Unverified Commit 6378afde authored by boklm's avatar boklm
Browse files

Bug 22444: use hardening-wrapper when building gcc for the Linux build

parent 16d87451

projects/gcc/build

+11 −0
Original line number Diff line number Diff line 
#!/bin/sh

[% c("var/set_default_env") -%]

[% c("var/setarch") -%]

[% IF c("var/linux") -%]

  # Config options for hardening-wrapper

  export DEB_BUILD_HARDENING=1

  export DEB_BUILD_HARDENING_STACKPROTECTOR=1

  export DEB_BUILD_HARDENING_FORTIFY=1

  export DEB_BUILD_HARDENING_PIE=1

  # We need to disable `-Werror=format-security` as GCC does not build with it

  # anymore. It seems it got audited for those problems already:

  # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=48817.

  export DEB_BUILD_HARDENING_FORMAT=0

[% END -%]

distdir=/var/tmp/dist/[% project %]

mkdir /var/tmp/build

tar -C /var/tmp/build -xf [% project %]-[% c("version") %].tar.bz2

projects/gcc/config

+2 −0
Original line number Diff line number Diff line
@@ -47,12 +47,14 @@ targets: 
    var:

      configure_opt: --enable-multilib --enable-languages=c,c++ --with-system-zlib

      arch_deps:

        - hardening-wrapper

        - libc6-dev

        - zlib1g-dev

  linux-x86_64:

    var:

      configure_opt: --enable-multilib --enable-languages=c,c++ --with-arch_32=i686

      arch_deps:

        - hardening-wrapper

        - libc6-dev-i386

input_files:

  - project: container-image