[med-svn] [Git][med-team/damapper][master] 2 commits: Ensure hardening of build

[Shayan Doust]

Shayan Doust pushed to branch master at Debian Med / damapper


Commits:
b836fa87 by Shayan Doust at 2020-08-10T11:40:19+01:00
Ensure hardening of build

- - - - -
ee011bd3 by Shayan Doust at 2020-08-10T11:46:33+01:00
Install content under bin/

- - - - -


3 changed files:

- + debian/damapper.install
- debian/patches/modify_makefile.patch
- debian/rules


Changes:

=====================================
debian/damapper.install
=====================================
@@ -0,0 +1 @@
+bin/ usr/


=====================================
debian/patches/modify_makefile.patch
=====================================
@@ -1,10 +1,29 @@
-Description: ensures binary installation within bin/
+Description: modify Makefile installation dir and gcc flags
+ Gcc flag modification ensures hardening build
 Author: Shayan Doust <hello at shayandoust.me>
 Last-Update: 2020-08-10
 ---
 
 --- damapper.orig/Makefile
 +++ damapper/Makefile
+@@ -1,14 +1,14 @@
+-CFLAGS = -O3 -Wall -Wextra -Wno-unused-result -fno-strict-aliasing
++CFLAGS = -O3 -Wall -Wextra -Wno-unused-result -fno-strict-aliasing -D_FORTIFY_SOURCE=2 -z now
+ 
+ ALL = damapper HPC.damapper
+ 
+ all: $(ALL)
+ 
+ damapper: damapper.c map.c map.h align.c align.h DB.c DB.h QV.c QV.h
+-	gcc $(CFLAGS) -o damapper damapper.c map.c align.c DB.c QV.c -lpthread -lm
++	gcc $(CFLAGS) $(shell dpkg-buildflags --get CFLAGS) -o damapper damapper.c map.c align.c DB.c QV.c -lpthread -lm
+ 
+ HPC.damapper: HPC.damapper.c DB.c DB.h QV.c QV.h
+-	gcc $(CFLAGS) -o HPC.damapper HPC.damapper.c DB.c QV.c -lm
++	gcc $(CFLAGS) $(shell dpkg-buildflags --get CFLAGS) -o HPC.damapper HPC.damapper.c DB.c QV.c -lm
+ 
+ clean:
+ 	rm -f $(ALL)
 @@ -16,7 +16,8 @@
  	rm -f damapper.tar.gz
  


=====================================
debian/rules
=====================================
@@ -6,7 +6,7 @@ export LC_ALL=C.UTF-8
 include /usr/share/dpkg/default.mk
 
 # for hardening you might like to uncomment this:
-# export DEB_BUILD_MAINT_OPTIONS=hardening=+all
+export DEB_BUILD_MAINT_OPTIONS=hardening=+all
 
 %:
 	dh $@



View it on GitLab: https://salsa.debian.org/med-team/damapper/-/compare/e3e0ffb9a34cd99e65ca33d096cf5bd7eaa958a2...ee011bd329449d5406c5f0a60a63f9bc3ef70de1

-- 
View it on GitLab: https://salsa.debian.org/med-team/damapper/-/compare/e3e0ffb9a34cd99e65ca33d096cf5bd7eaa958a2...ee011bd329449d5406c5f0a60a63f9bc3ef70de1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-med-commit/attachments/20200810/e8b43aa5/attachment-0001.html>