blob: 9f9467715577ab6583fae16b6e10a173d1643391 [file] [log] [blame]
Description: Fix blhc (Build Log Hardening Check) warnings
The Build Log Hardening Check is a debian tool which scans the output
of a package build making sure that the security hardening flags are
used when compiling and linking all of binaries in a package.
.
For the most part we were passing CFLAGS, CPPFLAGS, and LDFLAGS down
to the compiler and link commands, but there there were one or two
exceptions. In addition, there where a few places in "make install"
where the V=1 option was not being honored, which triggered blhc
warnings since it couldn't analyze those commands.
.
The e2fsck.static was the only binary that was not getting built and
packaged with the hardening flags, but I've fixed all of the blhc
warnings so in the future it will be obvious if we regress.
Author: Theodore Ts'o <tytso@mit.edu>
Origin: http://git.kernel.org/?p=fs/ext2/e2fsprogs.git;a=commitdiff;h=9234c81457c9e2753cfde6b6a86a9982bfc2925a
---
diff --git a/MCONFIG.in b/MCONFIG.in
index 0c74522..fa2b03e 100644
--- a/MCONFIG.in
+++ b/MCONFIG.in
@@ -35,15 +35,19 @@ datadir = @datadir@
@ifGNUmake@ V =
@ifGNUmake@ ifeq ($(strip $(V)),)
@ifGNUmake@ # E = @echo
+@ifGNUmake@ # ES = echo
@ifGNUmake@ # Q = @
@ifGNUmake@ E = @E@
+@ifGNUmake@ ES = @ES@
@ifGNUmake@ Q = @Q@
@ifGNUmake@ else
@ifGNUmake@ E = @\#
+@ifGNUmake@ ES = \#
@ifGNUmake@ Q =
@ifGNUmake@ endif
@ifNotGNUmake@ E = @E@
+@ifNotGNUmake@ ES = @ES@
@ifNotGNUmake@ Q = @Q@
CC = @CC@
diff --git a/configure b/configure
index b741112..732119e 100755
--- a/configure
+++ b/configure
@@ -713,6 +713,7 @@ BSDLIB_CMT
ELF_CMT
HTREE_CMT
Q
+ES
E
LINK_BUILD_FLAGS
SYMLINK_RELATIVE
@@ -4434,11 +4435,13 @@ then
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: Disabling verbose make commands" >&5
$as_echo "Disabling verbose make commands" >&6; }
E=@echo
+ ES=echo
Q=@
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: Enabling verbose make commands" >&5
$as_echo "Enabling verbose make commands" >&6; }
E=@\\#
+ ES=\\#
Q=
fi
@@ -4446,12 +4449,14 @@ else
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: Disabling verbose make commands" >&5
$as_echo "Disabling verbose make commands" >&6; }
E=@echo
+ES=echo
Q=@
fi
+
# Check whether --enable-compression was given.
if test "${enable_compression+set}" = set; then :
enableval=$enable_compression; if test "$enableval" = "no"
@@ -11304,7 +11309,7 @@ if test "$USE_INCLUDED_LIBINTL" = "yes" ; then
fi
if test $cross_compiling = no; then
- BUILD_CFLAGS="$CFLAGS"
+ BUILD_CFLAGS="$CFLAGS $CPPFLAGS"
BUILD_LDFLAGS="$LDFLAGS"
