about the debian-med-commit mailing list