| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106 |
- From: Christian Kastner <ckk@debian.org>
- Date: Sat, 26 Jul 2014 18:22:40 +0200
- Subject: Don't hardcode build flags
- Remove upstream's hardcoded build flags in Makefiles so that the build flags
- passed on by dpkg-buildflags are honored. This enables hardening during build.
- Last-Update: 2015-10-02
- ---
- Make.Rules | 6 +++---
- libcap/Makefile | 8 ++++----
- pam_cap/Makefile | 4 ++--
- progs/Makefile | 4 ++--
- 4 files changed, 11 insertions(+), 11 deletions(-)
- diff --git a/Make.Rules b/Make.Rules
- index 8347b26..61c4c48 100644
- --- a/Make.Rules
- +++ b/Make.Rules
- @@ -48,8 +48,8 @@ MINOR=25
- KERNEL_HEADERS := $(topdir)/libcap/include/uapi
- IPATH += -fPIC -I$(KERNEL_HEADERS) -I$(topdir)/libcap/include
-
- -CC := gcc
- -CFLAGS := -O2 -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64
- +CC ?= gcc
- +CFLAGS += -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64
- BUILD_CC := $(CC)
- BUILD_CFLAGS := $(CFLAGS) $(IPATH)
- AR := ar
- @@ -60,7 +60,7 @@ WARNINGS=-Wall -Wwrite-strings \
- -Wstrict-prototypes -Wmissing-prototypes \
- -Wnested-externs -Winline -Wshadow
- LD=$(CC) -Wl,-x -shared
- -LDFLAGS := #-g
- +LDFLAGS += #-g
- BUILD_GPERF := $(shell which gperf >/dev/null 2>/dev/null && echo yes)
-
- SYSTEM_HEADERS = /usr/include
- diff --git a/libcap/Makefile b/libcap/Makefile
- index d189777..ce327c5 100644
- --- a/libcap/Makefile
- +++ b/libcap/Makefile
- @@ -35,7 +35,7 @@ libcap.pc: libcap.pc.in
- $< >$@
-
- _makenames: _makenames.c cap_names.list.h
- - $(BUILD_CC) $(BUILD_CFLAGS) $< -o $@
- + $(BUILD_CC) $(BUILD_CFLAGS) $(BUILD_LDFLAGS) $(BUILD_CPPFLAGS) $< -o $@
-
- cap_names.h: _makenames
- ./_makenames > cap_names.h
- @@ -52,15 +52,15 @@ $(STALIBNAME): $(OBJS)
- $(RANLIB) $@
-
- $(MINLIBNAME): $(OBJS)
- - $(LD) $(CFLAGS) $(LDFLAGS) -Wl,-soname,$(MAJLIBNAME) -o $@ $^
- + $(LD) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -Wl,-soname,$(MAJLIBNAME) -o $@ $^
- ln -sf $(MINLIBNAME) $(MAJLIBNAME)
- ln -sf $(MAJLIBNAME) $(LIBNAME)
-
- %.o: %.c $(INCLS)
- - $(CC) $(CFLAGS) $(IPATH) -c $< -o $@
- + $(CC) $(CFLAGS) $(CPPFLAGS) $(IPATH) -c $< -o $@
-
- cap_text.o: cap_text.c $(USE_GPERF_OUTPUT) $(INCLS)
- - $(CC) $(CFLAGS) $(IPATH) $(INCLUDE_GPERF_OUTPUT) -c $< -o $@
- + $(CC) $(CFLAGS) $(CPPFLAGS) $(IPATH) $(INCLUDE_GPERF_OUTPUT) -c $< -o $@
-
- install: all
- mkdir -p -m 0755 $(FAKEROOT)$(INCDIR)/sys
- diff --git a/pam_cap/Makefile b/pam_cap/Makefile
- index f83e324..4b15291 100644
- --- a/pam_cap/Makefile
- +++ b/pam_cap/Makefile
- @@ -20,10 +20,10 @@ pam_cap.so: pam_cap.o
- $(LD) $(LDFLAGS) -o pam_cap.so $< $(LDLIBS)
-
- pam_cap.o: pam_cap.c
- - $(CC) $(CFLAGS) $(IPATH) -c $< -o $@
- + $(CC) $(CFLAGS) $(CPPFLAGS) $(IPATH) -c $< -o $@
-
- testcompile: test.c pam_cap.o
- - $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $+ -lpam -ldl $(LDLIBS)
- + $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o $@ $+ -lpam -ldl $(LDLIBS)
-
- clean:
- rm -f *.o *.so testcompile *~
- diff --git a/progs/Makefile b/progs/Makefile
- index c094a24..c38964e 100644
- --- a/progs/Makefile
- +++ b/progs/Makefile
- @@ -16,10 +16,10 @@ LDLIBS += -L../libcap -lcap
- all: $(BUILD)
-
- $(BUILD): %: %.o
- - $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $< $(LDLIBS)
- + $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o $@ $< $(LDLIBS)
-
- %.o: %.c $(INCS)
- - $(CC) $(IPATH) $(CFLAGS) -c $< -o $@
- + $(CC) $(IPATH) $(CFLAGS) $(CPPFLAGS) -c $< -o $@
-
- install: all
- mkdir -p -m 0755 $(FAKEROOT)$(SBINDIR)
|