else
BUILD_CFLAGS=
diff --git a/configure.in b/configure.in
index aa4c777..7373e8e 100644
--- a/configure.in
+++ b/configure.in
@@ -212,18 +212,22 @@ if test "$enableval" = "no"
then
AC_MSG_RESULT([Disabling verbose make commands])
E=@echo
+ ES=echo
Q=@
else
AC_MSG_RESULT([Enabling verbose make commands])
E=@\\#
+ ES=\\#
Q=
fi
,
AC_MSG_RESULT([Disabling verbose make commands])
E=@echo
+ES=echo
Q=@
)
AC_SUBST(E)
+AC_SUBST(ES)
AC_SUBST(Q)
dnl
dnl handle --enable-compression
@@ -1230,7 +1234,7 @@ dnl
dnl Build CFLAGS
dnl
if test $cross_compiling = no; then
- BUILD_CFLAGS="$CFLAGS"
+ BUILD_CFLAGS="$CFLAGS $CPPFLAGS"
BUILD_LDFLAGS="$LDFLAGS"
else
BUILD_CFLAGS=
diff --git a/e2fsck/Makefile.in b/e2fsck/Makefile.in
index c51bfdb..a52bbe1 100644
--- a/e2fsck/Makefile.in
+++ b/e2fsck/Makefile.in
@@ -136,7 +136,7 @@ e2fsck.profiled: $(PROFILED_OBJS) $(PROFILED_DEPLIBS)
gen_crc32table: $(srcdir)/gen_crc32table.c
$(E) " CC $@"
- $(Q) $(BUILD_CC) $(BUILD_CFLAGS) -o gen_crc32table \
+ $(Q) $(BUILD_CC) $(BUILD_CFLAGS) $(BUILD_LDFLAGS) -o gen_crc32table \
$(srcdir)/gen_crc32table.c
crc32table.h: gen_crc32table
@@ -216,11 +216,11 @@ installdirs:
install: $(PROGS) $(MANPAGES) $(FMANPAGES) installdirs
$(Q) for i in $(PROGS); do \
- echo " INSTALL $(root_sbindir)/$$i"; \
+ $(ES) " INSTALL $(root_sbindir)/$$i"; \
$(INSTALL_PROGRAM) $$i $(DESTDIR)$(root_sbindir)/$$i; \
done
$(Q) for i in ext2 ext3 ext4 ext4dev; do \
- echo " LINK $(root_sbindir)/fsck.$$i"; \
+ $(ES) " LINK $(root_sbindir)/fsck.$$i"; \
(cd $(DESTDIR)$(root_sbindir); \
$(LN) $(LINK_INSTALL_FLAGS) e2fsck fsck.$$i); \
done
@@ -228,25 +228,25 @@ install: $(PROGS) $(MANPAGES) $(FMANPAGES) installdirs
for j in $(COMPRESS_EXT); do \
$(RM) -f $(DESTDIR)$(man8dir)/$$i.$$j; \
done; \
- echo " INSTALL_DATA $(man8dir)/$$i"; \
+ $(ES) " INSTALL_DATA $(man8dir)/$$i"; \
$(INSTALL_DATA) $$i $(DESTDIR)$(man8dir)/$$i; \
done
$(Q) for i in $(FMANPAGES); do \
for j in $(COMPRESS_EXT); do \
$(RM) -f $(DESTDIR)$(man5dir)/$$i.$$j; \
done; \
- echo " INSTALL_DATA $(man5dir)/$$i"; \
+ $(ES) " INSTALL_DATA $(man5dir)/$$i"; \
$(INSTALL_DATA) $$i $(DESTDIR)$(man5dir)/$$i; \
done
$(Q) for i in ext2 ext3 ext4 ext4dev; do \
- echo " LINK $(man8dir)/fsck.$$i.8"; \
+ $(ES) " LINK $(man8dir)/fsck.$$i.8"; \
(cd $(DESTDIR)$(man8dir); \
$(LN) $(LINK_INSTALL_FLAGS) e2fsck.8 fsck.$$i.8); \
done
install-strip: install
$(Q) for i in $(PROGS); do \
- echo " STRIP $(root_sbindir)/$$i"; \
+ $(ES) " STRIP $(root_sbindir)/$$i"; \
$(STRIP) $(DESTDIR)$(root_sbindir)/$$i; \
done
diff --git a/lib/ext2fs/Makefile.in b/lib/ext2fs/Makefile.in
