diff options
| author | Russ Allbery <eagle@eyrie.org> | 2016-10-10 19:26:32 -0700 |
|---|---|---|
| committer | Russ Allbery <eagle@eyrie.org> | 2016-10-10 19:26:32 -0700 |
| commit | d65276cdd98b9b7acd3cd42768dffdc0187487e1 (patch) | |
| tree | 93283b90c5fd691a8e3a317e208109a2d81a3189 /debian | |
| parent | 7bb09aa331746dce722270349174ee544a1ae004 (diff) | |
Build the standalone binaries with -fPIE
Diffstat (limited to 'debian')
| -rw-r--r-- | debian/changelog | 1 | ||||
| -rwxr-xr-x | debian/rules | 9 |
2 files changed, 8 insertions, 2 deletions
diff --git a/debian/changelog b/debian/changelog index 8d7079e..211d2a7 100644 --- a/debian/changelog +++ b/debian/changelog @@ -5,6 +5,7 @@ remctl (3.13-1) UNRELEASED; urgency=medium - The summary configuration option is now allowed for commands with subcommands other than ALL, passing in two arguments to the summary command. + * Build the standalone binaries with -fPIE. -- Russ Allbery <rra@debian.org> Mon, 10 Oct 2016 19:23:31 -0700 diff --git a/debian/rules b/debian/rules index 3cda453..882e5ed 100755 --- a/debian/rules +++ b/debian/rules @@ -1,13 +1,18 @@ #!/usr/bin/make -f -# Add hardening build flags. We have to omit PIE because it breaks the Perl -# module build (and probably the other interpretors as well). +# Add hardening build flags. -fPIE is added separately below via hooks in +# the upstream build system, since adding it globally breaks the language +# binding modules. export DEB_BUILD_MAINT_OPTIONS = hardening=+bindnow # Link with --as-needed so that the remctl client library doesn't inherit # the shared library dependencies of libremctl. export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed +# Enable -fPIE for all binaries, picked up by the upstream build system. +export REMCTL_PROGRAM_CFLAGS = -fPIE +export REMCTL_PROGRAM_LDFLAGS = -fPIE + # The additional flags to pass to Build.PL, picked up by the upstream build # system. export REMCTL_PERL_FLAGS := --installdirs vendor --create_packlist 0 |