| 12345678910111213141516171819202122232425262728293031 |
- #!/bin/sh
- [% c("var/set_default_env") -%]
- [% IF c("var/linux") -%]
- # Config options for hardening-wrapper
- export DEB_BUILD_HARDENING=1
- export DEB_BUILD_HARDENING_STACKPROTECTOR=1
- export DEB_BUILD_HARDENING_FORTIFY=1
- # Since r223796 landed on GCC master enforcing PIE breaks GCC compilation.
- # The compiler gets built with `-fno-PIE` and linked with `-no-pie` as not
- # doing so would make precompiled headers (PCH) fail.
- # It is okay for us to omit this right now as it does not change any hardening
- # flags in the resulting bundles.
- export DEB_BUILD_HARDENING_PIE=0
- # We need to disable `-Werror=format-security` as GCC does not build with it
- # anymore. It seems it got audited for those problems already:
- # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=48817.
- export DEB_BUILD_HARDENING_FORMAT=0
- [% END -%]
- distdir=/var/tmp/dist/[% project %]
- mkdir /var/tmp/build
- tar -C /var/tmp/build -xf [% project %]-[% c("version") %].tar.xz
- cd /var/tmp/build/[% project %]-[% c("version") %]
- ./configure --prefix=$distdir [% c("var/configure_opt") %]
- make -j[% c("num_procs") %]
- make install
- cd /var/tmp/dist
- [% c('tar', {
- tar_src => [ project ],
- tar_args => '-czf ' _ dest_dir _ '/' _ c('filename'),
- }) %]
|