index f9200fa..0d9ac21 100644
--- a/lib/ext2fs/Makefile.in
+++ b/lib/ext2fs/Makefile.in
@@ -463,7 +463,7 @@ $(OBJS): subdirs
gen_crc32ctable: $(srcdir)/gen_crc32ctable.c
$(E) " CC $@"
- $(Q) $(BUILD_CC) $(BUILD_CFLAGS) -o gen_crc32ctable \
+ $(Q) $(BUILD_CC) $(BUILD_CFLAGS) $(BUILD_LDFLAGS) -o gen_crc32ctable \
$(srcdir)/gen_crc32ctable.c
crc32c_table.h: gen_crc32ctable
diff --git a/lib/uuid/Makefile.in b/lib/uuid/Makefile.in
index caa13f7..7329467 100644
--- a/lib/uuid/Makefile.in
+++ b/lib/uuid/Makefile.in
@@ -86,8 +86,8 @@ tst_uuid: tst_uuid.o $(DEPSTATIC_LIBUUID)
uuid_time: $(srcdir)/uuid_time.c $(DEPLIBUUID)
$(E) " LD $@"
- $(Q) $(CC) $(ALL_CFLAGS) -DDEBUG -o uuid_time $(srcdir)/uuid_time.c \
- $(LIBUUID)
+ $(Q) $(CC) $(ALL_CFLAGS) $(LDFLAGS) -DDEBUG -o uuid_time \
+ $(srcdir)/uuid_time.c $(LIBUUID)
uuid.3: $(DEP_SUBSTITUTE) $(srcdir)/uuid.3.in
$(E) " SUBST $@"
diff --git a/misc/Makefile.in b/misc/Makefile.in
index cc0b939..0692126 100644
--- a/misc/Makefile.in
+++ b/misc/Makefile.in
@@ -410,7 +410,7 @@ blkid.1: $(DEP_SUBSTITUTE) $(srcdir)/blkid.1.in
$(Q) $(SUBSTITUTE_UPTIME) $(srcdir)/blkid.1.in blkid.1
e2freefrag.8: $(DEP_SUBSTITUTE) $(srcdir)/e2freefrag.8.in
- @echo " SUBST $@"
+ $(E) " SUBST $@"
@$(SUBSTITUTE_UPTIME) $(srcdir)/e2freefrag.8.in e2freefrag.8
filefrag.8: $(DEP_SUBSTITUTE) $(srcdir)/filefrag.8.in
@@ -427,44 +427,44 @@ installdirs:
install: all $(SMANPAGES) $(UMANPAGES) installdirs
$(Q) for i in $(SPROGS); do \
- echo " INSTALL $(root_sbindir)/$$i"; \
+ $(ES) " INSTALL $(root_sbindir)/$$i"; \
$(INSTALL_PROGRAM) $$i $(DESTDIR)$(root_sbindir)/$$i; \
done
$(Q) for i in $(USPROGS); do \
- echo " INSTALL $(sbindir)/$$i"; \
+ $(ES) " INSTALL $(sbindir)/$$i"; \
$(INSTALL_PROGRAM) $$i $(DESTDIR)$(sbindir)/$$i; \
done
$(Q) for i in ext2 ext3 ext4 ext4dev; do \
- echo " LINK $(root_sbindir)/mkfs.$$i"; \
+ $(ES) " LINK $(root_sbindir)/mkfs.$$i"; \
(cd $(DESTDIR)$(root_sbindir); \
$(LN) $(LINK_INSTALL_FLAGS) mke2fs mkfs.$$i); \
done
$(Q) (cd $(DESTDIR)$(root_sbindir); \
$(LN) $(LINK_INSTALL_FLAGS) tune2fs e2label)
$(Q) if test -n "$(FINDFS_LINK)"; then \
- echo " LINK $(root_sbindir)/findfs"; \
+ $(ES) " LINK $(root_sbindir)/findfs"; \
(cd $(DESTDIR)$(root_sbindir); \
$(LN) $(LINK_INSTALL_FLAGS) tune2fs $(FINDFS_LINK)); \
fi
$(Q) for i in $(UPROGS); do \
- echo " INSTALL $(bindir)/$$i"; \
+ $(ES) " INSTALL $(bindir)/$$i"; \
$(INSTALL_PROGRAM) $$i $(DESTDIR)$(bindir)/$$i; \
done
$(Q) for i in $(LPROGS); do \
- echo " INSTALL $(libdir)/$$i"; \
+ $(ES) " INSTALL $(libdir)/$$i"; \
$(INSTALL_PROGRAM) $$i $(DESTDIR)$(libdir)/$$i; \
