Unverified Commit 6378afde authored by boklm's avatar boklm
Browse files

Bug 22444: use hardening-wrapper when building gcc for the Linux build

parent 16d87451
#!/bin/sh
[% c("var/set_default_env") -%]
[% c("var/setarch") -%]
[% IF c("var/linux") -%]
# Config options for hardening-wrapper
export DEB_BUILD_HARDENING=1
export DEB_BUILD_HARDENING_STACKPROTECTOR=1
export DEB_BUILD_HARDENING_FORTIFY=1
export DEB_BUILD_HARDENING_PIE=1
# We need to disable `-Werror=format-security` as GCC does not build with it
# anymore. It seems it got audited for those problems already:
# https://gcc.gnu.org/bugzilla/show_bug.cgi?id=48817.
export DEB_BUILD_HARDENING_FORMAT=0
[% END -%]
distdir=/var/tmp/dist/[% project %]
mkdir /var/tmp/build
tar -C /var/tmp/build -xf [% project %]-[% c("version") %].tar.bz2
......
......@@ -47,12 +47,14 @@ targets:
var:
configure_opt: --enable-multilib --enable-languages=c,c++ --with-system-zlib
arch_deps:
- hardening-wrapper
- libc6-dev
- zlib1g-dev
linux-x86_64:
var:
configure_opt: --enable-multilib --enable-languages=c,c++ --with-arch_32=i686
arch_deps:
- hardening-wrapper
- libc6-dev-i386
input_files:
- project: container-image
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment