hardening.sh - void-packages - Void Source Packages

hardening.sh (1178B)

      1# Enable as-needed by default.
      2LDFLAGS="-Wl,--as-needed ${LDFLAGS}"
      3
      4if [ -z "$nopie" ]; then
      5	# Our compilers use --enable-default-pie and --enable-default-ssp,
      6	# but the bootstrap host compiler may not, force them.
      7	if [ -z "$CHROOT_READY" ]; then
      8		CFLAGS="-fstack-protector-strong -D_FORTIFY_SOURCE=2 ${CFLAGS}"
      9		CXXFLAGS="-fstack-protector-strong -D_FORTIFY_SOURCE=2 ${CXXFLAGS}"
     10		_GCCSPECSDIR=${XBPS_COMMONDIR}/environment/configure/gccspecs
     11		case "$XBPS_TARGET_MACHINE" in
     12			mips*) _GCCSPECSFILE="${_GCCSPECSDIR}/hardened-mips-cc1" ;;
     13			*) _GCCSPECSFILE="${_GCCSPECSDIR}/hardened-cc1" ;;
     14		esac
     15		CFLAGS="-specs=${_GCCSPECSFILE} ${CFLAGS}"
     16		CXXFLAGS="-specs=${_GCCSPECSFILE} ${CXXFLAGS}"
     17		LDFLAGS="-specs=${_GCCSPECSDIR}/hardened-ld -Wl,-z,relro -Wl,-z,now ${LDFLAGS}"
     18	else
     19		# Enable FORITFY_SOURCE=2
     20		CFLAGS="-fstack-clash-protection -D_FORTIFY_SOURCE=2 ${CFLAGS}"
     21		CXXFLAGS="-fstack-clash-protection -D_FORTIFY_SOURCE=2 ${CXXFLAGS}"
     22		FFLAGS="-fstack-clash-protection ${FFLAGS}"
     23		LDFLAGS="-Wl,-z,relro -Wl,-z,now ${LDFLAGS}"
     24	fi
     25else
     26	CFLAGS="-fno-PIE ${CFLAGS}"
     27	CXXFLAGS="-fno-PIE ${CFLAGS}"
     28	FFLAGS="-fno-PIE ${FFLAGS}"
     29	LDFLAGS="-no-pie ${LDFLAGS}"
     30fi

	void-packages Void Source Packages
	git clone git://ezup.dev/void-packages.git
	Log \| Files \| Refs \| README \| LICENSE