done
$(Q) for i in $(SMANPAGES); do \
for j in $(COMPRESS_EXT); do \
$(RM) -f $(DESTDIR)$(man8dir)/$$i.$$j; \
done; \
- echo " INSTALL_DATA $(man8dir)/$$i"; \
+ $(ES) " INSTALL_DATA $(man8dir)/$$i"; \
$(INSTALL_DATA) $$i $(DESTDIR)$(man8dir)/$$i; \
done
$(Q) $(RM) -f $(DESTDIR)$(man8dir)/mkfs.ext2.8.gz \
$(DESTDIR)$(man8dir)/mkfs.ext3.8.gz
$(Q) for i in ext2 ext3 ext4 ext4dev; do \
- echo " LINK mkfs.$$i.8"; \
+ $(ES) " LINK mkfs.$$i.8"; \
(cd $(DESTDIR)$(man8dir); \
$(LN) $(LINK_INSTALL_FLAGS) mke2fs.8 mkfs.$$i.8); \
done
@@ -472,14 +472,14 @@ install: all $(SMANPAGES) $(UMANPAGES) installdirs
for j in $(COMPRESS_EXT); do \
$(RM) -f $(DESTDIR)$(man1dir)/$$i.$$j; \
done; \
- echo " INSTALL_DATA $(man1dir)/$$i"; \
+ $(ES) " INSTALL_DATA $(man1dir)/$$i"; \
$(INSTALL_DATA) $$i $(DESTDIR)$(man1dir)/$$i; \
done
$(Q) for i in $(FMANPAGES); do \
for j in $(COMPRESS_EXT); do \
$(RM) -f $(DESTDIR)$(man5dir)/$$i.$$j; \
done; \
- echo " INSTALL_DATA $(man5dir)/$$i"; \
+ $(ES) " INSTALL_DATA $(man5dir)/$$i"; \
$(INSTALL_DATA) $$i $(DESTDIR)$(man5dir)/$$i; \
done
$(Q) if test -f $(DESTDIR)$(root_sysconfdir)/mke2fs.conf; then \
@@ -488,13 +488,13 @@ install: all $(SMANPAGES) $(UMANPAGES) installdirs
true; \
else \
if grep -q ext4dev $(DESTDIR)$(root_sysconfdir)/mke2fs.conf ; then \
- echo " INSTALL_DATA $(root_sysconfdir)/mke2fs.conf.e2fsprogs-new"; \
+ $(ES) " INSTALL_DATA $(root_sysconfdir)/mke2fs.conf.e2fsprogs-new"; \
$(INSTALL_DATA) mke2fs.conf \
$(DESTDIR)$(root_sysconfdir)/mke2fs.conf.e2fsprogs-new; \
echo "Warning: installing mke2fs.conf in $(DESTDIR)$(root_sysconfdir)/mke2fs.conf.e2fsprogs-new"; \
echo "Check to see if you need to update your $(root_sysconfdir)/mke2fs.conf"; \
else \
- echo " INSTALL_DATA $(root_sysconfdir)/mke2fs.conf"; \
+ $(ES) " INSTALL_DATA $(root_sysconfdir)/mke2fs.conf"; \
mv $(DESTDIR)$(root_sysconfdir)/mke2fs.conf \
$(DESTDIR)$(root_sysconfdir)/mke2fs.conf.e2fsprogs-old; \
$(INSTALL_DATA) mke2fs.conf \
@@ -506,18 +506,18 @@ install: all $(SMANPAGES) $(UMANPAGES) installdirs
echo " "; \
fi; \
else \
- echo " INSTALL_DATA $(root_sysconfdir)/mke2fs.conf"; \
+ $(ES) " INSTALL_DATA $(root_sysconfdir)/mke2fs.conf"; \
$(INSTALL_DATA) mke2fs.conf \
$(DESTDIR)$(root_sysconfdir)/mke2fs.conf; \
fi
install-strip: install
$(Q) for i in $(SPROGS); do \
- echo " STRIP $(root_sbindir)/$$i"; \
+ $(E) " STRIP $(root_sbindir)/$$i"; \
$(STRIP) $(DESTDIR)$(root_sbindir)/$$i; \
done
$(Q) for i in $(USPROGS); do \
- echo " STRIP $(sbindir)/$$i"; \
+ $(E) " STRIP $(sbindir)/$$i"; \
$(STRIP) $(DESTDIR)$(sbindir)/$$i; \
done