From b4fcc0dd1f8ca61369332f4b9e8f1a718ea3e277 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Sun, 1 Apr 2012 00:49:25 +0100 Subject: Use dpkg-buildflags, including for hardening support; drop use of hardening-includes. --- debian/changelog | 7 +++++++ debian/control | 2 +- debian/rules | 31 +++++-------------------------- 3 files changed, 13 insertions(+), 27 deletions(-) (limited to 'debian') diff --git a/debian/changelog b/debian/changelog index 462543f7b..114d2199a 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +openssh (1:5.9p1-5) UNRELEASED; urgency=low + + * Use dpkg-buildflags, including for hardening support; drop use of + hardening-includes. + + -- Colin Watson Sat, 31 Mar 2012 11:13:09 +0100 + openssh (1:5.9p1-4) unstable; urgency=low * Disable OpenSSL version check again, as its SONAME is sufficient diff --git a/debian/control b/debian/control index 9d947e2c8..feff00209 100644 --- a/debian/control +++ b/debian/control @@ -2,7 +2,7 @@ Source: openssh Section: net Priority: standard Maintainer: Debian OpenSSH Maintainers -Build-Depends: libwrap0-dev | libwrap-dev, zlib1g-dev (>= 1:1.2.3-1), libssl-dev (>= 0.9.8g), libpam0g-dev | libpam-dev, libgtk2.0-dev, libedit-dev, debhelper (>= 7.4.2~), libselinux1-dev [linux-any], libkrb5-dev | heimdal-dev, hardening-includes +Build-Depends: libwrap0-dev | libwrap-dev, zlib1g-dev (>= 1:1.2.3-1), libssl-dev (>= 0.9.8g), libpam0g-dev | libpam-dev, libgtk2.0-dev, libedit-dev, debhelper (>= 7.4.2~), libselinux1-dev [linux-any], libkrb5-dev | heimdal-dev, dpkg (>= 1.16.1~) Standards-Version: 3.8.4 Uploaders: Colin Watson , Matthew Vernon Homepage: http://www.openssh.org/ diff --git a/debian/rules b/debian/rules index ce56fdea4..0200d48d7 100755 --- a/debian/rules +++ b/debian/rules @@ -3,17 +3,9 @@ # Uncomment this to turn on verbose mode. # export DH_VERBOSE=1 -include /usr/share/hardening-includes/hardening.make - # This has to be exported to make some magic below work. export DH_OPTIONS -ifeq (,$(filter noopt,$(DEB_BUILD_OPTIONS))) -OPTFLAGS := -O2 -else -OPTFLAGS := -O0 -endif - ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS))) RUN_TESTS := yes else @@ -31,7 +23,6 @@ else endif DEB_HOST_ARCH_OS := $(shell dpkg-architecture -qDEB_HOST_ARCH_OS 2>/dev/null) -DEB_HOST_ARCH_CPU := $(shell dpkg-architecture -qDEB_HOST_ARCH_CPU 2>/dev/null) # Take account of old dpkg-architecture output. ifeq ($(DEB_HOST_ARCH_OS),) @@ -40,20 +31,6 @@ ifeq ($(DEB_HOST_ARCH_OS),) DEB_HOST_ARCH_OS := hurd endif endif -ifeq ($(DEB_HOST_ARCH_CPU),) - DEB_HOST_ARCH_CPU := $(shell dpkg-architecture -qDEB_HOST_GNU_CPU) - ifeq ($(DEB_HOST_ARCH_CPU),x86_64) - DEB_HOST_ARCH_CPU := amd64 - endif -endif - -ifneq (,$(findstring :$(DEB_HOST_ARCH_OS):,:linux:knetbsd:)) - ifneq (,$(findstring :$(DEB_HOST_ARCH_CPU):,:mips:mipsel:)) - # Apparently this is not implied by -fPIE, at least on the mipsen. - PIC_CFLAGS := -fPIC - PIC_LDFLAGS := -fPIC - endif -endif # Change the version string to include the Debian version SSH_EXTRAVERSION := Debian-$(shell dpkg-parsechangelog | sed -n -e '/^Version:/s/Version: //p' | sed -e 's/[^-]*-//') @@ -108,7 +85,9 @@ confflags += --with-default-path=$(DEFAULT_PATH) --with-superuser-path=$(SUPERUS confflags_udeb += --with-default-path=/usr/local/bin:/usr/bin:/bin --with-superuser-path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin # Compiler flags. -cflags := $(OPTFLAGS) $(PIC_CFLAGS) $(HARDENING_CFLAGS) +export DEB_BUILD_MAINT_OPTIONS := hardening=+all +default_cflags := $(shell dpkg-buildflags --get CPPFLAGS) $(shell dpkg-buildflags --get CFLAGS) +cflags := $(default_cflags) cflags += -DLOGIN_PROGRAM=\"/bin/login\" -DLOGIN_NO_ENDOPT cflags += -DSSH_EXTRAVERSION=\"$(SSH_EXTRAVERSION)\" cflags_udeb := -Os @@ -117,7 +96,7 @@ confflags += --with-cflags='$(cflags)' confflags_udeb += --with-cflags='$(cflags_udeb)' # Linker flags. -confflags += --with-ldflags='$(strip -Wl,--as-needed $(PIC_LDFLAGS) $(HARDENING_LDFLAGS))' +confflags += --with-ldflags='$(strip -Wl,--as-needed $(shell dpkg-buildflags --get LDFLAGS))' confflags_udeb += --with-ldflags='-Wl,--as-needed' %: @@ -139,7 +118,7 @@ override_dh_auto_build: $(MAKE) -C build-deb -j 2 ASKPASS_PROGRAM='/usr/bin/ssh-askpass' $(MAKE) -C build-udeb -j 2 ASKPASS_PROGRAM='/usr/bin/ssh-askpass' ssh scp sftp sshd ssh-keygen - $(MAKE) -C contrib gnome-ssh-askpass2 CC='$(CC) $(OPTFLAGS) -g -Wall -Wl,--as-needed' + $(MAKE) -C contrib gnome-ssh-askpass2 CC='$(CC) $(default_cflags) -Wall -Wl,--as-needed' override_dh_auto_test: ifeq ($(RUN_TESTS),yes) -- cgit v1.2.3